Uploaded image for project: 'TomEE'
  1. TomEE
  2. TOMEE-4126

CXF 3.4.10

    XMLWordPrintableJSON

Details

    • Dependency upgrade
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 8.0.13
    • 8.0.14
    • TomEE Core Server
    • None

    Description

      December 13, 2022 - Apache CXF 3.5.5 and 3.4.10 released!
      The Apache CXF team is proud to announce the availability of our latest patch releases! Over 9 JIRA issues were fixed for 3.5.5 and 3.4.10. Two new CVEs were issued for vulnerabilities fixed in these releases:

      CVE-2022-46363: Apache CXF directory listing / code exfiltration
      CVE-2022-46364: Apache CXF SSRF Vulnerability

      3.4.10 is the last planned release for the Apache CXF 3.4.x series. Users are strongly recommended to upgrade to 3.5.x.

      Attachments

        Issue Links

          is related to

          Dependency upgrade - Upgrading a dependency to a newer version TOMEE-4125 Update Apache CXF versions to mitigate CVE-2022-46364 and CVE-2022-46363

          • Major - Major loss of function.
          • Resolved

          Activity

            People

              rzo1 Richard Zowalla
              rzo1 Richard Zowalla
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: