Affects Version/s: None
Fix Version/s: 2.1.2
Updating this dependency:
From CXF 2.1 to 2.1.1 results into two Bouncy Castle jars being placed into the web service provider's WAR-- the usual bcprov-jdk14-136.jar from CXF 2.1 and bcprov-jdk13-132.jar. I don't know why both are being loaded-
maybe OpenSAML (which is not in 2.1) is the culprit, or xmlsec's upgrade from 1.3 to 1.4 or WSS4J's from 1.5.2 to 1.5.4-but either of the latter two causing this is rather doubtful.
(It might be nice also to upgrade to BC's 1.5 or 1.6 library at this time.)
Test case: Download my DoubleIt sample, place this dependency in the trunk/pom.xml, and from that run "mvn clean install" – you'll see the two BC libs in the service-war/target folder.