You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by bu...@apache.org on 2017/02/20 11:47:55 UTC
svn commit: r1007036 - in /websites/production/cxf/content:
cache/main.pageCache dosgi-releases.html
security-advisories.data/CVE-2017-3156.txt.asc security-advisories.html
Author: buildbot
Date: Mon Feb 20 11:47:55 2017
New Revision: 1007036
Log:
Production update by buildbot for cxf
Added:
websites/production/cxf/content/security-advisories.data/CVE-2017-3156.txt.asc
Modified:
websites/production/cxf/content/cache/main.pageCache
websites/production/cxf/content/dosgi-releases.html
websites/production/cxf/content/security-advisories.html
Modified: websites/production/cxf/content/cache/main.pageCache
==============================================================================
Binary files - no diff available.
Modified: websites/production/cxf/content/dosgi-releases.html
==============================================================================
--- websites/production/cxf/content/dosgi-releases.html (original)
+++ websites/production/cxf/content/dosgi-releases.html Mon Feb 20 11:47:55 2017
@@ -99,7 +99,7 @@ Apache CXF -- DOSGi Releases
<td height="100%">
<!-- Content -->
<div class="wiki-content">
-<div id="ConfluenceContent"><h2 id="DOSGiReleases-Releases">Releases</h2><h3 id="DOSGiReleases-Release2.1.0(2016-02-15)">Release 2.1.0 (2016-02-15)</h3><div class="table-wrap"><table class="confluenceTable"><tbody><tr><th colspan="1" rowspan="1" class="confluenceTh"><p>Description</p></th><th colspan="1" rowspan="1" class="confluenceTh"><p>File</p></th></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>Multi-bundle distribution</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" class="external-link" href="https://repository.apache.org/service/local/repositories/releases/content/org/apache/cxf/dosgi/cxf-dosgi-multibundle-distribution/2.1.0/cxf-dosgi-multibundle-distribution-2.1.0-dir.tar.gz">tar.gz</a> / <a shape="rect" class="external-link" href="https://repository.apache.org/service/local/repositories/releases/content/org/apache/cxf/dosgi/cxf-dosgi-multibundle-distribution/2.1.0/cxf-dosgi-multibundle-distribution-2.1.0-dir.zip">zip</a></p></td></t
r><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>Source distribution</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" class="external-link" href="http://repository.apache.org/service/local/repositories/releases/content/org/apache/cxf/dosgi/cxf-dosgi-source-distribution/2.1.0/cxf-dosgi-source-distribution-2.1.0-dist.tar.gz">cxf-dosgi-source-distribution-2.1.0.tar.gz</a></p></td></tr></tbody></table></div><h4 id="DOSGiReleases-Highlights">Highlights</h4><ul><li>Allow to set ContextResolver as intent</li><li>Allow to set bus properties as service properties</li></ul><p><a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/DOSGI/fixforversion/12338258">Full list of issues</a></p><h3 id="DOSGiReleases-Release2.0.0(2016-09-17)">Release 2.0.0 (2016-09-17)</h3><div class="table-wrap"><table class="confluenceTable"><tbody><tr><th colspan="1" rowspan="1" class="confluenceTh"><p>Description</p></th><th colspan="1" rowspan="1" clas
s="confluenceTh"><p>File</p></th></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>Multi-bundle distribution</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" class="external-link" href="https://repository.apache.org/service/local/repositories/releases/content/org/apache/cxf/dosgi/cxf-dosgi-multibundle-distribution/2.0.0/cxf-dosgi-multibundle-distribution-2.0.0-dir.tar.gz">tar.gz</a> / <a shape="rect" class="external-link" href="https://repository.apache.org/service/local/repositories/releases/content/org/apache/cxf/dosgi/cxf-dosgi-multibundle-distribution/2.0.0/cxf-dosgi-multibundle-distribution-2.0.0-dir.zip">zip</a></p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>Source distribution</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" class="external-link" href="http://repository.apache.org/service/local/repositories/releases/content/org/apache/cxf/dosgi/cxf-dosgi-source-distribution/2.0.0/cxf-dosgi-
source-distribution-2.0.0-dist.tar.gz">cxf-dosgi-source-distribution-2.0.0.tar.gz</a></p></td></tr></tbody></table></div><h4 id="DOSGiReleases-Highlights.1">Highlights</h4><ul><li>Split the SOAP support from the REST support. So it is now possible to only install SOAP support or only REST support.</li><li>Support for bndtools based deployments. We now offer a repository pom with the bundle dependencies which is suitable to create a bndtools index from it. So it is very easy to use CXF-DOSGi in bndtools. There is also such a repository pom for the samples that contains everything needed to run the samples from bndtools. The first example that uses this is the soap example. It contains a soap.bndrun file that can be directly started and debugged from eclipse. This pom based repo might be a replacement for the current multi bundle distro as it is much smaller and more flexible.</li><li><a shape="rect" class="external-link" href="https://github.com/apache/cxf-dosgi" rel="nofollow">Docum
entation</a> is now embedded into the source repository using markdown and can be easily viewed at github.</li><li>Redesign of <a shape="rect" class="external-link" href="https://github.com/apache/cxf-dosgi/tree/master/samples" rel="nofollow">examples</a> to make them easier to understand and try out</li><li>Cleanup of a lot of the older JIRA issues<br clear="none"><br clear="none"></li></ul><p><a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/DOSGI/fixforversion/12337858">Full list of issues</a></p><h3 id="DOSGiReleases-Release1.8.0(2016-04-04)">Release 1.8.0 (2016-04-04)</h3><div class="table-wrap"><table class="confluenceTable"><tbody><tr><th colspan="1" rowspan="1" class="confluenceTh"><p>Description</p></th><th colspan="1" rowspan="1" class="confluenceTh"><p>File</p></th></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>Multi-bundle distribution (tar.gz)</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" c
lass="external-link" href="http://repository.apache.org/service/local/repositories/releases/content/org/apache/cxf/dosgi/cxf-dosgi-ri-multibundle-distribution/1.8.0/cxf-dosgi-ri-multibundle-distribution-1.8.0-dir.tar.gz">cxf-dosgi-ri-multibundle-distribution-1.8.0-dir.tar.gz</a></p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>Multi-bundle distribution (zip)</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" class="external-link" href="http://repository.apache.org/service/local/repositories/releases/content/org/apache/cxf/dosgi/cxf-dosgi-ri-multibundle-distribution/1.8.0/cxf-dosgi-ri-multibundle-distribution-1.8.0-dir.zip">cxf-dosgi-ri-multibundle-distribution-1.8.0-dir.zip</a></p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>Source distribution</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" class="external-link" href="http://repository.apache.org/service/local/repositories/releases/content
/org/apache/cxf/dosgi/cxf-dosgi-ri-source-distribution/1.8.0/cxf-dosgi-ri-source-distribution-1.8.0-dist.tar.gz">cxf-dosgi-ri-source-distribution-1.8.0.tar.gz</a></p></td></tr></tbody></table></div><h4 id="DOSGiReleases-Highlights.2">Highlights</h4><ul><li>Extraction of the Remote Service Admin core into Aries RSA. CXF DOSGi now only implements the CXF based transports</li><li>CXF updated to 3.1.6</li><li><a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/DOSGI/fixforversion/12332970">Full list of issues</a></li></ul><h3 id="DOSGiReleases-Release1.7.0(2015-07-03)">Release 1.7.0 (2015-07-03)</h3><div class="table-wrap"><table class="confluenceTable"><tbody><tr><th colspan="1" rowspan="1" class="confluenceTh"><p>Description</p></th><th colspan="1" rowspan="1" class="confluenceTh"><p>File</p></th></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>Multi-bundle distribution (tar.gz)</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a sh
