dev  

Messages by Thread

• [PR] [CXF-9227] Fix SecurityManager permission regressions introduced in 4… [cxf] via GitHub
  • Re: [PR] [CXF-9227] Fix SecurityManager permission regressions introduced in 4… [cxf] via GitHub
  • Re: [PR] [CXF-9227] Fix SecurityManager permission regressions introduced in 4… [cxf] via GitHub
• [PR] CXF-9226: AsyncHTTPConduit throws ISE instead of HTTPException(407) o… [cxf] via GitHub
• [PR] CXF-9222 - Remove partialMatchScopeValidation for OAuth [cxf] via GitHub
  • Re: [PR] CXF-9222 - Remove partialMatchScopeValidation for OAuth [cxf] via GitHub
• [PR] Bump org.apache.commons:commons-jexl3 from 3.6.2 to 3.6.3 [cxf] via GitHub
  • Re: [PR] Bump org.apache.commons:commons-jexl3 from 3.6.2 to 3.6.3 [cxf] via GitHub
• [PR] Bump cxf.hibernate.em.version from 7.4.1.Final to 7.4.2.Final [cxf] via GitHub
  • Re: [PR] Bump cxf.hibernate.em.version from 7.4.1.Final to 7.4.2.Final [cxf] via GitHub
• [PR] Bump org.apache.kerby:kerb-simplekdc from 2.1.1 to 2.1.2 [cxf] via GitHub
  • Re: [PR] Bump org.apache.kerby:kerb-simplekdc from 2.1.1 to 2.1.2 [cxf] via GitHub
• cxf-4.1.7 causes WildFly regression when Security Manager is enabled Fabio Burzigotti via dev
  • Re: cxf-4.1.7 causes WildFly regression when Security Manager is enabled Freeman Fang
  • RE: cxf-4.1.7 causes WildFly regression when Security Manager is enabled Fabio Burzigotti via dev
  • Re: cxf-4.1.7 causes WildFly regression when Security Manager is enabled Freeman Fang
  • RE: cxf-4.1.7 causes WildFly regression when Security Manager is enabled Fabio Burzigotti via dev
• [PR] [CXF-8926] replace PipedInputStream with TimedBlockingPipe to fix MTO… [cxf] via GitHub
• [PR] Bump io.opentelemetry.semconv:opentelemetry-semconv from 1.41.1 to 1.42.0 [cxf] via GitHub
  • Re: [PR] Bump io.opentelemetry.semconv:opentelemetry-semconv from 1.41.1 to 1.42.0 [cxf] via GitHub
• [PR] Bump cxf.tomcat.version from 11.0.22 to 11.0.23 [cxf] via GitHub
  • Re: [PR] Bump cxf.tomcat.version from 11.0.22 to 11.0.23 [cxf] via GitHub
• [PR] Bump org.atmosphere:atmosphere-runtime from 3.1.0 to 4.0.55 [cxf] via GitHub
• [PR] Bump actions/checkout from 6.0.3 to 7.0.0 [cxf-build-utils] via GitHub
  • Re: [PR] Bump actions/checkout from 6.0.3 to 7.0.0 [cxf-build-utils] via GitHub
• [PR] Bump actions/setup-java from 5.2.0 to 5.3.0 [cxf-fediz] via GitHub
• [PR] Bump actions/checkout from 6.0.2 to 7.0.0 [cxf-fediz] via GitHub
• [PR] Bump org.asynchttpclient:async-http-client from 3.0.10 to 3.0.11 [cxf] via GitHub
  • Re: [PR] Bump org.asynchttpclient:async-http-client from 3.0.10 to 3.0.11 [cxf] via GitHub
• [PR] Bump org.apache.mina:mina-core from 2.2.8 to 2.2.9 [cxf] via GitHub
  • Re: [PR] Bump org.apache.mina:mina-core from 2.2.8 to 2.2.9 [cxf] via GitHub
• [PR] Bump com.puppycrawl.tools:checkstyle from 13.5.0 to 13.6.0 [cxf] via GitHub
  • Re: [PR] Bump com.puppycrawl.tools:checkstyle from 13.5.0 to 13.6.0 [cxf] via GitHub
