Richard Zowalla created TOMEE-4126:
--------------------------------------

             Summary: CXF 3.4.10
                 Key: TOMEE-4126
                 URL: https://issues.apache.org/jira/browse/TOMEE-4126
             Project: TomEE
          Issue Type: Dependency upgrade
          Components: TomEE Core Server
    Affects Versions: 8.0.13
            Reporter: Richard Zowalla


December 13, 2022 - Apache CXF 3.5.5 and 3.4.10 released!
The Apache CXF team is proud to announce the availability of our latest patch 
releases!  Over 9 JIRA issues were fixed for 3.5.5 and 3.4.10. Two new CVEs 
were issued for vulnerabilities fixed in these releases:

CVE-2022-46363: Apache CXF directory listing / code exfiltration
CVE-2022-46364: Apache CXF SSRF Vulnerability

---

3.4.10 is the last planned release for the Apache CXF 3.4.x series.   Users are 
strongly recommended to upgrade to 3.5.x.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to