Hi Freeman, I've tried again and, as said, there's no way for me to create an issue; I can only comment on existing ones. I'd appreciate if this could be solved.
Thanks, Fabio. ________________________________ From: Freeman Fang <[email protected]> Sent: Thursday, June 25, 2026 9:35 PM To: [email protected] <[email protected]> Cc: Fabio Burzigotti <[email protected]> Subject: [EXTERNAL] Re: cxf-4.1.7 causes WildFly regression when Security Manager is enabled Hi Fabio, Thank you for the detailed report. I believe we need to address those for the next release. Could you please open a single JIRA ticket covering all three issues so we can attach the patch and track them properly? Feel free to assign Hi Fabio, Thank you for the detailed report. I believe we need to address those for the next release. Could you please open a single JIRA ticket covering all three issues so we can attach the patch and track them properly? Feel free to assign it to me. Also I have no idea why you can't create jira ticket now, could you please try again and let us know if you still can't Best regards, Freeman On Thu, Jun 25, 2026 at 12:30 PM Fabio Burzigotti via dev <[email protected]<mailto:[email protected]>> wrote: Hi, WildFly's CI checks [1] to test the Apache CXF upgrade from version 4.1.6 to 4.1.7 revealed a behavior change that's causing applications to fail. By analyzing the stack trace, we identified a common root cause: new permission checks that require additional deployment configuration (for example, via permissions.xml). We initially found the following: - NetPermission("getProxySelector") - RuntimePermission("org.apache.cxf.permission") Once added to the deployment's permissions.xml file, we discovered another: SocketPermission("[::1]:8080", "connect,resolve"). We're now adding this one and seeing if more appear, but it's clear this is a behavior change that impacts users and causes a regression for WildFly users. According to our analysis, the NetPermission("getProxySelector") issue is caused by changes in https://github.com/apache/cxf/pull/3154/<https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_apache_cxf_pull_3154_&d=DwMFaQ&c=BSDicqBQBDjDI9RkVyTcHQ&r=6DfnpHA4c8_1RRukaC5NgaPkggwObJL3tohfoe-PGLI&m=d8eo5VbxILUdVeyMx-4ZU3BSSu8wBzjXqoemyCBLyJg16CoekBOBJIe87e8n-r4L&s=kHp4G7ZKROL_EHR0qC3YjJVkZ2Co3v8TMphigF3BYSk&e=>. The SocketPermission("[::1]:8080", "connect,resolve") issue appears to stem from URIResolver, but this must be a side effect of the recent changes, as it didn't occur in version 4.1.6. The same appears to be true for RuntimePermission("org.apache.cxf.permission"). I tried creating a ticket on Apache CXF Jira, but I don't have permissions to see the "Create" button, which is strange since I have an Apache CXF account. What are your thoughts on this issue? [1] https://ci.wildfly.org/buildConfiguration/WF_PullRequest_LinuxSmJdk17/570420<https://urldefense.proofpoint.com/v2/url?u=https-3A__ci.wildfly.org_buildConfiguration_WF-5FPullRequest-5FLinuxSmJdk17_570420&d=DwMFaQ&c=BSDicqBQBDjDI9RkVyTcHQ&r=6DfnpHA4c8_1RRukaC5NgaPkggwObJL3tohfoe-PGLI&m=d8eo5VbxILUdVeyMx-4ZU3BSSu8wBzjXqoemyCBLyJg16CoekBOBJIe87e8n-r4L&s=QcwSnVpw7N7XR5RqxxIB7YCkVcU-9qmN5Z3qHL0LDoY&e=> Regards, Fabio Burzigotti Software Developer IBM Software [email protected]<mailto:[email protected]> IBM Unless otherwise stated above: IBM Italia S.p.A. Sede Legale: Circonvallazione Idroscalo - 20054 Segrate (MI) Cap. Soc. euro 247.656.998.20 C. F. e Reg. Imprese MI 01442240030 - Partita IVA 10914660153 Società con unico azionista Società soggetta all'attività di direzione e coordinamento di International Business Machines Corporation Unless otherwise stated above: IBM Italia S.p.A. Sede Legale: Circonvallazione Idroscalo - 20054 Segrate (MI) Cap. Soc. euro 247.656.998.20 C. F. e Reg. Imprese MI 01442240030 - Partita IVA 10914660153 Società con unico azionista Società soggetta all'attività di direzione e coordinamento di International Business Machines Corporation
