dev

Messages by Thread

[PR] strip cr/lf from attachment part headers in writeHeaders [cxf] via GitHub
[PR] Bump org.jvnet.jaxb:jaxb-plugins from 4.0.15 to 4.0.16 [cxf] via GitHub
- Re: [PR] Bump org.jvnet.jaxb:jaxb-plugins from 4.0.15 to 4.0.16 [cxf] via GitHub
[PR] Bump org.atmosphere:atmosphere-runtime from 3.1.0 to 4.0.51 [cxf] via GitHub
[PR] Bump jaxen:jaxen from 2.0.5 to 2.0.6 [cxf] via GitHub
- Re: [PR] Bump jaxen:jaxen from 2.0.5 to 2.0.6 [cxf] via GitHub
[PR] Bump org.glassfish.grizzly:grizzly-http-server from 5.0.1 to 5.0.2 [cxf] via GitHub
- Re: [PR] Bump org.glassfish.grizzly:grizzly-http-server from 5.0.1 to 5.0.2 [cxf] via GitHub
CVE-2026-50645: Apache CXF: No restriction on attachment headers per message Colm O hEigeartaigh
CVE-2026-50634: Apache CXF: WS JSON request filter trusts metadata from an unvalidated first signature entry Colm O hEigeartaigh
CVE-2026-50633: Apache CXF: JNDI Injection vulnerability in DispatchMDBMessageListenerImpl Colm O hEigeartaigh
CVE-2026-50632: Apache CXF: JNDI Injection Vulnerability in JMSConfigFactory Colm O hEigeartaigh
CVE-2026-50631: Apache CXF: OAuth2: TOCTOU Race Condition in Refresh Token Processing Colm O hEigeartaigh
CVE-2026-50630: Apache CXF: OAuth2: HTTP Response Splitting via WWW-Authenticate Realm Injection Colm O hEigeartaigh
CVE-2026-50629: Apache CXF: OAuth2: Log Injection via Unsanitized Client Identifier Colm O hEigeartaigh
CVE-2026-50628: Apache CXF: OAuth2: Inverted IP Binding Check Defeats Security Control Colm O hEigeartaigh
CVE-2026-50627: Apache CXF: OAuth2: Missing JWT Audience and Issuer Validation in Access Token Validator Colm O hEigeartaigh
CVE-2026-50623: Apache CXF: Authentication Bypass in OAuth2 TokenIntrospectionService Colm O hEigeartaigh
CVE-2026-49875: Apache CXF: XML External Entity (XXE) Injection in W3CMultiSchemaFactory and EndpointReferenceUtils Colm O hEigeartaigh
[PR] Bump org.atmosphere:atmosphere-runtime from 3.1.0 to 4.0.50 [cxf] via GitHub
- Re: [PR] Bump org.atmosphere:atmosphere-runtime from 3.1.0 to 4.0.50 [cxf] via GitHub
- Re: [PR] Bump org.atmosphere:atmosphere-runtime from 3.1.0 to 4.0.50 [cxf] via GitHub
[PR] Bump cxf.opentelemetry.version from 1.62.0 to 1.63.0 [cxf] via GitHub
- Re: [PR] Bump cxf.opentelemetry.version from 1.62.0 to 1.63.0 [cxf] via GitHub
[PR] Bump com.sun.xml.messaging.saaj:saaj-impl from 3.0.5 to 3.0.6 [cxf] via GitHub
- Re: [PR] Bump com.sun.xml.messaging.saaj:saaj-impl from 3.0.5 to 3.0.6 [cxf] via GitHub
[PR] Bump com.sun.xml.ws:jaxws-rt from 4.0.4 to 4.0.5 [cxf] via GitHub
- Re: [PR] Bump com.sun.xml.ws:jaxws-rt from 4.0.4 to 4.0.5 [cxf] via GitHub
[PR] Bump org.eclipse.jdt:org.eclipse.jdt.core from 3.45.0 to 3.46.0 [cxf-xjc-utils] via GitHub
- Re: [PR] Bump org.eclipse.jdt:org.eclipse.jdt.core from 3.45.0 to 3.46.0 [cxf-xjc-utils] via GitHub
[PR] Bump org.jacoco:jacoco-maven-plugin from 0.8.14 to 0.8.15 [cxf] via GitHub
- Re: [PR] Bump org.jacoco:jacoco-maven-plugin from 0.8.14 to 0.8.15 [cxf] via GitHub
[PR] Bump org.apache.maven.plugins:maven-dependency-plugin from 3.10.0 to 3.11.0 [cxf] via GitHub
- Re: [PR] Bump org.apache.maven.plugins:maven-dependency-plugin from 3.10.0 to 3.11.0 [cxf] via GitHub
[PR] Bump cxf.jackson.version from 3.1.4 to 3.2.0 [cxf] via GitHub
- Re: [PR] Bump cxf.jackson.version from 3.1.4 to 3.2.0 [cxf] via GitHub
[PR] Fix Mockito agent warnings [cxf] via GitHub
- Re: [PR] Fix Mockito agent warnings [cxf] via GitHub
- Re: [PR] Fix Mockito agent warnings [cxf] via GitHub
