[jira] [Commented] (CXF-8671) Support Jakarta EE 10

[Andriy Redko (Jira)]

[ 
https://issues.apache.org/jira/browse/CXF-8671?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17853635#comment-17853635
 ] 

Andriy Redko commented on CXF-8671:
---

[~ruslan.hryn] I think it is reasonable to expect the release this year

> Support Jakarta EE 10
> -
>
> Key: CXF-8671
> URL: https://issues.apache.org/jira/browse/CXF-8671
> Project: CXF
>  Issue Type: Improvement
>Reporter: Andriy Redko
>Assignee: Andriy Redko
>Priority: Major
> Fix For: 4.1.0
>
>
> Support Jakarta EE 10
> Jakarta EE 10 has Landed - 
> [https://jakartaee-ambassadors.io/2022/09/22/jakarta-ee-10-released/]
> [https://jakarta.ee/release/10/]
> [https://www.infoq.com/news/2023/01/glassfish-delivers-support-jdk17/]
>  
> Specs 
> ([https://repo1.maven.org/maven2/jakarta/platform/jakartaee-api-parent/10.0.0/jakartaee-api-parent-10.0.0.pom):]
>  * Jakarta Activation 2.1*
>  * Jakarta Authentication 3.0*
>  * Jakarta Authorization 2.1*
>  * Jakarta Batch 2.1*
>  * Jakarta Bean Validation 3.0
>  * Jakarta Common Annotations 2.1*
>  * Jakarta Concurrency 3.0*
>  * Jakarta Connectors 2.1*
>  * Jakarta Contexts and Dependency Injection 4.0*
>  * Jakarta Debugging Support for Other Languages 2.0
>  * Jakarta Dependency Injection 2.0
>  * Jakarta Enterprise Beans 4.0 (except for Jakarta Enterprise Beans entity 
> beans and associated Jakarta Enterprise Beans QL, and embedded container, 
> which have been made removed)
>  * Jakarta Expression Language 5.0*
>  * Jakarta Interceptors 2.1*
>  * Jakarta JSON Processing 2.1*
>  * Jakarta JSON Binding 3.0*
>  * Jakarta Mail 2.1*
>  * Jakarta Managed Beans 2.0
>  * Jakarta Messaging 3.1*
>  * Jakarta Persistence 3.1*
>  * Jakarta RESTful Web Services 3.1*
>  * Jakarta Security 3.0*
>  * Jakarta Servlet 6.0*
>  * Jakarta Server Faces 4.0*
>  * Jakarta Server Pages 3.1*
>  * Jakarta Standard Tag Library 3.0*
>  * Jakarta Transactions 2.0
>  * Jakarta WebSocket 2.1*
>  * Jakarta Enterprise Beans 3.2 and earlier entity beans and associated 
> Jakarta Enterprise Beans QL
>  * Jakarta Enterprise Beans 2.x API group
>  * Jakarta Enterprise Web Services 2.0
>  * Jakarta SOAP with Attachments 3.0*
>  * Jakarta XML Web Services 4.0*
>  * Jakarta XML Binding 4.0*
>  
> Rest Client TCK update:
>  - [https://github.com/eclipse/microprofile-rest-client/pull/352]
>  
> Updates required:
>  - Brave 6
>  - OpenTelemetry 1.37.0+
>  - Apache Tika 3.0.0 
> ([https://github.com/apache/tika/releases/tag/3.0.0-BETA)]
>  - *[DONE]* UnboundID LDAP SDK for Java 7.0.0 
> ([https://github.com/pingidentity/ldapsdk/releases/tag/7.0.0])
>  - *[DONE]* Undertow 2.3.x
>  - *[DONE]* Jetty 12 
> ([https://github.com/eclipse/jetty.project/releases/tag/jetty-12.0.0.beta0])
>  - Hibernate Validator 8 ([https://hibernate.org/validator/releases/8.0/)]
>  - *[DONE]* Hibernate 6.4 
> ([https://in.relation.to/2023/11/23/orm-640-final/|https://in.relation.to/2023/08/31/orm-630/])
>  - *[DONE]* Weld 5 
> ([https://weld.cdi-spec.org/news/2022/04/29/weld-500Final/])
>  - *[DONE]* Spring Boot 3.2 
> ([https://github.com/spring-projects/spring-boot/releases/tag/v3.2.0|https://github.com/spring-projects/spring-boot/releases/tag/v3.1.0])
>  - *[DONE]* Spring Security 6.2 
> ([https://github.com/spring-projects/spring-security/releases/tag/6.1.0])
>  - *[DONE]* Micrometer 1.12 
> ([https://github.com/micrometer-metrics/micrometer/releases/tag/v1.11.0|https://github.com/micrometer-metrics/micrometer/releases/tag/v1.11.0-M1])
>  - {*}[DONE]{*}Micrometer Tracing 1.2 
> ([https://github.com/micrometer-metrics/tracing/releases/tag/v1.1.4)]
>  - *[DONE]* Spring LDAP 3.2 
> ([https://github.com/spring-projects/spring-ldap/releases/tag/3.2.0)|https://github.com/spring-projects/spring-ldap/releases/tag/3.1.0)]
> Microprofile 6.0 
> ([https://download.eclipse.org/microprofile/microprofile-6.0/microprofile-spec-6.0.html),]
>  aligned with JakartaEE 10 core profile:
>  - Microprofile OpenAPI 3.1 
> ([https://github.com/eclipse/microprofile-open-api/releases/tag/3.1])
>  - Microprofile Config 3.1 
> ([https://github.com/eclipse/microprofile-config/releases/tag/3.1])
>  - Angus Mail 
> ([https://github.com/eclipse-ee4j/angus-mail/releases/tag/2.0.1])
>  - 
> [https://github.com/arquillian/arquillian-container-weld/releases/tag/3.0.2.Final]
>  
> Migration Guide: 
> [https://cwiki.apache.org/confluence/display/CXF20DOC/4.1+Migration+Guide]



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (CXF-8671) Support Jakarta EE 10

[Ruslan Gryn (Jira)]

[ 
https://issues.apache.org/jira/browse/CXF-8671?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17853570#comment-17853570
 ] 

Ruslan Gryn commented on CXF-8671:
--

[~reta] maybe you can provide an approximate magnitude when expecting the 
release. For example, in 1 month, 6 months, 1 year, etc

> Support Jakarta EE 10
> -
>
> Key: CXF-8671
> URL: https://issues.apache.org/jira/browse/CXF-8671
> Project: CXF
>  Issue Type: Improvement
>Reporter: Andriy Redko
>Assignee: Andriy Redko
>Priority: Major
> Fix For: 4.1.0
>
>
> Support Jakarta EE 10
> Jakarta EE 10 has Landed - 
> [https://jakartaee-ambassadors.io/2022/09/22/jakarta-ee-10-released/]
> [https://jakarta.ee/release/10/]
> [https://www.infoq.com/news/2023/01/glassfish-delivers-support-jdk17/]
>  
> Specs 
> ([https://repo1.maven.org/maven2/jakarta/platform/jakartaee-api-parent/10.0.0/jakartaee-api-parent-10.0.0.pom):]
>  * Jakarta Activation 2.1*
>  * Jakarta Authentication 3.0*
>  * Jakarta Authorization 2.1*
>  * Jakarta Batch 2.1*
>  * Jakarta Bean Validation 3.0
>  * Jakarta Common Annotations 2.1*
>  * Jakarta Concurrency 3.0*
>  * Jakarta Connectors 2.1*
>  * Jakarta Contexts and Dependency Injection 4.0*
>  * Jakarta Debugging Support for Other Languages 2.0
>  * Jakarta Dependency Injection 2.0
>  * Jakarta Enterprise Beans 4.0 (except for Jakarta Enterprise Beans entity 
> beans and associated Jakarta Enterprise Beans QL, and embedded container, 
> which have been made removed)
>  * Jakarta Expression Language 5.0*
>  * Jakarta Interceptors 2.1*
>  * Jakarta JSON Processing 2.1*
>  * Jakarta JSON Binding 3.0*
>  * Jakarta Mail 2.1*
>  * Jakarta Managed Beans 2.0
>  * Jakarta Messaging 3.1*
>  * Jakarta Persistence 3.1*
>  * Jakarta RESTful Web Services 3.1*
>  * Jakarta Security 3.0*
>  * Jakarta Servlet 6.0*
>  * Jakarta Server Faces 4.0*
>  * Jakarta Server Pages 3.1*
>  * Jakarta Standard Tag Library 3.0*
>  * Jakarta Transactions 2.0
>  * Jakarta WebSocket 2.1*
>  * Jakarta Enterprise Beans 3.2 and earlier entity beans and associated 
> Jakarta Enterprise Beans QL
>  * Jakarta Enterprise Beans 2.x API group
>  * Jakarta Enterprise Web Services 2.0
>  * Jakarta SOAP with Attachments 3.0*
>  * Jakarta XML Web Services 4.0*
>  * Jakarta XML Binding 4.0*
>  
> Rest Client TCK update:
>  - [https://github.com/eclipse/microprofile-rest-client/pull/352]
>  
> Updates required:
>  - Brave 6
>  - OpenTelemetry 1.37.0+
>  - Apache Tika 3.0.0 
> ([https://github.com/apache/tika/releases/tag/3.0.0-BETA)]
>  - *[DONE]* UnboundID LDAP SDK for Java 7.0.0 
> ([https://github.com/pingidentity/ldapsdk/releases/tag/7.0.0])
>  - *[DONE]* Undertow 2.3.x
>  - *[DONE]* Jetty 12 
> ([https://github.com/eclipse/jetty.project/releases/tag/jetty-12.0.0.beta0])
>  - Hibernate Validator 8 ([https://hibernate.org/validator/releases/8.0/)]
>  - *[DONE]* Hibernate 6.4 
> ([https://in.relation.to/2023/11/23/orm-640-final/|https://in.relation.to/2023/08/31/orm-630/])
>  - *[DONE]* Weld 5 
> ([https://weld.cdi-spec.org/news/2022/04/29/weld-500Final/])
>  - *[DONE]* Spring Boot 3.2 
> ([https://github.com/spring-projects/spring-boot/releases/tag/v3.2.0|https://github.com/spring-projects/spring-boot/releases/tag/v3.1.0])
>  - *[DONE]* Spring Security 6.2 
> ([https://github.com/spring-projects/spring-security/releases/tag/6.1.0])
>  - *[DONE]* Micrometer 1.12 
> ([https://github.com/micrometer-metrics/micrometer/releases/tag/v1.11.0|https://github.com/micrometer-metrics/micrometer/releases/tag/v1.11.0-M1])
>  - {*}[DONE]{*}Micrometer Tracing 1.2 
> ([https://github.com/micrometer-metrics/tracing/releases/tag/v1.1.4)]
>  - *[DONE]* Spring LDAP 3.2 
> ([https://github.com/spring-projects/spring-ldap/releases/tag/3.2.0)|https://github.com/spring-projects/spring-ldap/releases/tag/3.1.0)]
> Microprofile 6.0 
> ([https://download.eclipse.org/microprofile/microprofile-6.0/microprofile-spec-6.0.html),]
>  aligned with JakartaEE 10 core profile:
>  - Microprofile OpenAPI 3.1 
> ([https://github.com/eclipse/microprofile-open-api/releases/tag/3.1])
>  - Microprofile Config 3.1 
> ([https://github.com/eclipse/microprofile-config/releases/tag/3.1])
>  - Angus Mail 
> ([https://github.com/eclipse-ee4j/angus-mail/releases/tag/2.0.1])
>  - 
> [https://github.com/arquillian/arquillian-container-weld/releases/tag/3.0.2.Final]
>  
> Migration Guide: 
> [https://cwiki.apache.org/confluence/display/CXF20DOC/4.1+Migration+Guide]



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (CXF-8828) Support Jakarta EE 11

[Andriy Redko (Jira)]

 [ 
https://issues.apache.org/jira/browse/CXF-8828?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Andriy Redko updated CXF-8828:
--
Description: 
Support Jakarta EE 11 ([https://jakarta.ee/specifications/platform/11/])

Minimum JDK requirement - JDK-17

 

Specs updates:
 * [Jakarta Validation 3.1 
(|https://jakarta.ee/specifications/bean-validation/3.1/] 
[https://github.com/apache/cxf/pull/1889)]
 * Jakarta Persistence 3.2 ([https://github.com/apache/cxf/pull/1891, 
|https://github.com/apache/cxf/pull/1891] 
[https://jakarta.ee/specifications/persistence/3.2/)|https://jakarta.ee/specifications/persistence/3.2/]
 * Jakarta Annotations 3.0 
([https://jakarta.ee/specifications/annotations/3.0/)]
 * Jakarta Authorization 3.0 
([https://jakarta.ee/specifications/authorization/3.0/)]
 * Jakarta Contexts and Dependency Injection 4.1 
([https://jakarta.ee/specifications/cdi/4.1/)]
 * Jakarta Expression Language 6.0 
([https://jakarta.ee/specifications/expression-language/6.0/)]
 * Jakarta Interceptors 2.2 
([https://jakarta.ee/specifications/restful-ws/4.0/)]
 * Jakarta RESTful Web Services 4.0 
([https://jakarta.ee/specifications/restful-ws/4.0/)]
 * Jakarta Validation 3.1 
([https://jakarta.ee/specifications/bean-validation/3.1/])
 * Jakarta WebSocket 2.2 ([https://jakarta.ee/specifications/websocket/2.2/])
 * Jakarta Concurrency 3.1 
([https://jakarta.ee/specifications/concurrency/3.1/)]
 * Jakarta Data 1.0 ([https://jakarta.ee/specifications/data/1.0/)]
 * Jakarta Faces 4.1 ([https://jakarta.ee/specifications/faces/4.1/)]
 * Jakarta Pages 4.0 ([https://jakarta.ee/specifications/pages/4.0/)]
 * Jakarta Servlet 6.1 ([https://jakarta.ee/specifications/servlet/6.1/])
 * Jakarta Authentication 3.0 
(https://jakarta.ee/specifications/authentication/3.1/) 
 * Jakarta Security 4.0 (https://jakarta.ee/specifications/security/4.0/)

Updates required:

 - Tomcat 11 ([https://www.mail-archive.com/announce@apache.org/msg07789.html])

 - Arquillian Weld Container 4.x ([https://github.com/apache/cxf/pull/1621])

 - Apache ActiveMQ 6 ([https://activemq.apache.org/activemq-600-release])

  was:
Support Jakarta EE 11 ([https://jakarta.ee/specifications/platform/11/])

Minimum JDK requirement - JDK-17

 

Specs updates:
 * [Jakarta Validation 3.1 
(|https://jakarta.ee/specifications/bean-validation/3.1/] 
[https://github.com/apache/cxf/pull/1889)]
 * Jakarta Persistence 3.2 ([https://github.com/apache/cxf/pull/1891, 
|https://github.com/apache/cxf/pull/1891] 
[https://jakarta.ee/specifications/persistence/3.2/)|https://jakarta.ee/specifications/persistence/3.2/]
 * Jakarta Annotations 3.0 
([https://jakarta.ee/specifications/annotations/3.0/)]
 * Jakarta Authorization 3.0 
([https://jakarta.ee/specifications/authorization/3.0/)]
 * Jakarta Contexts and Dependency Injection 4.1 
([https://jakarta.ee/specifications/cdi/4.1/)]
 * Jakarta Expression Language 6.0 
([https://jakarta.ee/specifications/expression-language/6.0/)]
 * Jakarta Interceptors 2.2 
([https://jakarta.ee/specifications/restful-ws/4.0/)]
 * Jakarta RESTful Web Services 4.0 
([https://jakarta.ee/specifications/restful-ws/4.0/)]
 * Jakarta Validation 3.1 
([https://jakarta.ee/specifications/bean-validation/3.1/])
 * Jakarta WebSocket 2.2 ([https://jakarta.ee/specifications/websocket/2.2/])
 * Jakarta Concurrency 3.1 
([https://jakarta.ee/specifications/concurrency/3.1/)]
 * Jakarta Data 1.0 ([https://jakarta.ee/specifications/data/1.0/)]
 * Jakarta Faces 4.1 ([https://jakarta.ee/specifications/faces/4.1/)]
 * Jakarta Pages 4.0 ([https://jakarta.ee/specifications/pages/4.0/)]
 * Jakarta Servlet 6.1 (https://jakarta.ee/specifications/servlet/6.1/)

Updates required:

 - Tomcat 11 ([https://www.mail-archive.com/announce@apache.org/msg07789.html])

 - Arquillian Weld Container 4.x ([https://github.com/apache/cxf/pull/1621])

 - Apache ActiveMQ 6 ([https://activemq.apache.org/activemq-600-release])


> Support Jakarta EE 11
> -
>
> Key: CXF-8828
> URL: https://issues.apache.org/jira/browse/CXF-8828
> Project: CXF
>  Issue Type: Improvement
>Reporter: Andriy Redko
>Assignee: Andriy Redko
>Priority: Major
> Fix For: 4.2.0
>
>
> Support Jakarta EE 11 ([https://jakarta.ee/specifications/platform/11/])
> Minimum JDK requirement - JDK-17
>  
> Specs updates:
>  * [Jakarta Validation 3.1 
> (|https://jakarta.ee/specifications/bean-validation/3.1/] 
> [https://github.com/apache/cxf/pull/1889)]
>  * Jakarta Persistence 3.2 ([https://github.com/apache/cxf/pull/1891, 
> |https://github.com/apache/cxf/pull/1891] 
> [https://jakarta.ee/specifications/persistence/3.2/)|https://jakarta.ee/specifications/persistence/3.2/]
>  * Jakarta Annotations 3.0 
> ([https://jakarta.ee/specifications/annotations/3.0/)]
>  * Jaka

[jira] [Updated] (CXF-8828) Support Jakarta EE 11

[Andriy Redko (Jira)]

 [ 
https://issues.apache.org/jira/browse/CXF-8828?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Andriy Redko updated CXF-8828:
--
Description: 
Support Jakarta EE 11 ([https://jakarta.ee/specifications/platform/11/])

Minimum JDK requirement - JDK-17

 

Specs updates:
 * [Jakarta Validation 3.1 
(|https://jakarta.ee/specifications/bean-validation/3.1/] 
[https://github.com/apache/cxf/pull/1889)]
 * Jakarta Persistence 3.2 ([https://github.com/apache/cxf/pull/1891, 
|https://github.com/apache/cxf/pull/1891] 
[https://jakarta.ee/specifications/persistence/3.2/)|https://jakarta.ee/specifications/persistence/3.2/]
 * Jakarta Annotations 3.0 
([https://jakarta.ee/specifications/annotations/3.0/)]
 * Jakarta Authorization 3.0 
([https://jakarta.ee/specifications/authorization/3.0/)]
 * Jakarta Contexts and Dependency Injection 4.1 
([https://jakarta.ee/specifications/cdi/4.1/)]
 * Jakarta Expression Language 6.0 
([https://jakarta.ee/specifications/expression-language/6.0/)]
 * Jakarta Interceptors 2.2 
([https://jakarta.ee/specifications/restful-ws/4.0/)]
 * Jakarta RESTful Web Services 4.0 
([https://jakarta.ee/specifications/restful-ws/4.0/)]
 * Jakarta Validation 3.1 
([https://jakarta.ee/specifications/bean-validation/3.1/])
 * Jakarta WebSocket 2.2 ([https://jakarta.ee/specifications/websocket/2.2/])
 * Jakarta Concurrency 3.1 
([https://jakarta.ee/specifications/concurrency/3.1/)]
 * Jakarta Data 1.0 ([https://jakarta.ee/specifications/data/1.0/)]
 * Jakarta Faces 4.1 ([https://jakarta.ee/specifications/faces/4.1/)]
 * Jakarta Pages 4.0 ([https://jakarta.ee/specifications/pages/4.0/)]
 * Jakarta Servlet 6.1 (https://jakarta.ee/specifications/servlet/6.1/)

Updates required:

 - Tomcat 11 ([https://www.mail-archive.com/announce@apache.org/msg07789.html])

 - Arquillian Weld Container 4.x ([https://github.com/apache/cxf/pull/1621])

 - Apache ActiveMQ 6 ([https://activemq.apache.org/activemq-600-release])

  was:
Support Jakarta EE 11 ([https://jakarta.ee/specifications/platform/11/])

Minimum JDK requirement - JDK-17

 

Specs updates:
 * [Jakarta Validation 3.1 
(|https://jakarta.ee/specifications/bean-validation/3.1/] 
[https://github.com/apache/cxf/pull/1889)]
 * Jakarta Persistence 3.2 ([https://github.com/apache/cxf/pull/1891, 
|https://github.com/apache/cxf/pull/1891] 
[https://jakarta.ee/specifications/persistence/3.2/)|https://jakarta.ee/specifications/persistence/3.2/]
 * Jakarta Annotations 3.0 
([https://jakarta.ee/specifications/annotations/3.0/)]
 * Jakarta Authorization 3.0 
([https://jakarta.ee/specifications/authorization/3.0/)]
 * Jakarta Contexts and Dependency Injection 4.1 
([https://jakarta.ee/specifications/cdi/4.1/)]
 * Jakarta Expression Language 6.0 
([https://jakarta.ee/specifications/expression-language/6.0/)]
 * Jakarta Interceptors 2.2 
([https://jakarta.ee/specifications/restful-ws/4.0/)]
 * Jakarta RESTful Web Services 4.0 
([https://jakarta.ee/specifications/restful-ws/4.0/)]
 * Jakarta Validation 3.1 
([https://jakarta.ee/specifications/bean-validation/3.1/])
 * Jakarta WebSocket 2.2 ([https://jakarta.ee/specifications/websocket/2.2/])

Updates required:

 - Tomcat 11 ([https://www.mail-archive.com/announce@apache.org/msg07789.html])

 - Arquillian Weld Container 4.x ([https://github.com/apache/cxf/pull/1621])

 - Apache ActiveMQ 6 ([https://activemq.apache.org/activemq-600-release])


> Support Jakarta EE 11
> -
>
> Key: CXF-8828
> URL: https://issues.apache.org/jira/browse/CXF-8828
> Project: CXF
>  Issue Type: Improvement
>Reporter: Andriy Redko
>Assignee: Andriy Redko
>Priority: Major
> Fix For: 4.2.0
>
>
> Support Jakarta EE 11 ([https://jakarta.ee/specifications/platform/11/])
> Minimum JDK requirement - JDK-17
>  
> Specs updates:
>  * [Jakarta Validation 3.1 
> (|https://jakarta.ee/specifications/bean-validation/3.1/] 
> [https://github.com/apache/cxf/pull/1889)]
>  * Jakarta Persistence 3.2 ([https://github.com/apache/cxf/pull/1891, 
> |https://github.com/apache/cxf/pull/1891] 
> [https://jakarta.ee/specifications/persistence/3.2/)|https://jakarta.ee/specifications/persistence/3.2/]
>  * Jakarta Annotations 3.0 
> ([https://jakarta.ee/specifications/annotations/3.0/)]
>  * Jakarta Authorization 3.0 
> ([https://jakarta.ee/specifications/authorization/3.0/)]
>  * Jakarta Contexts and Dependency Injection 4.1 
> ([https://jakarta.ee/specifications/cdi/4.1/)]
>  * Jakarta Expression Language 6.0 
> ([https://jakarta.ee/specifications/expression-language/6.0/)]
>  * Jakarta Interceptors 2.2 
> ([https://jakarta.ee/specifications/restful-ws/4.0/)]
>  * Jakarta RESTful Web Services 4.0 
> ([https://jakarta.ee/specifications/restful-ws/4.0/)]
>  * Jakarta Validation 3.1 

[jira] [Commented] (CXF-8671) Support Jakarta EE 10

[Andriy Redko (Jira)]

[ 
https://issues.apache.org/jira/browse/CXF-8671?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17853299#comment-17853299
 ] 