• [PR] Bump actions/checkout from 6.0.3 to 7.0.0 [cxf] via GitHub
  • Re: [PR] Bump actions/checkout from 6.0.3 to 7.0.0 [cxf] via GitHub
• [PR] Bump actions/setup-java from 5.2.0 to 5.3.0 [cxf] via GitHub
  • Re: [PR] Bump actions/setup-java from 5.2.0 to 5.3.0 [cxf] via GitHub
• [PR] Bump com.puppycrawl.tools:checkstyle from 12.3.1 to 13.6.0 [cxf-xjc-utils] via GitHub
  • Re: [PR] Bump com.puppycrawl.tools:checkstyle from 12.3.1 to 13.6.0 [cxf-xjc-utils] via GitHub
  • Re: [PR] Bump com.puppycrawl.tools:checkstyle from 12.3.1 to 13.6.0 [cxf-xjc-utils] via GitHub
• [PR] Bump actions/checkout from 6 to 7 [cxf-xjc-utils] via GitHub
  • Re: [PR] Bump actions/checkout from 6 to 7 [cxf-xjc-utils] via GitHub
• [PR] validate redirect origin in oidc rp sign-in completion [cxf] via GitHub
  • Re: [PR] validate redirect origin in oidc rp sign-in completion [cxf] via GitHub
  • Re: [PR] validate redirect origin in oidc rp sign-in completion [cxf] via GitHub
  • Re: [PR] validate redirect origin in oidc rp sign-in completion [cxf] via GitHub
  • Re: [PR] validate redirect origin in oidc rp sign-in completion [cxf] via GitHub
  • Re: [PR] validate redirect origin in oidc rp sign-in completion [cxf] via GitHub
  • Re: [PR] validate redirect origin in oidc rp sign-in completion [cxf] via GitHub
  • Re: [PR] validate redirect origin in oidc rp sign-in completion [cxf] via GitHub
  • Re: [PR] validate redirect origin in oidc rp sign-in completion [cxf] via GitHub
• [PR] CXF-9221: JCache providers use inverted isExpired() logic causing expired tokens/codes to never be evicted [cxf] via GitHub
  • Re: [PR] CXF-9221: JCache providers use inverted isExpired() logic causing expired tokens/codes to never be evicted [cxf] via GitHub
  • Re: [PR] CXF-9221: JCache providers use inverted isExpired() logic causing expired tokens/codes to never be evicted [cxf] via GitHub
• [PR] Bump cxf.openfeign.version from 13.12 to 13.13 [cxf] via GitHub
  • Re: [PR] Bump cxf.openfeign.version from 13.12 to 13.13 [cxf] via GitHub
• [PR] Bump org.atmosphere:atmosphere-runtime from 3.1.0 to 4.0.54 [cxf] via GitHub
  • Re: [PR] Bump org.atmosphere:atmosphere-runtime from 3.1.0 to 4.0.54 [cxf] via GitHub
  • Re: [PR] Bump org.atmosphere:atmosphere-runtime from 3.1.0 to 4.0.54 [cxf] via GitHub
• [PR] Make sure ActiveMQ Artemis uses Netty 4.2.x (not 4.1.x ones) [cxf] via GitHub
  • Re: [PR] Make sure ActiveMQ Artemis uses Netty 4.2.x (not 4.1.x ones) [cxf] via GitHub
  • Re: [PR] Make sure ActiveMQ Artemis uses Netty 4.2.x (not 4.1.x ones) [cxf] via GitHub
• [PR] Remove deprecared JUnit5TestShouldBePackagePrivate rule [cxf-build-utils] via GitHub
  • Re: [PR] Remove deprecared JUnit5TestShouldBePackagePrivate rule [cxf-build-utils] via GitHub
• [PR] More SchemaFactory hardenings (CVE-2026-49875) [cxf] via GitHub
  • Re: [PR] More SchemaFactory hardenings (CVE-2026-49875) [cxf] via GitHub
  • Re: [PR] More SchemaFactory hardenings (CVE-2026-49875) [cxf] via GitHub