ape="rect" class="external-link" href="http://repository.apache.org/service/local/repositories/releases/content/org/apache/cxf/dosgi/cxf-dosgi-ri-multibundle-distribution/1.7.0/cxf-dosgi-ri-multibundle-distribution-1.7.0-dir.tar.gz">cxf-dosgi-ri-multibundle-distribution-1.7.0-dir.tar.gz</a></p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>Multi-bundle distribution (zip)</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" class="external-link" href="http://repository.apache.org/service/local/repositories/releases/content/org/apache/cxf/dosgi/cxf-dosgi-ri-multibundle-distribution/1.7.0/cxf-dosgi-ri-multibundle-distribution-1.7.0-dir.zip">cxf-dosgi-ri-multibundle-distribution-1.7.0-dir.zip</a></p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>Source distribution</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" class="external-link" href="http://repository.apache.org/service/local/repositories/rele
ases/content/org/apache/cxf/dosgi/cxf-dosgi-ri-source-distribution/1.7.0/cxf-dosgi-ri-source-distribution-1.7.0-dist.tar.gz">cxf-dosgi-ri-source-distribution-1.7.0.tar.gz</a></p></td></tr></tbody></table></div><h4 id="DOSGiReleases-Highlights.3">Highlights</h4><ul><li>Karaf 4 compatibility</li><li>CXF updated to 3.1.1</li><li><a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/DOSGI-220?jql=fixVersion%20%3D%201.7.0%20AND%20project%20%3D%20DOSGI">Bug fixes</a></li></ul><h3 id="DOSGiReleases-Release1.6.0(2014-01-21)">Release 1.6.0 (2014-01-21)</h3><div class="table-wrap"><table class="confluenceTable"><tbody><tr><th colspan="1" rowspan="1" class="confluenceTh"><p>Description</p></th><th colspan="1" rowspan="1" class="confluenceTh"><p>File</p></th></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>Multi-bundle distribution (tar.gz)</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" class="external-link" href="http://repos
itory.apache.org/service/local/repositories/releases/content/org/apache/cxf/dosgi/cxf-dosgi-ri-multibundle-distribution/1.6.0/cxf-dosgi-ri-multibundle-distribution-1.6.0-dir.tar.gz">cxf-dosgi-ri-multibundle-distribution-1.6.0-dir.tar.gz</a></p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>Multi-bundle distribution (zip)</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" class="external-link" href="http://repository.apache.org/service/local/repositories/releases/content/org/apache/cxf/dosgi/cxf-dosgi-ri-multibundle-distribution/1.6.0/cxf-dosgi-ri-multibundle-distribution-1.6.0-dir.zip">cxf-dosgi-ri-multibundle-distribution-1.6.0-dir.zip</a></p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>Source distribution</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" class="external-link" href="http://repository.apache.org/service/local/repositories/releases/content/org/apache/cxf/dosgi/cxf-dosgi-ri-sour
ce-distribution/1.6.0/cxf-dosgi-ri-source-distribution-1.6.0-dist.tar.gz">cxf-dosgi-ri-source-distribution-1.6.0.tar.gz</a></p></td></tr></tbody></table></div><h4 id="DOSGiReleases-Highlights.4">Highlights</h4><ul><li>Multi bundle distro now created from karaf features. So less effort for new releases</li><li>CXF updated to 2.7.8</li><li>jdom dependency removed</li><li>Bug fixes</li></ul><h3 id="DOSGiReleases-Release1.5.0(2013-06-27)">Release 1.5.0 (2013-06-27)</h3><div class="table-wrap"><table class="confluenceTable"><tbody><tr><th colspan="1" rowspan="1" class="confluenceTh"><p>Description</p></th><th colspan="1" rowspan="1" class="confluenceTh"><p>File</p></th></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>Multi-bundle distribution (tar.gz)</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" class="external-link" href="http://repository.apache.org/service/local/repositories/releases/content/org/apache/cxf/dosgi/cxf-dosgi-ri-multibundle-distr
ibution/1.5.0/cxf-dosgi-ri-multibundle-distribution-1.5.0-dir.tar.gz">cxf-dosgi-ri-multibundle-distribution-1.5.0-dir.tar.gz</a></p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>Multi-bundle distribution (zip)</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" class="external-link" href="http://repository.apache.org/service/local/repositories/releases/content/org/apache/cxf/dosgi/cxf-dosgi-ri-multibundle-distribution/1.5.0/cxf-dosgi-ri-multibundle-distribution-1.5.0-dir.zip">cxf-dosgi-ri-multibundle-distribution-1.5.0-dir.zip</a></p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>Source distribution</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" class="external-link" href="http://repository.apache.org/service/local/repositories/releases/content/org/apache/cxf/dosgi/cxf-dosgi-ri-source-distribution/1.5.0/cxf-dosgi-ri-source-distribution-1.5.0-dist.tar.gz">cxf-dosgi-ri-source-distribution-1.5.0
.tar.gz</a></p></td></tr></tbody></table></div><h4 id="DOSGiReleases-Highlights.5">Highlights</h4><ul><li>Single bundle distribution removed to simplyfy release process and testing</li><li>Many bugfixes</li></ul><h3 id="DOSGiReleases-Release1.4.0(2013-01-26)">Release 1.4.0 (2013-01-26)</h3><div class="table-wrap"><table class="confluenceTable"><tbody><tr><th colspan="1" rowspan="1" class="confluenceTh"><p>Description</p></th><th colspan="1" rowspan="1" class="confluenceTh"><p>File</p></th></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>Multi-bundle distribution (tar.gz)</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" class="external-link" href="http://repository.apache.org/service/local/repositories/releases/content/org/apache/cxf/dosgi/cxf-dosgi-ri-multibundle-distribution/1.4.0/cxf-dosgi-ri-multibundle-distribution-1.4.0-dir.tar.gz">cxf-dosgi-ri-multibundle-distribution-1.4.0-dir.tar.gz</a></p></td></tr><tr><td colspan="1" rowspan="1" class
="confluenceTd"><p>Multi-bundle distribution (zip)</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" class="external-link" href="http://repository.apache.org/service/local/repositories/releases/content/org/apache/cxf/dosgi/cxf-dosgi-ri-multibundle-distribution/1.4.0/cxf-dosgi-ri-multibundle-distribution-1.4.0-dir.zip">cxf-dosgi-ri-multibundle-distribution-1.4.0-dir.zip</a></p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>Single-bundle distribution</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" class="external-link" href="http://repository.apache.org/service/local/repositories/releases/content/org/apache/cxf/dosgi/cxf-dosgi-ri-singlebundle-distribution/1.4.0/cxf-dosgi-ri-singlebundle-distribution-1.4.0.jar">cxf-dosgi-ri-singlebundle-distribution-1.4.0.jar</a></p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>Source distribution</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a s
hape="rect" class="external-link" href="http://repository.apache.org/service/local/repositories/releases/content/org/apache/cxf/dosgi/cxf-dosgi-ri-source-distribution/1.4.0/cxf-dosgi-ri-source-distribution-1.4.0-dist.tar.gz">cxf-dosgi-ri-source-distribution-1.4.0.tar.gz</a></p></td></tr></tbody></table></div><h4 id="DOSGiReleases-Highlights.6">Highlights</h4><ul><li><a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/DOSGI/fixforversion/12319877">41 issues resolved (see jira)</a></li><li><a shape="rect" href="dosgi-apache-karaf-feature.html">Karaf feature for easy installation in Apache Karaf</a></li><li><a shape="rect" href="dosgi-discovery.html">Zookeeper discovery</a> now supports automatic reconnects and Cluster configuration</li><li>DOSGi is now independent of spring dm</li><li>Custom intents are now created by publishing e.g. CXF Features as services</li><li>Big refactorings make the code much easier to understand</li></ul><h4 id="DOSGiReleases-Kn
ownissues">Known issues</h4><ul><li>The default aegis data format will not work with Apache Karaf 2.3.0. (See <a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/DOSGI-153">DOSGI-153</a>). Please upgrade to Apache Karaf 2.3.1</li><li>The sytem package exports in the felix multibundle distro may not bee suitable to all felix versions</li></ul><h4 id="DOSGiReleases-Migration">Migration</h4><p>There is one incompatible change in this release. Previously custom intents were defined by using a special spring dm file below osgi-inf in the bundle that exports a service. From DOSGi 1.4.0 on custom intents can be defined by exporting the intent (e.g. a feature) as an OSGi service with a special property "org.apache.cxf.dosgi.IntentName" for the name of the intent. See <a shape="rect" class="unresolved" href="#">dosgi custom intents</a>.</p><h2 id="DOSGiReleases-ArchivedReleases">Archived Releases</h2><p>1.3.1 is was released in April 10th 2012. For more informat