[PR] Bump jakarta.json.bind:jakarta.json.bind-api from 3.0.1 to 3.0.2 [cxf] via GitHub
- Re: [PR] Bump jakarta.json.bind:jakarta.json.bind-api from 3.0.1 to 3.0.2 [cxf] via GitHub
[PR] Bump jaxen:jaxen from 2.0.4 to 2.0.5 [cxf] via GitHub
- Re: [PR] Bump jaxen:jaxen from 2.0.4 to 2.0.5 [cxf] via GitHub
[PR] Bump net.sourceforge.pmd:pmd-java from 7.24.0 to 7.25.0 [cxf] via GitHub
- Re: [PR] Bump net.sourceforge.pmd:pmd-java from 7.24.0 to 7.25.0 [cxf] via GitHub
[PR] Bump org.eclipse.parsson:parsson from 1.1.7 to 1.1.9 [cxf] via GitHub
- Re: [PR] Bump org.eclipse.parsson:parsson from 1.1.7 to 1.1.9 [cxf] via GitHub
[PR] Bump github/codeql-action from 4.36.0 to 4.36.1 [cxf-build-utils] via GitHub
- Re: [PR] Bump github/codeql-action from 4.36.0 to 4.36.1 [cxf-build-utils] via GitHub
[PR] Bump actions/checkout from 6.0.2 to 6.0.3 [cxf-build-utils] via GitHub
- Re: [PR] Bump actions/checkout from 6.0.2 to 6.0.3 [cxf-build-utils] via GitHub
[PR] Configure GitHub workflows to use concurrency cancel-in-progress for [cxf] via GitHub
- Re: [PR] Configure GitHub workflows to use concurrency cancel-in-progress for [cxf] via GitHub
- Re: [PR] Configure GitHub workflows to use concurrency cancel-in-progress for [cxf] via GitHub
[PR] Bump github/codeql-action from 4.35.4 to 4.36.1 [cxf-fediz] via GitHub
[PR] Bump actions/checkout from 6.0.2 to 6.0.3 [cxf-fediz] via GitHub
[PR] Bump ch.qos.logback:logback-classic from 1.5.33 to 1.5.34 [cxf] via GitHub
- Re: [PR] Bump ch.qos.logback:logback-classic from 1.5.33 to 1.5.34 [cxf] via GitHub
[PR] Bump actions/checkout from 6.0.2 to 6.0.3 [cxf] via GitHub
- Re: [PR] Bump actions/checkout from 6.0.2 to 6.0.3 [cxf] via GitHub
[PR] Bump github/codeql-action from 4.36.0 to 4.36.1 [cxf] via GitHub
- Re: [PR] Bump github/codeql-action from 4.36.0 to 4.36.1 [cxf] via GitHub
[PR] Bump org.jboss.ws.cxf:jbossws-cxf-client from 7.3.8.Final to 7.4.0.Final [cxf] via GitHub
- Re: [PR] Bump org.jboss.ws.cxf:jbossws-cxf-client from 7.3.8.Final to 7.4.0.Final [cxf] via GitHub
[PR] Bump org.apache.mina:mina-core from 2.2.7 to 2.2.8 [cxf] via GitHub
- Re: [PR] Bump org.apache.mina:mina-core from 2.2.7 to 2.2.8 [cxf] via GitHub
[PR] Bump org.graalvm.buildtools:native-maven-plugin from 1.1.0 to 1.1.1 [cxf] via GitHub
- Re: [PR] Bump org.graalvm.buildtools:native-maven-plugin from 1.1.0 to 1.1.1 [cxf] via GitHub
[PR] Bump github/codeql-action from 4.36.0 to 4.36.1 [cxf-xjc-utils] via GitHub
- Re: [PR] Bump github/codeql-action from 4.36.0 to 4.36.1 [cxf-xjc-utils] via GitHub
[PR] Add sensible default value to attachment-max-size property [cxf] via GitHub
- Re: [PR] Add sensible default value to attachment-max-size property [cxf] via GitHub
- Re: [PR] Add sensible default value to attachment-max-size property [cxf] via GitHub
- Re: [PR] Add sensible default value to attachment-max-size property [cxf] via GitHub
[PR] Removing deprecated junit ExpectedException.none [cxf] via GitHub
- Re: [PR] Removing deprecated junit ExpectedException.none [cxf] via GitHub
[VOTE] Release CXF 4.2.2 and 4.1.7 Freeman Fang
- [VOTE] Release CXF 4.2.2 and 4.1.7 Freeman Fang
- Re: [VOTE] Release CXF 4.2.2 and 4.1.7 Alexey Markevich
- Re: [VOTE] Release CXF 4.2.2 and 4.1.7 Francesco Chicchiriccò
- Re: [VOTE] Release CXF 4.2.2 and 4.1.7 Andriy Redko
- Re: [VOTE] Release CXF 4.2.2 and 4.1.7 Colm O hEigeartaigh
- Re: [VOTE] Release CXF 4.2.2 and 4.1.7 jgenender
- Re: [VOTE] Release CXF 4.2.2 and 4.1.7 Dennis Kieselhorst
- Re: [VOTE] Release CXF 4.2.2 and 4.1.7 Jamie G.
