RAJU THANNEERU created TOMEE-4622:
-------------------------------------

             Summary: Upgrade CXF to 4.1.7
                 Key: TOMEE-4622
                 URL: https://issues.apache.org/jira/browse/TOMEE-4622
             Project: TomEE
          Issue Type: Dependency upgrade
          Components: TomEE Core Server
            Reporter: RAJU THANNEERU
             Fix For: 10.1.6


We see few criticals and highs on CXF 4.1.6 and we have 4.1.7 with fixes.
|[CVE-2026-49875|https://nvd.nist.gov/vuln/detail/CVE-2026-49875]|9.8|critical|fixed
 in 4.2.2, 4.1.7|2026-06-15 22:32:37 +0000 
UTC|[org.apache.cxf_cxf-core_4.1.6|https://otscan.otxlab.net/api/v1/scan/e14f2f51-2734-4bda-a595-0a9e9dcfc427/report/html#sha256:c965d98d2274a7d69140ea0f8f2755be003f41aa374a8099b5394de3a5b2a7e6_org.apache.cxf_cxf-core_4.1.6]|this
 image|/usr/local/tomee/lib/cxf-core-4.1.6.jar|
|[CVE-2026-50623|https://nvd.nist.gov/vuln/detail/CVE-2026-50623]|4.8|medium|fixed
 in 4.2.2, 4.1.7|2026-06-13 00:53:02 +0000 
UTC|[org.apache.cxf_cxf-core_4.1.6|https://otscan.otxlab.net/api/v1/scan/e14f2f51-2734-4bda-a595-0a9e9dcfc427/report/html#sha256:c965d98d2274a7d69140ea0f8f2755be003f41aa374a8099b5394de3a5b2a7e6_org.apache.cxf_cxf-core_4.1.6]|this
 image|/usr/local/tomee/lib/cxf-core-4.1.6.jar|
|[CVE-2026-50627|https://nvd.nist.gov/vuln/detail/CVE-2026-50627]|9.1|critical|fixed
 in 4.2.2, 4.1.7|2026-06-15 22:32:37 +0000 
UTC|[org.apache.cxf_cxf-core_4.1.6|https://otscan.otxlab.net/api/v1/scan/e14f2f51-2734-4bda-a595-0a9e9dcfc427/report/html#sha256:c965d98d2274a7d69140ea0f8f2755be003f41aa374a8099b5394de3a5b2a7e6_org.apache.cxf_cxf-core_4.1.6]|this
 image|/usr/local/tomee/lib/cxf-core-4.1.6.jar|
|[CVE-2026-50628|https://nvd.nist.gov/vuln/detail/CVE-2026-50628]|9.8|critical|fixed
 in 4.2.2, 4.1.7|2026-06-15 22:32:37 +0000 
UTC|[org.apache.cxf_cxf-core_4.1.6|https://otscan.otxlab.net/api/v1/scan/e14f2f51-2734-4bda-a595-0a9e9dcfc427/report/html#sha256:c965d98d2274a7d69140ea0f8f2755be003f41aa374a8099b5394de3a5b2a7e6_org.apache.cxf_cxf-core_4.1.6]|this
 image|/usr/local/tomee/lib/cxf-core-4.1.6.jar|
|[CVE-2026-50629|https://nvd.nist.gov/vuln/detail/CVE-2026-50629]|5.3|medium|fixed
 in 4.2.2, 4.1.7|2026-06-13 00:53:02 +0000 
UTC|[org.apache.cxf_cxf-core_4.1.6|https://otscan.otxlab.net/api/v1/scan/e14f2f51-2734-4bda-a595-0a9e9dcfc427/report/html#sha256:c965d98d2274a7d69140ea0f8f2755be003f41aa374a8099b5394de3a5b2a7e6_org.apache.cxf_cxf-core_4.1.6]|this
 image|/usr/local/tomee/lib/cxf-core-4.1.6.jar|
