Author: dkulp Date: Tue Jun 1 18:33:32 2010 New Revision: 950194 URL: http://svn.apache.org/viewvc?rev=950194&view=rev Log: Merged revisions 948162 via svnmerge from https://svn.apache.org/repos/asf/cxf/branches/2.2.x-fixes
................ r948162 | dkulp | 2010-05-25 14:35:11 -0400 (Tue, 25 May 2010) | 9 lines Merged revisions 948131 via svnmerge from https://svn.apache.org/repos/asf/cxf/trunk ........ r948131 | dkulp | 2010-05-25 13:52:01 -0400 (Tue, 25 May 2010) | 1 line Turn off DTD and Entity expansion stuff in the XMLStreamReaders ........ ................ Modified: cxf/branches/2.1.x-fixes/distribution/src/main/release/release_notes.txt Modified: cxf/branches/2.1.x-fixes/distribution/src/main/release/release_notes.txt URL: http://svn.apache.org/viewvc/cxf/branches/2.1.x-fixes/distribution/src/main/release/release_notes.txt?rev=950194&r1=950193&r2=950194&view=diff ============================================================================== --- cxf/branches/2.1.x-fixes/distribution/src/main/release/release_notes.txt (original) +++ cxf/branches/2.1.x-fixes/distribution/src/main/release/release_notes.txt Tue Jun 1 18:33:32 2010 @@ -1,12 +1,12 @@ -Apache CXF 2.1.9 Release Notes +Apache CXF 2.1.10 Release Notes 1. Overview -Apache CXF 2.1.9 delivers the latest set of patches and bug fixes for the Apache -CXF 2.1.x branch. This release fixes 43 JIRA issues that have been reported by -users. +Apache CXF 2.1.10 delivers the latest set of patches for the 2.0.x series. +This release specifically is being done to address a security vulnerability +for which information will be forth coming. -IMPORTANT NOTE: 2.1.9 is the last scheduled release for the 2.1.x series of +IMPORTANT NOTE: 2.1.10 is the last scheduled release for the 2.1.x series of Apache CXF. Users are VERY strongly encouraged to upgrade to the 2.2.x series as soon as possible. @@ -82,66 +82,4 @@ compliant. 7. Specific issues, features, and improvements fixed in this version - -Release Notes - CXF - Version 2.1.9 - - - -** Bug - * [CXF-685] - WS-RM: Inappropriate exception handling in RM Servant - * [CXF-1818] - java2ws -createxsdimports with packages that reference other packages should have schemaLocation in schema import - * [CXF-1886] - Disappearing types from @XmlRootElement and no particular namespace - * [CXF-2035] - Issues with SOAPAction - * [CXF-2093] - CXF Compatiblity - * [CXF-2150] - Web service provider using UsernameToken profile should throw an exception if SOAP client's password type <> web service provider's. - * [CXF-2223] - Proxy authentication failure with SSL tunneling - * [CXF-2376] - CXF Maven Plugin fails to read WSDL file from classpath or jar file - * [CXF-2386] - abdera-extensions-main and abdera-i18n are required by cxf-bundle-minimal but not present in any repository - * [CXF-2466] - CXF WS-RM impl displays exceptions - * [CXF-2542] - DelegatingInputStream.close() causes MessageImpl.getContextualProperty throw NullPointerException - * [CXF-2543] - CXF client processes bar() response message when making foo() request - * [CXF-2545] - WS Addressing asynchronous transport and NullPointerException with Apache tomcat (threading problem ?) - * [CXF-2546] - NullPointerException when trying to find WS-Addressing Action - * [CXF-2549] - Wrong classpath for dynamic client compilation in Weblogic - * [CXF-2550] - transactions don't work in jaxws Endpoint with jms transport - * [CXF-2551] - NullPointerException at org.apache.cxf.transport.servlet.ServletController.updateDests(ServletController.java:92) - * [CXF-2552] - CXF should use Spring's BeanFactory.isSingleton(name) instead of BeanDefinition.isSingleton() because any such checks break when using bean definition inheritance or bean definition post-processing - * [CXF-2566] - Missing translation for INSTRUMENTATION_REGISTER_FAULT_MSG - * [CXF-2568] - default values don't get quoted properly in generated Javascript - * [CXF-2569] - Consuming a wsdl file which is having a nested complex types in xsd - * [CXF-2571] - wsdl2java and jax-ws-catalog: failing to resolve schemas included with xsd:include in jar-file - * [CXF-2577] - JMS IlegalStateException when attempting to use Spring SingleConnectionFactory retrieved from JNDI - * [CXF-2581] - Improper toString of Arrays during logging - * [CXF-2582] - wrapper InOuts not being generated per spec for single response part - * [CXF-2587] - wsdl2java error when there are several nested wsdl:import - * [CXF-2591] - MAPCodec : memory leak with an async client with network issues (connection timeout, read timeout etc) - * [CXF-2594] - No SOAP fault XML elements when a Fault is thrown in the output chain after SAAJOutInterceptor - * [CXF-2601] - Faults generated with XMLBeans binding are not wrapped correctly - * [CXF-2605] - Object argument is passed as null - * [CXF-2609] - Schema validation failure when null system ID passed to LSResourceResolver.resolveResource() - * [CXF-2616] - wsdl2java script doesn't put #!/bin/sh on the first line of the script - * [CXF-2618] - secureSocketProtocol in TLSClientParams and TLSServerParams is not pushed into the SSLSocketFactory - * [CXF-2619] - Deadlock when echoing MTOM attachments back to client - * [CXF-2620] - CXFServlet fails to init with NPE at line 125 (updateContext) when run with embedded Jetty and Spring3 - works with Spring 2.5.6 - * [CXF-2623] - AttachmentDeserializer doesn't work when no boundary message in content type - * [CXF-2624] - Classloader leakage in org.apache.cxf.common.util.ASMHelper.LOADER_MAP - * [CXF-2625] - Class-loader leakage in org.apache.cxf.jaxb.JAXBDataBinding.JAXBCONTEXT_CACHE - -** Improvement - * [CXF-2537] - Proposal : enhancement of HTTP exceptions messages - * [CXF-2538] - Proposal : enhancement of PhaseInterceptorChain warning message - * [CXF-2606] - ThreadGroup in the default workqueue gets prematurely destroyed - * [CXF-2610] - Trim white spaces in logger class name - -** New Feature - * [CXF-2596] - Default logging in interceptor chain may pollute the log with stacktrace from application exceptions that are a part of the normal flow (should not be logged). - - - - - - - - - - +Fix potential DTD handling exploit.