Andriy Redko commented on CXF-8671:
---

[~ruslan.hryn] no ETA for release but you could try snapshots already

> Support Jakarta EE 10
> -
>
> Key: CXF-8671
> URL: https://issues.apache.org/jira/browse/CXF-8671
> Project: CXF
>  Issue Type: Improvement
>Reporter: Andriy Redko
>Assignee: Andriy Redko
>Priority: Major
> Fix For: 4.1.0
>
>
> Support Jakarta EE 10
> Jakarta EE 10 has Landed - 
> [https://jakartaee-ambassadors.io/2022/09/22/jakarta-ee-10-released/]
> [https://jakarta.ee/release/10/]
> [https://www.infoq.com/news/2023/01/glassfish-delivers-support-jdk17/]
>  
> Specs 
> ([https://repo1.maven.org/maven2/jakarta/platform/jakartaee-api-parent/10.0.0/jakartaee-api-parent-10.0.0.pom):]
>  * Jakarta Activation 2.1*
>  * Jakarta Authentication 3.0*
>  * Jakarta Authorization 2.1*
>  * Jakarta Batch 2.1*
>  * Jakarta Bean Validation 3.0
>  * Jakarta Common Annotations 2.1*
>  * Jakarta Concurrency 3.0*
>  * Jakarta Connectors 2.1*
>  * Jakarta Contexts and Dependency Injection 4.0*
>  * Jakarta Debugging Support for Other Languages 2.0
>  * Jakarta Dependency Injection 2.0
>  * Jakarta Enterprise Beans 4.0 (except for Jakarta Enterprise Beans entity 
> beans and associated Jakarta Enterprise Beans QL, and embedded container, 
> which have been made removed)
>  * Jakarta Expression Language 5.0*
>  * Jakarta Interceptors 2.1*
>  * Jakarta JSON Processing 2.1*
>  * Jakarta JSON Binding 3.0*
>  * Jakarta Mail 2.1*
>  * Jakarta Managed Beans 2.0
>  * Jakarta Messaging 3.1*
>  * Jakarta Persistence 3.1*
>  * Jakarta RESTful Web Services 3.1*
>  * Jakarta Security 3.0*
>  * Jakarta Servlet 6.0*
>  * Jakarta Server Faces 4.0*
>  * Jakarta Server Pages 3.1*
>  * Jakarta Standard Tag Library 3.0*
>  * Jakarta Transactions 2.0
>  * Jakarta WebSocket 2.1*
>  * Jakarta Enterprise Beans 3.2 and earlier entity beans and associated 
> Jakarta Enterprise Beans QL
>  * Jakarta Enterprise Beans 2.x API group
>  * Jakarta Enterprise Web Services 2.0
>  * Jakarta SOAP with Attachments 3.0*
>  * Jakarta XML Web Services 4.0*
>  * Jakarta XML Binding 4.0*
>  
> Rest Client TCK update:
>  - [https://github.com/eclipse/microprofile-rest-client/pull/352]
>  
> Updates required:
>  - Brave 6
>  - OpenTelemetry 1.37.0+
>  - Apache Tika 3.0.0 
> ([https://github.com/apache/tika/releases/tag/3.0.0-BETA)]
>  - *[DONE]* UnboundID LDAP SDK for Java 7.0.0 
> ([https://github.com/pingidentity/ldapsdk/releases/tag/7.0.0])
>  - *[DONE]* Undertow 2.3.x
>  - *[DONE]* Jetty 12 
> ([https://github.com/eclipse/jetty.project/releases/tag/jetty-12.0.0.beta0])
>  - Hibernate Validator 8 ([https://hibernate.org/validator/releases/8.0/)]
>  - *[DONE]* Hibernate 6.4 
> ([https://in.relation.to/2023/11/23/orm-640-final/|https://in.relation.to/2023/08/31/orm-630/])
>  - *[DONE]* Weld 5 
> ([https://weld.cdi-spec.org/news/2022/04/29/weld-500Final/])
>  - *[DONE]* Spring Boot 3.2 
> ([https://github.com/spring-projects/spring-boot/releases/tag/v3.2.0|https://github.com/spring-projects/spring-boot/releases/tag/v3.1.0])
>  - *[DONE]* Spring Security 6.2 
> ([https://github.com/spring-projects/spring-security/releases/tag/6.1.0])
>  - *[DONE]* Micrometer 1.12 
> ([https://github.com/micrometer-metrics/micrometer/releases/tag/v1.11.0|https://github.com/micrometer-metrics/micrometer/releases/tag/v1.11.0-M1])
>  - {*}[DONE]{*}Micrometer Tracing 1.2 
> ([https://github.com/micrometer-metrics/tracing/releases/tag/v1.1.4)]
>  - *[DONE]* Spring LDAP 3.2 
> ([https://github.com/spring-projects/spring-ldap/releases/tag/3.2.0)|https://github.com/spring-projects/spring-ldap/releases/tag/3.1.0)]
> Microprofile 6.0 
> ([https://download.eclipse.org/microprofile/microprofile-6.0/microprofile-spec-6.0.html),]
>  aligned with JakartaEE 10 core profile:
>  - Microprofile OpenAPI 3.1 
> ([https://github.com/eclipse/microprofile-open-api/releases/tag/3.1])
>  - Microprofile Config 3.1 
> ([https://github.com/eclipse/microprofile-config/releases/tag/3.1])
>  - Angus Mail 
> ([https://github.com/eclipse-ee4j/angus-mail/releases/tag/2.0.1])
>  - 
> [https://github.com/arquillian/arquillian-container-weld/releases/tag/3.0.2.Final]
>  
> Migration Guide: 
> [https://cwiki.apache.org/confluence/display/CXF20DOC/4.1+Migration+Guide]



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Resolved] (CXFXJC-47) XJC DefaultValue plugin uses JAXBElement that does not have a default constructor

[Andriy Redko (Jira)]

 [ 
https://issues.apache.org/jira/browse/CXFXJC-47?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Andriy Redko resolved CXFXJC-47.

Resolution: Fixed

> XJC DefaultValue plugin uses JAXBElement that does not have a default 
> constructor
> -
>
> Key: CXFXJC-47
> URL: https://issues.apache.org/jira/browse/CXFXJC-47
> Project: CXF XJC Utils
>  Issue Type: Bug
>Affects Versions: 4.0.0
>Reporter: Andriy Redko
>Assignee: Andriy Redko
>Priority: Major
> Fix For: 4.0.1, 4.1.0, 3.3.4
>
>
> As reported by the user (see please 
> https://github.com/apache/cxf-xjc-utils/pull/129):
> We've found a minor bug when using extensions and substitiongroups.
> The defaultvalue-plugin generates a {{new JAXBElement}} expression, which 
> isn't valid java code, as JAXBElement does not have a default constructor.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Comment Edited] (CXF-8671) Support Jakarta EE 10

[Ruslan Gryn (Jira)]

[ 
https://issues.apache.org/jira/browse/CXF-8671?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17853246#comment-17853246
 ] 

Ruslan Gryn edited comment on CXF-8671 at 6/7/24 6:18 PM:
--

do you have an ETA for the delivery of Jetty 12 support? 
because it is the blocker for migration to Spring Boot 3.2
This is important because the support of  Spring Boot 3.1 ended a few weeks ago.


was (Author: ruslan.hryn):
do you have an ETA for the delivery of Jetty 12 support? 

because it is the blocker for migration to Spring Boot 3.2

This is important because the support of  Spring Boot 3.1 ended a few weeks ago.

> Support Jakarta EE 10
> -
>
> Key: CXF-8671
> URL: https://issues.apache.org/jira/browse/CXF-8671
> Project: CXF
>  Issue Type: Improvement
>Reporter: Andriy Redko
>Assignee: Andriy Redko
>Priority: Major
> Fix For: 4.1.0
>
>
> Support Jakarta EE 10
> Jakarta EE 10 has Landed - 
> [https://jakartaee-ambassadors.io/2022/09/22/jakarta-ee-10-released/]
> [https://jakarta.ee/release/10/]
> [https://www.infoq.com/news/2023/01/glassfish-delivers-support-jdk17/]
>  
> Specs 
> ([https://repo1.maven.org/maven2/jakarta/platform/jakartaee-api-parent/10.0.0/jakartaee-api-parent-10.0.0.pom):]
>  * Jakarta Activation 2.1*
>  * Jakarta Authentication 3.0*
>  * Jakarta Authorization 2.1*
>  * Jakarta Batch 2.1*
>  * Jakarta Bean Validation 3.0
>  * Jakarta Common Annotations 2.1*
>  * Jakarta Concurrency 3.0*
>  * Jakarta Connectors 2.1*
>  * Jakarta Contexts and Dependency Injection 4.0*
>  * Jakarta Debugging Support for Other Languages 2.0
>  * Jakarta Dependency Injection 2.0
>  * Jakarta Enterprise Beans 4.0 (except for Jakarta Enterprise Beans entity 
> beans and associated Jakarta Enterprise Beans QL, and embedded container, 
> which have been made removed)
>  * Jakarta Expression Language 5.0*
>  * Jakarta Interceptors 2.1*
>  * Jakarta JSON Processing 2.1*
>  * Jakarta JSON Binding 3.0*
>  * Jakarta Mail 2.1*
>  * Jakarta Managed Beans 2.0
>  * Jakarta Messaging 3.1*
>  * Jakarta Persistence 3.1*
>  * Jakarta RESTful Web Services 3.1*
>  * Jakarta Security 3.0*
>  * Jakarta Servlet 6.0*
>  * Jakarta Server Faces 4.0*
>  * Jakarta Server Pages 3.1*
>  * Jakarta Standard Tag Library 3.0*
>  * Jakarta Transactions 2.0
>  * Jakarta WebSocket 2.1*
>  * Jakarta Enterprise Beans 3.2 and earlier entity beans and associated 
> Jakarta Enterprise Beans QL
>  * Jakarta Enterprise Beans 2.x API group
>  * Jakarta Enterprise Web Services 2.0
>  * Jakarta SOAP with Attachments 3.0*
>  * Jakarta XML Web Services 4.0*
>  * Jakarta XML Binding 4.0*
>  
> Rest Client TCK update:
>  - [https://github.com/eclipse/microprofile-rest-client/pull/352]
>  
> Updates required:
>  - Brave 6
>  - OpenTelemetry 1.37.0+
>  - Apache Tika 3.0.0 
> ([https://github.com/apache/tika/releases/tag/3.0.0-BETA)]
>  - *[DONE]* UnboundID LDAP SDK for Java 7.0.0 
> ([https://github.com/pingidentity/ldapsdk/releases/tag/7.0.0])
>  - *[DONE]* Undertow 2.3.x
>  - *[DONE]* Jetty 12 
> ([https://github.com/eclipse/jetty.project/releases/tag/jetty-12.0.0.beta0])
>  - Hibernate Validator 8 ([https://hibernate.org/validator/releases/8.0/)]
>  - *[DONE]* Hibernate 6.4 
> ([https://in.relation.to/2023/11/23/orm-640-final/|https://in.relation.to/2023/08/31/orm-630/])
>  - *[DONE]* Weld 5 
> ([https://weld.cdi-spec.org/news/2022/04/29/weld-500Final/])
>  - *[DONE]* Spring Boot 3.2 
> ([https://github.com/spring-projects/spring-boot/releases/tag/v3.2.0|https://github.com/spring-projects/spring-boot/releases/tag/v3.1.0])
>  - *[DONE]* Spring Security 6.2 
> ([https://github.com/spring-projects/spring-security/releases/tag/6.1.0])
>  - *[DONE]* Micrometer 1.12 
> ([https://github.com/micrometer-metrics/micrometer/releases/tag/v1.11.0|https://github.com/micrometer-metrics/micrometer/releases/tag/v1.11.0-M1])
>  - {*}[DONE]{*}Micrometer Tracing 1.2 
> ([https://github.com/micrometer-metrics/tracing/releases/tag/v1.1.4)]
>  - *[DONE]* Spring LDAP 3.2 
> ([https://github.com/spring-projects/spring-ldap/releases/tag/3.2.0)|https://github.com/spring-projects/spring-ldap/releases/tag/3.1.0)]
> Microprofile 6.0 
> ([https://download.eclipse.org/microprofile/microprofile-6.0/microprofile-spec-6.0.html),]
>  aligned with JakartaEE 10 core profile:
>  - Microprofile OpenAPI 3.1 
> ([https://github.com/eclipse/microprofile-open-api/releases/tag/3.1])
>  - Microprofile Config 3.1 
> ([https://github.com/eclipse/microprofile-config/releases/tag/3.1])
>  - Angus Mail 
> ([https://githu

[jira] [Commented] (CXF-8671) Support Jakarta EE 10

[Ruslan Gryn (Jira)]

[ 
https://issues.apache.org/jira/browse/CXF-8671?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17853246#comment-17853246
 ] 

Ruslan Gryn commented on CXF-8671:
--

do you have an ETA for the delivery of Jetty 12 support? 

because it is the blocker for migration to Spring Boot 3.2

This is important because the support of  Spring Boot 3.1 ended a few weeks ago.

> Support Jakarta EE 10
> -
>
> Key: CXF-8671
> URL: https://issues.apache.org/jira/browse/CXF-8671
> Project: CXF
>  Issue Type: Improvement
>Reporter: Andriy Redko
>Assignee: Andriy Redko
>Priority: Major
> Fix For: 4.1.0
>
>
> Support Jakarta EE 10
> Jakarta EE 10 has Landed - 
> [https://jakartaee-ambassadors.io/2022/09/22/jakarta-ee-10-released/]
> [https://jakarta.ee/release/10/]
> [https://www.infoq.com/news/2023/01/glassfish-delivers-support-jdk17/]
>  
> Specs 
> ([https://repo1.maven.org/maven2/jakarta/platform/jakartaee-api-parent/10.0.0/jakartaee-api-parent-10.0.0.pom):]
>  * Jakarta Activation 2.1*
>  * Jakarta Authentication 3.0*
>  * Jakarta Authorization 2.1*
>  * Jakarta Batch 2.1*
>  * Jakarta Bean Validation 3.0
>  * Jakarta Common Annotations 2.1*
>  * Jakarta Concurrency 3.0*
>  * Jakarta Connectors 2.1*
>  * Jakarta Contexts and Dependency Injection 4.0*
>  * Jakarta Debugging Support for Other Languages 2.0
>  * Jakarta Dependency Injection 2.0
>  * Jakarta Enterprise Beans 4.0 (except for Jakarta Enterprise Beans entity 
> beans and associated Jakarta Enterprise Beans QL, and embedded container, 
> which have been made removed)
>  * Jakarta Expression Language 5.0*
>  * Jakarta Interceptors 2.1*
>  * Jakarta JSON Processing 2.1*
>  * Jakarta JSON Binding 3.0*
>  * Jakarta Mail 2.1*
>  * Jakarta Managed Beans 2.0
>  * Jakarta Messaging 3.1*
>  * Jakarta Persistence 3.1*
>  * Jakarta RESTful Web Services 3.1*
>  * Jakarta Security 3.0*
>  * Jakarta Servlet 6.0*
>  * Jakarta Server Faces 4.0*
>  * Jakarta Server Pages 3.1*
>  * Jakarta Standard Tag Library 3.0*
>  * Jakarta Transactions 2.0
>  * Jakarta WebSocket 2.1*
>  * Jakarta Enterprise Beans 3.2 and earlier entity beans and associated 
> Jakarta Enterprise Beans QL
>  * Jakarta Enterprise Beans 2.x API group
>  * Jakarta Enterprise Web Services 2.0
>  * Jakarta SOAP with Attachments 3.0*
>  * Jakarta XML Web Services 4.0*
>  * Jakarta XML Binding 4.0*
>  
> Rest Client TCK update:
>  - [https://github.com/eclipse/microprofile-rest-client/pull/352]
>  
> Updates required:
>  - Brave 6
>  - OpenTelemetry 1.37.0+
>  - Apache Tika 3.0.0 
> ([https://github.com/apache/tika/releases/tag/3.0.0-BETA)]
>  - *[DONE]* UnboundID LDAP SDK for Java 7.0.0 
> ([https://github.com/pingidentity/ldapsdk/releases/tag/7.0.0])
>  - *[DONE]* Undertow 2.3.x
>  - *[DONE]* Jetty 12 
> ([https://github.com/eclipse/jetty.project/releases/tag/jetty-12.0.0.beta0])
>  - Hibernate Validator 8 ([https://hibernate.org/validator/releases/8.0/)]
>  - *[DONE]* Hibernate 6.4 
> ([https://in.relation.to/2023/11/23/orm-640-final/|https://in.relation.to/2023/08/31/orm-630/])
>  - *[DONE]* Weld 5 
> ([https://weld.cdi-spec.org/news/2022/04/29/weld-500Final/])
>  - *[DONE]* Spring Boot 3.2 
> ([https://github.com/spring-projects/spring-boot/releases/tag/v3.2.0|https://github.com/spring-projects/spring-boot/releases/tag/v3.1.0])
>  - *[DONE]* Spring Security 6.2 
> ([https://github.com/spring-projects/spring-security/releases/tag/6.1.0])
>  - *[DONE]* Micrometer 1.12 
> ([https://github.com/micrometer-metrics/micrometer/releases/tag/v1.11.0|https://github.com/micrometer-metrics/micrometer/releases/tag/v1.11.0-M1])
>  - {*}[DONE]{*}Micrometer Tracing 1.2 
> ([https://github.com/micrometer-metrics/tracing/releases/tag/v1.1.4)]
>  - *[DONE]* Spring LDAP 3.2 
> ([https://github.com/spring-projects/spring-ldap/releases/tag/3.2.0)|https://github.com/spring-projects/spring-ldap/releases/tag/3.1.0)]
> Microprofile 6.0 
> ([https://download.eclipse.org/microprofile/microprofile-6.0/microprofile-spec-6.0.html),]
>  aligned with JakartaEE 10 core profile:
>  - Microprofile OpenAPI 3.1 
> ([https://github.com/eclipse/microprofile-open-api/releases/tag/3.1])
>  - Microprofile Config 3.1 
> ([https://github.com/eclipse/microprofile-config/releases/tag/3.1])
>  - Angus Mail 
> ([https://github.com/eclipse-ee4j/angus-mail/releases/tag/2.0.1])
>  - 
> [https://github.com/arquillian/arquillian-container-weld/releases/tag/3.0.2.Final]
>  
> Migration Guide: 
> [https://cwiki.apache.org/confluence/display/CXF20DOC/4.1+Migration+Guide]



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Created] (FEDIZ-258) Update Kerberos systest to skip on IBM Java

[Jamie Mark Goodyear (Jira)]

Jamie Mark Goodyear created FEDIZ-258:
-

 Summary: Update Kerberos systest to skip on IBM Java 
 Key: FEDIZ-258
 URL: https://issues.apache.org/jira/browse/FEDIZ-258
 Project: CXF-Fediz
  Issue Type: Test
 Environment: IBM Semeru 8 on PPC64LE, Stream 9 OS
Reporter: Jamie Mark Goodyear


Update Kerberos systest to skip on IBM Java (same as CXF core).



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (CXF-8976) Update to OpenTelemetry v1.39.0

[Andriy Redko (Jira)]

 [ 
https://issues.apache.org/jira/browse/CXF-8976?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Andriy Redko updated CXF-8976:
--
Summary: Update to OpenTelemetry v1.39.0  (was: Update to OpenTelemetry 
v1.38.0)

> Update to OpenTelemetry v1.39.0
> ---
>
> Key: CXF-8976
> URL: https://issues.apache.org/jira/browse/CXF-8976
> Project: CXF
>  Issue Type: Improvement
>  Components: Tracing
>Reporter: Andriy Redko
>Assignee: Andriy Redko
>Priority: Major
> Fix For: 4.1.0
>
>
> The OpenTelemetry v1.35.0 SDKs switched to Brave 6:
> {noformat}
>   "io.zipkin.brave:brave-bom:6.0.0",
>   "io.zipkin.reporter2:zipkin-reporter-bom:3.2.1", {noformat}



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (CXFXJC-47) XJC DefaultValue plugin uses JAXBElement that does not have a default constructor

[Andriy Redko (Jira)]

 [ 
https://issues.apache.org/jira/browse/CXFXJC-47?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Andriy Redko updated CXFXJC-47:
---
Fix Version/s: 3.3.4
   (was: 3.3.3)

> XJC DefaultValue plugin uses JAXBElement that does not have a default 
> constructor
> -
>
> Key: CXFXJC-47
> URL: https://issues.apache.org/jira/browse/CXFXJC-47
> Project: CXF XJC Utils
>  Issue Type: Bug
>Affects Versions: 4.0.0
>Reporter: Andriy Redko
>Assignee: Andriy Redko
>Priority: Major
> Fix For: 4.0.1, 4.1.0, 3.3.4
>
>
> As reported by the user (see please 
> https://github.com/apache/cxf-xjc-utils/pull/129):
> We've found a minor bug when using extensions and substitiongroups.
> The defaultvalue-plugin generates a {{new JAXBElement}} expression, which 
> isn't valid java code, as JAXBElement does not have a default constructor.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (CXFXJC-47) XJC DefaultValue plugin uses JAXBElement that does not have a default constructor

[Andriy Redko (Jira)]

 [ 
https://issues.apache.org/jira/browse/CXFXJC-47?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Andriy Redko updated CXFXJC-47:
---
Fix Version/s: 3.3.3

> XJC DefaultValue plugin uses JAXBElement that does not have a default 
> constructor
> -
>
> Key: CXFXJC-47
> URL: https://issues.apache.org/jira/browse/CXFXJC-47
> Project: CXF XJC Utils
>  Issue Type: Bug
>Affects Versions: 4.0.0
>Reporter: Andriy Redko
>Assignee: Andriy Redko
>Priority: Major
> Fix For: 3.3.3, 4.0.1, 4.1.0
>
>
> As reported by the user (see please 
> https://github.com/apache/cxf-xjc-utils/pull/129):
> We've found a minor bug when using extensions and substitiongroups.
> The defaultvalue-plugin generates a {{new JAXBElement}} expression, which 
> isn't valid java code, as JAXBElement does not have a default constructor.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (CXFXJC-47) XJC DefaultValue plugin uses JAXBElement that does not have a default constructor.

[Andriy Redko (Jira)]

 [ 
https://issues.apache.org/jira/browse/CXFXJC-47?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Andriy Redko updated CXFXJC-47:
---
Description: 
As reported by the user (see please 
https://github.com/apache/cxf-xjc-utils/pull/129):

We've found a minor bug when using extensions and substitiongroups.

The defaultvalue-plugin generates a {{new JAXBElement}} expression, which isn't 
valid java code, as JAXBElement does not have a default constructor.

> XJC DefaultValue plugin uses JAXBElement that does not have a default 
> constructor.
> --
>
> Key: CXFXJC-47
> URL: https://issues.apache.org/jira/browse/CXFXJC-47
> Project: CXF XJC Utils
>  Issue Type: Bug
>Affects Versions: 4.0.0
>Reporter: Andriy Redko
>Assignee: Andriy Redko
>Priority: Major
> Fix For: 4.0.1, 4.1.0
>
>
> As reported by the user (see please 
> https://github.com/apache/cxf-xjc-utils/pull/129):
> We've found a minor bug when using extensions and substitiongroups.
> The defaultvalue-plugin generates a {{new JAXBElement}} expression, which 
> isn't valid java code, as JAXBElement does not have a default constructor.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (CXFXJC-47) XJC DefaultValue plugin uses JAXBElement that does not have a default constructor

[Andriy Redko (Jira)]

 [ 
https://issues.apache.org/jira/browse/CXFXJC-47?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Andriy Redko updated CXFXJC-47:
---
Summary: XJC DefaultValue plugin uses JAXBElement that does not have a 
default constructor  (was: XJC DefaultValue plugin uses JAXBElement that does 
not have a default constructor.)

> XJC DefaultValue plugin uses JAXBElement that does not have a default 
> constructor
> -
>
> Key: CXFXJC-47
> URL: https://issues.apache.org/jira/browse/CXFXJC-47
> Project: CXF XJC Utils
>  Issue Type: Bug
>Affects Versions: 4.0.0
>Reporter: Andriy Redko
>Assignee: Andriy Redko
>Priority: Major
> Fix For: 4.0.1, 4.1.0
>
>
> As reported by the user (see please 
> https://github.com/apache/cxf-xjc-utils/pull/129):
> We've found a minor bug when using extensions and substitiongroups.
> The defaultvalue-plugin generates a {{new JAXBElement}} expression, which 
> isn't valid java code, as JAXBElement does not have a default constructor.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (CXFXJC-47) XJC DefaultValue plugin uses JAXBElement that does not have a default constructor.

[Andriy Redko (Jira)]

 [ 
https://issues.apache.org/jira/browse/CXFXJC-47?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Andriy Redko updated CXFXJC-47:
---
Affects Version/s: 4.0.0

> XJC DefaultValue plugin uses JAXBElement that does not have a default 
> constructor.
> --
>
> Key: CXFXJC-47
> URL: https://issues.apache.org/jira/browse/CXFXJC-47
> Project: CXF XJC Utils
>  Issue Type: Bug
>Affects Versions: 4.0.0
>Reporter: Andriy Redko
>Assignee: Andriy Redko
>Priority: Major
>




--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Created] (CXFXJC-47) XJC DefaultValue plugin uses JAXBElement that does not have a default constructor.

[Andriy Redko (Jira)]

Andriy Redko created CXFXJC-47:
--

 Summary: XJC DefaultValue plugin uses JAXBElement that does not 
have a default constructor.
 Key: CXFXJC-47
 URL: https://issues.apache.org/jira/browse/CXFXJC-47
 Project: CXF XJC Utils
  Issue Type: Bug
Reporter: Andriy Redko
Assignee: Andriy Redko






--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (CXFXJC-47) XJC DefaultValue plugin uses JAXBElement that does not have a default constructor.

[Andriy Redko (Jira)]

 [ 
https://issues.apache.org/jira/browse/CXFXJC-47?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Andriy Redko updated CXFXJC-47:
---
Fix Version/s: 4.1.0
   4.0.1

> XJC DefaultValue plugin uses JAXBElement that does not have a default 
> constructor.
> --
>
> Key: CXFXJC-47
> URL: https://issues.apache.org/jira/browse/CXFXJC-47
> Project: CXF XJC Utils
>  Issue Type: Bug
>Affects Versions: 4.0.0
>Reporter: Andriy Redko
>Assignee: Andriy Redko
>Priority: Major
> Fix For: 4.0.1, 4.1.0
>
>




--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (CXF-9007) NullPointerException in XMLStreamDataWriter.writeNode

[Andriy Redko (Jira)]

[ 
https://issues.apache.org/jira/browse/CXF-9007?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17852604#comment-17852604
 ] 

Andriy Redko commented on CXF-9007:
---

Hi [~maghol] , thanks a lot for confirming, I think we could go with this small 
fix for now, thanks again!