ion on what's new in this release, please see the README and release notes in each distribution. The various distributions can be downloaded as follows:</p><div class="table-wrap"><table class="confluenceTable"><tbody><tr><th colspan="1" rowspan="1" class="confluenceTh"><p>Description</p></th><th colspan="1" rowspan="1" class="confluenceTh"><p>File</p></th></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>Multi-bundle distribution (tar.gz)</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" class="external-link" href="http://repository.apache.org/service/local/repositories/releases/content/org/apache/cxf/dosgi/cxf-dosgi-ri-multibundle-distribution/1.3.1/cxf-dosgi-ri-multibundle-distribution-1.3.1-dir.tar.gz">cxf-dosgi-ri-multibundle-distribution-1.3.1-dir.tar.gz</a></p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>Multi-bundle distribution (zip)</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" class="e
xternal-link" href="http://repository.apache.org/service/local/repositories/releases/content/org/apache/cxf/dosgi/cxf-dosgi-ri-multibundle-distribution/1.3.1/cxf-dosgi-ri-multibundle-distribution-1.3.1-dir.zip">cxf-dosgi-ri-multibundle-distribution-1.3.1-dir.zip</a></p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>Single-bundle distribution</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" class="external-link" href="http://repository.apache.org/service/local/repositories/releases/content/org/apache/cxf/dosgi/cxf-dosgi-ri-singlebundle-distribution/1.3.1/cxf-dosgi-ri-singlebundle-distribution-1.3.1.jar">cxf-dosgi-ri-singlebundle-distribution-1.3.1.jar</a></p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>Source distribution</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" class="external-link" href="http://repository.apache.org/service/local/repositories/releases/content/org/apache/cxf/dosgi/c
xf-dosgi-ri-source-distribution/1.3.1/cxf-dosgi-ri-source-distribution-1.3.1-dist.tar.gz">cxf-dosgi-ri-source-distribution-1.3.1.tar.gz</a></p></td></tr></tbody></table></div><p>1.3 was released February 6th, 2012.</p><div class="table-wrap"><table class="confluenceTable"><tbody><tr><th colspan="1" rowspan="1" class="confluenceTh"><p>Description</p></th><th colspan="1" rowspan="1" class="confluenceTh"><p>File</p></th></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>Multi-bundle distribution (tar.gz)</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" class="external-link" href="http://search.maven.org/remotecontent?filepath=org/apache/cxf/dosgi/cxf-dosgi-ri-multibundle-distribution/1.3/cxf-dosgi-ri-multibundle-distribution-1.3-dir.tar.gz" rel="nofollow">cxf-dosgi-ri-multibundle-distribution-1.3-dir.tar.gz</a></p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>Multi-bundle distribution (zip)</p></td><td colspan="1" rowspan="1" cla
ss="confluenceTd"><p><a shape="rect" class="external-link" href="http://search.maven.org/remotecontent?filepath=org/apache/cxf/dosgi/cxf-dosgi-ri-multibundle-distribution/1.3/cxf-dosgi-ri-multibundle-distribution-1.3-dir.zip" rel="nofollow">cxf-dosgi-ri-multibundle-distribution-1.3-dir.zip</a></p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>Single-bundle distribution</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" class="external-link" href="http://search.maven.org/remotecontent?filepath=org/apache/cxf/dosgi/cxf-dosgi-ri-singlebundle-distribution/1.3/cxf-dosgi-ri-singlebundle-distribution-1.3.jar" rel="nofollow">cxf-dosgi-ri-singlebundle-distribution-1.3.jar</a></p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>Source distribution</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" class="external-link" href="http://search.maven.org/remotecontent?filepath=org/apache/cxf/dosgi/cxf-dosgi-ri-sou
rce-distribution/1.3/cxf-dosgi-ri-source-distribution-1.3.jar" rel="nofollow">cxf-dosgi-ri-source-distribution-1.3.jar</a></p></td></tr></tbody></table></div><p>1.2 was released July 25th 2010.</p><div class="table-wrap"><table class="confluenceTable"><tbody><tr><th colspan="1" rowspan="1" class="confluenceTh"><p>Description</p></th><th colspan="1" rowspan="1" class="confluenceTh"><p>File</p></th><th colspan="1" rowspan="1" class="confluenceTh"><p>MD5</p></th></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>Multi-bundle distribution (tar.gz)</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" class="external-link" href="http://www.apache.org/dist/cxf/dosgi/1.2/cxf-dosgi-ri-multibundle-distribution-1.2.tar.gz">cxf-dosgi-ri-multibundle-distribution-1.2.tar.gz</a></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" class="external-link" href="http://www.apache.org/dist/cxf/dosgi/1.2/cxf-dosgi-ri-multibundle-distribution-1.2.ta
r.gz.md5">cxf-dosgi-ri-multibundle-distribution-1.2.tar.gz.md5</a></p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>Multi-bundle distribution (zip)</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" class="external-link" href="http://www.apache.org/dist/cxf/dosgi/1.2/cxf-dosgi-ri-multibundle-distribution-1.2.zip">cxf-dosgi-ri-multibundle-distribution-1.2.zip</a></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" class="external-link" href="http://www.apache.org/dist/cxf/dosgi/1.2/cxf-dosgi-ri-multibundle-distribution-1.2.zip.md5">cxf-dosgi-ri-multibundle-distribution-1.2.zip.md5</a></p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>Single-bundle distribution</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" class="external-link" href="http://www.apache.org/dist/cxf/dosgi/1.2/cxf-dosgi-ri-singlebundle-distribution-1.2.jar">cxf-dosgi-ri-singlebundle-distribution-1.2.jar</
a></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" class="external-link" href="http://www.apache.org/dist/cxf/dosgi/1.2/cxf-dosgi-ri-singlebundle-distribution-1.2.jar.md5">cxf-dosgi-ri-singlebundle-distribution-1.2.jar.md5</a></p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>Source distribution</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" class="external-link" href="http://www.apache.org/dist/cxf/dosgi/1.2/cxf-dosgi-ri-source-distribution-1.2.tar.gz">cxf-dosgi-ri-source-distribution-1.2.tar.gz</a></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" class="external-link" href="http://www.apache.org/dist/cxf/dosgi/1.2/cxf-dosgi-ri-source-distribution-1.2.tar.gz.md5">cxf-dosgi-ri-source-distribution-1.2.tar.gz.md5</a></p></td></tr></tbody></table></div><p> </p><p> </p></div>
+<div id="ConfluenceContent"><h2 id="DOSGiReleases-Releases">Releases</h2><h3 id="DOSGiReleases-Release2.1.0(2017-02-15)">Release 2.1.0 (2017-02-15)</h3><div class="table-wrap"><table class="confluenceTable"><tbody><tr><th colspan="1" rowspan="1" class="confluenceTh"><p>Description</p></th><th colspan="1" rowspan="1" class="confluenceTh"><p>File</p></th></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>Multi-bundle distribution</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" class="external-link" href="https://repository.apache.org/service/local/repositories/releases/content/org/apache/cxf/dosgi/cxf-dosgi-multibundle-distribution/2.1.0/cxf-dosgi-multibundle-distribution-2.1.0-dir.tar.gz">tar.gz</a> / <a shape="rect" class="external-link" href="https://repository.apache.org/service/local/repositories/releases/content/org/apache/cxf/dosgi/cxf-dosgi-multibundle-distribution/2.1.0/cxf-dosgi-multibundle-distribution-2.1.0-dir.zip">zip</a></p></td></t
r><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>Source distribution</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" class="external-link" href="http://repository.apache.org/service/local/repositories/releases/content/org/apache/cxf/dosgi/cxf-dosgi-source-distribution/2.1.0/cxf-dosgi-source-distribution-2.1.0-dist.tar.gz">cxf-dosgi-source-distribution-2.1.0.tar.gz</a></p></td></tr></tbody></table></div><h4 id="DOSGiReleases-Highlights">Highlights</h4><ul><li>Allow to set ContextResolver as intent</li><li>Allow to set bus properties as service properties</li></ul><p><a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/DOSGI/fixforversion/12338258">Full list of issues</a></p><h3 id="DOSGiReleases-Release2.0.0(2016-09-17)">Release 2.0.0 (2016-09-17)</h3><div class="table-wrap"><table class="confluenceTable"><tbody><tr><th colspan="1" rowspan="1" class="confluenceTh"><p>Description</p></th><th colspan="1" rowspan="1" clas
