[TOMEE-4126] CXF 3.4.10 - ASF JIRA

Attach files

Attach Screenshot

Bulk Copy Attachments

Bulk Move Attachments

Voters

Watch issue

Watchers

Create sub-task

Convert to sub-task

Link

Clone

Labels

Update Comment Author

Replace String in Comment

Update Comment Visibility

XML

Word

Printable

JSON

Details

Type: Dependency upgrade
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 8.0.13
Fix Version/s: 8.0.14
Component/s: TomEE Core Server
Labels:
None

Description

December 13, 2022 - Apache CXF 3.5.5 and 3.4.10 released!
The Apache CXF team is proud to announce the availability of our latest patch releases! Over 9 JIRA issues were fixed for 3.5.5 and 3.4.10. Two new CVEs were issued for vulnerabilities fixed in these releases:

CVE-2022-46363: Apache CXF directory listing / code exfiltration
CVE-2022-46364: Apache CXF SSRF Vulnerability

—

3.4.10 is the last planned release for the Apache CXF 3.4.x series. Users are strongly recommended to upgrade to 3.5.x.

Attachments

Issue Links

Add Link

is related to

TOMEE-4125 Update Apache CXF versions to mitigate CVE-2022-46364 and CVE-2022-46363

Resolved

Delete this link

Activity

Comment

This comment will be Viewable by All Users Viewable by All Users

Cancel

People

Assignee:: Richard Zowalla

Reporter:: Richard Zowalla

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 15/Dec/22 06:41

Updated:: 15/Dec/22 07:05

Resolved:: 15/Dec/22 07:05

Agile

View on Board

CXF 3.4.10

Details

Description

Attachments

Attachments

Issue Links

Activity

People

Dates

Agile

Slack

Issue deployment