> NullPointerException in XMLStreamDataWriter.writeNode
> -
>
> Key: CXF-9007
> URL: https://issues.apache.org/jira/browse/CXF-9007
> Project: CXF
>  Issue Type: Bug
>Affects Versions: 4.0.3, 4.0.4
>Reporter: Magnus Holm
>Assignee: Andriy Redko
>Priority: Major
> Fix For: 4.1.0, 4.0.5
>
> Attachments: dispatch-impl-npe.txt, interceptor-npe.txt, 
> invoke-async-npe.txt, invoke-sync-npe.txt
>
>
> We're encountering sporadic weird {{NullPointerException}} in various of our 
> tests using different client configurations with wsdls. It seems to only 
> occur right after initialising the client, e.g. only on the first call. I 
> suspect it's some kind of race-condition, but I've not been able to create a 
> reproducer. I was hoping maybe someone from the project would have insight 
> into why this could be happening by looking at the stacktraces. 
> The error we're hitting appears to be here: 
> {code}
> java.lang.NullPointerException: Cannot invoke 
> "org.w3c.dom.Node.getOwnerDocument()" because "nd" is null
>   at 
> org.apache.cxf.databinding.source.XMLStreamDataWriter.writeNode(XMLStreamDataWriter.java:160)
>  ~[cxf-core-4.0.4.jar:4.0.4]
>   at 
> org.apache.cxf.databinding.source.XMLStreamDataWriter.write(XMLStreamDataWriter.java:101)
>  ~[cxf-core-4.0.4.jar:4.0.4]
>   at 
> org.apache.cxf.databinding.source.XMLStreamDataWriter.write(XMLStreamDataWriter.java:67)
>  ~[cxf-core-4.0.4.jar:4.0.4]
>   at 
> org.apache.cxf.databinding.source.XMLStreamDataWriter.write(XMLStreamDataWriter.java:55)
>  ~[cxf-core-4.0.4.jar:4.0.4]
> {code}
> Update: we're using cxf-rt-transports-http-hc5.
> We've had this issue on 4.0.3 and 4.0.4. We might've had it on previous 
> versions as well, but I don't have build history going back that far.  
> JDK versions: Corretto 17 (17.0.8-amzn), Zulu 17 (17.0.10-zulu) ++



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Resolved] (CXF-9027) Update Performance benchmark pom values

[Andriy Redko (Jira)]

 [ 
https://issues.apache.org/jira/browse/CXF-9027?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Andriy Redko resolved CXF-9027.
---
Resolution: Fixed

> Update Performance benchmark pom values
> ---
>
> Key: CXF-9027
> URL: https://issues.apache.org/jira/browse/CXF-9027
> Project: CXF
>  Issue Type: Test
>  Components: Samples
>Affects Versions: 4.1.0
>Reporter: Jamie Mark Goodyear
>Priority: Trivial
> Fix For: 4.1.0
>
>
> When using the profiles for client or server there may be build issues vs the 
> clientserver profile.
> Remove from jaxrs pom maven.exec.plugin.version from client profile.
> Update soap_http_doc_lit pom cxf-rt-transports-http-jetty entry to 
> project.version.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (CXF-9027) Update Performance benchmark pom values

[Andriy Redko (Jira)]

 [ 
https://issues.apache.org/jira/browse/CXF-9027?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Andriy Redko updated CXF-9027:
--
Fix Version/s: 4.1.0

> Update Performance benchmark pom values
> ---
>
> Key: CXF-9027
> URL: https://issues.apache.org/jira/browse/CXF-9027
> Project: CXF
>  Issue Type: Test
>  Components: Samples
>Affects Versions: 4.1.0
>Reporter: Jamie Mark Goodyear
>Priority: Trivial
> Fix For: 4.1.0
>
>
> When using the profiles for client or server there may be build issues vs the 
> clientserver profile.
> Remove from jaxrs pom maven.exec.plugin.version from client profile.
> Update soap_http_doc_lit pom cxf-rt-transports-http-jetty entry to 
> project.version.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (CXF-9027) Update Performance benchmark pom values

[Jamie Mark Goodyear (Jira)]

 [ 
https://issues.apache.org/jira/browse/CXF-9027?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Jamie Mark Goodyear updated CXF-9027:
-
Flags: Patch

> Update Performance benchmark pom values
> ---
>
> Key: CXF-9027
> URL: https://issues.apache.org/jira/browse/CXF-9027
> Project: CXF
>  Issue Type: Test
>  Components: Samples
>Affects Versions: 4.1.0
>Reporter: Jamie Mark Goodyear
>Priority: Trivial
>
> When using the profiles for client or server there may be build issues vs the 
> clientserver profile.
> Remove from jaxrs pom maven.exec.plugin.version from client profile.
> Update soap_http_doc_lit pom cxf-rt-transports-http-jetty entry to 
> project.version.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Created] (CXF-9027) Update Performance benchmark pom values

[Jamie Mark Goodyear (Jira)]

Jamie Mark Goodyear created CXF-9027:


 Summary: Update Performance benchmark pom values
 Key: CXF-9027
 URL: https://issues.apache.org/jira/browse/CXF-9027
 Project: CXF
  Issue Type: Test
  Components: Samples
Affects Versions: 4.1.0
Reporter: Jamie Mark Goodyear


When using the profiles for client or server there may be build issues vs the 
clientserver profile.

Remove from jaxrs pom maven.exec.plugin.version from client profile.
Update soap_http_doc_lit pom cxf-rt-transports-http-jetty entry to 
project.version.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Resolved] (CXF-9009) Async operations fail in concurrent calls

[Andriy Redko (Jira)]

 [ 
https://issues.apache.org/jira/browse/CXF-9009?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Andriy Redko resolved CXF-9009.
---
Resolution: Fixed

> Async operations fail in concurrent calls
> -
>
> Key: CXF-9009
> URL: https://issues.apache.org/jira/browse/CXF-9009
> Project: CXF
>  Issue Type: Bug
>  Components: JAX-WS Runtime
>Affects Versions: 3.5.8, 3.6.3, 4.0.4
>Reporter: Julio J. Gomez Diaz
>Assignee: Andriy Redko
>Priority: Major
> Fix For: 3.5.9, 4.1.0, 4.0.5, 3.6.4
>
> Attachments: spring-soap.zip
>
>
> An exception occurs when a SOAP client is used concurrently in async 
> operations, the exception is as follows:
>  
>  
> {code:java}
> org.apache.cxf.interceptor.Fault: Could not send Message.
>   at 
> org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:67)
>  ~[cxf-core-4.0.4.jar:4.0.4]
>   at 
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:307)
>  ~[cxf-core-4.0.4.jar:4.0.4]
>   at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:530) 
> ~[cxf-core-4.0.4.jar:4.0.4]
>   at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:434) 
> ~[cxf-core-4.0.4.jar:4.0.4]
>   at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:412) 
> ~[cxf-core-4.0.4.jar:4.0.4]
>   at 
> org.apache.cxf.jaxws.JaxWsClientProxy.invokeAsync(JaxWsClientProxy.java:326) 
> ~[cxf-rt-frontend-jaxws-4.0.4.jar:4.0.4]
>   at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:138) 
> ~[cxf-rt-frontend-jaxws-4.0.4.jar:4.0.4]
>   at jdk.proxy2/jdk.proxy2.$Proxy95.countAsync(Unknown Source) ~[na:na]
>   at 
> com.example.demo.rest.RestController.lambda$async$1(RestController.java:25) 
> ~[classes/:na]
>   at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:317) 
> ~[na:na]
>   at 
> java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1144)
>  ~[na:na]
>   at 
> java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:642)
>  ~[na:na]
>   at java.base/java.lang.Thread.run(Thread.java:1583) ~[na:na]
> Caused by: io.netty.channel.StacklessClosedChannelException: null
>   at 
> io.netty.channel.AbstractChannel$AbstractUnsafe.ensureOpen(ChannelPromise)(Unknown
>  Source) ~[netty-transport-4.1.109.Final.jar:4.1.109.Final]{code}
>  
> I created an reproducer application (find attached "spring-soap.zip")  that 
> acts as client and server, and this publishes the following operations:
>  * [http://localhost:8080/async] -> it uses a soap client to call 
> concurrently using an async operation (this {*}fails with the exception 
> previously described{*})
>  * [http://localhost:8080/sync] -> it uses a soap client to call concurrently 
> using an ordinary operation (ends without errors)



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (CXF-9009) Async operations fail in concurrent calls

[Andriy Redko (Jira)]

[ 
https://issues.apache.org/jira/browse/CXF-9009?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17851835#comment-17851835
 ] 

Andriy Redko commented on CXF-9009:
---

Hello [~juliojgd] , just merged it, sorry about that. Regarding the release(s), 
no exact timelines as of today, but I think the releases may happen this month 
(june)

> Async operations fail in concurrent calls
> -
>
> Key: CXF-9009
> URL: https://issues.apache.org/jira/browse/CXF-9009
> Project: CXF
>  Issue Type: Bug
>  Components: JAX-WS Runtime
>Affects Versions: 3.5.8, 3.6.3, 4.0.4
>Reporter: Julio J. Gomez Diaz
>Assignee: Andriy Redko
>Priority: Major
> Fix For: 3.5.9, 4.1.0, 4.0.5, 3.6.4
>
> Attachments: spring-soap.zip
>
>
> An exception occurs when a SOAP client is used concurrently in async 
> operations, the exception is as follows:
>  
>  
> {code:java}
> org.apache.cxf.interceptor.Fault: Could not send Message.
>   at 
> org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:67)
>  ~[cxf-core-4.0.4.jar:4.0.4]
>   at 
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:307)
>  ~[cxf-core-4.0.4.jar:4.0.4]
>   at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:530) 
> ~[cxf-core-4.0.4.jar:4.0.4]
>   at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:434) 
> ~[cxf-core-4.0.4.jar:4.0.4]
>   at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:412) 
> ~[cxf-core-4.0.4.jar:4.0.4]
>   at 
> org.apache.cxf.jaxws.JaxWsClientProxy.invokeAsync(JaxWsClientProxy.java:326) 
> ~[cxf-rt-frontend-jaxws-4.0.4.jar:4.0.4]
>   at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:138) 
> ~[cxf-rt-frontend-jaxws-4.0.4.jar:4.0.4]
>   at jdk.proxy2/jdk.proxy2.$Proxy95.countAsync(Unknown Source) ~[na:na]
>   at 
> com.example.demo.rest.RestController.lambda$async$1(RestController.java:25) 
> ~[classes/:na]
>   at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:317) 
> ~[na:na]
>   at 
> java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1144)
>  ~[na:na]
>   at 
> java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:642)
>  ~[na:na]
>   at java.base/java.lang.Thread.run(Thread.java:1583) ~[na:na]
> Caused by: io.netty.channel.StacklessClosedChannelException: null
>   at 
> io.netty.channel.AbstractChannel$AbstractUnsafe.ensureOpen(ChannelPromise)(Unknown
>  Source) ~[netty-transport-4.1.109.Final.jar:4.1.109.Final]{code}
>  
> I created an reproducer application (find attached "spring-soap.zip")  that 
> acts as client and server, and this publishes the following operations:
>  * [http://localhost:8080/async] -> it uses a soap client to call 
> concurrently using an async operation (this {*}fails with the exception 
> previously described{*})
>  * [http://localhost:8080/sync] -> it uses a soap client to call concurrently 
> using an ordinary operation (ends without errors)



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (CXF-9016) Upgrade Spring-Framework to 5.3.34 in Apache-cxf

[Andriy Redko (Jira)]

[ 
https://issues.apache.org/jira/browse/CXF-9016?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17851595#comment-17851595
 ] 

Andriy Redko commented on CXF-9016:
---

No exact timelines as of today, but I think the releases may happen this month 
(june)

> Upgrade Spring-Framework to 5.3.34 in Apache-cxf
> 
>
> Key: CXF-9016
> URL: https://issues.apache.org/jira/browse/CXF-9016
> Project: CXF
>  Issue Type: Improvement
>Affects Versions: 3.5.5, 3.5.6, 3.5.7, 3.5.8, 3.6.3
>Reporter: Nikhil
>Priority: Major
> Fix For: 3.5.9, 4.1.0, 4.0.5, 3.6.4
>
>
> We have a high severity security issue with spring-framework ::
> h2. Affected Spring Products and Versions
> Spring Framework
>  * 6.1.0 - 6.1.5
>  * 6.0.0 - 6.0.18
>  * 5.3.0 - 5.3.33
>  * Older, unsupported versions are also affected
>  
> {*}Summary{*}: Applications that use UriComponentsBuilder in Spring Framework 
> to parse an externally provided URL (e.g. through a query parameter) AND 
> perform validation checks on the host of the parsed URL may be vulnerable to 
> a open redirect [https://cwe.mitre.org/data/definitions/601.html]  attack or 
> to a SSRF attack if the URL is used after passing validation checks.
> This is the same as CVE-2024-22243 
> [https://spring.io/security/cve-2024-22243] , but with different input.
>  
> *Note:* This is the same as *CVE-2024-22259* and {*}CVE-2024-22243{*}, but 
> with different input.
> –
> All these issues were fixed in Spring-Framework *5.3.34*
>  
> *Could you please review and update Spring-Framework as needed in CXF package 
> ?*



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (CXF-9016) Upgrade Spring-Framework to 5.3.34 in Apache-cxf

[Nikhil (Jira)]

[ 
https://issues.apache.org/jira/browse/CXF-9016?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17851561#comment-17851561
 ] 

Nikhil commented on CXF-9016:
-

Thanks for the update and help [~reta] 

May I ask you on the plans / expected timelines for the release of *version 
3.5.9* please ?

> Upgrade Spring-Framework to 5.3.34 in Apache-cxf
> 
>
> Key: CXF-9016
> URL: https://issues.apache.org/jira/browse/CXF-9016
> Project: CXF
>  Issue Type: Improvement
>Affects Versions: 3.5.5, 3.5.6, 3.5.7, 3.5.8, 3.6.3
>Reporter: Nikhil
>Priority: Major
> Fix For: 3.5.9, 4.1.0, 4.0.5, 3.6.4
>
>
> We have a high severity security issue with spring-framework ::
> h2. Affected Spring Products and Versions
> Spring Framework
>  * 6.1.0 - 6.1.5
>  * 6.0.0 - 6.0.18
>  * 5.3.0 - 5.3.33
>  * Older, unsupported versions are also affected
>  
> {*}Summary{*}: Applications that use UriComponentsBuilder in Spring Framework 
> to parse an externally provided URL (e.g. through a query parameter) AND 
> perform validation checks on the host of the parsed URL may be vulnerable to 
> a open redirect [https://cwe.mitre.org/data/definitions/601.html]  attack or 
> to a SSRF attack if the URL is used after passing validation checks.
> This is the same as CVE-2024-22243 
> [https://spring.io/security/cve-2024-22243] , but with different input.
>  
> *Note:* This is the same as *CVE-2024-22259* and {*}CVE-2024-22243{*}, but 
> with different input.
> –
> All these issues were fixed in Spring-Framework *5.3.34*
>  
> *Could you please review and update Spring-Framework as needed in CXF package 
> ?*



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (CXF-9009) Async operations fail in concurrent calls

[Julio J. Gomez Diaz (Jira)]

[ 
https://issues.apache.org/jira/browse/CXF-9009?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17851541#comment-17851541
 ] 

Julio J. Gomez Diaz commented on CXF-9009:
--

Hello [~reta] , is there any estimated date to merge your pull request and 
release a version with the fix?

 

Thanks in advance,

> Async operations fail in concurrent calls
> -
>
> Key: CXF-9009
> URL: https://issues.apache.org/jira/browse/CXF-9009
> Project: CXF
>  Issue Type: Bug
>  Components: JAX-WS Runtime
>Affects Versions: 3.5.8, 3.6.3, 4.0.4
>Reporter: Julio J. Gomez Diaz
>Assignee: Andriy Redko
>Priority: Major
> Fix For: 3.5.9, 4.1.0, 4.0.5, 3.6.4
>
> Attachments: spring-soap.zip
>
>
> An exception occurs when a SOAP client is used concurrently in async 
> operations, the exception is as follows:
>  
>  
> {code:java}
> org.apache.cxf.interceptor.Fault: Could not send Message.
>   at 
> org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:67)
>  ~[cxf-core-4.0.4.jar:4.0.4]
>   at 
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:307)
>  ~[cxf-core-4.0.4.jar:4.0.4]
>   at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:530) 
> ~[cxf-core-4.0.4.jar:4.0.4]
>   at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:434) 
> ~[cxf-core-4.0.4.jar:4.0.4]
>   at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:412) 
> ~[cxf-core-4.0.4.jar:4.0.4]
>   at 
> org.apache.cxf.jaxws.JaxWsClientProxy.invokeAsync(JaxWsClientProxy.java:326) 
> ~[cxf-rt-frontend-jaxws-4.0.4.jar:4.0.4]
>   at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:138) 
> ~[cxf-rt-frontend-jaxws-4.0.4.jar:4.0.4]
>   at jdk.proxy2/jdk.proxy2.$Proxy95.countAsync(Unknown Source) ~[na:na]
>   at 
> com.example.demo.rest.RestController.lambda$async$1(RestController.java:25) 
> ~[classes/:na]
>   at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:317) 
> ~[na:na]
>   at 
> java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1144)
>  ~[na:na]
>   at 
> java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:642)
>  ~[na:na]
>   at java.base/java.lang.Thread.run(Thread.java:1583) ~[na:na]
> Caused by: io.netty.channel.StacklessClosedChannelException: null
>   at 
> io.netty.channel.AbstractChannel$AbstractUnsafe.ensureOpen(ChannelPromise)(Unknown
>  Source) ~[netty-transport-4.1.109.Final.jar:4.1.109.Final]{code}
>  
> I created an reproducer application (find attached "spring-soap.zip")  that 
> acts as client and server, and this publishes the following operations:
>  * [http://localhost:8080/async] -> it uses a soap client to call 
> concurrently using an async operation (this {*}fails with the exception 
> previously described{*})
>  * [http://localhost:8080/sync] -> it uses a soap client to call concurrently 
> using an ordinary operation (ends without errors)



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (CXF-9026) Integrate Jacoco into Apache CXF builds to collect code coverage stats

[Andriy Redko (Jira)]

 [ 
https://issues.apache.org/jira/browse/CXF-9026?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Andriy Redko updated CXF-9026:
--
Description: We have never used any code coverage tools and it is difficult 
to asses the gaps in tests. The suggestion is to integrate Jacoco into Apache 
CXF builds to collect code coverage stats

> Integrate Jacoco into Apache CXF builds to collect code coverage stats
> --
>
> Key: CXF-9026
> URL: https://issues.apache.org/jira/browse/CXF-9026
> Project: CXF
>  Issue Type: Improvement
>Reporter: Andriy Redko
>Assignee: Andriy Redko
>Priority: Major
> Fix For: 4.1.0, 4.0.5
>
>
> We have never used any code coverage tools and it is difficult to asses the 
> gaps in tests. The suggestion is to integrate Jacoco into Apache CXF builds 
> to collect code coverage stats



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Created] (CXF-9026) Integrate Jacoco into Apache CXF builds to collect code coverage stats

[Andriy Redko (Jira)]

Andriy Redko created CXF-9026:
-

 Summary: Integrate Jacoco into Apache CXF builds to collect code 
coverage stats
 Key: CXF-9026
 URL: https://issues.apache.org/jira/browse/CXF-9026
 Project: CXF
  Issue Type: Improvement
Reporter: Andriy Redko
Assignee: Andriy Redko
 Fix For: 4.1.0, 4.0.5






--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (CXF-9025) Increase unit test coverage on org.apache.cxf.catalog

[Jamie Mark Goodyear (Jira)]

 [ 
https://issues.apache.org/jira/browse/CXF-9025?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Jamie Mark Goodyear updated CXF-9025:
-
Flags: Patch

> Increase unit test coverage on org.apache.cxf.catalog
> -
>
> Key: CXF-9025
> URL: https://issues.apache.org/jira/browse/CXF-9025
> Project: CXF
>  Issue Type: Test
>  Components: Core
>Affects Versions: 4.1.0
>Reporter: Jamie Mark Goodyear
>Priority: Minor
>
> org.apache.cxf.catalog has several classes without unit test coverage.
> This card & PR intends to improve coverage.
> IDEA coverage report:
> org.apache.cxf.catalog: 0% class, 0% Methods, 0% Lines.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Created] (CXF-9025) Increase unit test coverage on org.apache.cxf.catalog

[Jamie Mark Goodyear (Jira)]

Jamie Mark Goodyear created CXF-9025:


 Summary: Increase unit test coverage on org.apache.cxf.catalog
 Key: CXF-9025
 URL: https://issues.apache.org/jira/browse/CXF-9025
 Project: CXF
  Issue Type: Test
  Components: Core
Affects Versions: 4.1.0
Reporter: Jamie Mark Goodyear


org.apache.cxf.catalog has several classes without unit test coverage.
This card & PR intends to improve coverage.

IDEA coverage report:
org.apache.cxf.catalog: 0% class, 0% Methods, 0% Lines.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (CXF-9016) Upgrade Spring-Framework to 5.3.34 in Apache-cxf

[Andriy Redko (Jira)]

 [ 
https://issues.apache.org/jira/browse/CXF-9016?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Andriy Redko updated CXF-9016:
--
Fix Version/s: 3.5.9
   4.1.0
   4.0.5
   3.6.4

> Upgrade Spring-Framework to 5.3.34 in Apache-cxf
> 
>
> Key: CXF-9016
> URL: https://issues.apache.org/jira/browse/CXF-9016
> Project: CXF
>  Issue Type: Improvement
>Affects Versions: 3.5.5, 3.5.6, 3.5.7, 3.5.8, 3.6.3
>Reporter: Nikhil
>Priority: Major
> Fix For: 3.5.9, 4.1.0, 4.0.5, 3.6.4
>
>
> We have a high severity security issue with spring-framework ::
> h2. Affected Spring Products and Versions
> Spring Framework
>  * 6.1.0 - 6.1.5
>  * 6.0.0 - 6.0.18
>  * 5.3.0 - 5.3.33
>  * Older, unsupported versions are also affected
>  
> {*}Summary{*}: Applications that use UriComponentsBuilder in Spring Framework 
> to parse an externally provided URL (e.g. through a query parameter) AND 
> perform validation checks on the host of the parsed URL may be vulnerable to 
> a open redirect [https://cwe.mitre.org/data/definitions/601.html]  attack or 
> to a SSRF attack if the URL is used after passing validation checks.
> This is the same as CVE-2024-22243 
> [https://spring.io/security/cve-2024-22243] , but with different input.
>  
> *Note:* This is the same as *CVE-2024-22259* and {*}CVE-2024-22243{*}, but 
> with different input.
> –
> All these issues were fixed in Spring-Framework *5.3.34*
>  
> *Could you please review and update Spring-Framework as needed in CXF package 
> ?*



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (CXF-9016) Upgrade Spring-Framework to 5.3.34 in Apache-cxf

[Andriy Redko (Jira)]

[ 
https://issues.apache.org/jira/browse/CXF-9016?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17851059#comment-17851059
 ] 

Andriy Redko commented on CXF-9016:
---

[~somasaninikhil]  All upcoming releases will be bundled with the latest 
versions, I have added a version labels to this issue to help you navigate, 
thank you.

> Upgrade Spring-Framework to 5.3.34 in Apache-cxf
> 
>
> Key: CXF-9016
> URL: https://issues.apache.org/jira/browse/CXF-9016
> Project: CXF
>  Issue Type: Improvement
>Affects Versions: 3.5.5, 3.5.6, 3.5.7, 3.5.8, 3.6.3
>Reporter: Nikhil
>Priority: Major
> Fix For: 3.5.9, 4.1.0, 4.0.5, 3.6.4
>
>
> We have a high severity security issue with spring-framework ::
> h2. Affected Spring Products and Versions
> Spring Framework
>  * 6.1.0 - 6.1.5
>  * 6.0.0 - 6.0.18
>  * 5.3.0 - 5.3.33
>  * Older, unsupported versions are also affected
>  
> {*}Summary{*}: Applications that use UriComponentsBuilder in Spring Framework 
> to parse an externally provided URL (e.g. through a query parameter) AND 
> perform validation checks on the host of the parsed URL may be vulnerable to 
> a open redirect [https://cwe.mitre.org/data/definitions/601.html]  attack or 
> to a SSRF attack if the URL is used after passing validation checks.
> This is the same as CVE-2024-22243 
> [https://spring.io/security/cve-2024-22243] , but with different input.
>  
> *Note:* This is the same as *CVE-2024-22259* and {*}CVE-2024-22243{*}, but 
> with different input.
> –
> All these issues were fixed in Spring-Framework *5.3.34*
>  
> *Could you please review and update Spring-Framework as needed in CXF package 
> ?*



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Comment Edited] (CXF-9007) NullPointerException in XMLStreamDataWriter.writeNode

[Magnus Holm (Jira)]

[ 
https://issues.apache.org/jira/browse/CXF-9007?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17850912#comment-17850912
 ] 

Magnus Holm edited comment on CXF-9007 at 5/31/24 9:27 AM:
---

[~reta] Sorry about the delay. Added a test-case for the issue in the original 
report here: 
https://github.com/magnho/cxf/pull/2/commits/aefcffcb0af236308cda8c2eb4186e15b8192e8d

Copied in a bunch of stuff to make this as similar to our local test-case as 
possible. I managed to trigger the error here as well, added the test-output to 
the commit as well. It runs successfully 9/10 times (at least), so it's a bit 
of a hassle to trigger the failure. 

The failure in my previous post seems to be a mistake on my side. Maybe I 
managed to mix versions on the classpath or something, it does not fail any 
more. 

edit: Sorry for not using existing wsdls etc. couldn't get that working.

edit2: Have not been able to trigger failures when running with your branch 
change.


was (Author: maghol):
[~reta] Sorry about the delay. Added a test-case for the issue in the original 
report here: 
https://github.com/magnho/cxf/pull/2/commits/aefcffcb0af236308cda8c2eb4186e15b8192e8d

Copied in a bunch of stuff to make this as similar to our local test-case as 
possible. I managed to trigger the error here as well, added the test-output to 
the commit as well. It runs successfully 9/10 times (at least), so it's a bit 
of a hassle to trigger the failure. 

The failure in my previous post seems to be a mistake on my side. Maybe I 
managed to mix versions on the classpath or something, it does not fail any 
more. 

edit: Sorry for not using existing wsdls etc. couldn't get that working.

