Richard Zowalla created TOMEE-4126:
--------------------------------------
Summary: CXF 3.4.10
Key: TOMEE-4126
URL: https://issues.apache.org/jira/browse/TOMEE-4126
Project: TomEE
Issue Type: Dependency upgrade
Components: TomEE Core Server
Affects Versions: 8.0.13
Reporter: Richard Zowalla
December 13, 2022 - Apache CXF 3.5.5 and 3.4.10 released!
The Apache CXF team is proud to announce the availability of our latest patch
releases! Over 9 JIRA issues were fixed for 3.5.5 and 3.4.10. Two new CVEs
were issued for vulnerabilities fixed in these releases:
CVE-2022-46363: Apache CXF directory listing / code exfiltration
CVE-2022-46364: Apache CXF SSRF Vulnerability
---
3.4.10 is the last planned release for the Apache CXF 3.4.x series. Users are
strongly recommended to upgrade to 3.5.x.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)