- Re: [VOTE] Release CXF 4.2.2 and 4.1.7 Jim Ma
- Re: [VOTE] Release CXF 4.2.2 and 4.1.7 Freeman Fang
- Re: [VOTE] Release CXF 4.2.2 and 4.1.7 Freeman Fang
[PR] Bump net.sourceforge.pmd:pmd-core from 7.24.0 to 7.25.0 [cxf] via GitHub
- Re: [PR] Bump net.sourceforge.pmd:pmd-core from 7.24.0 to 7.25.0 [cxf] via GitHub
[PR] Bump org.jboss.ws:jbossws-api from 3.0.0.Final to 3.1.0.Final [cxf] via GitHub
- Re: [PR] Bump org.jboss.ws:jbossws-api from 3.0.0.Final to 3.1.0.Final [cxf] via GitHub
[PR] Bump com.puppycrawl.tools:checkstyle from 13.4.2 to 13.5.0 [cxf] via GitHub
- Re: [PR] Bump com.puppycrawl.tools:checkstyle from 13.4.2 to 13.5.0 [cxf] via GitHub
[PR] Bump ch.qos.logback:logback-classic from 1.5.32 to 1.5.33 [cxf] via GitHub
- Re: [PR] Bump ch.qos.logback:logback-classic from 1.5.32 to 1.5.33 [cxf] via GitHub
[PR] Bump com.puppycrawl.tools:checkstyle from 12.3.1 to 13.5.0 [cxf-xjc-utils] via GitHub
- Re: [PR] Bump com.puppycrawl.tools:checkstyle from 12.3.1 to 13.5.0 [cxf-xjc-utils] via GitHub
- Re: [PR] Bump com.puppycrawl.tools:checkstyle from 12.3.1 to 13.5.0 [cxf-xjc-utils] via GitHub
[PR] compare username token password and digest in constant time [cxf] via GitHub
- Re: [PR] compare username token password and digest in constant time [cxf] via GitHub
- Re: [PR] compare username token password and digest in constant time [cxf] via GitHub
[PR] Bump org.glassfish.jaxb:jaxb-xjc from 4.0.8 to 4.0.9 [cxf] via GitHub
- Re: [PR] Bump org.glassfish.jaxb:jaxb-xjc from 4.0.8 to 4.0.9 [cxf] via GitHub
- Re: [PR] Bump org.glassfish.jaxb:jaxb-xjc from 4.0.8 to 4.0.9 [cxf] via GitHub
- Re: [PR] Bump org.glassfish.jaxb:jaxb-xjc from 4.0.8 to 4.0.9 [cxf] via GitHub
[PR] Bump tools.jackson.core:jackson-databind from 3.1.3 to 3.1.4 [cxf] via GitHub
- Re: [PR] Bump tools.jackson.core:jackson-databind from 3.1.3 to 3.1.4 [cxf] via GitHub
- Re: [PR] Bump tools.jackson.core:jackson-databind from 3.1.3 to 3.1.4 [cxf] via GitHub
[PR] Bump org.webjars:swagger-ui from 5.32.5 to 5.32.6 [cxf] via GitHub
- Re: [PR] Bump org.webjars:swagger-ui from 5.32.5 to 5.32.6 [cxf] via GitHub
[PR] Bump org.sonarsource.scanner.maven:sonar-maven-plugin from 5.6.0.6792 to 5.7.0.6970 [cxf] via GitHub
- Re: [PR] Bump org.sonarsource.scanner.maven:sonar-maven-plugin from 5.6.0.6792 to 5.7.0.6970 [cxf] via GitHub
[PR] Introduce default value for maxFormParameterCount [cxf] via GitHub
- Re: [PR] Introduce default value for maxFormParameterCount [cxf] via GitHub
[PR] Bump org.atmosphere:atmosphere-runtime from 3.1.0 to 4.0.49 [cxf] via GitHub
- Re: [PR] Bump org.atmosphere:atmosphere-runtime from 3.1.0 to 4.0.49 [cxf] via GitHub
- Re: [PR] Bump org.atmosphere:atmosphere-runtime from 3.1.0 to 4.0.49 [cxf] via GitHub
[PR] Bump jaxen:jaxen from 2.0.3 to 2.0.4 [cxf] via GitHub
- Re: [PR] Bump jaxen:jaxen from 2.0.3 to 2.0.4 [cxf] via GitHub
[PR] Bump cxf.hibernate.em.version from 7.3.6.Final to 7.4.0.Final [cxf] via GitHub
- Re: [PR] Bump cxf.hibernate.em.version from 7.3.6.Final to 7.4.0.Final [cxf] via GitHub