> NullPointerException in XMLStreamDataWriter.writeNode
> -
>
> Key: CXF-9007
> URL: https://issues.apache.org/jira/browse/CXF-9007
> Project: CXF
>  Issue Type: Bug
>Affects Versions: 4.0.3, 4.0.4
>Reporter: Magnus Holm
>Assignee: Andriy Redko
>Priority: Major
> Fix For: 4.1.0, 4.0.5
>
> Attachments: dispatch-impl-npe.txt, interceptor-npe.txt, 
> invoke-async-npe.txt, invoke-sync-npe.txt
>
>
> We're encountering sporadic weird {{NullPointerException}} in various of our 
> tests using different client configurations with wsdls. It seems to only 
> occur right after initialising the client, e.g. only on the first call. I 
> suspect it's some kind of race-condition, but I've not been able to create a 
> reproducer. I was hoping maybe someone from the project would have insight 
> into why this could be happening by looking at the stacktraces. 
> The error we're hitting appears to be here: 
> {code}
> java.lang.NullPointerException: Cannot invoke 
> "org.w3c.dom.Node.getOwnerDocument()" because "nd" is null
>   at 
> org.apache.cxf.databinding.source.XMLStreamDataWriter.writeNode(XMLStreamDataWriter.java:160)
>  ~[cxf-core-4.0.4.jar:4.0.4]
>   at 
> org.apache.cxf.databinding.source.XMLStreamDataWriter.write(XMLStreamDataWriter.java:101)
>  ~[cxf-core-4.0.4.jar:4.0.4]
>   at 
> org.apache.cxf.databinding.source.XMLStreamDataWriter.write(XMLStreamDataWriter.java:67)
>  ~[cxf-core-4.0.4.jar:4.0.4]
>   at 
> org.apache.cxf.databinding.source.XMLStreamDataWriter.write(XMLStreamDataWriter.java:55)
>  ~[cxf-core-4.0.4.jar:4.0.4]
> {code}
> Update: we're using cxf-rt-transports-http-hc5.
> We've had this issue on 4.0.3 and 4.0.4. We might've had it on previous 
> versions as well, but I don't have build history going back that far.  
> JDK versions: Corretto 17 (17.0.8-amzn), Zulu 17 (17.0.10-zulu) ++



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (CXF-9016) Upgrade Spring-Framework to 5.3.34 in Apache-cxf

[Nikhil (Jira)]

[ 
https://issues.apache.org/jira/browse/CXF-9016?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17850982#comment-17850982
 ] 

Nikhil commented on CXF-9016:
-

[~reta]  Thanks for the update, could you please provide the fix version in 
which the spring has been upgraded for Apache CXF.. this will help us take the 
right build for fixing the security vulnerability.

> Upgrade Spring-Framework to 5.3.34 in Apache-cxf
> 
>
> Key: CXF-9016
> URL: https://issues.apache.org/jira/browse/CXF-9016
> Project: CXF
>  Issue Type: Improvement
>Affects Versions: 3.5.5, 3.5.6, 3.5.7, 3.5.8, 3.6.3
>Reporter: Nikhil
>Priority: Major
>
> We have a high severity security issue with spring-framework ::
> h2. Affected Spring Products and Versions
> Spring Framework
>  * 6.1.0 - 6.1.5
>  * 6.0.0 - 6.0.18
>  * 5.3.0 - 5.3.33
>  * Older, unsupported versions are also affected
>  
> {*}Summary{*}: Applications that use UriComponentsBuilder in Spring Framework 
> to parse an externally provided URL (e.g. through a query parameter) AND 
> perform validation checks on the host of the parsed URL may be vulnerable to 
> a open redirect [https://cwe.mitre.org/data/definitions/601.html]  attack or 
> to a SSRF attack if the URL is used after passing validation checks.
> This is the same as CVE-2024-22243 
> [https://spring.io/security/cve-2024-22243] , but with different input.
>  
> *Note:* This is the same as *CVE-2024-22259* and {*}CVE-2024-22243{*}, but 
> with different input.
> –
> All these issues were fixed in Spring-Framework *5.3.34*
>  
> *Could you please review and update Spring-Framework as needed in CXF package 
> ?*



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Comment Edited] (CXF-9007) NullPointerException in XMLStreamDataWriter.writeNode

[Magnus Holm (Jira)]

[ 
https://issues.apache.org/jira/browse/CXF-9007?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17850912#comment-17850912
 ] 

Magnus Holm edited comment on CXF-9007 at 5/31/24 6:21 AM:
---

[~reta] Sorry about the delay. Added a test-case for the issue in the original 
report here: 
https://github.com/magnho/cxf/pull/2/commits/aefcffcb0af236308cda8c2eb4186e15b8192e8d

Copied in a bunch of stuff to make this as similar to our local test-case as 
possible. I managed to trigger the error here as well, added the test-output to 
the commit as well. It runs successfully 9/10 times (at least), so it's a bit 
of a hassle to trigger the failure. 

The failure in my previous post seems to be a mistake on my side. Maybe I 
managed to mix versions on the classpath or something, it does not fail any 
more. 

edit: Sorry for not using existing wsdls etc. couldn't get that working.


was (Author: maghol):
[~reta] Sorry about the delay. Added a test-case for the issue in the original 
report here: 
https://github.com/magnho/cxf/pull/2/commits/aefcffcb0af236308cda8c2eb4186e15b8192e8d

Copied in a bunch of stuff to make this as similar to our local test-case as 
possible. I managed to trigger the error here as well, added the test-output to 
the commit as well. It runs successfully 9/10 times (at least), so it's a bit 
of a hassle to trigger the failure. 

The failure in my previous post seems to be a mistake on my side. Maybe I 
managed to mix versions on the classpath or something, it does not fail any 
more. 

> NullPointerException in XMLStreamDataWriter.writeNode
> -
>
> Key: CXF-9007
> URL: https://issues.apache.org/jira/browse/CXF-9007
> Project: CXF
>  Issue Type: Bug
>Affects Versions: 4.0.3, 4.0.4
>Reporter: Magnus Holm
>Assignee: Andriy Redko
>Priority: Major
> Fix For: 4.1.0, 4.0.5
>
> Attachments: dispatch-impl-npe.txt, interceptor-npe.txt, 
> invoke-async-npe.txt, invoke-sync-npe.txt
>
>
> We're encountering sporadic weird {{NullPointerException}} in various of our 
> tests using different client configurations with wsdls. It seems to only 
> occur right after initialising the client, e.g. only on the first call. I 
> suspect it's some kind of race-condition, but I've not been able to create a 
> reproducer. I was hoping maybe someone from the project would have insight 
> into why this could be happening by looking at the stacktraces. 
> The error we're hitting appears to be here: 
> {code}
> java.lang.NullPointerException: Cannot invoke 
> "org.w3c.dom.Node.getOwnerDocument()" because "nd" is null
>   at 
> org.apache.cxf.databinding.source.XMLStreamDataWriter.writeNode(XMLStreamDataWriter.java:160)
>  ~[cxf-core-4.0.4.jar:4.0.4]
>   at 
> org.apache.cxf.databinding.source.XMLStreamDataWriter.write(XMLStreamDataWriter.java:101)
>  ~[cxf-core-4.0.4.jar:4.0.4]
>   at 
> org.apache.cxf.databinding.source.XMLStreamDataWriter.write(XMLStreamDataWriter.java:67)
>  ~[cxf-core-4.0.4.jar:4.0.4]
>   at 
> org.apache.cxf.databinding.source.XMLStreamDataWriter.write(XMLStreamDataWriter.java:55)
>  ~[cxf-core-4.0.4.jar:4.0.4]
> {code}
> Update: we're using cxf-rt-transports-http-hc5.
> We've had this issue on 4.0.3 and 4.0.4. We might've had it on previous 
> versions as well, but I don't have build history going back that far.  
> JDK versions: Corretto 17 (17.0.8-amzn), Zulu 17 (17.0.10-zulu) ++



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (CXF-9007) NullPointerException in XMLStreamDataWriter.writeNode

[Magnus Holm (Jira)]

[ 
https://issues.apache.org/jira/browse/CXF-9007?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17850912#comment-17850912
 ] 

Magnus Holm commented on CXF-9007:
--

[~reta] Sorry about the delay. Added a test-case for the issue in the original 
report here: 
https://github.com/magnho/cxf/pull/2/commits/aefcffcb0af236308cda8c2eb4186e15b8192e8d

Copied in a bunch of stuff to make this as similar to our local test-case as 
possible. I managed to trigger the error here as well, added the test-output to 
the commit as well. It runs successfully 9/10 times (at least), so it's a bit 
of a hassle to trigger the failure. 

The failure in my previous post seems to be a mistake on my side. Maybe I 
managed to mix versions on the classpath or something, it does not fail any 
more. 

> NullPointerException in XMLStreamDataWriter.writeNode
> -
>
> Key: CXF-9007
> URL: https://issues.apache.org/jira/browse/CXF-9007
> Project: CXF
>  Issue Type: Bug
>Affects Versions: 4.0.3, 4.0.4
>Reporter: Magnus Holm
>Assignee: Andriy Redko
>Priority: Major
> Fix For: 4.1.0, 4.0.5
>
> Attachments: dispatch-impl-npe.txt, interceptor-npe.txt, 
> invoke-async-npe.txt, invoke-sync-npe.txt
>
>
> We're encountering sporadic weird {{NullPointerException}} in various of our 
> tests using different client configurations with wsdls. It seems to only 
> occur right after initialising the client, e.g. only on the first call. I 
> suspect it's some kind of race-condition, but I've not been able to create a 
> reproducer. I was hoping maybe someone from the project would have insight 
> into why this could be happening by looking at the stacktraces. 
> The error we're hitting appears to be here: 
> {code}
> java.lang.NullPointerException: Cannot invoke 
> "org.w3c.dom.Node.getOwnerDocument()" because "nd" is null
>   at 
> org.apache.cxf.databinding.source.XMLStreamDataWriter.writeNode(XMLStreamDataWriter.java:160)
>  ~[cxf-core-4.0.4.jar:4.0.4]
>   at 
> org.apache.cxf.databinding.source.XMLStreamDataWriter.write(XMLStreamDataWriter.java:101)
>  ~[cxf-core-4.0.4.jar:4.0.4]
>   at 
> org.apache.cxf.databinding.source.XMLStreamDataWriter.write(XMLStreamDataWriter.java:67)
>  ~[cxf-core-4.0.4.jar:4.0.4]
>   at 
> org.apache.cxf.databinding.source.XMLStreamDataWriter.write(XMLStreamDataWriter.java:55)
>  ~[cxf-core-4.0.4.jar:4.0.4]
> {code}
> Update: we're using cxf-rt-transports-http-hc5.
> We've had this issue on 4.0.3 and 4.0.4. We might've had it on previous 
> versions as well, but I don't have build history going back that far.  
> JDK versions: Corretto 17 (17.0.8-amzn), Zulu 17 (17.0.10-zulu) ++



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (CXF-9024) Increase unit test coverage on org.apache.cxf.binding

[Jamie Mark Goodyear (Jira)]

[ 
https://issues.apache.org/jira/browse/CXF-9024?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17850697#comment-17850697
 ] 

Jamie Mark Goodyear commented on CXF-9024:
--

PR [https://github.com/apache/cxf/pull/1902]

This PR supplies a concreate impl from which we test the AbstractBindFactory.   

> Increase unit test coverage on org.apache.cxf.binding
> -
>
> Key: CXF-9024
> URL: https://issues.apache.org/jira/browse/CXF-9024
> Project: CXF
>  Issue Type: Test
>  Components: Core
>Affects Versions: 4.1.0
>Reporter: Jamie Mark Goodyear
>Priority: Minor
>
> org.apache.cxf.binding has several classes without unit test coverage.
> This card & PR intends to improve coverage.
> IDEA coverage report:
> org.apache.cxf.binding: 0% class, 0% Methods, 0% Lines.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (CXF-9024) Increase unit test coverage on org.apache.cxf.binding

[Jamie Mark Goodyear (Jira)]

 [ 
https://issues.apache.org/jira/browse/CXF-9024?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Jamie Mark Goodyear updated CXF-9024:
-
Flags: Patch

> Increase unit test coverage on org.apache.cxf.binding
> -
>
> Key: CXF-9024
> URL: https://issues.apache.org/jira/browse/CXF-9024
> Project: CXF
>  Issue Type: Test
>  Components: Core
>Affects Versions: 4.1.0
>Reporter: Jamie Mark Goodyear
>Priority: Minor
>
> org.apache.cxf.binding has several classes without unit test coverage.
> This card & PR intends to improve coverage.
> IDEA coverage report:
> org.apache.cxf.binding: 0% class, 0% Methods, 0% Lines.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Created] (CXF-9024) Increase unit test coverage on org.apache.cxf.binding

[Jamie Mark Goodyear (Jira)]

Jamie Mark Goodyear created CXF-9024:


 Summary: Increase unit test coverage on org.apache.cxf.binding
 Key: CXF-9024
 URL: https://issues.apache.org/jira/browse/CXF-9024
 Project: CXF
  Issue Type: Test
  Components: Core
Affects Versions: 4.1.0
Reporter: Jamie Mark Goodyear


org.apache.cxf.binding has several classes without unit test coverage.
This card & PR intends to improve coverage.

IDEA coverage report:
org.apache.cxf.binding: 0% class, 0% Methods, 0% Lines.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Comment Edited] (CXF-9023) Increase unit test coverage on org.apache.cxf.bus

[Jamie Mark Goodyear (Jira)]

[ 
https://issues.apache.org/jira/browse/CXF-9023?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17850473#comment-17850473
 ] 

Jamie Mark Goodyear edited comment on CXF-9023 at 5/29/24 7:14 PM:
---

With patch, IDEA coverage report:
org.apache.cxf.bus: 98% class, 72% Methods, 61% Lines.


was (Author: jgoodyear):
IDEA coverage report:
org.apache.cxf.bus: 98% class, 72% Methods, 61% Lines.

> Increase unit test coverage on org.apache.cxf.bus
> -
>
> Key: CXF-9023
> URL: https://issues.apache.org/jira/browse/CXF-9023
> Project: CXF
>  Issue Type: Test
>  Components: Bus
>Reporter: Jamie Mark Goodyear
>Priority: Minor
> Fix For: 4.1.0
>
>
> org.apache.cxf.bus has several classes without unit test coverage.
> This card & PR intends to improve coverage.
> IDEA coverage report:
> org.apache.cxf.bus: 84% class, 58% Methods, 54% Lines.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (CXF-9023) Increase unit test coverage on org.apache.cxf.bus

[Jamie Mark Goodyear (Jira)]

 [ 
https://issues.apache.org/jira/browse/CXF-9023?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Jamie Mark Goodyear updated CXF-9023:
-
Flags: Patch

> Increase unit test coverage on org.apache.cxf.bus
> -
>
> Key: CXF-9023
> URL: https://issues.apache.org/jira/browse/CXF-9023
> Project: CXF
>  Issue Type: Test
>  Components: Bus
>Reporter: Jamie Mark Goodyear
>Priority: Minor
> Fix For: 4.1.0
>
>
> org.apache.cxf.bus has several classes without unit test coverage.
> This card & PR intends to improve coverage.
> IDEA coverage report:
> org.apache.cxf.bus: 84% class, 58% Methods, 54% Lines.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (CXF-9023) Increase unit test coverage on org.apache.cxf.bus

[Jamie Mark Goodyear (Jira)]

[ 
https://issues.apache.org/jira/browse/CXF-9023?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17850473#comment-17850473
 ] 

Jamie Mark Goodyear commented on CXF-9023:
--

IDEA coverage report:
org.apache.cxf.bus: 98% class, 72% Methods, 61% Lines.

> Increase unit test coverage on org.apache.cxf.bus
> -
>
> Key: CXF-9023
> URL: https://issues.apache.org/jira/browse/CXF-9023
> Project: CXF
>  Issue Type: Test
>  Components: Bus
>Reporter: Jamie Mark Goodyear
>Priority: Minor
> Fix For: 4.1.0
>
>
> org.apache.cxf.bus has several classes without unit test coverage.
> This card & PR intends to improve coverage.
> IDEA coverage report:
> org.apache.cxf.bus: 84% class, 58% Methods, 54% Lines.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Created] (CXF-9023) Increase unit test coverage on org.apache.cxf.bus

[Jamie Mark Goodyear (Jira)]

Jamie Mark Goodyear created CXF-9023:


 Summary: Increase unit test coverage on org.apache.cxf.bus
 Key: CXF-9023
 URL: https://issues.apache.org/jira/browse/CXF-9023
 Project: CXF
  Issue Type: Test
  Components: Bus
Reporter: Jamie Mark Goodyear
 Fix For: 4.1.0


org.apache.cxf.bus has several classes without unit test coverage.
This card & PR intends to improve coverage.

IDEA coverage report:
org.apache.cxf.bus: 84% class, 58% Methods, 54% Lines.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (CXF-9022) HTTP 500 handling

[Christoph Schulz (Jira)]

 [ 
https://issues.apache.org/jira/browse/CXF-9022?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Christoph Schulz updated CXF-9022:
--
Description: 
when a server responds with http 500 without a body (e.g. .NET on IIS), CXF 
throws the exception below.

while not tested on newest CXF (yet), [the source code 
suggest|https://github.com/apache/cxf/blob/5079fe1194eeb0f006c997797a476d98a2137518/rt/transports/http/src/main/java/org/apache/cxf/transport/http/HTTPConduit.java#L1673]
 it also occurs on latest versions.

{code:java}
org.apache.cxf.binding.soap.SoapFault: Error reading XMLStreamReader: 
Unexpected EOF in prolog
 at [row,col {unknown-source}]: [1,0]
at 
org.apache.cxf.binding.soap.interceptor.ReadHeadersInterceptor.handleMessage(ReadHeadersInterceptor.java:303)
at 
org.apache.cxf.binding.soap.interceptor.ReadHeadersInterceptor.handleMessage(ReadHeadersInterceptor.java:70)
at 
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:307)
at org.apache.cxf.endpoint.ClientImpl.onMessage(ClientImpl.java:921)
at 
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(HTTPConduit.java:1725)
at 
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(HTTPConduit.java:1591)
at 
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1388)
at 
org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56)
at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:688)
at 
org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:63)
at 
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:307)
at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:530)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:441)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:356)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:314)
at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96)
at 
org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:140)
{code}

  was:
when a server responds with http 500 without a body (e.g. .NET on IIS), CXF 
throws

while not tested on newest CXF (yet), [the source code 
suggest|https://github.com/apache/cxf/blob/5079fe1194eeb0f006c997797a476d98a2137518/rt/transports/http/src/main/java/org/apache/cxf/transport/http/HTTPConduit.java#L1673]
 it also occurs on latest versions.
{code:java}
org.apache.cxf.binding.soap.SoapFault: Error reading XMLStreamReader: 
Unexpected EOF in prolog
 at [row,col {unknown-source}]: [1,0]
at 
org.apache.cxf.binding.soap.interceptor.ReadHeadersInterceptor.handleMessage(ReadHeadersInterceptor.java:303)
at 
org.apache.cxf.binding.soap.interceptor.ReadHeadersInterceptor.handleMessage(ReadHeadersInterceptor.java:70)
at 
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:307)
at org.apache.cxf.endpoint.ClientImpl.onMessage(ClientImpl.java:921)
at 
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(HTTPConduit.java:1725)
at 
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(HTTPConduit.java:1591)
at 
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1388)
at 
org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56)
at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:688)
at 
org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:63)
at 
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:307)
at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:530)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:441)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:356)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:314)
at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96)
at 
org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:140)
{code}


> HTTP 500 handling
> -
>
> Key: CXF-9022
> URL: https://issues.apache.org/jira/browse/CXF-9022
> Project: CXF
>  Issue Type: Improvement
>Affects Versions: 3.5.8
>Reporter: Christoph Schulz
>Priority: Major
>
> when a server responds with http 500 without a body (e.g. .NET on IIS), CXF 
> throws the exception below.
> while not tested on newest CXF (yet), [the

[jira] [Created] (CXF-9022) HTTP 500 handling

[Christoph Schulz (Jira)]

Christoph Schulz created CXF-9022:
-

 Summary: HTTP 500 handling
 Key: CXF-9022
 URL: https://issues.apache.org/jira/browse/CXF-9022
 Project: CXF
  Issue Type: Improvement
Affects Versions: 3.5.8
Reporter: Christoph Schulz


when a server responds with http 500 without a body (e.g. .NET on IIS), CXF 
throws

while not tested on newest CXF (yet), [the source code 
suggest|https://github.com/apache/cxf/blob/5079fe1194eeb0f006c997797a476d98a2137518/rt/transports/http/src/main/java/org/apache/cxf/transport/http/HTTPConduit.java#L1673]
 it also occurs on latest versions.
{code:java}
org.apache.cxf.binding.soap.SoapFault: Error reading XMLStreamReader: 
Unexpected EOF in prolog
 at [row,col {unknown-source}]: [1,0]
at 
org.apache.cxf.binding.soap.interceptor.ReadHeadersInterceptor.handleMessage(ReadHeadersInterceptor.java:303)
at 
org.apache.cxf.binding.soap.interceptor.ReadHeadersInterceptor.handleMessage(ReadHeadersInterceptor.java:70)
at 
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:307)
at org.apache.cxf.endpoint.ClientImpl.onMessage(ClientImpl.java:921)
at 
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(HTTPConduit.java:1725)
at 
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(HTTPConduit.java:1591)
at 
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1388)
at 
org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56)
at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:688)
at 
org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:63)
at 
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:307)
at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:530)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:441)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:356)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:314)
at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96)
at 
org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:140)
{code}



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (CXF-9021) Warning "Could not resolve Schema for datatypes.dtd" when file was found

[Michael Kroll (Jira)]

 [ 
https://issues.apache.org/jira/browse/CXF-9021?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Michael Kroll updated CXF-9021:
---
Estimated Complexity: Moderate  (was: Unknown)

> Warning "Could not resolve Schema for datatypes.dtd" when file was found
> 
>
> Key: CXF-9021
> URL: https://issues.apache.org/jira/browse/CXF-9021
> Project: CXF
>  Issue Type: Bug
>  Components: Core
>Affects Versions: 4.0.4
>Reporter: Michael Kroll
>Priority: Major
>
> Assuming you have
> - system property {{javax.xml.accessExternalDTD}} set to {{all}} or {{file}}
> - enabled {{out}} validation
> - an xsd that references a DTD
> And fire a request, the following log appears:
> {quote}
> WARN [org.apa.cxf.ws.add.EndpointReferenceUtils] Could not resolve Schema for 
> ../dtd/XMLSchema.dtd
> {quote}
> The request is then correctly validated, despite the warning. Tested with 
> both valid and invalid equests.
> Looking at the code: 
> {code:java|org.apache.cxf.ws.addressing.EndpointReferenceUtils.SchemaLSResourceResolver#resolveResource}
> if (impl == null) {
> [...] // if found in schemas map:
> return impl;
> if (systemId != null) {
> [...] // if found by systemId:
> return impl;
> }
> if (namespaceURI != null) {
> [...] // if found by namespaceURI:
> return impl;
> }
> [...]
> if (systemId == null) {
> systemId = publicId;
> }
> if (systemId != null) {
> InputSource source = resolver.resolve(systemId, baseURI);
> if (source != null) {
> impl = new LSInputImpl();
> impl.setByteStream(source.getByteStream());
> impl.setSystemId(source.getSystemId());
> impl.setPublicId(source.getPublicId());
> +### the code above is run, source is found, impl is set
> +### i miss a 'return impl;' here, to match the code above
> }
> }
> LOG.warning("Could not resolve Schema for " + systemId);
> }
> return impl;
> {code}
> I added two inline 'comments', starting with ### to mark the place where i 
> miss a return statement.
> Reasoning:
> # all of the above happens in an if block: {{if (impl==null)}}
> # it seems that with different searches eg. via {{namespaceURI}} and 
> {{systemId}}, the variable {{impl}} should be filled and then returned
> # the warning in the last line says 'Could not resolve Schema'
> # but the code directly above it may indeed find a {{source}} and fill 
> {{impl}}
> # so the schema (in my case a DTD) is found. I can verify that by looking 
> into debug values. And the validation then takes place, with expected 
> outcomes.
> # first finding the schema and then printing that it could not be found is 
> misleading
> proposed solution:
> - either a {{return impl;}} statement like mentioned above
> - or guard the warning with {{if (impl==null)}}



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Created] (CXF-9021) Warning "Could not resolve Schema for datatypes.dtd" when file was found

[Michael Kroll (Jira)]

Michael Kroll created CXF-9021:
--

 Summary: Warning "Could not resolve Schema for datatypes.dtd" when 
file was found
 Key: CXF-9021
 URL: https://issues.apache.org/jira/browse/CXF-9021
 Project: CXF
  Issue Type: Bug
  Components: Core
Affects Versions: 4.0.4
Reporter: Michael Kroll


Assuming you have
- system property {{javax.xml.accessExternalDTD}} set to {{all}} or {{file}}
- enabled {{out}} validation
- an xsd that references a DTD

And fire a request, the following log appears:
{quote}
WARN [org.apa.cxf.ws.add.EndpointReferenceUtils] Could not resolve Schema for 
../dtd/XMLSchema.dtd
{quote}
The request is then correctly validated, despite the warning. Tested with both 
valid and invalid equests.