• [PR] Respect the AsyncRequestProducer contract by properly implementing available() method [cxf] via GitHub
  • Re: [PR] Respect the AsyncRequestProducer contract by properly implementing available() method [cxf] via GitHub
  • Re: [PR] Respect the AsyncRequestProducer contract by properly implementing available() method [cxf] via GitHub
  • Re: [PR] Respect the AsyncRequestProducer contract by properly implementing available() method [cxf] via GitHub
  • Re: [PR] Respect the AsyncRequestProducer contract by properly implementing available() method [cxf] via GitHub
  • Re: [PR] Respect the AsyncRequestProducer contract by properly implementing available() method [cxf] via GitHub
• [PR] Bump org.atmosphere:atmosphere-runtime from 3.1.0 to 4.0.53 [cxf] via GitHub
  • Re: [PR] Bump org.atmosphere:atmosphere-runtime from 3.1.0 to 4.0.53 [cxf] via GitHub
  • Re: [PR] Bump org.atmosphere:atmosphere-runtime from 3.1.0 to 4.0.53 [cxf] via GitHub
• [PR] Bump io.swagger.core.v3:swagger-jaxrs2-jakarta from 2.2.50 to 2.2.51 [cxf] via GitHub
  • Re: [PR] Bump io.swagger.core.v3:swagger-jaxrs2-jakarta from 2.2.50 to 2.2.51 [cxf] via GitHub
• [PR] Bump commons-logging:commons-logging from 1.3.6 to 1.4.0 [cxf] via GitHub
  • Re: [PR] Bump commons-logging:commons-logging from 1.3.6 to 1.4.0 [cxf] via GitHub
• [PR] Updating Jettison to 1.5.6 [cxf] via GitHub
  • Re: [PR] Updating Jettison to 1.5.6 [cxf] via GitHub
• [PR] Require c_hash for the hybrid case [cxf] via GitHub
  • Re: [PR] Require c_hash for the hybrid case [cxf] via GitHub
• [PR] Bump com.unboundid:unboundid-ldapsdk from 7.0.4 to 7.0.5 [cxf] via GitHub
  • Re: [PR] Bump com.unboundid:unboundid-ldapsdk from 7.0.4 to 7.0.5 [cxf] via GitHub
• [PR] Bump org.codehaus.plexus:plexus-archiver from 4.11.0 to 4.12.0 [cxf] via GitHub
  • Re: [PR] Bump org.codehaus.plexus:plexus-archiver from 4.11.0 to 4.12.0 [cxf] via GitHub
• [PR] Bump com.squareup.okhttp3:okhttp from 4.12.0 to 5.4.0 [cxf] via GitHub
• [PR] Bump com.fasterxml.woodstox:woodstox-core from 7.2.0 to 7.2.1 [cxf] via GitHub
  • Re: [PR] Bump com.fasterxml.woodstox:woodstox-core from 7.2.0 to 7.2.1 [cxf] via GitHub
• [PR] Make JCacheCodeDataProvider#removeCodeGrant atomic [cxf] via GitHub
  • Re: [PR] Make JCacheCodeDataProvider#removeCodeGrant atomic [cxf] via GitHub
• [PR] validate hex digits when decoding quoted-printable attachments [cxf] via GitHub
  • Re: [PR] validate hex digits when decoding quoted-printable attachments [cxf] via GitHub
  • Re: [PR] validate hex digits when decoding quoted-printable attachments [cxf] via GitHub
  • Re: [PR] validate hex digits when decoding quoted-printable attachments [cxf] via GitHub
  • Re: [PR] validate hex digits when decoding quoted-printable attachments [cxf] via GitHub
  • Re: [PR] validate hex digits when decoding quoted-printable attachments [cxf] via GitHub
  • Re: [PR] validate hex digits when decoding quoted-printable attachments [cxf] via GitHub