s="confluenceTh"><p>File</p></th></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>Multi-bundle distribution</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" class="external-link" href="https://repository.apache.org/service/local/repositories/releases/content/org/apache/cxf/dosgi/cxf-dosgi-multibundle-distribution/2.0.0/cxf-dosgi-multibundle-distribution-2.0.0-dir.tar.gz">tar.gz</a> / <a shape="rect" class="external-link" href="https://repository.apache.org/service/local/repositories/releases/content/org/apache/cxf/dosgi/cxf-dosgi-multibundle-distribution/2.0.0/cxf-dosgi-multibundle-distribution-2.0.0-dir.zip">zip</a></p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>Source distribution</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" class="external-link" href="http://repository.apache.org/service/local/repositories/releases/content/org/apache/cxf/dosgi/cxf-dosgi-source-distribution/2.0.0/cxf-dosgi-
source-distribution-2.0.0-dist.tar.gz">cxf-dosgi-source-distribution-2.0.0.tar.gz</a></p></td></tr></tbody></table></div><h4 id="DOSGiReleases-Highlights.1">Highlights</h4><ul><li>Split the SOAP support from the REST support. So it is now possible to only install SOAP support or only REST support.</li><li>Support for bndtools based deployments. We now offer a repository pom with the bundle dependencies which is suitable to create a bndtools index from it. So it is very easy to use CXF-DOSGi in bndtools. There is also such a repository pom for the samples that contains everything needed to run the samples from bndtools. The first example that uses this is the soap example. It contains a soap.bndrun file that can be directly started and debugged from eclipse. This pom based repo might be a replacement for the current multi bundle distro as it is much smaller and more flexible.</li><li><a shape="rect" class="external-link" href="https://github.com/apache/cxf-dosgi" rel="nofollow">Docum
entation</a> is now embedded into the source repository using markdown and can be easily viewed at github.</li><li>Redesign of <a shape="rect" class="external-link" href="https://github.com/apache/cxf-dosgi/tree/master/samples" rel="nofollow">examples</a> to make them easier to understand and try out</li><li>Cleanup of a lot of the older JIRA issues<br clear="none"><br clear="none"></li></ul><p><a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/DOSGI/fixforversion/12337858">Full list of issues</a></p><h3 id="DOSGiReleases-Release1.8.0(2016-04-04)">Release 1.8.0 (2016-04-04)</h3><div class="table-wrap"><table class="confluenceTable"><tbody><tr><th colspan="1" rowspan="1" class="confluenceTh"><p>Description</p></th><th colspan="1" rowspan="1" class="confluenceTh"><p>File</p></th></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>Multi-bundle distribution (tar.gz)</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" c
lass="external-link" href="http://repository.apache.org/service/local/repositories/releases/content/org/apache/cxf/dosgi/cxf-dosgi-ri-multibundle-distribution/1.8.0/cxf-dosgi-ri-multibundle-distribution-1.8.0-dir.tar.gz">cxf-dosgi-ri-multibundle-distribution-1.8.0-dir.tar.gz</a></p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>Multi-bundle distribution (zip)</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" class="external-link" href="http://repository.apache.org/service/local/repositories/releases/content/org/apache/cxf/dosgi/cxf-dosgi-ri-multibundle-distribution/1.8.0/cxf-dosgi-ri-multibundle-distribution-1.8.0-dir.zip">cxf-dosgi-ri-multibundle-distribution-1.8.0-dir.zip</a></p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>Source distribution</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" class="external-link" href="http://repository.apache.org/service/local/repositories/releases/content
/org/apache/cxf/dosgi/cxf-dosgi-ri-source-distribution/1.8.0/cxf-dosgi-ri-source-distribution-1.8.0-dist.tar.gz">cxf-dosgi-ri-source-distribution-1.8.0.tar.gz</a></p></td></tr></tbody></table></div><h4 id="DOSGiReleases-Highlights.2">Highlights</h4><ul><li>Extraction of the Remote Service Admin core into Aries RSA. CXF DOSGi now only implements the CXF based transports</li><li>CXF updated to 3.1.6</li><li><a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/DOSGI/fixforversion/12332970">Full list of issues</a></li></ul><h3 id="DOSGiReleases-Release1.7.0(2015-07-03)">Release 1.7.0 (2015-07-03)</h3><div class="table-wrap"><table class="confluenceTable"><tbody><tr><th colspan="1" rowspan="1" class="confluenceTh"><p>Description</p></th><th colspan="1" rowspan="1" class="confluenceTh"><p>File</p></th></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>Multi-bundle distribution (tar.gz)</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a sh
ape="rect" class="external-link" href="http://repository.apache.org/service/local/repositories/releases/content/org/apache/cxf/dosgi/cxf-dosgi-ri-multibundle-distribution/1.7.0/cxf-dosgi-ri-multibundle-distribution-1.7.0-dir.tar.gz">cxf-dosgi-ri-multibundle-distribution-1.7.0-dir.tar.gz</a></p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>Multi-bundle distribution (zip)</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" class="external-link" href="http://repository.apache.org/service/local/repositories/releases/content/org/apache/cxf/dosgi/cxf-dosgi-ri-multibundle-distribution/1.7.0/cxf-dosgi-ri-multibundle-distribution-1.7.0-dir.zip">cxf-dosgi-ri-multibundle-distribution-1.7.0-dir.zip</a></p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>Source distribution</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" class="external-link" href="http://repository.apache.org/service/local/repositories/rele
ases/content/org/apache/cxf/dosgi/cxf-dosgi-ri-source-distribution/1.7.0/cxf-dosgi-ri-source-distribution-1.7.0-dist.tar.gz">cxf-dosgi-ri-source-distribution-1.7.0.tar.gz</a></p></td></tr></tbody></table></div><h4 id="DOSGiReleases-Highlights.3">Highlights</h4><ul><li>Karaf 4 compatibility</li><li>CXF updated to 3.1.1</li><li><a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/DOSGI-220?jql=fixVersion%20%3D%201.7.0%20AND%20project%20%3D%20DOSGI">Bug fixes</a></li></ul><h3 id="DOSGiReleases-Release1.6.0(2014-01-21)">Release 1.6.0 (2014-01-21)</h3><div class="table-wrap"><table class="confluenceTable"><tbody><tr><th colspan="1" rowspan="1" class="confluenceTh"><p>Description</p></th><th colspan="1" rowspan="1" class="confluenceTh"><p>File</p></th></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>Multi-bundle distribution (tar.gz)</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" class="external-link" href="http://repos
itory.apache.org/service/local/repositories/releases/content/org/apache/cxf/dosgi/cxf-dosgi-ri-multibundle-distribution/1.6.0/cxf-dosgi-ri-multibundle-distribution-1.6.0-dir.tar.gz">cxf-dosgi-ri-multibundle-distribution-1.6.0-dir.tar.gz</a></p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>Multi-bundle distribution (zip)</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" class="external-link" href="http://repository.apache.org/service/local/repositories/releases/content/org/apache/cxf/dosgi/cxf-dosgi-ri-multibundle-distribution/1.6.0/cxf-dosgi-ri-multibundle-distribution-1.6.0-dir.zip">cxf-dosgi-ri-multibundle-distribution-1.6.0-dir.zip</a></p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>Source distribution</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" class="external-link" href="http://repository.apache.org/service/local/repositories/releases/content/org/apache/cxf/dosgi/cxf-dosgi-ri-sour
ce-distribution/1.6.0/cxf-dosgi-ri-source-distribution-1.6.0-dist.tar.gz">cxf-dosgi-ri-source-distribution-1.6.0.tar.gz</a></p></td></tr></tbody></table></div><h4 id="DOSGiReleases-Highlights.4">Highlights</h4><ul><li>Multi bundle distro now created from karaf features. So less effort for new releases</li><li>CXF updated to 2.7.8</li><li>jdom dependency removed</li><li>Bug fixes</li></ul><h3 id="DOSGiReleases-Release1.5.0(2013-06-27)">Release 1.5.0 (2013-06-27)</h3><div class="table-wrap"><table class="confluenceTable"><tbody><tr><th colspan="1" rowspan="1" class="confluenceTh"><p>Description</p></th><th colspan="1" rowspan="1" class="confluenceTh"><p>File</p></th></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>Multi-bundle distribution (tar.gz)</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" class="external-link" href="http://repository.apache.org/service/local/repositories/releases/content/org/apache/cxf/dosgi/cxf-dosgi-ri-multibundle-distr
