The Apache Axis2 team is pleased to announce the general availability of the Axis2 1.5.2 release.
1.5.2 is a maintenance release to fix the security issue described in CVE-2010-1632 [1] as well as an XSS vulnerability in the admin console and some other minor issues. It also upgrades Axiom to version 1.2.9. Changes since 1.5.1: [AXIS2-3290] surefire is still run even if maven.test.skip is true [AXIS2-4113] Unable to sign axis2 jar 1.4/1.4.1: ZipException [AXIS2-4371] Unable to compile class for JSP: axis2-web/viewphases.jsp [AXIS2-4450] CVE-2010-1632: Message builders for SOAP and XML should not attempt to load DTDs [AXIS2-4751] Cookie value is always kept whatever SESSION_MAINTAIN_PROPERTY value is configured [AXIS2-4752] Timeout due to connection pool is starved in latest 1.5.2-SNAPSHOT code. [AXIS2-4768] Mtom optimization doesn't work when using simple bean [AXIS2-4787] Hardcoded Bundle-Versions in adb, jaxws, kernel, metadata and saaj modules [AXIS2-4788] axis2-jibx has conflicting bcel dependencies You can find the new version at the usual location: http://ws.apache.org/axis2 (please note that this location will change due to the migration of Axis2 to the new Axis TLP) Please report any issues via JIRA: http://issues.apache.org/jira/browse/AXIS2. As always, we welcome any and all feedback at: java-dev@axis.apache.org - for developer-related questions/concerns java-u...@axis.apache.org - for general questions, usage, etc. Thanks for your interest in Apache Axis2! [1] http://svn.apache.org/repos/asf/axis/axis2/java/core/security/CVE-2010-1632.pdf --------------------------------------------------------------------- To unsubscribe, e-mail: java-dev-unsubscr...@axis.apache.org For additional commands, e-mail: java-dev-h...@axis.apache.org