Looking at the code: 
{code:java|org.apache.cxf.ws.addressing.EndpointReferenceUtils.SchemaLSResourceResolver#resolveResource}
if (impl == null) {
[...] // if found in schemas map:
return impl;
if (systemId != null) {
[...] // if found by systemId:
return impl;
}
if (namespaceURI != null) {
[...] // if found by namespaceURI:
return impl;
}
[...]
if (systemId == null) {
systemId = publicId;
}
if (systemId != null) {
InputSource source = resolver.resolve(systemId, baseURI);
if (source != null) {
impl = new LSInputImpl();
impl.setByteStream(source.getByteStream());
impl.setSystemId(source.getSystemId());
impl.setPublicId(source.getPublicId());
+### the code above is run, source is found, impl is set
+### i miss a 'return impl;' here, to match the code above
}
}
LOG.warning("Could not resolve Schema for " + systemId);
}
return impl;
{code}

I added two inline 'comments', starting with ### to mark the place where i miss 
a return statement.
Reasoning:
# all of the above happens in an if block: {{if (impl==null)}}
# it seems that with different searches eg. via {{namespaceURI}} and 
{{systemId}}, the variable {{impl}} should be filled and then returned
# the warning in the last line says 'Could not resolve Schema'
# but the code directly above it may indeed find a {{source}} and fill {{impl}}
# so the schema (in my case a DTD) is found. I can verify that by looking into 
debug values. And the validation then takes place, with expected outcomes.
# first finding the schema and then printing that it could not be found is 
misleading

proposed solution:
- either a {{return impl;}} statement like mentioned above
- or guard the warning with {{if (impl==null)}}



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (CXF-8828) Support Jakarta EE 11

[Andriy Redko (Jira)]

 [ 
https://issues.apache.org/jira/browse/CXF-8828?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Andriy Redko updated CXF-8828:
--
Description: 
Support Jakarta EE 11 ([https://jakarta.ee/specifications/platform/11/])

Minimum JDK requirement - JDK-17

 

Specs updates:
 * [Jakarta Validation 3.1 
(|https://jakarta.ee/specifications/bean-validation/3.1/] 
[https://github.com/apache/cxf/pull/1889)]
 * Jakarta Persistence 3.2 ([https://github.com/apache/cxf/pull/1891]
 * Jakarta Annotations 3.0 
([https://jakarta.ee/specifications/annotations/3.0/)]
 * Jakarta Authorization 3.0 
([https://jakarta.ee/specifications/authorization/3.0/)]
 * Jakarta Contexts and Dependency Injection 4.1 
([https://jakarta.ee/specifications/cdi/4.1/)]
 * Jakarta Expression Language 6.0 
([https://jakarta.ee/specifications/expression-language/6.0/)]
 * Jakarta Interceptors 2.2 
([https://jakarta.ee/specifications/restful-ws/4.0/)]
 * Jakarta RESTful Web Services 4.0 
([https://jakarta.ee/specifications/restful-ws/4.0/)]
 * Jakarta Persistence 3.2 
(https://jakarta.ee/specifications/persistence/3.2/), Jakarta Validation 3.1 
(https://jakarta.ee/specifications/bean-validation/3.1/) and Jakarta WebSocket 
2.2 (https://jakarta.ee/specifications/websocket/2.2/)

Updates required:

 - Tomcat 11 ([https://www.mail-archive.com/announce@apache.org/msg07789.html])

 - Arquillian Weld Container 4.x ([https://github.com/apache/cxf/pull/1621])

 - Apache ActiveMQ 6 ([https://activemq.apache.org/activemq-600-release])

  was:
Support Jakarta EE 11 (https://jakarta.ee/specifications/platform/11/)

Minimum JDK requirement - JDK-17

 

Jakarta Interceptors 2.2*

[Jakarta Validation 3.1 
(|https://jakarta.ee/specifications/bean-validation/3.1/] 
[https://github.com/apache/cxf/pull/1889)]

Jakarta Persistence 3.2 (https://github.com/apache/cxf/pull/1891)

 

Updates required:

 - Tomcat 11 ([https://www.mail-archive.com/announce@apache.org/msg07789.html])

 - Arquillian Weld Container 4.x ([https://github.com/apache/cxf/pull/1621])

 - Apache ActiveMQ 6 ([https://activemq.apache.org/activemq-600-release])


> Support Jakarta EE 11
> -
>
> Key: CXF-8828
> URL: https://issues.apache.org/jira/browse/CXF-8828
> Project: CXF
>  Issue Type: Improvement
>Reporter: Andriy Redko
>Assignee: Andriy Redko
>Priority: Major
> Fix For: 4.2.0
>
>
> Support Jakarta EE 11 ([https://jakarta.ee/specifications/platform/11/])
> Minimum JDK requirement - JDK-17
>  
> Specs updates:
>  * [Jakarta Validation 3.1 
> (|https://jakarta.ee/specifications/bean-validation/3.1/] 
> [https://github.com/apache/cxf/pull/1889)]
>  * Jakarta Persistence 3.2 ([https://github.com/apache/cxf/pull/1891]
>  * Jakarta Annotations 3.0 
> ([https://jakarta.ee/specifications/annotations/3.0/)]
>  * Jakarta Authorization 3.0 
> ([https://jakarta.ee/specifications/authorization/3.0/)]
>  * Jakarta Contexts and Dependency Injection 4.1 
> ([https://jakarta.ee/specifications/cdi/4.1/)]
>  * Jakarta Expression Language 6.0 
> ([https://jakarta.ee/specifications/expression-language/6.0/)]
>  * Jakarta Interceptors 2.2 
> ([https://jakarta.ee/specifications/restful-ws/4.0/)]
>  * Jakarta RESTful Web Services 4.0 
> ([https://jakarta.ee/specifications/restful-ws/4.0/)]
>  * Jakarta Persistence 3.2 
> (https://jakarta.ee/specifications/persistence/3.2/), Jakarta Validation 3.1 
> (https://jakarta.ee/specifications/bean-validation/3.1/) and Jakarta 
> WebSocket 2.2 (https://jakarta.ee/specifications/websocket/2.2/)
> Updates required:
>  - Tomcat 11 
> ([https://www.mail-archive.com/announce@apache.org/msg07789.html])
>  - Arquillian Weld Container 4.x ([https://github.com/apache/cxf/pull/1621])
>  - Apache ActiveMQ 6 ([https://activemq.apache.org/activemq-600-release])



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (CXF-8828) Support Jakarta EE 11

[Andriy Redko (Jira)]

 [ 
https://issues.apache.org/jira/browse/CXF-8828?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Andriy Redko updated CXF-8828:
--
Description: 
Support Jakarta EE 11 ([https://jakarta.ee/specifications/platform/11/])

Minimum JDK requirement - JDK-17

 

Specs updates:
 * [Jakarta Validation 3.1 
(|https://jakarta.ee/specifications/bean-validation/3.1/] 
[https://github.com/apache/cxf/pull/1889)]
 * Jakarta Persistence 3.2 ([https://github.com/apache/cxf/pull/1891, 
|https://github.com/apache/cxf/pull/1891] 
[https://jakarta.ee/specifications/persistence/3.2/)|https://jakarta.ee/specifications/persistence/3.2/]
 * Jakarta Annotations 3.0 
([https://jakarta.ee/specifications/annotations/3.0/)]
 * Jakarta Authorization 3.0 
([https://jakarta.ee/specifications/authorization/3.0/)]
 * Jakarta Contexts and Dependency Injection 4.1 
([https://jakarta.ee/specifications/cdi/4.1/)]
 * Jakarta Expression Language 6.0 
([https://jakarta.ee/specifications/expression-language/6.0/)]
 * Jakarta Interceptors 2.2 
([https://jakarta.ee/specifications/restful-ws/4.0/)]
 * Jakarta RESTful Web Services 4.0 
([https://jakarta.ee/specifications/restful-ws/4.0/)]
 * Jakarta Validation 3.1 
([https://jakarta.ee/specifications/bean-validation/3.1/])
 * Jakarta WebSocket 2.2 ([https://jakarta.ee/specifications/websocket/2.2/])

Updates required:

 - Tomcat 11 ([https://www.mail-archive.com/announce@apache.org/msg07789.html])

 - Arquillian Weld Container 4.x ([https://github.com/apache/cxf/pull/1621])

 - Apache ActiveMQ 6 ([https://activemq.apache.org/activemq-600-release])

  was:
Support Jakarta EE 11 ([https://jakarta.ee/specifications/platform/11/])

Minimum JDK requirement - JDK-17

 

Specs updates:
 * [Jakarta Validation 3.1 
(|https://jakarta.ee/specifications/bean-validation/3.1/] 
[https://github.com/apache/cxf/pull/1889)]
 * Jakarta Persistence 3.2 ([https://github.com/apache/cxf/pull/1891]
 * Jakarta Annotations 3.0 
([https://jakarta.ee/specifications/annotations/3.0/)]
 * Jakarta Authorization 3.0 
([https://jakarta.ee/specifications/authorization/3.0/)]
 * Jakarta Contexts and Dependency Injection 4.1 
([https://jakarta.ee/specifications/cdi/4.1/)]
 * Jakarta Expression Language 6.0 
([https://jakarta.ee/specifications/expression-language/6.0/)]
 * Jakarta Interceptors 2.2 
([https://jakarta.ee/specifications/restful-ws/4.0/)]
 * Jakarta RESTful Web Services 4.0 
([https://jakarta.ee/specifications/restful-ws/4.0/)]
 * Jakarta Persistence 3.2 
(https://jakarta.ee/specifications/persistence/3.2/), Jakarta Validation 3.1 
(https://jakarta.ee/specifications/bean-validation/3.1/) and Jakarta WebSocket 
2.2 (https://jakarta.ee/specifications/websocket/2.2/)

Updates required:

 - Tomcat 11 ([https://www.mail-archive.com/announce@apache.org/msg07789.html])

 - Arquillian Weld Container 4.x ([https://github.com/apache/cxf/pull/1621])

 - Apache ActiveMQ 6 ([https://activemq.apache.org/activemq-600-release])


> Support Jakarta EE 11
> -
>
> Key: CXF-8828
> URL: https://issues.apache.org/jira/browse/CXF-8828
> Project: CXF
>  Issue Type: Improvement
>Reporter: Andriy Redko
>Assignee: Andriy Redko
>Priority: Major
> Fix For: 4.2.0
>
>
> Support Jakarta EE 11 ([https://jakarta.ee/specifications/platform/11/])
> Minimum JDK requirement - JDK-17
>  
> Specs updates:
>  * [Jakarta Validation 3.1 
> (|https://jakarta.ee/specifications/bean-validation/3.1/] 
> [https://github.com/apache/cxf/pull/1889)]
>  * Jakarta Persistence 3.2 ([https://github.com/apache/cxf/pull/1891, 
> |https://github.com/apache/cxf/pull/1891] 
> [https://jakarta.ee/specifications/persistence/3.2/)|https://jakarta.ee/specifications/persistence/3.2/]
>  * Jakarta Annotations 3.0 
> ([https://jakarta.ee/specifications/annotations/3.0/)]
>  * Jakarta Authorization 3.0 
> ([https://jakarta.ee/specifications/authorization/3.0/)]
>  * Jakarta Contexts and Dependency Injection 4.1 
> ([https://jakarta.ee/specifications/cdi/4.1/)]
>  * Jakarta Expression Language 6.0 
> ([https://jakarta.ee/specifications/expression-language/6.0/)]
>  * Jakarta Interceptors 2.2 
> ([https://jakarta.ee/specifications/restful-ws/4.0/)]
>  * Jakarta RESTful Web Services 4.0 
> ([https://jakarta.ee/specifications/restful-ws/4.0/)]
>  * Jakarta Validation 3.1 
> ([https://jakarta.ee/specifications/bean-validation/3.1/])
>  * Jakarta WebSocket 2.2 ([https://jakarta.ee/specifications/websocket/2.2/])
> Updates required:
>  - Tomcat 11 
> ([https://www.mail-archive.com/announce@apache.org/msg07789.html])
>  - Arquillian Weld Container 4.x ([https://github.com/apache/cxf/pull/1621])
>  - Apache ActiveMQ 6 ([https://activemq.apache.org/activemq-600-release])



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (CXF-9017) Regression in proxy-based restful client

[Andriy Redko (Jira)]

[ 
https://issues.apache.org/jira/browse/CXF-9017?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17849716#comment-17849716
 ] 

Andriy Redko commented on CXF-9017:
---

It seems like, thanks [~iiliev2] , I am closing it as a duplicate

> Regression in proxy-based restful client
> 
>
> Key: CXF-9017
> URL: https://issues.apache.org/jira/browse/CXF-9017
> Project: CXF
>  Issue Type: Bug
>Reporter: Ivan Iliev
>Priority: Critical
>
> The memory leak fix introduced in 
> https://issues.apache.org/jira/browse/CXF-8946 breaks the way the 
> ClientProxyImpl works. It passes its ClientConfiguration down to sub-proxies. 
> When those sub-proxies get garbage collected, that configuration gets closed. 
> One of the objects that are closed is AbstractConduitSelector -> conduits.
> After that, any newly created sub-proxies will have misconfigured clients. 
> For example, we are configuring TLSClientParameters on the conduit of the 
> root, which gets wiped out and therefore the new child clients can no longer 
> connect.
> {code:java}
> API api = JAXRSClientFactory.create(endpoint, , getCxfProviders(), 
> true); // root proxy
> configure(api);//add TLSClientParameters
> SomeResource s = api.getSomeResource(); // sub-proxy
> 
> 
> SomeOtherResource s2 = api.get(); //broken{code}



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Resolved] (CXF-9017) Regression in proxy-based restful client

[Andriy Redko (Jira)]

 [ 
https://issues.apache.org/jira/browse/CXF-9017?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Andriy Redko resolved CXF-9017.
---
Resolution: Duplicate

> Regression in proxy-based restful client
> 
>
> Key: CXF-9017
> URL: https://issues.apache.org/jira/browse/CXF-9017
> Project: CXF
>  Issue Type: Bug
>Reporter: Ivan Iliev
>Priority: Critical
>
> The memory leak fix introduced in 
> https://issues.apache.org/jira/browse/CXF-8946 breaks the way the 
> ClientProxyImpl works. It passes its ClientConfiguration down to sub-proxies. 
> When those sub-proxies get garbage collected, that configuration gets closed. 
> One of the objects that are closed is AbstractConduitSelector -> conduits.
> After that, any newly created sub-proxies will have misconfigured clients. 
> For example, we are configuring TLSClientParameters on the conduit of the 
> root, which gets wiped out and therefore the new child clients can no longer 
> connect.
> {code:java}
> API api = JAXRSClientFactory.create(endpoint, , getCxfProviders(), 
> true); // root proxy
> configure(api);//add TLSClientParameters
> SomeResource s = api.getSomeResource(); // sub-proxy
> 
> 
> SomeOtherResource s2 = api.get(); //broken{code}



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (CXF-9017) Regression in proxy-based restful client

[Ivan Iliev (Jira)]

[ 
https://issues.apache.org/jira/browse/CXF-9017?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17849633#comment-17849633
 ] 

Ivan Iliev commented on CXF-9017:
-

Yes, it seems like it, although in that bug they are not using the proxy-based 
client. Looks like all types of clients are impacted then.

> Regression in proxy-based restful client
> 
>
> Key: CXF-9017
> URL: https://issues.apache.org/jira/browse/CXF-9017
> Project: CXF
>  Issue Type: Bug
>Reporter: Ivan Iliev
>Priority: Critical
>
> The memory leak fix introduced in 
> https://issues.apache.org/jira/browse/CXF-8946 breaks the way the 
> ClientProxyImpl works. It passes its ClientConfiguration down to sub-proxies. 
> When those sub-proxies get garbage collected, that configuration gets closed. 
> One of the objects that are closed is AbstractConduitSelector -> conduits.
> After that, any newly created sub-proxies will have misconfigured clients. 
> For example, we are configuring TLSClientParameters on the conduit of the 
> root, which gets wiped out and therefore the new child clients can no longer 
> connect.
> {code:java}
> API api = JAXRSClientFactory.create(endpoint, , getCxfProviders(), 
> true); // root proxy
> configure(api);//add TLSClientParameters
> SomeResource s = api.getSomeResource(); // sub-proxy
> 
> 
> SomeOtherResource s2 = api.get(); //broken{code}



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Resolved] (CXF-9015) Typo in JsonMapObjectReaderWriter treats \h as a special character instead of \n

[Andriy Redko (Jira)]

 [ 
https://issues.apache.org/jira/browse/CXF-9015?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Andriy Redko resolved CXF-9015.
---
Resolution: Fixed

> Typo in JsonMapObjectReaderWriter treats \h as a special character instead of 
> \n
> 
>
> Key: CXF-9015
> URL: https://issues.apache.org/jira/browse/CXF-9015
> Project: CXF
>  Issue Type: Bug
>Affects Versions: 3.5.8, 3.6.3, 4.0.4
>Reporter: Craig Perkins
>Priority: Minor
> Fix For: 3.5.9, 4.1.0, 4.0.5, 3.6.4
>
>
> The JsonMapObjectReaderWriter class maintains a list of 
> [ESCAPED_CHARS|https://github.com/apache/cxf/blob/main/rt/rs/extensions/json-basic/src/main/java/org/apache/cxf/jaxrs/json/basic/JsonMapObjectReaderWriter.java#L45-L56]
>  which includes special characters that need to be escaped like the newline 
> (`\n`) and tab (`\t`) characters. This list also includes `\h`, but I can't 
> find any links to official documentation about this character needing to be 
> escaped. 
> According to this [SO post|https://stackoverflow.com/a/27516892] which 
> details escaped characters in JSON, it does not include `\h` in this list. 
> Issue in OpenSearch where this issue is discussed: 
> [https://github.com/opensearch-project/security/issues/2531#issuecomment-2111309193]
>  
> PR to address the issue with more details: 
> [https://github.com/apache/cxf/pull/1872]



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Resolved] (CXF-9020) Websockets for the CXF Server Side

[Andriy Redko (Jira)]

 [ 
https://issues.apache.org/jira/browse/CXF-9020?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Andriy Redko resolved CXF-9020.
---
Resolution: Fixed

> Websockets for the CXF Server Side
> --
>
> Key: CXF-9020
> URL: https://issues.apache.org/jira/browse/CXF-9020
> Project: CXF
>  Issue Type: Wish
>Reporter: Mehmet Can Cömert
>Assignee: Andriy Redko
>Priority: Trivial
>
> I have seen on the documentation page, it is said Web Sockets are only 
> available on the 3.x Snapshot.
> [https://cxf.apache.org/docs/websocket.html]
> However with the Ticket:
> https://issues.apache.org/jira/browse/CXF-5604
> I can see that it is already merged.
> Is banner on documentation page outdated or Websockets not fully supported by 
> CXF?



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (CXF-9020) Websockets for the CXF Server Side

[Andriy Redko (Jira)]

[ 
https://issues.apache.org/jira/browse/CXF-9020?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17849550#comment-17849550
 ] 

Andriy Redko commented on CXF-9020:
---

The documentation [1]has been updated.

[1] https://cwiki.apache.org/confluence/display/CXF20DOC/WebSocket

> Websockets for the CXF Server Side
> --
>
> Key: CXF-9020
> URL: https://issues.apache.org/jira/browse/CXF-9020
> Project: CXF
>  Issue Type: Wish
>Reporter: Mehmet Can Cömert
>Assignee: Andriy Redko
>Priority: Trivial
>
> I have seen on the documentation page, it is said Web Sockets are only 
> available on the 3.x Snapshot.
> [https://cxf.apache.org/docs/websocket.html]
> However with the Ticket:
> https://issues.apache.org/jira/browse/CXF-5604
> I can see that it is already merged.
> Is banner on documentation page outdated or Websockets not fully supported by 
> CXF?



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (CXF-8828) Support Jakarta EE 11

[Andriy Redko (Jira)]

 [ 
https://issues.apache.org/jira/browse/CXF-8828?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Andriy Redko updated CXF-8828:
--
Description: 
Support Jakarta EE 11 (https://jakarta.ee/specifications/platform/11/)

Minimum JDK requirement - JDK-17

 

Jakarta Interceptors 2.2*

[Jakarta Validation 3.1 
(|https://jakarta.ee/specifications/bean-validation/3.1/] 
[https://github.com/apache/cxf/pull/1889)]

Jakarta Persistence 3.2 (https://github.com/apache/cxf/pull/1891)

 

Updates required:

 - Tomcat 11 ([https://www.mail-archive.com/announce@apache.org/msg07789.html])

 - Arquillian Weld Container 4.x ([https://github.com/apache/cxf/pull/1621])

 - Apache ActiveMQ 6 ([https://activemq.apache.org/activemq-600-release])

  was:
Support Jakarta EE 11

Minimum JDK requirement - JDK-17

 

Jakarta Interceptors 2.2*

[Jakarta Validation 3.1 
(|https://jakarta.ee/specifications/bean-validation/3.1/]https://github.com/apache/cxf/pull/1889)

 

Updates required:

 - Tomcat 11 ([https://www.mail-archive.com/announce@apache.org/msg07789.html])

 - Arquillian Weld Container 4.x ([https://github.com/apache/cxf/pull/1621])

 - Apache ActiveMQ 6 ([https://activemq.apache.org/activemq-600-release])


> Support Jakarta EE 11
> -
>
> Key: CXF-8828
> URL: https://issues.apache.org/jira/browse/CXF-8828
> Project: CXF
>  Issue Type: Improvement
>Reporter: Andriy Redko
>Assignee: Andriy Redko
>Priority: Major
> Fix For: 4.2.0
>
>
> Support Jakarta EE 11 (https://jakarta.ee/specifications/platform/11/)
> Minimum JDK requirement - JDK-17
>  
> Jakarta Interceptors 2.2*
> [Jakarta Validation 3.1 
> (|https://jakarta.ee/specifications/bean-validation/3.1/] 
> [https://github.com/apache/cxf/pull/1889)]
> Jakarta Persistence 3.2 (https://github.com/apache/cxf/pull/1891)
>  
> Updates required:
>  - Tomcat 11 
> ([https://www.mail-archive.com/announce@apache.org/msg07789.html])
>  - Arquillian Weld Container 4.x ([https://github.com/apache/cxf/pull/1621])
>  - Apache ActiveMQ 6 ([https://activemq.apache.org/activemq-600-release])



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Resolved] (CXF-9019) Increase unit test coverage on cxf-rt-frontend-jaxws jaxws spi package.

[Andriy Redko (Jira)]

 [ 
https://issues.apache.org/jira/browse/CXF-9019?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Andriy Redko resolved CXF-9019.
---
Resolution: Fixed

> Increase unit test coverage on cxf-rt-frontend-jaxws jaxws spi package.
> ---
>
> Key: CXF-9019
> URL: https://issues.apache.org/jira/browse/CXF-9019
> Project: CXF
>  Issue Type: Test
>Affects Versions: 4.0.4
>Reporter: Jamie Mark Goodyear
>Priority: Minor
> Fix For: 4.1.0, 4.0.5
>
>
> Existing unit test coverage for jaxws spi package is low (mostly focussed on 
> W3CEpr in providerImpl). I've written an exploratory patch to help increase 
> coverage to most methods in the package. 



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (CXF-9019) Increase unit test coverage on cxf-rt-frontend-jaxws jaxws spi package.

[Andriy Redko (Jira)]

 [ 
https://issues.apache.org/jira/browse/CXF-9019?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Andriy Redko updated CXF-9019:
--
Affects Version/s: 4.0.4

> Increase unit test coverage on cxf-rt-frontend-jaxws jaxws spi package.
> ---
>
> Key: CXF-9019
> URL: https://issues.apache.org/jira/browse/CXF-9019
> Project: CXF
>  Issue Type: Test
>Affects Versions: 4.0.4
>Reporter: Jamie Mark Goodyear
>Priority: Minor
> Fix For: 4.1.0
>
>
> Existing unit test coverage for jaxws spi package is low (mostly focussed on 
> W3CEpr in providerImpl). I've written an exploratory patch to help increase 
> coverage to most methods in the package. 



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (CXF-9019) Increase unit test coverage on cxf-rt-frontend-jaxws jaxws spi package.

[Andriy Redko (Jira)]

 [ 
https://issues.apache.org/jira/browse/CXF-9019?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Andriy Redko updated CXF-9019:
--
Fix Version/s: 4.0.5

> Increase unit test coverage on cxf-rt-frontend-jaxws jaxws spi package.
> ---
>
> Key: CXF-9019
> URL: https://issues.apache.org/jira/browse/CXF-9019
> Project: CXF
>  Issue Type: Test
>Affects Versions: 4.0.4
>Reporter: Jamie Mark Goodyear
>Priority: Minor
> Fix For: 4.1.0, 4.0.5
>
>
> Existing unit test coverage for jaxws spi package is low (mostly focussed on 
> W3CEpr in providerImpl). I've written an exploratory patch to help increase 
> coverage to most methods in the package. 



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Assigned] (CXF-9020) Websockets for the CXF Server Side

[Andriy Redko (Jira)]

 [ 
https://issues.apache.org/jira/browse/CXF-9020?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Andriy Redko reassigned CXF-9020:
-

Assignee: Andriy Redko

> Websockets for the CXF Server Side
> --
>
> Key: CXF-9020
> URL: https://issues.apache.org/jira/browse/CXF-9020
> Project: CXF
>  Issue Type: Wish
>Reporter: Mehmet Can Cömert
>Assignee: Andriy Redko
>Priority: Trivial
>
> I have seen on the documentation page, it is said Web Sockets are only 
> available on the 3.x Snapshot.
> [https://cxf.apache.org/docs/websocket.html]
> However with the Ticket:
> https://issues.apache.org/jira/browse/CXF-5604
> I can see that it is already merged.
> Is banner on documentation page outdated or Websockets not fully supported by 
> CXF?



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (CXF-9020) Websockets for the CXF Server Side

[Andriy Redko (Jira)]

[ 
https://issues.apache.org/jira/browse/CXF-9020?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17849271#comment-17849271
 ] 

Andriy Redko commented on CXF-9020:
---

Thanks for highlighting that, Websockets are fully supported by CXF (as per 
https://issues.apache.org/jira/browse/CXF-5604), the documentation will be 
updated shortly, thank you.

