[
https://issues.apache.org/jira/browse/TOMEE-4126?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Richard Zowalla resolved TOMEE-4126.
------------------------------------
Fix Version/s: 8.0.14
Resolution: Fixed
> CXF 3.4.10
> ----------
>
> Key: TOMEE-4126
> URL: https://issues.apache.org/jira/browse/TOMEE-4126
> Project: TomEE
> Issue Type: Dependency upgrade
> Components: TomEE Core Server
> Affects Versions: 8.0.13
> Reporter: Richard Zowalla
> Assignee: Richard Zowalla
> Priority: Major
> Fix For: 8.0.14
>
>
> December 13, 2022 - Apache CXF 3.5.5 and 3.4.10 released!
> The Apache CXF team is proud to announce the availability of our latest patch
> releases! Over 9 JIRA issues were fixed for 3.5.5 and 3.4.10. Two new CVEs
> were issued for vulnerabilities fixed in these releases:
> CVE-2022-46363: Apache CXF directory listing / code exfiltration
> CVE-2022-46364: Apache CXF SSRF Vulnerability
> ---
> 3.4.10 is the last planned release for the Apache CXF 3.4.x series. Users
> are strongly recommended to upgrade to 3.5.x.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)