Are we going to have any release which will work under Java 8 ?
On 2025/08/07 15:55:12 Colm O hEigeartaigh wrote:
> Severity: moderate
>
> Affected versions:
>
> - Apache CXF 4.1.0 before 4.1.3
> - Apache CXF 4.0.0 before 4.0.9
> - Apache CXF before 3.6.8
>
> Description:
>
> If untrusted users are allowed to configure JMS for Apache CXF,
> previously they could use RMI or LDAP URLs, potentially leading to
> code execution capabilities. This interface is now restricted to
> reject those protocols, removing this possibility.
>
> Users are recommended to upgrade to versions 3.6.8, 4.0.9 or 4.1.3,
> which fix this issue.
>
> Credit:
>
> M Bhatt (r34p3r) OWASP GenAI Security Project & Blake Gatto (b1oo)
> Shrewd Research (finder)
>
> References:
>
> <https://cxf.apache.org/> https://cxf.apache.org/
> <https://www.cve.org/CVERecord?id=CVE-2025-48913>
https://www.cve.org/CVERecord?id=CVE-2025-48913
>