> Websockets for the CXF Server Side
> --
>
> Key: CXF-9020
> URL: https://issues.apache.org/jira/browse/CXF-9020
> Project: CXF
>  Issue Type: Wish
>Reporter: Mehmet Can Cömert
>Priority: Trivial
>
> I have seen on the documentation page, it is said Web Sockets are only 
> available on the 3.x Snapshot.
> [https://cxf.apache.org/docs/websocket.html]
> However with the Ticket:
> https://issues.apache.org/jira/browse/CXF-5604
> I can see that it is already merged.
> Is banner on documentation page outdated or Websockets not fully supported by 
> CXF?



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Created] (CXF-9020) Websockets for the CXF Server Side

[Jira]

Mehmet Can Cömert created CXF-9020:
--

 Summary: Websockets for the CXF Server Side
 Key: CXF-9020
 URL: https://issues.apache.org/jira/browse/CXF-9020
 Project: CXF
  Issue Type: Wish
Reporter: Mehmet Can Cömert


I have seen on the documentation page, it is said Web Sockets are only 
available on the 3.x Snapshot.
[https://cxf.apache.org/docs/websocket.html]

However with the Ticket:
https://issues.apache.org/jira/browse/CXF-5604
I can see that it is already merged.

Is banner on documentation page outdated or Websockets not fully supported by 
CXF?



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (CXF-8828) Support Jakarta EE 11

[Andriy Redko (Jira)]

 [ 
https://issues.apache.org/jira/browse/CXF-8828?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Andriy Redko updated CXF-8828:
--
Description: 
Support Jakarta EE 11

Minimum JDK requirement - JDK-17

 

Jakarta Interceptors 2.2*

[Jakarta Validation 3.1 
(|https://jakarta.ee/specifications/bean-validation/3.1/]https://github.com/apache/cxf/pull/1889)

 

Updates required:

 - Tomcat 11 ([https://www.mail-archive.com/announce@apache.org/msg07789.html])

 - Arquillian Weld Container 4.x ([https://github.com/apache/cxf/pull/1621])

 - Apache ActiveMQ 6 ([https://activemq.apache.org/activemq-600-release])

  was:
Support Jakarta EE 11

Minimum JDK requirement - JDK-17

Jakarta Interceptors 2.2*

 

Updates required:

 - Tomcat 11 ([https://www.mail-archive.com/announce@apache.org/msg07789.html])

 - Arquillian Weld Container 4.x ([https://github.com/apache/cxf/pull/1621])

 - Apache ActiveMQ 6 ([https://activemq.apache.org/activemq-600-release])


> Support Jakarta EE 11
> -
>
> Key: CXF-8828
> URL: https://issues.apache.org/jira/browse/CXF-8828
> Project: CXF
>  Issue Type: Improvement
>Reporter: Andriy Redko
>Assignee: Andriy Redko
>Priority: Major
> Fix For: 4.2.0
>
>
> Support Jakarta EE 11
> Minimum JDK requirement - JDK-17
>  
> Jakarta Interceptors 2.2*
> [Jakarta Validation 3.1 
> (|https://jakarta.ee/specifications/bean-validation/3.1/]https://github.com/apache/cxf/pull/1889)
>  
> Updates required:
>  - Tomcat 11 
> ([https://www.mail-archive.com/announce@apache.org/msg07789.html])
>  - Arquillian Weld Container 4.x ([https://github.com/apache/cxf/pull/1621])
>  - Apache ActiveMQ 6 ([https://activemq.apache.org/activemq-600-release])



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (CXF-9019) Increase unit test coverage on cxf-rt-frontend-jaxws jaxws spi package.

[Jamie Mark Goodyear (Jira)]

 [ 
https://issues.apache.org/jira/browse/CXF-9019?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Jamie Mark Goodyear updated CXF-9019:
-
Flags: Patch

> Increase unit test coverage on cxf-rt-frontend-jaxws jaxws spi package.
> ---
>
> Key: CXF-9019
> URL: https://issues.apache.org/jira/browse/CXF-9019
> Project: CXF
>  Issue Type: Test
>Reporter: Jamie Mark Goodyear
>Priority: Minor
> Fix For: 4.1.0
>
>
> Existing unit test coverage for jaxws spi package is low (mostly focussed on 
> W3CEpr in providerImpl). I've written an exploratory patch to help increase 
> coverage to most methods in the package. 



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Created] (CXF-9019) Increase unit test coverage on cxf-rt-frontend-jaxws jaxws spi package.

[Jamie Mark Goodyear (Jira)]

Jamie Mark Goodyear created CXF-9019:


 Summary: Increase unit test coverage on cxf-rt-frontend-jaxws 
jaxws spi package.
 Key: CXF-9019
 URL: https://issues.apache.org/jira/browse/CXF-9019
 Project: CXF
  Issue Type: Test
Reporter: Jamie Mark Goodyear
 Fix For: 4.1.0


Existing unit test coverage for jaxws spi package is low (mostly focussed on 
W3CEpr in providerImpl). I've written an exploratory patch to help increase 
coverage to most methods in the package. 



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (CXF-9018) CXF loggingFeature might disturb the input stream and cause com.ctc.wstx.exc.WstxEOFException: Unexpected EOF in entity reference

[John Yin (Jira)]

[ 
https://issues.apache.org/jira/browse/CXF-9018?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17848697#comment-17848697
 ] 

John Yin commented on CXF-9018:
---

Another piece of information that may help to narrow down the cause of this 
issue.  If I do not use loggingFeature but use the following instead, the error 
never occurs:
{code:java}
    
        
    
    
        


        
            
        
        
            
        
        
            
        
        
            
        
     {code}

> CXF loggingFeature might disturb the input stream and cause 
> com.ctc.wstx.exc.WstxEOFException: Unexpected EOF in entity reference
> -
>
> Key: CXF-9018
> URL: https://issues.apache.org/jira/browse/CXF-9018
> Project: CXF
>  Issue Type: Bug
>  Components: WS-* Components
>Affects Versions: 4.0.4
>Reporter: John Yin
>Priority: Major
>
> This happens intermittently, therefore, it is hard to provide a sample 
> program to reproduce it.
> When the following is used, 
>  
> {code:java}
> 
>
> 
> 
>   
> 
>   
>  {code}
> Intermittently, the response of calling a SOAP webservice may cause a 
> "com.ctc.wstx.exc.WstxEOFException: Unexpected EOF in entity reference".  If 
> the loggingFeature is removed from the bus, the error never occurs.
> Here is the stacktrace:
> {code:java}
> Stacktrace
> ---
> org.apache.camel.CamelExecutionException: Exception occurred during execution 
> on the exchange: Exchange[]
>     at 
> org.apache.camel.CamelExecutionException.wrapCamelExecutionException(CamelExecutionException.java:45)
>  ~[camel-api-4.4.0.jar:4.4.0]
>     at 
> org.apache.camel.support.ExchangeHelper.extractResultBody(ExchangeHelper.java:676)
>  ~[camel-support-4.4.0.jar:4.4.0]
>     at 
> org.apache.camel.impl.engine.DefaultProducerTemplate.extractResultBody(DefaultProducerTemplate.java:591)
>  ~[camel-base-engine-4.4.0.jar:4.4.0]
>     at 
> org.apache.camel.impl.engine.DefaultProducerTemplate.extractResultBody(DefaultProducerTemplate.java:587)
>  ~[camel-base-engine-4.4.0.jar:4.4.0]
>     at 
> org.apache.camel.impl.engine.DefaultProducerTemplate.requestBodyAndHeaders(DefaultProducerTemplate.java:440)
>  ~[camel-base-engine-4.4.0.jar:4.4.0]
>     at 
> org.codehaus.groovy.vmplugin.v8.IndyInterface.selectMethod(IndyInterface.java:355)
>  ~[groovy-4.0.19.jar:4.0.19]
>     at 
> org.codehaus.groovy.vmplugin.v8.IndyInterface.fromCache(IndyInterface.java:321)
>  ~[groovy-4.0.19.jar:4.0.19]
>     at GetVzInventoryProc.process(GetVzInventoryProcScript.groovy:69) ~[?:?]
>     at 
> org.apache.camel.support.processor.DelegateSyncProcessor.process(DelegateSyncProcessor.java:65)
>  ~[camel-support-4.4.0.jar:4.4.0]
>     at 
> org.apache.camel.processor.errorhandler.RedeliveryErrorHandler$RedeliveryTask.doRun(RedeliveryErrorHandler.java:840)
>  ~[camel-core-processor-4.4.0.jar:4.4.0]
>     at 
> org.apache.camel.processor.errorhandler.RedeliveryErrorHandler$RedeliveryTask.run(RedeliveryErrorHandler.java:746)
>  ~[camel-core-processor-4.4.0.jar:4.4.0]
>     at 
> org.apache.camel.impl.engine.DefaultReactiveExecutor$Worker.doRun(DefaultReactiveExecutor.java:199)
>  [camel-base-engine-4.4.0.jar:4.4.0]
>     at 
> org.apache.camel.impl.engine.DefaultReactiveExecutor$Worker.executeReactiveWork(DefaultReactiveExecutor.java:189)
>  [camel-base-engine-4.4.0.jar:4.4.0]
>     at 
> org.apache.camel.impl.engine.DefaultReactiveExecutor$Worker.tryExecuteReactiveWork(DefaultReactiveExecutor.java:166)
>  [camel-base-engine-4.4.0.jar:4.4.0]
>     at 
> org.apache.camel.impl.engine.DefaultReactiveExecutor$Worker.schedule(DefaultReactiveExecutor.java:148)
>  [camel-base-engine-4.4.0.jar:4.4.0]
>     at 
> org.apache.camel.impl.engine.DefaultReactiveExecutor.scheduleMain(DefaultReactiveExecutor.java:59)
>  [camel-base-engine-4.4.0.jar:4.4.0]
>     at org.apache.camel.processor.Pipeline.process(Pipeline.java:163) 
> [camel-core-processor-4.4.0.jar:4.4.0]
>     at 
> org.apache.camel.impl.engine.CamelInternalProcessor.processNonTransacted(CamelInternalProcessor.java:354)
>  [camel-base-engine-4.4.0.jar:4.4.0]
>     at 
> org.apache.camel.impl.engine.CamelInternalProcessor.process(CamelInternalProcessor.java:330)
>  [camel-base-engine-4.4.0.jar:4.4.0]
>     at 
> org.apache.camel.component.timer.TimerConsumer.sendTimerExchange(TimerCon

[jira] [Created] (CXF-9018) CXF loggingFeature might disturb the input stream and cause com.ctc.wstx.exc.WstxEOFException: Unexpected EOF in entity reference

[John Yin (Jira)]

John Yin created CXF-9018:
-

 Summary: CXF loggingFeature might disturb the input stream and 
cause com.ctc.wstx.exc.WstxEOFException: Unexpected EOF in entity reference
 Key: CXF-9018
 URL: https://issues.apache.org/jira/browse/CXF-9018
 Project: CXF
  Issue Type: Bug
  Components: WS-* Components
Affects Versions: 4.0.4
Reporter: John Yin


This happens intermittently, therefore, it is hard to provide a sample program 
to reproduce it.

When the following is used, 
 
{code:java}

   



  

  
 {code}
Intermittently, the response of calling a SOAP webservice may cause a 
"com.ctc.wstx.exc.WstxEOFException: Unexpected EOF in entity reference".  If 
the loggingFeature is removed from the bus, the error never occurs.

Here is the stacktrace:
{code:java}
Stacktrace
---
org.apache.camel.CamelExecutionException: Exception occurred during execution 
on the exchange: Exchange[]
    at 
org.apache.camel.CamelExecutionException.wrapCamelExecutionException(CamelExecutionException.java:45)
 ~[camel-api-4.4.0.jar:4.4.0]
    at 
org.apache.camel.support.ExchangeHelper.extractResultBody(ExchangeHelper.java:676)
 ~[camel-support-4.4.0.jar:4.4.0]
    at 
org.apache.camel.impl.engine.DefaultProducerTemplate.extractResultBody(DefaultProducerTemplate.java:591)
 ~[camel-base-engine-4.4.0.jar:4.4.0]
    at 
org.apache.camel.impl.engine.DefaultProducerTemplate.extractResultBody(DefaultProducerTemplate.java:587)
 ~[camel-base-engine-4.4.0.jar:4.4.0]
    at 
org.apache.camel.impl.engine.DefaultProducerTemplate.requestBodyAndHeaders(DefaultProducerTemplate.java:440)
 ~[camel-base-engine-4.4.0.jar:4.4.0]
    at 
org.codehaus.groovy.vmplugin.v8.IndyInterface.selectMethod(IndyInterface.java:355)
 ~[groovy-4.0.19.jar:4.0.19]
    at 
org.codehaus.groovy.vmplugin.v8.IndyInterface.fromCache(IndyInterface.java:321) 
~[groovy-4.0.19.jar:4.0.19]
    at GetVzInventoryProc.process(GetVzInventoryProcScript.groovy:69) ~[?:?]
    at 
org.apache.camel.support.processor.DelegateSyncProcessor.process(DelegateSyncProcessor.java:65)
 ~[camel-support-4.4.0.jar:4.4.0]
    at 
org.apache.camel.processor.errorhandler.RedeliveryErrorHandler$RedeliveryTask.doRun(RedeliveryErrorHandler.java:840)
 ~[camel-core-processor-4.4.0.jar:4.4.0]
    at 
org.apache.camel.processor.errorhandler.RedeliveryErrorHandler$RedeliveryTask.run(RedeliveryErrorHandler.java:746)
 ~[camel-core-processor-4.4.0.jar:4.4.0]
    at 
org.apache.camel.impl.engine.DefaultReactiveExecutor$Worker.doRun(DefaultReactiveExecutor.java:199)
 [camel-base-engine-4.4.0.jar:4.4.0]
    at 
org.apache.camel.impl.engine.DefaultReactiveExecutor$Worker.executeReactiveWork(DefaultReactiveExecutor.java:189)
 [camel-base-engine-4.4.0.jar:4.4.0]
    at 
org.apache.camel.impl.engine.DefaultReactiveExecutor$Worker.tryExecuteReactiveWork(DefaultReactiveExecutor.java:166)
 [camel-base-engine-4.4.0.jar:4.4.0]
    at 
org.apache.camel.impl.engine.DefaultReactiveExecutor$Worker.schedule(DefaultReactiveExecutor.java:148)
 [camel-base-engine-4.4.0.jar:4.4.0]
    at 
org.apache.camel.impl.engine.DefaultReactiveExecutor.scheduleMain(DefaultReactiveExecutor.java:59)
 [camel-base-engine-4.4.0.jar:4.4.0]
    at org.apache.camel.processor.Pipeline.process(Pipeline.java:163) 
[camel-core-processor-4.4.0.jar:4.4.0]
    at 
org.apache.camel.impl.engine.CamelInternalProcessor.processNonTransacted(CamelInternalProcessor.java:354)
 [camel-base-engine-4.4.0.jar:4.4.0]
    at 
org.apache.camel.impl.engine.CamelInternalProcessor.process(CamelInternalProcessor.java:330)
 [camel-base-engine-4.4.0.jar:4.4.0]
    at 
org.apache.camel.component.timer.TimerConsumer.sendTimerExchange(TimerConsumer.java:293)
 [camel-timer-4.4.0.jar:4.4.0]
    at 
org.apache.camel.component.timer.TimerConsumer$1.doRun(TimerConsumer.java:164) 
[camel-timer-4.4.0.jar:4.4.0]
    at 
org.apache.camel.component.timer.TimerConsumer$1.run(TimerConsumer.java:136) 
[camel-timer-4.4.0.jar:4.4.0]
    at java.util.TimerThread.mainLoop(Timer.java:566) [?:?]
    at java.util.TimerThread.run(Timer.java:516) [?:?]
Caused by: org.apache.cxf.interceptor.Fault: 
[com.ctc.wstx.exc.WstxLazyException] Unexpected EOF in entity reference
 at [row,col {unknown-source}]: [1,49151]
    at 
org.apache.cxf.interceptor.LoggingInInterceptor.logInputStream(LoggingInInterceptor.java:230)
 ~[cxf-core-4.0.4.jar:4.0.4]
    at 
org.apache.cxf.interceptor.LoggingInInterceptor.logging(LoggingInInterceptor.java:161)
 ~[cxf-core-4.0.4.jar:4.0.4]
    at 
org.apache.cxf.interceptor.LoggingInInterceptor.handleMessage(LoggingInInterceptor.java:82)
 ~[cxf-core-4.0.4.jar:4.0.4]
    at 
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:307)
 ~[cxf-core-4.0.4.jar:4.0.4]
    at org.apache.cxf.endpoint.ClientImpl

[jira] [Commented] (CXF-9007) NullPointerException in XMLStreamDataWriter.writeNode

[Andriy Redko (Jira)]

[ 
https://issues.apache.org/jira/browse/CXF-9007?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17848413#comment-17848413
 ] 

Andriy Redko commented on CXF-9007:
---

Thank you [~maghol] , looking forward to test cases.

> NullPointerException in XMLStreamDataWriter.writeNode
> -
>
> Key: CXF-9007
> URL: https://issues.apache.org/jira/browse/CXF-9007
> Project: CXF
>  Issue Type: Bug
>Affects Versions: 4.0.3, 4.0.4
>Reporter: Magnus Holm
>Assignee: Andriy Redko
>Priority: Major
> Fix For: 4.1.0, 4.0.5
>
> Attachments: dispatch-impl-npe.txt, interceptor-npe.txt, 
> invoke-async-npe.txt, invoke-sync-npe.txt
>
>
> We're encountering sporadic weird {{NullPointerException}} in various of our 
> tests using different client configurations with wsdls. It seems to only 
> occur right after initialising the client, e.g. only on the first call. I 
> suspect it's some kind of race-condition, but I've not been able to create a 
> reproducer. I was hoping maybe someone from the project would have insight 
> into why this could be happening by looking at the stacktraces. 
> The error we're hitting appears to be here: 
> {code}
> java.lang.NullPointerException: Cannot invoke 
> "org.w3c.dom.Node.getOwnerDocument()" because "nd" is null
>   at 
> org.apache.cxf.databinding.source.XMLStreamDataWriter.writeNode(XMLStreamDataWriter.java:160)
>  ~[cxf-core-4.0.4.jar:4.0.4]
>   at 
> org.apache.cxf.databinding.source.XMLStreamDataWriter.write(XMLStreamDataWriter.java:101)
>  ~[cxf-core-4.0.4.jar:4.0.4]
>   at 
> org.apache.cxf.databinding.source.XMLStreamDataWriter.write(XMLStreamDataWriter.java:67)
>  ~[cxf-core-4.0.4.jar:4.0.4]
>   at 
> org.apache.cxf.databinding.source.XMLStreamDataWriter.write(XMLStreamDataWriter.java:55)
>  ~[cxf-core-4.0.4.jar:4.0.4]
> {code}
> Update: we're using cxf-rt-transports-http-hc5.
> We've had this issue on 4.0.3 and 4.0.4. We might've had it on previous 
> versions as well, but I don't have build history going back that far.  
> JDK versions: Corretto 17 (17.0.8-amzn), Zulu 17 (17.0.10-zulu) ++



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (CXF-9007) NullPointerException in XMLStreamDataWriter.writeNode

[Magnus Holm (Jira)]

[ 
https://issues.apache.org/jira/browse/CXF-9007?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17848129#comment-17848129
 ] 

Magnus Holm commented on CXF-9007:
--

[~reta] Sorry for the delay, struggling to find time. I built your branch and 
re-ran tests and found out the potential fix causes a consistent failure for 
another test which relates to large response processing/chunking. I will set 
aside some time and provide you with both test-cases some time this week. Have 
to unwrap the setup from some internal frameworking. 

The new failure:
{code}
org.apache.cxf.binding.soap.SoapFault: Problems creating SAAJ object model
at 
org.apache.cxf.binding.soap.saaj.SAAJInInterceptor.handleMessage(SAAJInInterceptor.java:261)
 ~[cxf-rt-bindings-soap-4.0.1-SNAPSHOT.jar:4.0.1.SNAPSHOT]
at 
org.apache.cxf.binding.soap.saaj.SAAJInInterceptor.handleMessage(SAAJInInterceptor.java:81)
 ~[cxf-rt-bindings-soap-4.0.1-SNAPSHOT.jar:4.0.1.SNAPSHOT]
at 
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:307)
 [cxf-core-4.0.1-SNAPSHOT.jar:4.0.1.SNAPSHOT]
at org.apache.cxf.endpoint.ClientImpl.onMessage(ClientImpl.java:808) 
[cxf-core-4.0.1-SNAPSHOT.jar:4.0.1.SNAPSHOT]
at 
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(HTTPConduit.java:1726)
 [cxf-rt-transports-http-4.0.1-SNAPSHOT.jar:4.0.1.SNAPSHOT]
at 
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream$1.run(HTTPConduit.java:1210)
 [cxf-rt-transports-http-4.0.1-SNAPSHOT.jar:4.0.1.SNAPSHOT]
at 
org.apache.cxf.workqueue.AutomaticWorkQueueImpl$3.run(AutomaticWorkQueueImpl.java:413)
 [cxf-core-4.0.1-SNAPSHOT.jar:4.0.1.SNAPSHOT]
at 
java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
 [?:?]
at 
java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
 [?:?]
at 
org.apache.cxf.workqueue.AutomaticWorkQueueImpl$AWQThreadFactory$1.run(AutomaticWorkQueueImpl.java:346)
 [cxf-core-4.0.1-SNAPSHOT.jar:4.0.1.SNAPSHOT]
at java.base/java.lang.Thread.run(Thread.java:833) [?:?]
Caused by: com.ctc.wstx.exc.WstxEOFException: Unexpected EOF; was expecting a 
close tag for element 
 at [row,col {unknown-source}]: [1,16320]
at 
com.ctc.wstx.sr.StreamScanner.throwUnexpectedEOF(StreamScanner.java:701) 
~[woodstox-core-6.6.2.jar:6.6.2]
at 
com.ctc.wstx.sr.BasicStreamReader.throwUnexpectedEOF(BasicStreamReader.java:5607)
 ~[woodstox-core-6.6.2.jar:6.6.2]
at 
com.ctc.wstx.sr.BasicStreamReader.nextFromTree(BasicStreamReader.java:2811) 
~[woodstox-core-6.6.2.jar:6.6.2]
at com.ctc.wstx.sr.BasicStreamReader.next(BasicStreamReader.java:1122) 
~[woodstox-core-6.6.2.jar:6.6.2]
at org.apache.cxf.staxutils.StaxUtils.copy(StaxUtils.java:776) 
~[cxf-core-4.0.1-SNAPSHOT.jar:4.0.1.SNAPSHOT]
at 
org.apache.cxf.binding.soap.saaj.SAAJInInterceptor.handleMessage(SAAJInInterceptor.java:244)
 ~[cxf-rt-bindings-soap-4.0.1-SNAPSHOT.jar:4.0.1.SNAPSHOT]
... 10 more
{code}

> NullPointerException in XMLStreamDataWriter.writeNode
> -
>
> Key: CXF-9007
> URL: https://issues.apache.org/jira/browse/CXF-9007
> Project: CXF
>  Issue Type: Bug
>Affects Versions: 4.0.3, 4.0.4
>Reporter: Magnus Holm
>Assignee: Andriy Redko
>Priority: Major
> Fix For: 4.1.0, 4.0.5
>
> Attachments: dispatch-impl-npe.txt, interceptor-npe.txt, 
> invoke-async-npe.txt, invoke-sync-npe.txt
>
>
> We're encountering sporadic weird {{NullPointerException}} in various of our 
> tests using different client configurations with wsdls. It seems to only 
> occur right after initialising the client, e.g. only on the first call. I 
> suspect it's some kind of race-condition, but I've not been able to create a 
> reproducer. I was hoping maybe someone from the project would have insight 
> into why this could be happening by looking at the stacktraces. 
> The error we're hitting appears to be here: 
> {code}
> java.lang.NullPointerException: Cannot invoke 
> "org.w3c.dom.Node.getOwnerDocument()" because "nd" is null
>   at 
> org.apache.cxf.databinding.source.XMLStreamDataWriter.writeNode(XMLStreamDataWriter.java:160)
>  ~[cxf-core-4.0.4.jar:4.0.4]
>   at 
> org.apache.cxf.databinding.source.XMLStreamDataWriter.write(XMLStreamDataWriter.java:101)
>  ~[cxf-core-4.0.4.jar:4.0.4]
>   at 
> org.apache.cxf.databinding.source.XMLStreamDataWriter.write(XMLStreamDataWriter.java:67)
>  ~[cxf-core-4.0.4.jar:4.0.4]
>   at 
> org.apache.cxf.databinding.source.XMLStreamDataWriter.write(XMLStreamDataWriter.java:55)
&

[jira] [Updated] (CXF-9009) Async operations fail in concurrent calls

[Andriy Redko (Jira)]

 [ 
https://issues.apache.org/jira/browse/CXF-9009?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Andriy Redko updated CXF-9009:
--
Fix Version/s: 3.5.9
   4.1.0
   4.0.5
   3.6.4