• [PR] Bump cxf.spring.security.version from 7.0.6 to 7.1.0 [cxf] via GitHub
  • Re: [PR] Bump cxf.spring.security.version from 7.0.6 to 7.1.0 [cxf] via GitHub
  • Re: [PR] Bump cxf.spring.security.version from 7.0.6 to 7.1.0 [cxf] via GitHub
  • Re: [PR] Bump cxf.spring.security.version from 7.0.6 to 7.1.0 [cxf] via GitHub
• [PR] Bump org.graalvm.buildtools:native-maven-plugin from 1.1.1 to 1.1.2 [cxf] via GitHub
  • Re: [PR] Bump org.graalvm.buildtools:native-maven-plugin from 1.1.1 to 1.1.2 [cxf] via GitHub
• [PR] Bump cxf.micrometer-tracing.version from 1.6.6 to 1.7.0 [cxf] via GitHub
  • Re: [PR] Bump cxf.micrometer-tracing.version from 1.6.6 to 1.7.0 [cxf] via GitHub
  • Re: [PR] Bump cxf.micrometer-tracing.version from 1.6.6 to 1.7.0 [cxf] via GitHub
  • Re: [PR] Bump cxf.micrometer-tracing.version from 1.6.6 to 1.7.0 [cxf] via GitHub
• [PR] Bump cxf.spring.boot.version from 4.0.7 to 4.1.0 [cxf] via GitHub
  • Re: [PR] Bump cxf.spring.boot.version from 4.0.7 to 4.1.0 [cxf] via GitHub
  • Re: [PR] Bump cxf.spring.boot.version from 4.0.7 to 4.1.0 [cxf] via GitHub
  • Re: [PR] Bump cxf.spring.boot.version from 4.0.7 to 4.1.0 [cxf] via GitHub
  • [PR] Bump cxf.spring.boot.version from 4.0.7 to 4.1.0 [cxf] via GitHub
  • Re: [PR] Bump cxf.spring.boot.version from 4.0.7 to 4.1.0 [cxf] via GitHub
  • Re: [PR] Bump cxf.spring.boot.version from 4.0.7 to 4.1.0 [cxf] via GitHub
  • Re: [PR] Bump cxf.spring.boot.version from 4.0.7 to 4.1.0 [cxf] via GitHub
• [PR] CXF-9219: cxf-bom manages dependencies for 4.x that no longer exist or are not published [cxf] via GitHub
  • Re: [PR] CXF-9219: cxf-bom manages dependencies for 4.x that no longer exist or are not published [cxf] via GitHub
• [PR] Bump github/codeql-action from 4.36.1 to 4.36.2 [cxf-build-utils] via GitHub
  • Re: [PR] Bump github/codeql-action from 4.36.1 to 4.36.2 [cxf-build-utils] via GitHub
• [PR] Bump github/codeql-action from 4.35.4 to 4.36.2 [cxf-fediz] via GitHub
• [PR] Bump org.atmosphere:atmosphere-runtime from 3.1.0 to 4.0.52 [cxf] via GitHub
  • Re: [PR] Bump org.atmosphere:atmosphere-runtime from 3.1.0 to 4.0.52 [cxf] via GitHub
  • Re: [PR] Bump org.atmosphere:atmosphere-runtime from 3.1.0 to 4.0.52 [cxf] via GitHub
• [PR] Bump cxf.hibernate.em.version from 7.4.0.Final to 7.4.1.Final [cxf] via GitHub
  • Re: [PR] Bump cxf.hibernate.em.version from 7.4.0.Final to 7.4.1.Final [cxf] via GitHub
• [PR] Bump github/codeql-action from 4.36.1 to 4.36.2 [cxf] via GitHub
  • Re: [PR] Bump github/codeql-action from 4.36.1 to 4.36.2 [cxf] via GitHub
• [PR] Bump cxf.micrometer.version from 1.16.6 to 1.17.0 [cxf] via GitHub
  • Re: [PR] Bump cxf.micrometer.version from 1.16.6 to 1.17.0 [cxf] via GitHub
  • Re: [PR] Bump cxf.micrometer.version from 1.16.6 to 1.17.0 [cxf] via GitHub
  • Re: [PR] Bump cxf.micrometer.version from 1.16.6 to 1.17.0 [cxf] via GitHub
