Hello, Both TomEE 7.0.x and TomEE 7.1.x latest versions ship with CXF version 3.1.18. However, CXF 3.1.x is not supported anymore and version 3.1.18 (which is the last one) is from beginning of 2019 and has security vulnerabilities (e.g. https://nvd.nist.gov/vuln/detail/CVE-2019-12423 and https://nvd.nist.gov/vuln/detail/CVE-2019-17573). Replacing the CXF version in TomEE 7.x with 3.2.x or 3.3.x does not work because these have incompatible changes in some interfaces which TomEE implements for integrating CXF. Do you have any plans to adopt new versions of CXF in TomEE 7.x? If not any suggestions how to work this problem around?
Thanks, Lazar