> Async operations fail in concurrent calls
> -
>
> Key: CXF-9009
> URL: https://issues.apache.org/jira/browse/CXF-9009
> Project: CXF
>  Issue Type: Bug
>  Components: JAX-WS Runtime
>Affects Versions: 3.5.8, 3.6.3, 4.0.4
>Reporter: Julio J. Gomez Diaz
>Assignee: Andriy Redko
>Priority: Major
> Fix For: 3.5.9, 4.1.0, 4.0.5, 3.6.4
>
> Attachments: spring-soap.zip
>
>
> An exception occurs when a SOAP client is used concurrently in async 
> operations, the exception is as follows:
>  
>  
> {code:java}
> org.apache.cxf.interceptor.Fault: Could not send Message.
>   at 
> org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:67)
>  ~[cxf-core-4.0.4.jar:4.0.4]
>   at 
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:307)
>  ~[cxf-core-4.0.4.jar:4.0.4]
>   at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:530) 
> ~[cxf-core-4.0.4.jar:4.0.4]
>   at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:434) 
> ~[cxf-core-4.0.4.jar:4.0.4]
>   at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:412) 
> ~[cxf-core-4.0.4.jar:4.0.4]
>   at 
> org.apache.cxf.jaxws.JaxWsClientProxy.invokeAsync(JaxWsClientProxy.java:326) 
> ~[cxf-rt-frontend-jaxws-4.0.4.jar:4.0.4]
>   at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:138) 
> ~[cxf-rt-frontend-jaxws-4.0.4.jar:4.0.4]
>   at jdk.proxy2/jdk.proxy2.$Proxy95.countAsync(Unknown Source) ~[na:na]
>   at 
> com.example.demo.rest.RestController.lambda$async$1(RestController.java:25) 
> ~[classes/:na]
>   at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:317) 
> ~[na:na]
>   at 
> java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1144)
>  ~[na:na]
>   at 
> java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:642)
>  ~[na:na]
>   at java.base/java.lang.Thread.run(Thread.java:1583) ~[na:na]
> Caused by: io.netty.channel.StacklessClosedChannelException: null
>   at 
> io.netty.channel.AbstractChannel$AbstractUnsafe.ensureOpen(ChannelPromise)(Unknown
>  Source) ~[netty-transport-4.1.109.Final.jar:4.1.109.Final]{code}
>  
> I created an reproducer application (find attached "spring-soap.zip")  that 
> acts as client and server, and this publishes the following operations:
>  * [http://localhost:8080/async] -> it uses a soap client to call 
> concurrently using an async operation (this {*}fails with the exception 
> previously described{*})
>  * [http://localhost:8080/sync] -> it uses a soap client to call concurrently 
> using an ordinary operation (ends without errors)



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (CXF-9009) Async operations fail in concurrent calls

[Andriy Redko (Jira)]

 [ 
https://issues.apache.org/jira/browse/CXF-9009?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Andriy Redko updated CXF-9009:
--
Affects Version/s: 3.6.3
   3.5.8

> Async operations fail in concurrent calls
> -
>
> Key: CXF-9009
> URL: https://issues.apache.org/jira/browse/CXF-9009
> Project: CXF
>  Issue Type: Bug
>  Components: JAX-WS Runtime
>Affects Versions: 3.5.8, 3.6.3, 4.0.4
>Reporter: Julio J. Gomez Diaz
>Assignee: Andriy Redko
>Priority: Major
> Attachments: spring-soap.zip
>
>
> An exception occurs when a SOAP client is used concurrently in async 
> operations, the exception is as follows:
>  
>  
> {code:java}
> org.apache.cxf.interceptor.Fault: Could not send Message.
>   at 
> org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:67)
>  ~[cxf-core-4.0.4.jar:4.0.4]
>   at 
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:307)
>  ~[cxf-core-4.0.4.jar:4.0.4]
>   at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:530) 
> ~[cxf-core-4.0.4.jar:4.0.4]
>   at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:434) 
> ~[cxf-core-4.0.4.jar:4.0.4]
>   at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:412) 
> ~[cxf-core-4.0.4.jar:4.0.4]
>   at 
> org.apache.cxf.jaxws.JaxWsClientProxy.invokeAsync(JaxWsClientProxy.java:326) 
> ~[cxf-rt-frontend-jaxws-4.0.4.jar:4.0.4]
>   at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:138) 
> ~[cxf-rt-frontend-jaxws-4.0.4.jar:4.0.4]
>   at jdk.proxy2/jdk.proxy2.$Proxy95.countAsync(Unknown Source) ~[na:na]
>   at 
> com.example.demo.rest.RestController.lambda$async$1(RestController.java:25) 
> ~[classes/:na]
>   at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:317) 
> ~[na:na]
>   at 
> java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1144)
>  ~[na:na]
>   at 
> java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:642)
>  ~[na:na]
>   at java.base/java.lang.Thread.run(Thread.java:1583) ~[na:na]
> Caused by: io.netty.channel.StacklessClosedChannelException: null
>   at 
> io.netty.channel.AbstractChannel$AbstractUnsafe.ensureOpen(ChannelPromise)(Unknown
>  Source) ~[netty-transport-4.1.109.Final.jar:4.1.109.Final]{code}
>  
> I created an reproducer application (find attached "spring-soap.zip")  that 
> acts as client and server, and this publishes the following operations:
>  * [http://localhost:8080/async] -> it uses a soap client to call 
> concurrently using an async operation (this {*}fails with the exception 
> previously described{*})
>  * [http://localhost:8080/sync] -> it uses a soap client to call concurrently 
> using an ordinary operation (ends without errors)



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (CXF-9009) Async operations fail in concurrent calls

[Andriy Redko (Jira)]

[ 
https://issues.apache.org/jira/browse/CXF-9009?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17847413#comment-17847413
 ] 

Andriy Redko commented on CXF-9009:
---

{noformat}
May 17, 2024 2:52:39 P.M. io.netty.channel.ChannelInitializer 
exceptionCaughtWARNING: Failed to initialize a channel. Closing: [id: 
0xe5e4c70d]java.lang.IllegalStateException: complete already: 
DefaultChannelPromise@1876fa2c(success)   at 
io.netty.util.concurrent.DefaultPromise.setSuccess(DefaultPromise.java:100)  at 
io.netty.channel.DefaultChannelPromise.setSuccess(DefaultChannelPromise.java:78)
 at 
org.apache.cxf.transport.http.netty.client.NettyHttpClientPipelineFactory.initChannel(NettyHttpClientPipelineFactory.java:187)
   at 
io.netty.channel.ChannelInitializer.initChannel(ChannelInitializer.java:129) at 
io.netty.channel.ChannelInitializer.handlerAdded(ChannelInitializer.java:112)   
 at 
io.netty.channel.AbstractChannelHandlerContext.callHandlerAdded(AbstractChannelHandlerContext.java:1130)
 at 
io.netty.channel.DefaultChannelPipeline.callHandlerAdded0(DefaultChannelPipeline.java:609)
   at 
io.netty.channel.DefaultChannelPipeline.access$100(DefaultChannelPipeline.java:46)
   at 
io.netty.channel.DefaultChannelPipeline$PendingHandlerAddedTask.execute(DefaultChannelPipeline.java:1463)
at 
io.netty.channel.DefaultChannelPipeline.callHandlerAddedForAllHandlers(DefaultChannelPipeline.java:1115)
 at 
io.netty.channel.DefaultChannelPipeline.invokeHandlerAddedIfNeeded(DefaultChannelPipeline.java:650)
  at 
io.netty.channel.AbstractChannel$AbstractUnsafe.register0(AbstractChannel.java:514)
  at 
io.netty.channel.AbstractChannel$AbstractUnsafe.access$200(AbstractChannel.java:429)
 at 
io.netty.channel.AbstractChannel$AbstractUnsafe$1.run(AbstractChannel.java:486) 
 at 
io.netty.util.concurrent.AbstractEventExecutor.runTask(AbstractEventExecutor.java:173)
   at 
io.netty.util.concurrent.AbstractEventExecutor.safeExecute(AbstractEventExecutor.java:166)
   at 
io.netty.util.concurrent.SingleThreadEventExecutor.runAllTasks(SingleThreadEventExecutor.java:470)
   at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:569) at 
io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:997)
 at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74)   
 at 
io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
at java.base/java.lang.Thread.run(Thread.java:833) {noformat}
For the record, this is the real cause of the issue.

> Async operations fail in concurrent calls
> -
>
> Key: CXF-9009
> URL: https://issues.apache.org/jira/browse/CXF-9009
> Project: CXF
>  Issue Type: Bug
>  Components: JAX-WS Runtime
>Affects Versions: 4.0.4
>Reporter: Julio J. Gomez Diaz
>Assignee: Andriy Redko
>Priority: Major
> Attachments: spring-soap.zip
>
>
> An exception occurs when a SOAP client is used concurrently in async 
> operations, the exception is as follows:
>  
>  
> {code:java}
> org.apache.cxf.interceptor.Fault: Could not send Message.
>   at 
> org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:67)
>  ~[cxf-core-4.0.4.jar:4.0.4]
>   at 
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:307)
>  ~[cxf-core-4.0.4.jar:4.0.4]
>   at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:530) 
> ~[cxf-core-4.0.4.jar:4.0.4]
>   at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:434) 
> ~[cxf-core-4.0.4.jar:4.0.4]
>   at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:412) 
> ~[cxf-core-4.0.4.jar:4.0.4]
>   at 
> org.apache.cxf.jaxws.JaxWsClientProxy.invokeAsync(JaxWsClientProxy.java:326) 
> ~[cxf-rt-frontend-jaxws-4.0.4.jar:4.0.4]
>   at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:138) 
> ~[cxf-rt-frontend-jaxws-4.0.4.jar:4.0.4]
>   at jdk.proxy2/jdk.proxy2.$Proxy95.countAsync(Unknown Source) ~[na:na]
>   at 
> com.example.demo.rest.RestController.lambda$async$1(RestController.java:25) 
> ~[classes/:na]
>   at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:317) 
> ~[na:na]
>   at 
> java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1144)
>  ~[na:na]
>   at 
> java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:642)
>  ~[na:na]
>   at java.base/java.lang.Thread.run(Thread.java:1583) ~[na:na]
> Caused by: io.netty.channel.StacklessClosedChannelException: null
>   at 
> io.netty.channel.AbstractChannel$AbstractUnsafe.ensur

[jira] [Resolved] (CXF-9002) JAXRSMultithreadedClientTest test cases failing on IBM JDK.

[Andriy Redko (Jira)]

 [ 
https://issues.apache.org/jira/browse/CXF-9002?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Andriy Redko resolved CXF-9002.
---
Resolution: Fixed

> JAXRSMultithreadedClientTest test cases failing on IBM JDK.
> ---
>
> Key: CXF-9002
> URL: https://issues.apache.org/jira/browse/CXF-9002
> Project: CXF
>  Issue Type: Test
>  Components: JAX-RS
>Affects Versions: 4.0.4
>Reporter: Jamie Mark Goodyear
>Priority: Major
>
> JAXRSMultithreadedClientTest test cases failing on IBM JDK (Semeru 17).
> There is a JAXRS system test failure for {{JAXRSMultithreadedClientTest}} 
> test cases:
> JAXRSMultithreadedClientTest.testStatefulWebClientThreadLocalWithCopy
> JAXRSMultithreadedClientTest.testStatefulWebClientWithCopy
> JAXRSMultithreadedClientTest.testThreadSafeProxyWithCopy
> The commonality between these tests are \{{threadSafe }}is set to false, 
> which triggers a copy of existing client with WebClient.fromClient.
> The error traces contains the following shape:
> {code:java}
> Exception in thread "pool-12-thread-2" java.lang.AssertionError: 
> WebClientWorker thread failed for 10,value10 at 
> org.junit.Assert.fail(Assert.java:89) at 
> org.apache.cxf.systest.jaxrs.JAXRSMultithreadedClientTest$WebClientWorker.run(JAXRSMultithreadedClientTest.java:208)
>  at 
> java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
>  at 
> java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
>  at java.base/java.lang.Thread.run(Thread.java:857) at 
> org.apache.cxf.transport.http.HttpClientHTTPConduit$HttpClientWrappedOutputStream.getResponse(HttpClientHTTPConduit.java:751)
>  at 
> org.apache.cxf.transport.http.HttpClientHTTPConduit$HttpClientWrappedOutputStream.getResponseCode(HttpClientHTTPConduit.java:760)
>  at 
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.doProcessResponseCode(HTTPConduit.java:1653)
>  at 
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(HTTPConduit.java:1684)
>  at 
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(HTTPConduit.java:1626)
>  at 
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1420)
>  ... 19 more Caused by: java.lang.InterruptedException at 
> java.base/java.util.concurrent.CompletableFuture.reportGet(CompletableFuture.java:386)
>  at 
> java.base/java.util.concurrent.CompletableFuture.get(CompletableFuture.java:2096)
>  at 
> org.apache.cxf.transport.http.HttpClientHTTPConduit$HttpClientWrappedOutputStream.getResponse(HttpClientHTTPConduit.java:731)
>  ... 24 more Exception in thread "pool-12-thread-4" java.lang.AssertionError: 
> WebClientWorker thread failed for 8,value8 at 
> org.junit.Assert.fail(Assert.java:89) at 
> org.apache.cxf.systest.jaxrs.JAXRSMultithreadedClientTest$WebClientWorker.run(JAXRSMultithreadedClientTest.java:208)
>  at 
> java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
>  at 
> java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
>  at java.base/java.lang.Thread.run(Thread.java:857) {code}
> When this suite is run on Hotspot based JVMs, the test cases pass.This is 
> reproducible by changing directory to systests/jaxrs, then executing:
> `
> {{mvn clean install -Dtest=JAXRSMultithreadedClientTest}}
> {{`}}



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (CXF-9002) JAXRSMultithreadedClientTest test cases failing on IBM JDK.

[Jamie Mark Goodyear (Jira)]

[ 
https://issues.apache.org/jira/browse/CXF-9002?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17847265#comment-17847265
 ] 

Jamie Mark Goodyear commented on CXF-9002:
--

Returning to check this branch - the JAXRSMultithreadedClientTest suite is now 
passing builds on IBM Java.

> JAXRSMultithreadedClientTest test cases failing on IBM JDK.
> ---
>
> Key: CXF-9002
> URL: https://issues.apache.org/jira/browse/CXF-9002
> Project: CXF
>  Issue Type: Test
>  Components: JAX-RS
>Affects Versions: 4.0.4
>Reporter: Jamie Mark Goodyear
>Priority: Major
>
> JAXRSMultithreadedClientTest test cases failing on IBM JDK (Semeru 17).
> There is a JAXRS system test failure for {{JAXRSMultithreadedClientTest}} 
> test cases:
> JAXRSMultithreadedClientTest.testStatefulWebClientThreadLocalWithCopy
> JAXRSMultithreadedClientTest.testStatefulWebClientWithCopy
> JAXRSMultithreadedClientTest.testThreadSafeProxyWithCopy
> The commonality between these tests are \{{threadSafe }}is set to false, 
> which triggers a copy of existing client with WebClient.fromClient.
> The error traces contains the following shape:
> {code:java}
> Exception in thread "pool-12-thread-2" java.lang.AssertionError: 
> WebClientWorker thread failed for 10,value10 at 
> org.junit.Assert.fail(Assert.java:89) at 
> org.apache.cxf.systest.jaxrs.JAXRSMultithreadedClientTest$WebClientWorker.run(JAXRSMultithreadedClientTest.java:208)
>  at 
> java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
>  at 
> java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
>  at java.base/java.lang.Thread.run(Thread.java:857) at 
> org.apache.cxf.transport.http.HttpClientHTTPConduit$HttpClientWrappedOutputStream.getResponse(HttpClientHTTPConduit.java:751)
>  at 
> org.apache.cxf.transport.http.HttpClientHTTPConduit$HttpClientWrappedOutputStream.getResponseCode(HttpClientHTTPConduit.java:760)
>  at 
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.doProcessResponseCode(HTTPConduit.java:1653)
>  at 
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(HTTPConduit.java:1684)
>  at 
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(HTTPConduit.java:1626)
>  at 
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1420)
>  ... 19 more Caused by: java.lang.InterruptedException at 
> java.base/java.util.concurrent.CompletableFuture.reportGet(CompletableFuture.java:386)
>  at 
> java.base/java.util.concurrent.CompletableFuture.get(CompletableFuture.java:2096)
>  at 
> org.apache.cxf.transport.http.HttpClientHTTPConduit$HttpClientWrappedOutputStream.getResponse(HttpClientHTTPConduit.java:731)
>  ... 24 more Exception in thread "pool-12-thread-4" java.lang.AssertionError: 
> WebClientWorker thread failed for 8,value8 at 
> org.junit.Assert.fail(Assert.java:89) at 
> org.apache.cxf.systest.jaxrs.JAXRSMultithreadedClientTest$WebClientWorker.run(JAXRSMultithreadedClientTest.java:208)
>  at 
> java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
>  at 
> java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
>  at java.base/java.lang.Thread.run(Thread.java:857) {code}
> When this suite is run on Hotspot based JVMs, the test cases pass.This is 
> reproducible by changing directory to systests/jaxrs, then executing:
> `
> {{mvn clean install -Dtest=JAXRSMultithreadedClientTest}}
> {{`}}



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (CXF-9017) Regression in proxy-based restful client

[Andriy Redko (Jira)]

[ 
https://issues.apache.org/jira/browse/CXF-9017?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17847258#comment-17847258
 ] 

Andriy Redko commented on CXF-9017:
---

[~iiliev2] is it the duplicate of 
https://issues.apache.org/jira/browse/CXF-8992 (same cause)? thank you

> Regression in proxy-based restful client
> 
>
> Key: CXF-9017
> URL: https://issues.apache.org/jira/browse/CXF-9017
> Project: CXF
>  Issue Type: Bug
>Reporter: Ivan Iliev
>Priority: Critical
>
> The memory leak fix introduced in 
> https://issues.apache.org/jira/browse/CXF-8946 breaks the way the 
> ClientProxyImpl works. It passes its ClientConfiguration down to sub-proxies. 
> When those sub-proxies get garbage collected, that configuration gets closed. 
> One of the objects that are closed is AbstractConduitSelector -> conduits.
> After that, any newly created sub-proxies will have misconfigured clients. 
> For example, we are configuring TLSClientParameters on the conduit of the 
> root, which gets wiped out and therefore the new child clients can no longer 
> connect.
> {code:java}
> API api = JAXRSClientFactory.create(endpoint, , getCxfProviders(), 
> true); // root proxy
> configure(api);//add TLSClientParameters
> SomeResource s = api.getSomeResource(); // sub-proxy
> 
> 
> SomeOtherResource s2 = api.get(); //broken{code}



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Resolved] (CXF-9016) Upgrade Spring-Framework to 5.3.34 in Apache-cxf

[Andriy Redko (Jira)]

 [ 
https://issues.apache.org/jira/browse/CXF-9016?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Andriy Redko resolved CXF-9016.
---
Resolution: Information Provided

It was done already

> Upgrade Spring-Framework to 5.3.34 in Apache-cxf
> 
>
> Key: CXF-9016
> URL: https://issues.apache.org/jira/browse/CXF-9016
> Project: CXF
>  Issue Type: Improvement
>Affects Versions: 3.5.5, 3.5.6, 3.5.7, 3.5.8, 3.6.3
>Reporter: Nikhil
>Priority: Major
>
> We have a high severity security issue with spring-framework ::
> h2. Affected Spring Products and Versions
> Spring Framework
>  * 6.1.0 - 6.1.5
>  * 6.0.0 - 6.0.18
>  * 5.3.0 - 5.3.33
>  * Older, unsupported versions are also affected
>  
> {*}Summary{*}: Applications that use UriComponentsBuilder in Spring Framework 
> to parse an externally provided URL (e.g. through a query parameter) AND 
> perform validation checks on the host of the parsed URL may be vulnerable to 
> a open redirect [https://cwe.mitre.org/data/definitions/601.html]  attack or 
> to a SSRF attack if the URL is used after passing validation checks.
> This is the same as CVE-2024-22243 
> [https://spring.io/security/cve-2024-22243] , but with different input.
>  
> *Note:* This is the same as *CVE-2024-22259* and {*}CVE-2024-22243{*}, but 
> with different input.
> –
> All these issues were fixed in Spring-Framework *5.3.34*
>  
> *Could you please review and update Spring-Framework as needed in CXF package 
> ?*



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Created] (CXF-9017) Regression in proxy-based restful client

[Ivan Iliev (Jira)]

Ivan Iliev created CXF-9017:
---

 Summary: Regression in proxy-based restful client
 Key: CXF-9017
 URL: https://issues.apache.org/jira/browse/CXF-9017
 Project: CXF
  Issue Type: Bug
Reporter: Ivan Iliev


The memory leak fix introduced in 
https://issues.apache.org/jira/browse/CXF-8946 breaks the way the 
ClientProxyImpl works. It passes its ClientConfiguration down to sub-proxies. 
When those sub-proxies get garbage collected, that configuration gets closed. 
One of the objects that are closed is AbstractConduitSelector -> conduits.

After that, any newly created sub-proxies will have misconfigured clients. For 
example, we are configuring TLSClientParameters on the conduit of the root, 
which gets wiped out and therefore the new child clients can no longer connect.
{code:java}
API api = JAXRSClientFactory.create(endpoint, , getCxfProviders(), 
true); // root proxy
configure(api);//add TLSClientParameters
SomeResource s = api.getSomeResource(); // sub-proxy


SomeOtherResource s2 = api.get(); //broken{code}



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (CXF-9016) Upgrade Spring-Framework to 5.3.34 in Apache-cxf

[Nikhil (Jira)]

 [ 
https://issues.apache.org/jira/browse/CXF-9016?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Nikhil updated CXF-9016:

Description: 
We have a high severity security issue with spring-framework ::
h2. Affected Spring Products and Versions
Spring Framework
 * 6.1.0 - 6.1.5
 * 6.0.0 - 6.0.18
 * 5.3.0 - 5.3.33
 * Older, unsupported versions are also affected
 

{*}Summary{*}: Applications that use UriComponentsBuilder in Spring Framework 
to parse an externally provided URL (e.g. through a query parameter) AND 
perform validation checks on the host of the parsed URL may be vulnerable to a 
open redirect [https://cwe.mitre.org/data/definitions/601.html]  attack or to a 
SSRF attack if the URL is used after passing validation checks.

This is the same as CVE-2024-22243 [https://spring.io/security/cve-2024-22243] 
, but with different input.

 

*Note:* This is the same as *CVE-2024-22259* and {*}CVE-2024-22243{*}, but with 
different input.

–

All these issues were fixed in Spring-Framework *5.3.34*

 

*Could you please review and update Spring-Framework as needed in CXF package ?*

  was:
We have a high severity security issue with spring-framework which is affected 
the below spring-framework versions ::

 

{*}Summary{*}: Applications that use UriComponentsBuilder in Spring Framework 
to parse an externally provided URL (e.g. through a query parameter) AND 
perform validation checks on the host of the parsed URL may be vulnerable to a 
open redirect [https://cwe.mitre.org/data/definitions/601.html]  attack or to a 
SSRF attack if the URL is used after passing validation checks.

This is the same as CVE-2024-22243 [https://spring.io/security/cve-2024-22243] 
, but with different input.

 

*Note:* This is the same as *CVE-2024-22259* and {*}CVE-2024-22243{*}, but with 
different input.

 

--

 

All these issues were fixed in Spring-Framework *5.3.34*

 

Could you please review and update Spring-Framework as needed in CXF package ?


> Upgrade Spring-Framework to 5.3.34 in Apache-cxf
> 
>
> Key: CXF-9016
> URL: https://issues.apache.org/jira/browse/CXF-9016
> Project: CXF
>  Issue Type: Improvement
>Affects Versions: 3.5.5, 3.5.6, 3.5.7, 3.5.8, 3.6.3
>Reporter: Nikhil
>Priority: Major
>
> We have a high severity security issue with spring-framework ::
> h2. Affected Spring Products and Versions
> Spring Framework
>  * 6.1.0 - 6.1.5
>  * 6.0.0 - 6.0.18
>  * 5.3.0 - 5.3.33
>  * Older, unsupported versions are also affected
>  
> {*}Summary{*}: Applications that use UriComponentsBuilder in Spring Framework 
> to parse an externally provided URL (e.g. through a query parameter) AND 
> perform validation checks on the host of the parsed URL may be vulnerable to 
> a open redirect [https://cwe.mitre.org/data/definitions/601.html]  attack or 
> to a SSRF attack if the URL is used after passing validation checks.
> This is the same as CVE-2024-22243 
> [https://spring.io/security/cve-2024-22243] , but with different input.
>  
> *Note:* This is the same as *CVE-2024-22259* and {*}CVE-2024-22243{*}, but 
> with different input.
> –
> All these issues were fixed in Spring-Framework *5.3.34*
>  
> *Could you please review and update Spring-Framework as needed in CXF package 
> ?*



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Created] (CXF-9016) Upgrade Spring-Framework to 5.3.34 in Apache-cxf

[Nikhil (Jira)]

Nikhil created CXF-9016:
---

 Summary: Upgrade Spring-Framework to 5.3.34 in Apache-cxf
 Key: CXF-9016
 URL: https://issues.apache.org/jira/browse/CXF-9016
 Project: CXF
  Issue Type: Improvement
Affects Versions: 3.6.3, 3.5.8, 3.5.7, 3.5.6, 3.5.5
Reporter: Nikhil


We have a high severity security issue with spring-framework which is affected 
the below spring-framework versions ::

 

{*}Summary{*}: Applications that use UriComponentsBuilder in Spring Framework 
to parse an externally provided URL (e.g. through a query parameter) AND 
perform validation checks on the host of the parsed URL may be vulnerable to a 
open redirect [https://cwe.mitre.org/data/definitions/601.html]  attack or to a 
SSRF attack if the URL is used after passing validation checks.

This is the same as CVE-2024-22243 [https://spring.io/security/cve-2024-22243] 
, but with different input.

 

*Note:* This is the same as *CVE-2024-22259* and {*}CVE-2024-22243{*}, but with 
different input.