[PR] Bump cxf.dropwizard4.version from 4.2.38 to 4.2.39 [cxf] via GitHub
- Re: [PR] Bump cxf.dropwizard4.version from 4.2.38 to 4.2.39 [cxf] via GitHub
[PR] Bump jaxb-runtime-version from 4.0.8 to 4.0.9 [cxf-xjc-utils] via GitHub
- Re: [PR] Bump jaxb-runtime-version from 4.0.8 to 4.0.9 [cxf-xjc-utils] via GitHub
[PR] Bump github/codeql-action from 4.35.5 to 4.36.0 [cxf-build-utils] via GitHub
- Re: [PR] Bump github/codeql-action from 4.35.5 to 4.36.0 [cxf-build-utils] via GitHub
[PR] Bump org.apache.maven.plugins:maven-surefire-plugin from 3.5.5 to 3.5.6 [cxf-build-utils] via GitHub
- Re: [PR] Bump org.apache.maven.plugins:maven-surefire-plugin from 3.5.5 to 3.5.6 [cxf-build-utils] via GitHub
[PR] Bump org.apache.maven.plugins:maven-surefire-report-plugin from 3.5.5 to 3.5.6 [cxf-build-utils] via GitHub
- Re: [PR] Bump org.apache.maven.plugins:maven-surefire-report-plugin from 3.5.5 to 3.5.6 [cxf-build-utils] via GitHub
[PR] Bump net.sourceforge.pmd:pmd-java from 7.24.0 to 7.25.0 [cxf-build-utils] via GitHub
- Re: [PR] Bump net.sourceforge.pmd:pmd-java from 7.24.0 to 7.25.0 [cxf-build-utils] via GitHub
[PR] Bump actions/checkout from 6 to 6.0.2 [cxf-build-utils] via GitHub
- Re: [PR] Bump actions/checkout from 6 to 6.0.2 [cxf-build-utils] via GitHub
[PR] Add default constraints on the number of JSON objects/array entries t… [cxf] via GitHub
- Re: [PR] Add default constraints on the number of JSON objects/array entries t… [cxf] via GitHub
[PR] Get the headers from the validated signature entry [cxf] via GitHub
- Re: [PR] Get the headers from the validated signature entry [cxf] via GitHub
[PR] Bump github/codeql-action from 4.35.4 to 4.36.0 [cxf-fediz] via GitHub
- Re: [PR] Bump github/codeql-action from 4.35.4 to 4.36.0 [cxf-fediz] via GitHub
- Re: [PR] Bump github/codeql-action from 4.35.4 to 4.36.0 [cxf-fediz] via GitHub
[PR] compare pkce code verifier and client secret hash in constant time [cxf] via GitHub
- Re: [PR] compare pkce code verifier and client secret hash in constant time [cxf] via GitHub
- Re: [PR] compare pkce code verifier and client secret hash in constant time [cxf] via GitHub
- Re: [PR] compare pkce code verifier and client secret hash in constant time [cxf] via GitHub
[PR] Harden JNDI for integration/jca [cxf] via GitHub
- Re: [PR] Harden JNDI for integration/jca [cxf] via GitHub
[PR] Properly handle nested arrays in json parsing [cxf] via GitHub
- Re: [PR] Properly handle nested arrays in json parsing [cxf] via GitHub
- Re: [PR] Properly handle nested arrays in json parsing [cxf] via GitHub
- Re: [PR] Properly handle nested arrays in json parsing [cxf] via GitHub
[PR] escape raw quotes after an escaped backslash in escapeJson [cxf] via GitHub
- Re: [PR] escape raw quotes after an escaped backslash in escapeJson [cxf] via GitHub
- Re: [PR] escape raw quotes after an escaped backslash in escapeJson [cxf] via GitHub
[PR] require azp when oidc id token has multiple audiences [cxf] via GitHub
- Re: [PR] require azp when oidc id token has multiple audiences [cxf] via GitHub