ibution/1.5.0/cxf-dosgi-ri-multibundle-distribution-1.5.0-dir.tar.gz">cxf-dosgi-ri-multibundle-distribution-1.5.0-dir.tar.gz</a></p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>Multi-bundle distribution (zip)</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" class="external-link" href="http://repository.apache.org/service/local/repositories/releases/content/org/apache/cxf/dosgi/cxf-dosgi-ri-multibundle-distribution/1.5.0/cxf-dosgi-ri-multibundle-distribution-1.5.0-dir.zip">cxf-dosgi-ri-multibundle-distribution-1.5.0-dir.zip</a></p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>Source distribution</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" class="external-link" href="http://repository.apache.org/service/local/repositories/releases/content/org/apache/cxf/dosgi/cxf-dosgi-ri-source-distribution/1.5.0/cxf-dosgi-ri-source-distribution-1.5.0-dist.tar.gz">cxf-dosgi-ri-source-distribution-1.5.0
.tar.gz</a></p></td></tr></tbody></table></div><h4 id="DOSGiReleases-Highlights.5">Highlights</h4><ul><li>Single bundle distribution removed to simplyfy release process and testing</li><li>Many bugfixes</li></ul><h3 id="DOSGiReleases-Release1.4.0(2013-01-26)">Release 1.4.0 (2013-01-26)</h3><div class="table-wrap"><table class="confluenceTable"><tbody><tr><th colspan="1" rowspan="1" class="confluenceTh"><p>Description</p></th><th colspan="1" rowspan="1" class="confluenceTh"><p>File</p></th></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>Multi-bundle distribution (tar.gz)</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" class="external-link" href="http://repository.apache.org/service/local/repositories/releases/content/org/apache/cxf/dosgi/cxf-dosgi-ri-multibundle-distribution/1.4.0/cxf-dosgi-ri-multibundle-distribution-1.4.0-dir.tar.gz">cxf-dosgi-ri-multibundle-distribution-1.4.0-dir.tar.gz</a></p></td></tr><tr><td colspan="1" rowspan="1" class
="confluenceTd"><p>Multi-bundle distribution (zip)</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" class="external-link" href="http://repository.apache.org/service/local/repositories/releases/content/org/apache/cxf/dosgi/cxf-dosgi-ri-multibundle-distribution/1.4.0/cxf-dosgi-ri-multibundle-distribution-1.4.0-dir.zip">cxf-dosgi-ri-multibundle-distribution-1.4.0-dir.zip</a></p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>Single-bundle distribution</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" class="external-link" href="http://repository.apache.org/service/local/repositories/releases/content/org/apache/cxf/dosgi/cxf-dosgi-ri-singlebundle-distribution/1.4.0/cxf-dosgi-ri-singlebundle-distribution-1.4.0.jar">cxf-dosgi-ri-singlebundle-distribution-1.4.0.jar</a></p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>Source distribution</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a s
hape="rect" class="external-link" href="http://repository.apache.org/service/local/repositories/releases/content/org/apache/cxf/dosgi/cxf-dosgi-ri-source-distribution/1.4.0/cxf-dosgi-ri-source-distribution-1.4.0-dist.tar.gz">cxf-dosgi-ri-source-distribution-1.4.0.tar.gz</a></p></td></tr></tbody></table></div><h4 id="DOSGiReleases-Highlights.6">Highlights</h4><ul><li><a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/DOSGI/fixforversion/12319877">41 issues resolved (see jira)</a></li><li><a shape="rect" href="dosgi-apache-karaf-feature.html">Karaf feature for easy installation in Apache Karaf</a></li><li><a shape="rect" href="dosgi-discovery.html">Zookeeper discovery</a> now supports automatic reconnects and Cluster configuration</li><li>DOSGi is now independent of spring dm</li><li>Custom intents are now created by publishing e.g. CXF Features as services</li><li>Big refactorings make the code much easier to understand</li></ul><h4 id="DOSGiReleases-Kn
ownissues">Known issues</h4><ul><li>The default aegis data format will not work with Apache Karaf 2.3.0. (See <a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/DOSGI-153">DOSGI-153</a>). Please upgrade to Apache Karaf 2.3.1</li><li>The sytem package exports in the felix multibundle distro may not bee suitable to all felix versions</li></ul><h4 id="DOSGiReleases-Migration">Migration</h4><p>There is one incompatible change in this release. Previously custom intents were defined by using a special spring dm file below osgi-inf in the bundle that exports a service. From DOSGi 1.4.0 on custom intents can be defined by exporting the intent (e.g. a feature) as an OSGi service with a special property "org.apache.cxf.dosgi.IntentName" for the name of the intent. See <a shape="rect" class="unresolved" href="#">dosgi custom intents</a>.</p><h2 id="DOSGiReleases-ArchivedReleases">Archived Releases</h2><p>1.3.1 is was released in April 10th 2012. For more informat
ion on what's new in this release, please see the README and release notes in each distribution. The various distributions can be downloaded as follows:</p><div class="table-wrap"><table class="confluenceTable"><tbody><tr><th colspan="1" rowspan="1" class="confluenceTh"><p>Description</p></th><th colspan="1" rowspan="1" class="confluenceTh"><p>File</p></th></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>Multi-bundle distribution (tar.gz)</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" class="external-link" href="http://repository.apache.org/service/local/repositories/releases/content/org/apache/cxf/dosgi/cxf-dosgi-ri-multibundle-distribution/1.3.1/cxf-dosgi-ri-multibundle-distribution-1.3.1-dir.tar.gz">cxf-dosgi-ri-multibundle-distribution-1.3.1-dir.tar.gz</a></p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>Multi-bundle distribution (zip)</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" class="e
xternal-link" href="http://repository.apache.org/service/local/repositories/releases/content/org/apache/cxf/dosgi/cxf-dosgi-ri-multibundle-distribution/1.3.1/cxf-dosgi-ri-multibundle-distribution-1.3.1-dir.zip">cxf-dosgi-ri-multibundle-distribution-1.3.1-dir.zip</a></p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>Single-bundle distribution</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" class="external-link" href="http://repository.apache.org/service/local/repositories/releases/content/org/apache/cxf/dosgi/cxf-dosgi-ri-singlebundle-distribution/1.3.1/cxf-dosgi-ri-singlebundle-distribution-1.3.1.jar">cxf-dosgi-ri-singlebundle-distribution-1.3.1.jar</a></p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>Source distribution</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" class="external-link" href="http://repository.apache.org/service/local/repositories/releases/content/org/apache/cxf/dosgi/c
xf-dosgi-ri-source-distribution/1.3.1/cxf-dosgi-ri-source-distribution-1.3.1-dist.tar.gz">cxf-dosgi-ri-source-distribution-1.3.1.tar.gz</a></p></td></tr></tbody></table></div><p>1.3 was released February 6th, 2012.</p><div class="table-wrap"><table class="confluenceTable"><tbody><tr><th colspan="1" rowspan="1" class="confluenceTh"><p>Description</p></th><th colspan="1" rowspan="1" class="confluenceTh"><p>File</p></th></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>Multi-bundle distribution (tar.gz)</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" class="external-link" href="http://search.maven.org/remotecontent?filepath=org/apache/cxf/dosgi/cxf-dosgi-ri-multibundle-distribution/1.3/cxf-dosgi-ri-multibundle-distribution-1.3-dir.tar.gz" rel="nofollow">cxf-dosgi-ri-multibundle-distribution-1.3-dir.tar.gz</a></p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>Multi-bundle distribution (zip)</p></td><td colspan="1" rowspan="1" cla
ss="confluenceTd"><p><a shape="rect" class="external-link" href="http://search.maven.org/remotecontent?filepath=org/apache/cxf/dosgi/cxf-dosgi-ri-multibundle-distribution/1.3/cxf-dosgi-ri-multibundle-distribution-1.3-dir.zip" rel="nofollow">cxf-dosgi-ri-multibundle-distribution-1.3-dir.zip</a></p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>Single-bundle distribution</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" class="external-link" href="http://search.maven.org/remotecontent?filepath=org/apache/cxf/dosgi/cxf-dosgi-ri-singlebundle-distribution/1.3/cxf-dosgi-ri-singlebundle-distribution-1.3.jar" rel="nofollow">cxf-dosgi-ri-singlebundle-distribution-1.3.jar</a></p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>Source distribution</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" class="external-link" href="http://search.maven.org/remotecontent?filepath=org/apache/cxf/dosgi/cxf-dosgi-ri-sou
