Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Thu, 28 Jun 2018 15:57:13 +0100
From: Colm O hEigeartaigh <>
To:, CXF Dev List <>,
Cc: Apache Security Response Team <>,
Subject: Apache CXF 3.2.6 and 3.1.16 are released

Apache CXF™ is an open source services framework. CXF helps you build and
develop services using frontend programming APIs, like JAX-WS and JAX-RS.
These services can speak a variety of protocols such as SOAP, XML/HTTP,
RESTful HTTP, or CORBA and work over a variety of transports such as HTTP,

The Apache CXF team is proud to announce the release of versions 3.2.6 and
3.1.16. Over 50 JIRA issues were fixed for 3.2.5 and 25 JIRA items were
resolved for 3.1.16.

In addition, both of these releases contain a fix for a new security

CVE-2018-8039: Apache CXF TLS hostname verification does not work correctly

The advisory text is available at this location:

Please also refer to the CXF security advisories page:

Colm O hEigeartaigh

Talend Community Coder

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.