[
https://issues.apache.org/jira/browse/KARAF-7940?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17915938#comment-17915938
]
ASF GitHub Bot commented on KARAF-7940:
---------------------------------------
jbonofre commented on PR #1932:
URL: https://github.com/apache/karaf/pull/1932#issuecomment-2606446409
To be clear: Karaf doesn't provide CXF directly in the distribution, so no
security impact. CXF version is used in Karaf examples, the users can easily
update.
> Upgrade to CXF 3.6.5
> --------------------
>
> Key: KARAF-7940
> URL: https://issues.apache.org/jira/browse/KARAF-7940
> Project: Karaf
> Issue Type: Dependency upgrade
> Reporter: Andre Schlegel-Tylla
> Priority: Major
>
> Please Upgrade to fix a potential DOS attack vector ->
> https://cxf.apache.org/security-advisories.data/CVE-2025-23184.txt?version=2&modificationDate=1737381863000&api=v2
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