rce-distribution/1.3/cxf-dosgi-ri-source-distribution-1.3.jar" rel="nofollow">cxf-dosgi-ri-source-distribution-1.3.jar</a></p></td></tr></tbody></table></div><p>1.2 was released July 25th 2010.</p><div class="table-wrap"><table class="confluenceTable"><tbody><tr><th colspan="1" rowspan="1" class="confluenceTh"><p>Description</p></th><th colspan="1" rowspan="1" class="confluenceTh"><p>File</p></th><th colspan="1" rowspan="1" class="confluenceTh"><p>MD5</p></th></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>Multi-bundle distribution (tar.gz)</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" class="external-link" href="http://www.apache.org/dist/cxf/dosgi/1.2/cxf-dosgi-ri-multibundle-distribution-1.2.tar.gz">cxf-dosgi-ri-multibundle-distribution-1.2.tar.gz</a></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" class="external-link" href="http://www.apache.org/dist/cxf/dosgi/1.2/cxf-dosgi-ri-multibundle-distribution-1.2.ta
r.gz.md5">cxf-dosgi-ri-multibundle-distribution-1.2.tar.gz.md5</a></p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>Multi-bundle distribution (zip)</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" class="external-link" href="http://www.apache.org/dist/cxf/dosgi/1.2/cxf-dosgi-ri-multibundle-distribution-1.2.zip">cxf-dosgi-ri-multibundle-distribution-1.2.zip</a></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" class="external-link" href="http://www.apache.org/dist/cxf/dosgi/1.2/cxf-dosgi-ri-multibundle-distribution-1.2.zip.md5">cxf-dosgi-ri-multibundle-distribution-1.2.zip.md5</a></p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>Single-bundle distribution</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" class="external-link" href="http://www.apache.org/dist/cxf/dosgi/1.2/cxf-dosgi-ri-singlebundle-distribution-1.2.jar">cxf-dosgi-ri-singlebundle-distribution-1.2.jar</
a></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" class="external-link" href="http://www.apache.org/dist/cxf/dosgi/1.2/cxf-dosgi-ri-singlebundle-distribution-1.2.jar.md5">cxf-dosgi-ri-singlebundle-distribution-1.2.jar.md5</a></p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>Source distribution</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" class="external-link" href="http://www.apache.org/dist/cxf/dosgi/1.2/cxf-dosgi-ri-source-distribution-1.2.tar.gz">cxf-dosgi-ri-source-distribution-1.2.tar.gz</a></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect" class="external-link" href="http://www.apache.org/dist/cxf/dosgi/1.2/cxf-dosgi-ri-source-distribution-1.2.tar.gz.md5">cxf-dosgi-ri-source-distribution-1.2.tar.gz.md5</a></p></td></tr></tbody></table></div><p> </p><p> </p></div>
</div>
<!-- Content -->
</td>
Added: websites/production/cxf/content/security-advisories.data/CVE-2017-3156.txt.asc
==============================================================================
--- websites/production/cxf/content/security-advisories.data/CVE-2017-3156.txt.asc (added)
+++ websites/production/cxf/content/security-advisories.data/CVE-2017-3156.txt.asc Mon Feb 20 11:47:55 2017
@@ -0,0 +1,48 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+CVE-2017-3156: Apache CXF OAuth2 Hawk and JOSE MAC Validation code is vulnerable to the timing attacks
+
+Severity: Major
+
+Vendor: The Apache Software Foundation
+
+Versions Affected:
+
+This vulnerability affects all versions of Apache CXF prior to 3.0.13, 3.1.10.
+
+Description:
+
+Apache CXF OAuth2 Hawk and JOSE MAC Validation code is not using a constant time MAC signature
+comparison algorithm which may be exploited by some sophisticated timing attacks. It may only affect
+OAuth2 Hawk or JWT access tokens or JOSE JWS/JWE interceptors which depend on HMac secret key algorithms.
+
+
+This has been fixed in revisions:
+
+CXF 3.1.x:
+http://git-wip-us.apache.org/repos/asf/cxf/commit/555843f9
+
+CXF 3.0.x
+http://git-wip-us.apache.org/repos/asf/cxf/commit/1338469f
+
+CXF 3.2.0-SNAPSHOT (master):
+http://git-wip-us.apache.org/repos/asf/cxf/commit/e66ce235
+
+
+Credit:
+The issue was reported and the patch provided by Richard Kettelerij.
+
+Migration:
+
+CXF 3.0.x users should upgrade to 3.0.13 or later as soon as possible.
+CXF 3.1.x users should upgrade to 3.1.10 or later as soon as possible.
+
+References: http://cxf.apache.org/security-advisories.html
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1
+
+iEYEARECAAYFAliq0rIACgkQmcduTd7eq5LohQCgkIiSd26xoIzt/+Pi0r8ri0HD
+bbQAn3C5Y8DNes7QGRUP6Dv1hVRrmP2y
+=0YqU
+-----END PGP SIGNATURE-----
Modified: websites/production/cxf/content/security-advisories.html
==============================================================================
--- websites/production/cxf/content/security-advisories.html (original)
+++ websites/production/cxf/content/security-advisories.html Mon Feb 20 11:47:55 2017
@@ -99,7 +99,7 @@ Apache CXF -- Security Advisories
<td height="100%">
<!-- Content -->
<div class="wiki-content">
-<div id="ConfluenceContent"><h3 id="SecurityAdvisories-2016">2016</h3><ul><li><a shape="rect" href="security-advisories.data/CVE-2016-8739.txt.asc?version=1&modificationDate=1482164360000&api=v2" data-linked-resource-id="67635454" data-linked-resource-version="1" data-linked-resource-type="attachment" data-linked-resource-default-alias="CVE-2016-8739.txt.asc" data-nice-type="Text File" data-linked-resource-content-type="text/plain" data-linked-resource-container-id="27837502" data-linked-resource-container-version="23">CVE-2016-8739</a>: Atom entity provider of Apache CXF JAX-RS is vulnerable to XXE</li><li><a shape="rect" href="security-advisories.data/CVE-2016-6812.txt.asc?version=1&modificationDate=1482164360000&api=v2" data-linked-resource-id="67635455" data-linked-resource-version="1" data-linked-resource-type="attachment" data-linked-resource-default-alias="CVE-2016-6812.txt.asc" data-nice-type="Text File" data-linked-resource-content-type="text/plain" data-lin
ked-resource-container-id="27837502" data-linked-resource-container-version="23">CVE-2016-6812</a>: XSS risk in Apache CXF FormattedServiceListWriter when a request URL contains matrix parameters</li><li><a shape="rect" href="security-advisories.data/CVE-2016-4464.txt.asc?version=1&modificationDate=1473350153000&api=v2" data-linked-resource-id="65869472" data-linked-resource-version="1" data-linked-resource-type="attachment" data-linked-resource-default-alias="CVE-2016-4464.txt.asc" data-nice-type="Text File" data-linked-resource-content-type="text/plain" data-linked-resource-container-id="27837502" data-linked-resource-container-version="23">CVE-2016-4464</a>: Apache CXF Fediz application plugins do not match the SAML AudienceRestriction values against the list of configured audience URIs</li></ul><h3 id="SecurityAdvisories-2015">2015</h3><ul><li><a shape="rect" href="security-advisories.data/CVE-2015-5253.txt.asc?version=1&modificationDate=1447433340000&api=v2" dat
a-linked-resource-id="61328642" data-linked-resource-version="1" data-linked-resource-type="attachment" data-linked-resource-default-alias="CVE-2015-5253.txt.asc" data-nice-type="Text File" data-linked-resource-content-type="text/plain" data-linked-resource-container-id="27837502" data-linked-resource-container-version="23">CVE-2015-5253</a>: Apache CXF SAML SSO processing is vulnerable to a wrapping attack</li><li><a shape="rect" href="security-advisories.data/CVE-2015-5175.txt.asc?version=1&modificationDate=1440598018000&api=v2" data-linked-resource-id="61316328" data-linked-resource-version="1" data-linked-resource-type="attachment" data-linked-resource-default-alias="CVE-2015-5175.txt.asc" data-nice-type="Text File" data-linked-resource-content-type="text/plain" data-linked-resource-container-id="27837502" data-linked-resource-container-version="23">CVE-2015-5175</a>: Apache CXF Fediz application plugins are vulnerable to Denial of Service (DoS) attacks</li></ul><h3 id="
