Hello, Any update on this?
Thanks, Lazar On Fri, Jun 12, 2020 at 9:26 AM Lazar Kirchev <lazar.kirc...@gmail.com> wrote: > Hello, > > Both TomEE 7.0.x and TomEE 7.1.x latest versions ship with CXF version > 3.1.18. However, CXF 3.1.x is not supported anymore and version 3.1.18 > (which is the last one) is from beginning of 2019 and has security > vulnerabilities (e.g. https://nvd.nist.gov/vuln/detail/CVE-2019-12423 and > https://nvd.nist.gov/vuln/detail/CVE-2019-17573). > Replacing the CXF version in TomEE 7.x with 3.2.x or 3.3.x does not work > because these have incompatible changes in some interfaces which TomEE > implements for integrating CXF. > Do you have any plans to adopt new versions of CXF in TomEE 7.x? If not > any suggestions how to work this problem around? > > Thanks, > Lazar >