 

--

 

All these issues were fixed in Spring-Framework *5.3.34*

 

Could you please review and update Spring-Framework as needed in CXF package ?



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Resolved] (CXF-9014) org.apache.cxf.systest.ws.action.SignatureWhitespaceTest test fail on RH OpenJDK

[Freeman Yue Fang (Jira)]

 [ 
https://issues.apache.org/jira/browse/CXF-9014?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Freeman Yue Fang resolved CXF-9014.
---
Fix Version/s: 4.1.0
   Resolution: Fixed

> org.apache.cxf.systest.ws.action.SignatureWhitespaceTest test fail on RH 
> OpenJDK
> 
>
> Key: CXF-9014
> URL: https://issues.apache.org/jira/browse/CXF-9014
> Project: CXF
>  Issue Type: Test
>Affects Versions: 4.0.4
>Reporter: Jamie Mark Goodyear
>Assignee: Freeman Yue Fang
>Priority: Minor
> Fix For: 4.1.0
>
> Attachments: bob-modified.jks, request-with-comment.xml, 
> request-with-trailing-whitespace.xml
>
>
> org.apache.cxf.systest.ws.action.SignatureWhitespaceTest test fail on RH 
> OpenJDK.
> In a full build of CXF 4.1.x (main) the SignatureWhitespaceTest suite will 
> fail when built on RH OpenJDK.
> Likely due to certs/algorithms supported by RH (see CXF-9006).



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (CXF-9013) Move performance benchmark to distribution samples folder

[Andriy Redko (Jira)]

 [ 
https://issues.apache.org/jira/browse/CXF-9013?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Andriy Redko updated CXF-9013:
--
Fix Version/s: 4.1.0

> Move performance benchmark to distribution samples folder
> -
>
> Key: CXF-9013
> URL: https://issues.apache.org/jira/browse/CXF-9013
> Project: CXF
>  Issue Type: Improvement
>Reporter: Jamie Mark Goodyear
>Priority: Minor
> Fix For: 4.1.0
>
>
> Add JAX-RS suite to benchmarks.
> CXF's benchmark performance suite currently includes JAX-WS based SOAP HTTP 
> Doc Lit. It would be nice to have a simple JAX-RS suite for rest verbs. 



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (CXF-9013) Move performance benchmark to distribution samples folder

[Andriy Redko (Jira)]

 [ 
https://issues.apache.org/jira/browse/CXF-9013?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Andriy Redko updated CXF-9013:
--
Summary: Move performance benchmark to distribution samples folder  (was: 
Add JAX-RS performance suite to benchmarks)

> Move performance benchmark to distribution samples folder
> -
>
> Key: CXF-9013
> URL: https://issues.apache.org/jira/browse/CXF-9013
> Project: CXF
>  Issue Type: Improvement
>Reporter: Jamie Mark Goodyear
>Priority: Minor
>
> Add JAX-RS suite to benchmarks.
> CXF's benchmark performance suite currently includes JAX-WS based SOAP HTTP 
> Doc Lit. It would be nice to have a simple JAX-RS suite for rest verbs. 



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Resolved] (CXF-9013) Move performance benchmark to distribution samples folder

[Andriy Redko (Jira)]

 [ 
https://issues.apache.org/jira/browse/CXF-9013?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Andriy Redko resolved CXF-9013.
---
Resolution: Fixed

> Move performance benchmark to distribution samples folder
> -
>
> Key: CXF-9013
> URL: https://issues.apache.org/jira/browse/CXF-9013
> Project: CXF
>  Issue Type: Improvement
>Reporter: Jamie Mark Goodyear
>Priority: Minor
> Fix For: 4.1.0
>
>
> Add JAX-RS suite to benchmarks.
> CXF's benchmark performance suite currently includes JAX-WS based SOAP HTTP 
> Doc Lit. It would be nice to have a simple JAX-RS suite for rest verbs. 



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (CXF-9014) org.apache.cxf.systest.ws.action.SignatureWhitespaceTest test fail on RH OpenJDK

[Freeman Yue Fang (Jira)]

[ 
https://issues.apache.org/jira/browse/CXF-9014?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17846667#comment-17846667
 ] 

Freeman Yue Fang commented on CXF-9014:
---

PR is
https://github.com/apache/cxf/pull/1875

> org.apache.cxf.systest.ws.action.SignatureWhitespaceTest test fail on RH 
> OpenJDK
> 
>
> Key: CXF-9014
> URL: https://issues.apache.org/jira/browse/CXF-9014
> Project: CXF
>  Issue Type: Test
>Affects Versions: 4.0.4
>Reporter: Jamie Mark Goodyear
>Assignee: Freeman Yue Fang
>Priority: Minor
> Attachments: bob-modified.jks, request-with-comment.xml, 
> request-with-trailing-whitespace.xml
>
>
> org.apache.cxf.systest.ws.action.SignatureWhitespaceTest test fail on RH 
> OpenJDK.
> In a full build of CXF 4.1.x (main) the SignatureWhitespaceTest suite will 
> fail when built on RH OpenJDK.
> Likely due to certs/algorithms supported by RH (see CXF-9006).



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Assigned] (CXF-9014) org.apache.cxf.systest.ws.action.SignatureWhitespaceTest test fail on RH OpenJDK

[Freeman Yue Fang (Jira)]

 [ 
https://issues.apache.org/jira/browse/CXF-9014?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Freeman Yue Fang reassigned CXF-9014:
-

Assignee: Freeman Yue Fang

> org.apache.cxf.systest.ws.action.SignatureWhitespaceTest test fail on RH 
> OpenJDK
> 
>
> Key: CXF-9014
> URL: https://issues.apache.org/jira/browse/CXF-9014
> Project: CXF
>  Issue Type: Test
>Affects Versions: 4.0.4
>Reporter: Jamie Mark Goodyear
>Assignee: Freeman Yue Fang
>Priority: Minor
> Attachments: bob-modified.jks, request-with-comment.xml, 
> request-with-trailing-whitespace.xml
>
>
> org.apache.cxf.systest.ws.action.SignatureWhitespaceTest test fail on RH 
> OpenJDK.
> In a full build of CXF 4.1.x (main) the SignatureWhitespaceTest suite will 
> fail when built on RH OpenJDK.
> Likely due to certs/algorithms supported by RH (see CXF-9006).



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (CXF-9014) org.apache.cxf.systest.ws.action.SignatureWhitespaceTest test fail on RH OpenJDK

[Freeman Yue Fang (Jira)]

[ 
https://issues.apache.org/jira/browse/CXF-9014?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17846625#comment-17846625
 ] 

Freeman Yue Fang commented on CXF-9014:
---

Thanks [~jgoodyear] for the confirmation, I will send PR soon

Freeman

> org.apache.cxf.systest.ws.action.SignatureWhitespaceTest test fail on RH 
> OpenJDK
> 
>
> Key: CXF-9014
> URL: https://issues.apache.org/jira/browse/CXF-9014
> Project: CXF
>  Issue Type: Test
>Affects Versions: 4.0.4
>Reporter: Jamie Mark Goodyear
>Priority: Minor
> Attachments: bob-modified.jks, request-with-comment.xml, 
> request-with-trailing-whitespace.xml
>
>
> org.apache.cxf.systest.ws.action.SignatureWhitespaceTest test fail on RH 
> OpenJDK.
> In a full build of CXF 4.1.x (main) the SignatureWhitespaceTest suite will 
> fail when built on RH OpenJDK.
> Likely due to certs/algorithms supported by RH (see CXF-9006).



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (CXF-9014) org.apache.cxf.systest.ws.action.SignatureWhitespaceTest test fail on RH OpenJDK

[Jamie Mark Goodyear (Jira)]

[ 
https://issues.apache.org/jira/browse/CXF-9014?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17846589#comment-17846589
 ] 

Jamie Mark Goodyear commented on CXF-9014:
--

Verified the artifacts on PPC64LE:

Red Hat OpenJDK 17
IBM Semeru 17
Eclipse Adoptium 17

Looks good to me :) Thank you [~ffang] 

 

> org.apache.cxf.systest.ws.action.SignatureWhitespaceTest test fail on RH 
> OpenJDK
> 
>
> Key: CXF-9014
> URL: https://issues.apache.org/jira/browse/CXF-9014
> Project: CXF
>  Issue Type: Test
>Affects Versions: 4.0.4
>Reporter: Jamie Mark Goodyear
>Priority: Minor
> Attachments: bob-modified.jks, request-with-comment.xml, 
> request-with-trailing-whitespace.xml
>
>
> org.apache.cxf.systest.ws.action.SignatureWhitespaceTest test fail on RH 
> OpenJDK.
> In a full build of CXF 4.1.x (main) the SignatureWhitespaceTest suite will 
> fail when built on RH OpenJDK.
> Likely due to certs/algorithms supported by RH (see CXF-9006).



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (CXF-9015) Typo in JsonMapObjectReaderWriter treats \h as a special character instead of \n

[Andriy Redko (Jira)]

 [ 
https://issues.apache.org/jira/browse/CXF-9015?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Andriy Redko updated CXF-9015:
--
Affects Version/s: 3.6.3
   3.5.8

> Typo in JsonMapObjectReaderWriter treats \h as a special character instead of 
> \n
> 
>
> Key: CXF-9015
> URL: https://issues.apache.org/jira/browse/CXF-9015
> Project: CXF
>  Issue Type: Bug
>Affects Versions: 3.5.8, 3.6.3, 4.0.4
>Reporter: Craig Perkins
>Priority: Minor
> Fix For: 3.5.9, 4.1.0, 4.0.5, 3.6.4
>
>
> The JsonMapObjectReaderWriter class maintains a list of 
> [ESCAPED_CHARS|https://github.com/apache/cxf/blob/main/rt/rs/extensions/json-basic/src/main/java/org/apache/cxf/jaxrs/json/basic/JsonMapObjectReaderWriter.java#L45-L56]
>  which includes special characters that need to be escaped like the newline 
> (`\n`) and tab (`\t`) characters. This list also includes `\h`, but I can't 
> find any links to official documentation about this character needing to be 
> escaped. 
> According to this [SO post|https://stackoverflow.com/a/27516892] which 
> details escaped characters in JSON, it does not include `\h` in this list. 
> Issue in OpenSearch where this issue is discussed: 
> [https://github.com/opensearch-project/security/issues/2531#issuecomment-2111309193]
>  
> PR to address the issue with more details: 
> [https://github.com/apache/cxf/pull/1872]



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (CXF-9015) Typo in JsonMapObjectReaderWriter treats \h as a special character instead of \n

[Andriy Redko (Jira)]

 [ 
https://issues.apache.org/jira/browse/CXF-9015?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Andriy Redko updated CXF-9015:
--
Affects Version/s: 4.0.4

> Typo in JsonMapObjectReaderWriter treats \h as a special character instead of 
> \n
> 
>
> Key: CXF-9015
> URL: https://issues.apache.org/jira/browse/CXF-9015
> Project: CXF
>  Issue Type: Bug
>Affects Versions: 4.0.4
>Reporter: Craig Perkins
>Priority: Minor
>
> The JsonMapObjectReaderWriter class maintains a list of 
> [ESCAPED_CHARS|https://github.com/apache/cxf/blob/main/rt/rs/extensions/json-basic/src/main/java/org/apache/cxf/jaxrs/json/basic/JsonMapObjectReaderWriter.java#L45-L56]
>  which includes special characters that need to be escaped like the newline 
> (`\n`) and tab (`\t`) characters. This list also includes `\h`, but I can't 
> find any links to official documentation about this character needing to be 
> escaped. 
> According to this [SO post|https://stackoverflow.com/a/27516892] which 
> details escaped characters in JSON, it does not include `\h` in this list. 
> Issue in OpenSearch where this issue is discussed: 
> [https://github.com/opensearch-project/security/issues/2531#issuecomment-2111309193]
>  
> PR to address the issue with more details: 
> [https://github.com/apache/cxf/pull/1872]



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (CXF-9015) Typo in JsonMapObjectReaderWriter treats \h as a special character instead of \n

[Andriy Redko (Jira)]

 [ 
https://issues.apache.org/jira/browse/CXF-9015?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Andriy Redko updated CXF-9015:
--
Fix Version/s: 3.5.9
   4.1.0
   4.0.5
   3.6.4

> Typo in JsonMapObjectReaderWriter treats \h as a special character instead of 
> \n
> 
>
> Key: CXF-9015
> URL: https://issues.apache.org/jira/browse/CXF-9015
> Project: CXF
>  Issue Type: Bug
>Affects Versions: 4.0.4
>Reporter: Craig Perkins
>Priority: Minor
> Fix For: 3.5.9, 4.1.0, 4.0.5, 3.6.4
>
>
> The JsonMapObjectReaderWriter class maintains a list of 
> [ESCAPED_CHARS|https://github.com/apache/cxf/blob/main/rt/rs/extensions/json-basic/src/main/java/org/apache/cxf/jaxrs/json/basic/JsonMapObjectReaderWriter.java#L45-L56]
>  which includes special characters that need to be escaped like the newline 
> (`\n`) and tab (`\t`) characters. This list also includes `\h`, but I can't 
> find any links to official documentation about this character needing to be 
> escaped. 
> According to this [SO post|https://stackoverflow.com/a/27516892] which 
> details escaped characters in JSON, it does not include `\h` in this list. 
> Issue in OpenSearch where this issue is discussed: 
> [https://github.com/opensearch-project/security/issues/2531#issuecomment-2111309193]
>  
> PR to address the issue with more details: 
> [https://github.com/apache/cxf/pull/1872]



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (CXF-9015) Typo in JsonMapObjectReaderWriter treats \h as a special character instead of \n

[Craig Perkins (Jira)]

 [ 
https://issues.apache.org/jira/browse/CXF-9015?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Craig Perkins updated CXF-9015:
---
Description: 
The JsonMapObjectReaderWriter class maintains a list of 
[ESCAPED_CHARS|https://github.com/apache/cxf/blob/main/rt/rs/extensions/json-basic/src/main/java/org/apache/cxf/jaxrs/json/basic/JsonMapObjectReaderWriter.java#L45-L56]
 which includes special characters that need to be escaped like the newline 
(`\n`) and tab (`\t`) characters. This list also includes `\h`, but I can't 
find any links to official documentation about this character needing to be 
escaped. 

According to this [SO post|https://stackoverflow.com/a/27516892] which details 
escaped characters in JSON, it does not include `\h` in this list. 

Issue in OpenSearch where this issue is discussed: 
[https://github.com/opensearch-project/security/issues/2531#issuecomment-2111309193]

 

PR to address the issue with more details: 
[https://github.com/apache/cxf/pull/1872]

  was:
The JsonMapObjectReaderWriter class maintains a list of 
[ESCAPED_CHARS|https://github.com/apache/cxf/blob/main/rt/rs/extensions/json-basic/src/main/java/org/apache/cxf/jaxrs/json/basic/JsonMapObjectReaderWriter.java#L45-L56]
 which includes special characters that need to be escaped line the newline 
(`\n`) and tab (`\t`) characters. This list also includes `\h`, but I can't 
find any links to official documentation about this character needing to be 
escaped. 

According to this [SO post|https://stackoverflow.com/a/27516892] which details 
escaped characters in JSON, it also does not include `\h` in this list. 

Issue in OpenSearch where this issue is discussed: 
[https://github.com/opensearch-project/security/issues/2531#issuecomment-2111309193]

 

PR to address the issue with more details: 
https://github.com/apache/cxf/pull/1872


> Typo in JsonMapObjectReaderWriter treats \h as a special character instead of 
> \n
> 
>
> Key: CXF-9015
> URL: https://issues.apache.org/jira/browse/CXF-9015
> Project: CXF
>  Issue Type: Bug
>Reporter: Craig Perkins
>Priority: Minor
>
> The JsonMapObjectReaderWriter class maintains a list of 
> [ESCAPED_CHARS|https://github.com/apache/cxf/blob/main/rt/rs/extensions/json-basic/src/main/java/org/apache/cxf/jaxrs/json/basic/JsonMapObjectReaderWriter.java#L45-L56]
>  which includes special characters that need to be escaped like the newline 
> (`\n`) and tab (`\t`) characters. This list also includes `\h`, but I can't 
> find any links to official documentation about this character needing to be 
> escaped. 
> According to this [SO post|https://stackoverflow.com/a/27516892] which 
> details escaped characters in JSON, it does not include `\h` in this list. 
> Issue in OpenSearch where this issue is discussed: 
> [https://github.com/opensearch-project/security/issues/2531#issuecomment-2111309193]
>  
> PR to address the issue with more details: 
> [https://github.com/apache/cxf/pull/1872]



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Created] (CXF-9015) Typo JsonMapObjectReaderWriter treats \h as a special character instead of \n

[Craig Perkins (Jira)]

Craig Perkins created CXF-9015:
--

 Summary: Typo JsonMapObjectReaderWriter treats \h as a special 
character instead of \n
 Key: CXF-9015
 URL: https://issues.apache.org/jira/browse/CXF-9015
 Project: CXF
  Issue Type: Bug
Reporter: Craig Perkins


The JsonMapObjectReaderWriter class maintains a list of 
[ESCAPED_CHARS|https://github.com/apache/cxf/blob/main/rt/rs/extensions/json-basic/src/main/java/org/apache/cxf/jaxrs/json/basic/JsonMapObjectReaderWriter.java#L45-L56]
 which includes special characters that need to be escaped line the newline 
(`\n`) and tab (`\t`) characters. This list also includes `\h`, but I can't 
find any links to official documentation about this character needing to be 
escaped. 

According to this [SO post|https://stackoverflow.com/a/27516892] which details 
escaped characters in JSON, it also does not include `\h` in this list. 

Issue in OpenSearch where this issue is discussed: 
[https://github.com/opensearch-project/security/issues/2531#issuecomment-2111309193]

 

PR to address the issue with more details: 
https://github.com/apache/cxf/pull/1872



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (CXF-9015) Typo in JsonMapObjectReaderWriter treats \h as a special character instead of \n

[Craig Perkins (Jira)]

 [ 
https://issues.apache.org/jira/browse/CXF-9015?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Craig Perkins updated CXF-9015:
---
Summary: Typo in JsonMapObjectReaderWriter treats \h as a special character 
instead of \n  (was: Typo JsonMapObjectReaderWriter treats \h as a special 
character instead of \n)

> Typo in JsonMapObjectReaderWriter treats \h as a special character instead of 
> \n
> 
>
> Key: CXF-9015
> URL: https://issues.apache.org/jira/browse/CXF-9015
> Project: CXF
>  Issue Type: Bug
>Reporter: Craig Perkins
>Priority: Minor
>
> The JsonMapObjectReaderWriter class maintains a list of 
> [ESCAPED_CHARS|https://github.com/apache/cxf/blob/main/rt/rs/extensions/json-basic/src/main/java/org/apache/cxf/jaxrs/json/basic/JsonMapObjectReaderWriter.java#L45-L56]
>  which includes special characters that need to be escaped line the newline 
> (`\n`) and tab (`\t`) characters. This list also includes `\h`, but I can't 
> find any links to official documentation about this character needing to be 
> escaped. 
> According to this [SO post|https://stackoverflow.com/a/27516892] which 
> details escaped characters in JSON, it also does not include `\h` in this 
> list. 
> Issue in OpenSearch where this issue is discussed: 
> [https://github.com/opensearch-project/security/issues/2531#issuecomment-2111309193]
>  
> PR to address the issue with more details: 
> https://github.com/apache/cxf/pull/1872



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (CXF-9014) org.apache.cxf.systest.ws.action.SignatureWhitespaceTest test fail on RH OpenJDK

[Freeman Yue Fang (Jira)]

 [ 
https://issues.apache.org/jira/browse/CXF-9014?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Freeman Yue Fang updated CXF-9014:
--
Attachment: bob-modified.jks
request-with-comment.xml
request-with-trailing-whitespace.xml

> org.apache.cxf.systest.ws.action.SignatureWhitespaceTest test fail on RH 
> OpenJDK
> 
>
> Key: CXF-9014
> URL: https://issues.apache.org/jira/browse/CXF-9014
> Project: CXF
>  Issue Type: Test
>Affects Versions: 4.0.4
>Reporter: Jamie Mark Goodyear
>Priority: Minor
> Attachments: bob-modified.jks, request-with-comment.xml, 
> request-with-trailing-whitespace.xml
>
>
> org.apache.cxf.systest.ws.action.SignatureWhitespaceTest test fail on RH 
> OpenJDK.
> In a full build of CXF 4.1.x (main) the SignatureWhitespaceTest suite will 
> fail when built on RH OpenJDK.
> Likely due to certs/algorithms supported by RH (see CXF-9006).



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (CXF-9014) org.apache.cxf.systest.ws.action.SignatureWhitespaceTest test fail on RH OpenJDK

[Freeman Yue Fang (Jira)]

[ 
https://issues.apache.org/jira/browse/CXF-9014?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17846455#comment-17846455
 ] 

Freeman Yue Fang commented on CXF-9014:
---

Hi [~jgoodyear],

Thanks for reporting this, I believe this is because in bob-modified.jks(used 
in SignatureWhitespaceTest) it use Subject Public Key Algorithm: 1024-bit RSA 
key (weak) and isn't allowed in modern JDK versions. So I regenerated 
bob-modified.jks with with RSA 2048/sha256. 

Please see attached affected files, could you please override the those in 
systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/action folder 
and retest it?

Thanks!
Freeman

> org.apache.cxf.systest.ws.action.SignatureWhitespaceTest test fail on RH 
> OpenJDK
> 
>
> Key: CXF-9014
> URL: https://issues.apache.org/jira/browse/CXF-9014
> Project: CXF
>  Issue Type: Test
>Affects Versions: 4.0.4
>Reporter: Jamie Mark Goodyear
>Priority: Minor
> Attachments: bob-modified.jks, request-with-comment.xml, 
> request-with-trailing-whitespace.xml
>
>
> org.apache.cxf.systest.ws.action.SignatureWhitespaceTest test fail on RH 
> OpenJDK.
> In a full build of CXF 4.1.x (main) the SignatureWhitespaceTest suite will 
> fail when built on RH OpenJDK.
> Likely due to certs/algorithms supported by RH (see CXF-9006).



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (CXF-9014) org.apache.cxf.systest.ws.action.SignatureWhitespaceTest test fail on RH OpenJDK

[Jamie Mark Goodyear (Jira)]

 [ 
https://issues.apache.org/jira/browse/CXF-9014?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Jamie Mark Goodyear updated CXF-9014:
-
Affects Version/s: 4.0.4

> org.apache.cxf.systest.ws.action.SignatureWhitespaceTest test fail on RH 
> OpenJDK
> 
>
> Key: CXF-9014
> URL: https://issues.apache.org/jira/browse/CXF-9014
> Project: CXF
>  Issue Type: Test
>Affects Versions: 4.0.4
>Reporter: Jamie Mark Goodyear
>Priority: Minor
>
> org.apache.cxf.systest.ws.action.SignatureWhitespaceTest test fail on RH 
> OpenJDK.
> In a full build of CXF 4.1.x (main) the SignatureWhitespaceTest suite will 
> fail when built on RH OpenJDK.
> Likely due to certs/algorithms supported by RH (see CXF-9006).



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Created] (CXF-9014) org.apache.cxf.systest.ws.action.SignatureWhitespaceTest test fail on RH OpenJDK

[Jamie Mark Goodyear (Jira)]

Jamie Mark Goodyear created CXF-9014:


 Summary: org.apache.cxf.systest.ws.action.SignatureWhitespaceTest 
test fail on RH OpenJDK
 Key: CXF-9014
 URL: https://issues.apache.org/jira/browse/CXF-9014
 Project: CXF
  Issue Type: Test
Reporter: Jamie Mark Goodyear


org.apache.cxf.systest.ws.action.SignatureWhitespaceTest test fail on RH 
OpenJDK.

In a full build of CXF 4.1.x (main) the SignatureWhitespaceTest suite will fail 
when built on RH OpenJDK.

Likely due to certs/algorithms supported by RH (see CXF-9006).



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (CXF-9013) Add JAX-RS performance suite to benchmarks

[Jamie Mark Goodyear (Jira)]

[ 
https://issues.apache.org/jira/browse/CXF-9013?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17846329#comment-17846329
 ] 

Jamie Mark Goodyear commented on CXF-9013:
--

Conversation on CXF slack & PR comments:

Move benchmarks to distribution samples folder as an end user tool.

> Add JAX-RS performance suite to benchmarks
> --
>
> Key: CXF-9013
> URL: https://issues.apache.org/jira/browse/CXF-9013
> Project: CXF
>  Issue Type: Improvement
>Reporter: Jamie Mark Goodyear
>Priority: Minor
>
> Add JAX-RS suite to benchmarks.
> CXF's benchmark performance suite currently includes JAX-WS based SOAP HTTP 
> Doc Lit. It would be nice to have a simple JAX-RS suite for rest verbs. 



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (CXF-9013) Add JAX-RS performance suite to benchmarks

[Jamie Mark Goodyear (Jira)]

[ 
https://issues.apache.org/jira/browse/CXF-9013?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17846012#comment-17846012
 ] 

Jamie Mark Goodyear commented on CXF-9013:
--

Work in progress branch
https://github.com/jgoodyear/cxf/tree/CXF-9013

> Add JAX-RS performance suite to benchmarks
> --
>
> Key: CXF-9013
> URL: https://issues.apache.org/jira/browse/CXF-9013
> Project: CXF
>  Issue Type: Improvement
>Reporter: Jamie Mark Goodyear
>Priority: Minor
>
> Add JAX-RS suite to benchmarks.
> CXF's benchmark performance suite currently includes JAX-WS based SOAP HTTP 
> Doc Lit. It would be nice to have a simple JAX-RS suite for rest verbs. 



--
This message was sent by Atlassian Jira
(v8.20.10#820010)