SecurityAdvisories-2014">2014</h3><ul><li><a shape="rect" href="security-advisories.data/CVE-2014-3577.txt.asc?version=1&modificationDate=1419245371000&api=v2" data-linked-resource-id="51183657" data-linked-resource-version="1" data-linked-resource-type="attachment" data-linked-resource-default-alias="CVE-2014-3577.txt.asc" data-nice-type="Text File" data-linked-resource-content-type="text/plain" data-linked-resource-container-id="27837502" data-linked-resource-container-version="23">CVE-2014-3577</a>: Apache CXF SSL hostname verification bypass</li><li><a shape="rect" href="security-advisories.data/CVE-2014-3566.txt.asc?version=1&modificationDate=1418740474000&api=v2" data-linked-resource-id="50561078" data-linked-resource-version="1" data-linked-resource-type="attachment" data-linked-resource-default-alias="CVE-2014-3566.txt.asc" data-nice-type="Text File" data-linked-resource-content-type="text/plain" data-linked-resource-container-id="27837502" data-linked-resour
ce-container-version="23">Note on CVE-2014-3566</a>: SSL 3.0 support in Apache CXF, aka the "POODLE" attack.</li><li><a shape="rect" href="security-advisories.data/CVE-2014-3623.txt.asc?version=1&modificationDate=1414169368000&api=v2" data-linked-resource-id="47743195" data-linked-resource-version="1" data-linked-resource-type="attachment" data-linked-resource-default-alias="CVE-2014-3623.txt.asc" data-nice-type="Text File" data-linked-resource-content-type="text/plain" data-linked-resource-container-id="27837502" data-linked-resource-container-version="23">CVE-2014-3623</a>: Apache CXF does not properly enforce the security semantics of SAML SubjectConfirmation methods when used with the TransportBinding</li><li><a shape="rect" href="security-advisories.data/CVE-2014-3584.txt.asc?version=1&modificationDate=1414169326000&api=v2" data-linked-resource-id="47743194" data-linked-resource-version="1" data-linked-resource-type="attachment" data-linked-resource-default-alia
s="CVE-2014-3584.txt.asc" data-nice-type="Text File" data-linked-resource-content-type="text/plain" data-linked-resource-container-id="27837502" data-linked-resource-container-version="23">CVE-2014-3584</a>: Apache CXF JAX-RS SAML handling is vulnerable to a Denial of Service (DoS) attack</li><li><a shape="rect" href="security-advisories.data/CVE-2014-0109.txt.asc?version=1&modificationDate=1398873370000&api=v2" data-linked-resource-id="40895138" data-linked-resource-version="1" data-linked-resource-type="attachment" data-linked-resource-default-alias="CVE-2014-0109.txt.asc" data-nice-type="Text File" data-linked-resource-content-type="text/plain" data-linked-resource-container-id="27837502" data-linked-resource-container-version="23">CVE-2014-0109</a>: HTML content posted to SOAP endpoint could cause OOM errors</li><li><a shape="rect" href="security-advisories.data/CVE-2014-0110.txt.asc?version=1&modificationDate=1398873378000&api=v2" data-linked-resource-id="408951
39" data-linked-resource-version="1" data-linked-resource-type="attachment" data-linked-resource-default-alias="CVE-2014-0110.txt.asc" data-nice-type="Text File" data-linked-resource-content-type="text/plain" data-linked-resource-container-id="27837502" data-linked-resource-container-version="23">CVE-2014-0110</a>: Large invalid content could cause temporary space to fill</li><li><a shape="rect" href="security-advisories.data/CVE-2014-0034.txt.asc?version=1&modificationDate=1398873385000&api=v2" data-linked-resource-id="40895140" data-linked-resource-version="1" data-linked-resource-type="attachment" data-linked-resource-default-alias="CVE-2014-0034.txt.asc" data-nice-type="Text File" data-linked-resource-content-type="text/plain" data-linked-resource-container-id="27837502" data-linked-resource-container-version="23">CVE-2014-0034</a>: The SecurityTokenService accepts certain invalid SAML Tokens as valid</li><li><a shape="rect" href="security-advisories.data/CVE-2014-0035.t
xt.asc?version=1&modificationDate=1398873391000&api=v2" data-linked-resource-id="40895141" data-linked-resource-version="1" data-linked-resource-type="attachment" data-linked-resource-default-alias="CVE-2014-0035.txt.asc" data-nice-type="Text File" data-linked-resource-content-type="text/plain" data-linked-resource-container-id="27837502" data-linked-resource-container-version="23">CVE-2014-0035</a>: UsernameTokens are sent in plaintext with a Symmetric EncryptBeforeSigning policy</li></ul><h3 id="SecurityAdvisories-2013">2013</h3><ul><li><a shape="rect" href="security-advisories.data/CVE-2013-2160.txt.asc?version=1&modificationDate=1372324301000&api=v2" data-linked-resource-id="33095710" data-linked-resource-version="1" data-linked-resource-type="attachment" data-linked-resource-default-alias="CVE-2013-2160.txt.asc" data-nice-type="Text File" data-linked-resource-content-type="text/plain" data-linked-resource-container-id="27837502" data-linked-resource-container-ve
rsion="23">CVE-2013-2160</a> - Denial of Service Attacks on Apache CXF</li><li><a shape="rect" href="cve-2012-5575.html">Note on CVE-2012-5575</a> - XML Encryption backwards compatibility attack on Apache CXF.</li><li><a shape="rect" href="cve-2013-0239.html">CVE-2013-0239</a> - Authentication bypass in the case of WS-SecurityPolicy enabled plaintext UsernameTokens.</li></ul><h3 id="SecurityAdvisories-2012">2012</h3><ul><li><a shape="rect" href="cve-2012-5633.html">CVE-2012-5633</a> - WSS4JInInterceptor always allows HTTP Get requests from browser.</li><li><a shape="rect" href="note-on-cve-2011-2487.html">Note on CVE-2011-2487</a> - Bleichenbacher attack against distributed symmetric key in WS-Security.</li><li><a shape="rect" href="cve-2012-3451.html">CVE-2012-3451</a> - Apache CXF is vulnerable to SOAP Action spoofing attacks on Document Literal web services.</li><li><a shape="rect" href="cve-2012-2379.html">CVE-2012-2379</a> - Apache CXF does not verify that elements were signed
or encrypted by a particular Supporting Token.</li><li><a shape="rect" href="cve-2012-2378.html">CVE-2012-2378</a> - Apache CXF does not pick up some child policies of WS-SecurityPolicy 1.1 SupportingToken policy assertions on the client side.</li><li><a shape="rect" href="note-on-cve-2011-1096.html">Note on CVE-2011-1096</a> - XML Encryption flaw / Character pattern encoding attack.</li><li><a shape="rect" href="cve-2012-0803.html">CVE-2012-0803</a> - Apache CXF does not validate UsernameToken policies correctly.</li></ul><h3 id="SecurityAdvisories-2010">2010</h3><ul><li><a shape="rect" class="external-link" href="http://svn.apache.org/repos/asf/cxf/trunk/security/CVE-2010-2076.pdf">CVE-2010-2076</a> - DTD based XML attacks.</li></ul></div>
+<div id="ConfluenceContent"><h3 id="SecurityAdvisories-2017">2017</h3><ul><li><a shape="rect" href="security-advisories.data/CVE-2017-3156.txt.asc?version=1&modificationDate=1487590374755&api=v2" data-linked-resource-id="68715428" data-linked-resource-version="1" data-linked-resource-type="attachment" data-linked-resource-default-alias="CVE-2017-3156.txt.asc" data-nice-type="Text File" data-linked-resource-content-type="text/plain" data-linked-resource-container-id="27837502" data-linked-resource-container-version="24">CVE-2017-3156</a>: Apache CXF OAuth2 Hawk and JOSE MAC Validation code is vulnerable to the timing attacks</li></ul><h3 id="SecurityAdvisories-2016">2016</h3><ul><li><a shape="rect" href="security-advisories.data/CVE-2016-8739.txt.asc?version=1&modificationDate=1482164360000&api=v2" data-linked-resource-id="67635454" data-linked-resource-version="1" data-linked-resource-type="attachment" data-linked-resource-default-alias="CVE-2016-8739.txt.asc" data-n
ice-type="Text File" data-linked-resource-content-type="text/plain" data-linked-resource-container-id="27837502" data-linked-resource-container-version="24">CVE-2016-8739</a>: Atom entity provider of Apache CXF JAX-RS is vulnerable to XXE</li><li><a shape="rect" href="security-advisories.data/CVE-2016-6812.txt.asc?version=1&modificationDate=1482164360000&api=v2" data-linked-resource-id="67635455" data-linked-resource-version="1" data-linked-resource-type="attachment" data-linked-resource-default-alias="CVE-2016-6812.txt.asc" data-nice-type="Text File" data-linked-resource-content-type="text/plain" data-linked-resource-container-id="27837502" data-linked-resource-container-version="24">CVE-2016-6812</a>: XSS risk in Apache CXF FormattedServiceListWriter when a request URL contains matrix parameters</li><li><a shape="rect" href="security-advisories.data/CVE-2016-4464.txt.asc?version=1&modificationDate=1473350153000&api=v2" data-linked-resource-id="65869472" data-linked