|[CVE-2026-50630|https://nvd.nist.gov/vuln/detail/CVE-2026-50630]|6.5|medium|fixed
 in 4.2.2, 4.1.7|2026-06-13 00:53:02 +0000 
UTC|[org.apache.cxf_cxf-core_4.1.6|https://otscan.otxlab.net/api/v1/scan/e14f2f51-2734-4bda-a595-0a9e9dcfc427/report/html#sha256:c965d98d2274a7d69140ea0f8f2755be003f41aa374a8099b5394de3a5b2a7e6_org.apache.cxf_cxf-core_4.1.6]|this
 image|/usr/local/tomee/lib/cxf-core-4.1.6.jar|
|[CVE-2026-50631|https://nvd.nist.gov/vuln/detail/CVE-2026-50631]|7.4|high|fixed
 in 4.2.2, 4.1.7|2026-06-13 00:53:02 +0000 
UTC|[org.apache.cxf_cxf-core_4.1.6|https://otscan.otxlab.net/api/v1/scan/e14f2f51-2734-4bda-a595-0a9e9dcfc427/report/html#sha256:c965d98d2274a7d69140ea0f8f2755be003f41aa374a8099b5394de3a5b2a7e6_org.apache.cxf_cxf-core_4.1.6]|this
 image|/usr/local/tomee/lib/cxf-core-4.1.6.jar|
|[CVE-2026-50632|https://nvd.nist.gov/vuln/detail/CVE-2026-50632]|8.1|high|fixed
 in 4.2.2, 4.1.7|2026-06-13 00:53:02 +0000 
UTC|[org.apache.cxf_cxf-core_4.1.6|https://otscan.otxlab.net/api/v1/scan/e14f2f51-2734-4bda-a595-0a9e9dcfc427/report/html#sha256:c965d98d2274a7d69140ea0f8f2755be003f41aa374a8099b5394de3a5b2a7e6_org.apache.cxf_cxf-core_4.1.6]|this
 image|/usr/local/tomee/lib/cxf-core-4.1.6.jar|
|[CVE-2026-50633|https://nvd.nist.gov/vuln/detail/CVE-2026-50633]|8.1|high|fixed
 in 4.2.2, 4.1.7|2026-06-13 00:53:02 +0000 
UTC|[org.apache.cxf_cxf-core_4.1.6|https://otscan.otxlab.net/api/v1/scan/e14f2f51-2734-4bda-a595-0a9e9dcfc427/report/html#sha256:c965d98d2274a7d69140ea0f8f2755be003f41aa374a8099b5394de3a5b2a7e6_org.apache.cxf_cxf-core_4.1.6]|this
 image|/usr/local/tomee/lib/cxf-core-4.1.6.jar|
|[CVE-2026-50634|https://nvd.nist.gov/vuln/detail/CVE-2026-50634]|6.5|medium|fixed
 in 4.2.2, 4.1.7|2026-06-13 00:53:02 +0000 
UTC|[org.apache.cxf_cxf-core_4.1.6|https://otscan.otxlab.net/api/v1/scan/e14f2f51-2734-4bda-a595-0a9e9dcfc427/report/html#sha256:c965d98d2274a7d69140ea0f8f2755be003f41aa374a8099b5394de3a5b2a7e6_org.apache.cxf_cxf-core_4.1.6]|this
 image|/usr/local/tomee/lib/cxf-core-4.1.6.jar|
|[CVE-2026-50645|https://nvd.nist.gov/vuln/detail/CVE-2026-50645]|7.5|high|fixed
 in 4.2.2, 4.1.7|2026-06-13 07:38:38 +0000 
UTC|[org.apache.cxf_cxf-core_4.1.6|https://otscan.otxlab.net/api/v1/scan/e14f2f51-2734-4bda-a595-0a9e9dcfc427/report/html#sha256:c965d98d2274a7d69140ea0f8f2755be003f41aa374a8099b5394de3a5b2a7e6_org.apache.cxf_cxf-core_4.1.6]|this
 image|/usr/local/tomee/lib/cxf-core-4.1.6.jar|



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to