• [PR] Bump org.springframework.ldap:spring-ldap-core from 4.0.4 to 4.1.0 [cxf] via GitHub
  • Re: [PR] Bump org.springframework.ldap:spring-ldap-core from 4.0.4 to 4.1.0 [cxf] via GitHub
  • Re: [PR] Bump org.springframework.ldap:spring-ldap-core from 4.0.4 to 4.1.0 [cxf] via GitHub
  • Re: [PR] Bump org.springframework.ldap:spring-ldap-core from 4.0.4 to 4.1.0 [cxf] via GitHub
• [PR] Bump github/codeql-action from 4.36.1 to 4.36.2 [cxf-xjc-utils] via GitHub
  • Re: [PR] Bump github/codeql-action from 4.36.1 to 4.36.2 [cxf-xjc-utils] via GitHub
• [PR] Bump org.codehaus.plexus:plexus-archiver from 4.11.0 to 4.12.0 [cxf-xjc-utils] via GitHub
  • Re: [PR] Bump org.codehaus.plexus:plexus-archiver from 4.11.0 to 4.12.0 [cxf-xjc-utils] via GitHub
• [PR] strip cr/lf from attachment part headers in writeHeaders [cxf] via GitHub
  • Re: [PR] strip cr/lf from attachment part headers in writeHeaders [cxf] via GitHub
  • Re: [PR] strip cr/lf from attachment part headers in writeHeaders [cxf] via GitHub
• [PR] Bump org.jvnet.jaxb:jaxb-plugins from 4.0.15 to 4.0.16 [cxf] via GitHub
  • Re: [PR] Bump org.jvnet.jaxb:jaxb-plugins from 4.0.15 to 4.0.16 [cxf] via GitHub
• [PR] Bump org.atmosphere:atmosphere-runtime from 3.1.0 to 4.0.51 [cxf] via GitHub
  • Re: [PR] Bump org.atmosphere:atmosphere-runtime from 3.1.0 to 4.0.51 [cxf] via GitHub
  • Re: [PR] Bump org.atmosphere:atmosphere-runtime from 3.1.0 to 4.0.51 [cxf] via GitHub
• [PR] Bump jaxen:jaxen from 2.0.5 to 2.0.6 [cxf] via GitHub
  • Re: [PR] Bump jaxen:jaxen from 2.0.5 to 2.0.6 [cxf] via GitHub
• [PR] Bump org.glassfish.grizzly:grizzly-http-server from 5.0.1 to 5.0.2 [cxf] via GitHub
  • Re: [PR] Bump org.glassfish.grizzly:grizzly-http-server from 5.0.1 to 5.0.2 [cxf] via GitHub
• CVE-2026-50645: Apache CXF: No restriction on attachment headers per message Colm O hEigeartaigh
• CVE-2026-50634: Apache CXF: WS JSON request filter trusts metadata from an unvalidated first signature entry Colm O hEigeartaigh
• CVE-2026-50633: Apache CXF: JNDI Injection vulnerability in DispatchMDBMessageListenerImpl Colm O hEigeartaigh
• CVE-2026-50632: Apache CXF: JNDI Injection Vulnerability in JMSConfigFactory Colm O hEigeartaigh
• CVE-2026-50631: Apache CXF: OAuth2: TOCTOU Race Condition in Refresh Token Processing Colm O hEigeartaigh
• CVE-2026-50630: Apache CXF: OAuth2: HTTP Response Splitting via WWW-Authenticate Realm Injection Colm O hEigeartaigh
• CVE-2026-50629: Apache CXF: OAuth2: Log Injection via Unsanitized Client Identifier Colm O hEigeartaigh
• CVE-2026-50628: Apache CXF: OAuth2: Inverted IP Binding Check Defeats Security Control Colm O hEigeartaigh
• CVE-2026-50627: Apache CXF: OAuth2: Missing JWT Audience and Issuer Validation in Access Token Validator Colm O hEigeartaigh
• CVE-2026-50623: Apache CXF: Authentication Bypass in OAuth2 TokenIntrospectionService Colm O hEigeartaigh
• CVE-2026-49875: Apache CXF: XML External Entity (XXE) Injection in W3CMultiSchemaFactory and EndpointReferenceUtils Colm O hEigeartaigh