-resource-version="1" data-linked-resource-type="attachment" data-linked-resource-default-alias="CVE-2016-4464.txt.asc" data-nice-type="Text File" data-linked-resource-content-type="text/plain" data-linked-resource-container-id="27837502" data-linked-resource-container-version="24">CVE-2016-4464</a>: Apache CXF Fediz application plugins do not match the SAML AudienceRestriction values against the list of configured audience URIs</li></ul><h3 id="SecurityAdvisories-2015">2015</h3><ul><li><a shape="rect" href="security-advisories.data/CVE-2015-5253.txt.asc?version=1&modificationDate=1447433340000&api=v2" data-linked-resource-id="61328642" data-linked-resource-version="1" data-linked-resource-type="attachment" data-linked-resource-default-alias="CVE-2015-5253.txt.asc" data-nice-type="Text File" data-linked-resource-content-type="text/plain" data-linked-resource-container-id="27837502" data-linked-resource-container-version="24">CVE-2015-5253</a>: Apache CXF SAML SSO processing
is vulnerable to a wrapping attack</li><li><a shape="rect" href="security-advisories.data/CVE-2015-5175.txt.asc?version=1&modificationDate=1440598018000&api=v2" data-linked-resource-id="61316328" data-linked-resource-version="1" data-linked-resource-type="attachment" data-linked-resource-default-alias="CVE-2015-5175.txt.asc" data-nice-type="Text File" data-linked-resource-content-type="text/plain" data-linked-resource-container-id="27837502" data-linked-resource-container-version="24">CVE-2015-5175</a>: Apache CXF Fediz application plugins are vulnerable to Denial of Service (DoS) attacks</li></ul><h3 id="SecurityAdvisories-2014">2014</h3><ul><li><a shape="rect" href="security-advisories.data/CVE-2014-3577.txt.asc?version=1&modificationDate=1419245371000&api=v2" data-linked-resource-id="51183657" data-linked-resource-version="1" data-linked-resource-type="attachment" data-linked-resource-default-alias="CVE-2014-3577.txt.asc" data-nice-type="Text File" data-linked-res
ource-content-type="text/plain" data-linked-resource-container-id="27837502" data-linked-resource-container-version="24">CVE-2014-3577</a>: Apache CXF SSL hostname verification bypass</li><li><a shape="rect" href="security-advisories.data/CVE-2014-3566.txt.asc?version=1&modificationDate=1418740474000&api=v2" data-linked-resource-id="50561078" data-linked-resource-version="1" data-linked-resource-type="attachment" data-linked-resource-default-alias="CVE-2014-3566.txt.asc" data-nice-type="Text File" data-linked-resource-content-type="text/plain" data-linked-resource-container-id="27837502" data-linked-resource-container-version="24">Note on CVE-2014-3566</a>: SSL 3.0 support in Apache CXF, aka the "POODLE" attack.</li><li><a shape="rect" href="security-advisories.data/CVE-2014-3623.txt.asc?version=1&modificationDate=1414169368000&api=v2" data-linked-resource-id="47743195" data-linked-resource-version="1" data-linked-resource-type="attachment" data-linked-resource-defau
lt-alias="CVE-2014-3623.txt.asc" data-nice-type="Text File" data-linked-resource-content-type="text/plain" data-linked-resource-container-id="27837502" data-linked-resource-container-version="24">CVE-2014-3623</a>: Apache CXF does not properly enforce the security semantics of SAML SubjectConfirmation methods when used with the TransportBinding</li><li><a shape="rect" href="security-advisories.data/CVE-2014-3584.txt.asc?version=1&modificationDate=1414169326000&api=v2" data-linked-resource-id="47743194" data-linked-resource-version="1" data-linked-resource-type="attachment" data-linked-resource-default-alias="CVE-2014-3584.txt.asc" data-nice-type="Text File" data-linked-resource-content-type="text/plain" data-linked-resource-container-id="27837502" data-linked-resource-container-version="24">CVE-2014-3584</a>: Apache CXF JAX-RS SAML handling is vulnerable to a Denial of Service (DoS) attack</li><li><a shape="rect" href="security-advisories.data/CVE-2014-0109.txt.asc?version=1
&modificationDate=1398873370000&api=v2" data-linked-resource-id="40895138" data-linked-resource-version="1" data-linked-resource-type="attachment" data-linked-resource-default-alias="CVE-2014-0109.txt.asc" data-nice-type="Text File" data-linked-resource-content-type="text/plain" data-linked-resource-container-id="27837502" data-linked-resource-container-version="24">CVE-2014-0109</a>: HTML content posted to SOAP endpoint could cause OOM errors</li><li><a shape="rect" href="security-advisories.data/CVE-2014-0110.txt.asc?version=1&modificationDate=1398873378000&api=v2" data-linked-resource-id="40895139" data-linked-resource-version="1" data-linked-resource-type="attachment" data-linked-resource-default-alias="CVE-2014-0110.txt.asc" data-nice-type="Text File" data-linked-resource-content-type="text/plain" data-linked-resource-container-id="27837502" data-linked-resource-container-version="24">CVE-2014-0110</a>: Large invalid content could cause temporary space to fill</
li><li><a shape="rect" href="security-advisories.data/CVE-2014-0034.txt.asc?version=1&modificationDate=1398873385000&api=v2" data-linked-resource-id="40895140" data-linked-resource-version="1" data-linked-resource-type="attachment" data-linked-resource-default-alias="CVE-2014-0034.txt.asc" data-nice-type="Text File" data-linked-resource-content-type="text/plain" data-linked-resource-container-id="27837502" data-linked-resource-container-version="24">CVE-2014-0034</a>: The SecurityTokenService accepts certain invalid SAML Tokens as valid</li><li><a shape="rect" href="security-advisories.data/CVE-2014-0035.txt.asc?version=1&modificationDate=1398873391000&api=v2" data-linked-resource-id="40895141" data-linked-resource-version="1" data-linked-resource-type="attachment" data-linked-resource-default-alias="CVE-2014-0035.txt.asc" data-nice-type="Text File" data-linked-resource-content-type="text/plain" data-linked-resource-container-id="27837502" data-linked-resource-contai
ner-version="24">CVE-2014-0035</a>: UsernameTokens are sent in plaintext with a Symmetric EncryptBeforeSigning policy</li></ul><h3 id="SecurityAdvisories-2013">2013</h3><ul><li><a shape="rect" href="security-advisories.data/CVE-2013-2160.txt.asc?version=1&modificationDate=1372324301000&api=v2" data-linked-resource-id="33095710" data-linked-resource-version="1" data-linked-resource-type="attachment" data-linked-resource-default-alias="CVE-2013-2160.txt.asc" data-nice-type="Text File" data-linked-resource-content-type="text/plain" data-linked-resource-container-id="27837502" data-linked-resource-container-version="24">CVE-2013-2160</a> - Denial of Service Attacks on Apache CXF</li><li><a shape="rect" href="cve-2012-5575.html">Note on CVE-2012-5575</a> - XML Encryption backwards compatibility attack on Apache CXF.</li><li><a shape="rect" href="cve-2013-0239.html">CVE-2013-0239</a> - Authentication bypass in the case of WS-SecurityPolicy enabled plaintext UsernameTokens.</li></u
l><h3 id="SecurityAdvisories-2012">2012</h3><ul><li><a shape="rect" href="cve-2012-5633.html">CVE-2012-5633</a> - WSS4JInInterceptor always allows HTTP Get requests from browser.</li><li><a shape="rect" href="note-on-cve-2011-2487.html">Note on CVE-2011-2487</a> - Bleichenbacher attack against distributed symmetric key in WS-Security.</li><li><a shape="rect" href="cve-2012-3451.html">CVE-2012-3451</a> - Apache CXF is vulnerable to SOAP Action spoofing attacks on Document Literal web services.</li><li><a shape="rect" href="cve-2012-2379.html">CVE-2012-2379</a> - Apache CXF does not verify that elements were signed or encrypted by a particular Supporting Token.</li><li><a shape="rect" href="cve-2012-2378.html">CVE-2012-2378</a> - Apache CXF does not pick up some child policies of WS-SecurityPolicy 1.1 SupportingToken policy assertions on the client side.</li><li><a shape="rect" href="note-on-cve-2011-1096.html">Note on CVE-2011-1096</a> - XML Encryption flaw / Character pattern encodi
ng attack.</li><li><a shape="rect" href="cve-2012-0803.html">CVE-2012-0803</a> - Apache CXF does not validate UsernameToken policies correctly.</li></ul><h3 id="SecurityAdvisories-2010">2010</h3><ul><li><a shape="rect" class="external-link" href="http://svn.apache.org/repos/asf/cxf/trunk/security/CVE-2010-2076.pdf">CVE-2010-2076</a> - DTD based XML attacks.</li></ul></div>
</div>
<!-- Content -->
</td>