• [PR] Bump org.atmosphere:atmosphere-runtime from 3.1.0 to 4.0.50 [cxf] via GitHub
  • Re: [PR] Bump org.atmosphere:atmosphere-runtime from 3.1.0 to 4.0.50 [cxf] via GitHub
  • Re: [PR] Bump org.atmosphere:atmosphere-runtime from 3.1.0 to 4.0.50 [cxf] via GitHub
• [PR] Bump cxf.opentelemetry.version from 1.62.0 to 1.63.0 [cxf] via GitHub
  • Re: [PR] Bump cxf.opentelemetry.version from 1.62.0 to 1.63.0 [cxf] via GitHub
• [PR] Bump com.sun.xml.messaging.saaj:saaj-impl from 3.0.5 to 3.0.6 [cxf] via GitHub
  • Re: [PR] Bump com.sun.xml.messaging.saaj:saaj-impl from 3.0.5 to 3.0.6 [cxf] via GitHub
• [PR] Bump com.sun.xml.ws:jaxws-rt from 4.0.4 to 4.0.5 [cxf] via GitHub
  • Re: [PR] Bump com.sun.xml.ws:jaxws-rt from 4.0.4 to 4.0.5 [cxf] via GitHub
• [PR] Bump org.eclipse.jdt:org.eclipse.jdt.core from 3.45.0 to 3.46.0 [cxf-xjc-utils] via GitHub
  • Re: [PR] Bump org.eclipse.jdt:org.eclipse.jdt.core from 3.45.0 to 3.46.0 [cxf-xjc-utils] via GitHub
• [PR] Bump org.jacoco:jacoco-maven-plugin from 0.8.14 to 0.8.15 [cxf] via GitHub
  • Re: [PR] Bump org.jacoco:jacoco-maven-plugin from 0.8.14 to 0.8.15 [cxf] via GitHub
• [PR] Bump org.apache.maven.plugins:maven-dependency-plugin from 3.10.0 to 3.11.0 [cxf] via GitHub
  • Re: [PR] Bump org.apache.maven.plugins:maven-dependency-plugin from 3.10.0 to 3.11.0 [cxf] via GitHub
• [PR] Bump cxf.jackson.version from 3.1.4 to 3.2.0 [cxf] via GitHub
  • Re: [PR] Bump cxf.jackson.version from 3.1.4 to 3.2.0 [cxf] via GitHub
• [PR] Fix Mockito agent warnings [cxf] via GitHub
  • Re: [PR] Fix Mockito agent warnings [cxf] via GitHub
  • Re: [PR] Fix Mockito agent warnings [cxf] via GitHub
• [PR] Bump jakarta.json.bind:jakarta.json.bind-api from 3.0.1 to 3.0.2 [cxf] via GitHub
  • Re: [PR] Bump jakarta.json.bind:jakarta.json.bind-api from 3.0.1 to 3.0.2 [cxf] via GitHub
• [PR] Bump jaxen:jaxen from 2.0.4 to 2.0.5 [cxf] via GitHub
  • Re: [PR] Bump jaxen:jaxen from 2.0.4 to 2.0.5 [cxf] via GitHub
• [PR] Bump net.sourceforge.pmd:pmd-java from 7.24.0 to 7.25.0 [cxf] via GitHub
  • Re: [PR] Bump net.sourceforge.pmd:pmd-java from 7.24.0 to 7.25.0 [cxf] via GitHub
  • Re: [PR] Bump net.sourceforge.pmd:pmd-java from 7.24.0 to 7.25.0 [cxf] via GitHub
• [PR] Bump org.eclipse.parsson:parsson from 1.1.7 to 1.1.9 [cxf] via GitHub
  • Re: [PR] Bump org.eclipse.parsson:parsson from 1.1.7 to 1.1.9 [cxf] via GitHub
• [PR] Bump github/codeql-action from 4.36.0 to 4.36.1 [cxf-build-utils] via GitHub
  • Re: [PR] Bump github/codeql-action from 4.36.0 to 4.36.1 [cxf-build-utils] via GitHub
• [PR] Bump actions/checkout from 6.0.2 to 6.0.3 [cxf-build-utils] via GitHub
  • Re: [PR] Bump actions/checkout from 6.0.2 to 6.0.3 [cxf-build-utils] via GitHub
• [PR] Configure GitHub workflows to use concurrency cancel-in-progress for [cxf] via GitHub
  • Re: [PR] Configure GitHub workflows to use concurrency cancel-in-progress for [cxf] via GitHub

• Earlier messages