- Re: [PR] require azp when oidc id token has multiple audiences [cxf] via GitHub
- Re: [PR] require azp when oidc id token has multiple audiences [cxf] via GitHub
[PR] compare oauth2 secret tokens with constant-time MessageDigest.isEqual [cxf] via GitHub
- Re: [PR] compare oauth2 secret tokens with constant-time MessageDigest.isEqual [cxf] via GitHub
- Re: [PR] compare oauth2 secret tokens with constant-time MessageDigest.isEqual [cxf] via GitHub
- Re: [PR] compare oauth2 secret tokens with constant-time MessageDigest.isEqual [cxf] via GitHub
[PR] Bump org.atmosphere:atmosphere-runtime from 3.1.0 to 4.0.48 [cxf] via GitHub
- Re: [PR] Bump org.atmosphere:atmosphere-runtime from 3.1.0 to 4.0.48 [cxf] via GitHub
- Re: [PR] Bump org.atmosphere:atmosphere-runtime from 3.1.0 to 4.0.48 [cxf] via GitHub
[PR] Bump org.apache.maven.plugins:maven-surefire-report-plugin from 3.5.5 to 3.5.6 [cxf] via GitHub
- Re: [PR] Bump org.apache.maven.plugins:maven-surefire-report-plugin from 3.5.5 to 3.5.6 [cxf] via GitHub
[PR] Bump cxf.dropwizard5.version from 5.0.6 to 5.0.7 [cxf] via GitHub
- Re: [PR] Bump cxf.dropwizard5.version from 5.0.6 to 5.0.7 [cxf] via GitHub
[PR] Bump github/codeql-action from 4.35.5 to 4.36.0 [cxf] via GitHub
- Re: [PR] Bump github/codeql-action from 4.35.5 to 4.36.0 [cxf] via GitHub
[PR] Bump org.apache.maven.plugins:maven-surefire-plugin from 3.5.5 to 3.5.6 [cxf] via GitHub
- Re: [PR] Bump org.apache.maven.plugins:maven-surefire-plugin from 3.5.5 to 3.5.6 [cxf] via GitHub
[PR] Bump github/codeql-action from 4.35.5 to 4.36.0 [cxf-xjc-utils] via GitHub
- Re: [PR] Bump github/codeql-action from 4.35.5 to 4.36.0 [cxf-xjc-utils] via GitHub
[PR] Bump org.apache.maven.plugins:maven-dependency-plugin from 3.10.0 to 3.11.0 [cxf-xjc-utils] via GitHub
- Re: [PR] Bump org.apache.maven.plugins:maven-dependency-plugin from 3.10.0 to 3.11.0 [cxf-xjc-utils] via GitHub
[PR] Bump org.apache.maven.plugins:maven-surefire-plugin from 3.5.5 to 3.5.6 [cxf-xjc-utils] via GitHub
- Re: [PR] Bump org.apache.maven.plugins:maven-surefire-plugin from 3.5.5 to 3.5.6 [cxf-xjc-utils] via GitHub
[PR] Bump org.apache.maven.plugins:maven-surefire-report-plugin from 3.5.5 to 3.5.6 [cxf-xjc-utils] via GitHub
- Re: [PR] Bump org.apache.maven.plugins:maven-surefire-report-plugin from 3.5.5 to 3.5.6 [cxf-xjc-utils] via GitHub
[PR] Add limit to the maximum number of attachment headers to be collected [cxf] via GitHub
- Re: [PR] Add limit to the maximum number of attachment headers to be collected [cxf] via GitHub
[PR] Add SECURITY.md + AGENTS.md pointing at the CXF umbrella threat model for discoverability [cxf-xjc-utils] via GitHub
- Re: [PR] Add SECURITY.md + AGENTS.md pointing at the CXF umbrella threat model for discoverability [cxf-xjc-utils] via GitHub
[PR] Add SECURITY.md + AGENTS.md pointing at the CXF umbrella threat model for discoverability [cxf-build-utils] via GitHub
- Re: [PR] Add SECURITY.md + AGENTS.md pointing at the CXF umbrella threat model for discoverability [cxf-build-utils] via GitHub
[PR] Add draft threat model + AGENTS.md and link from SECURITY.md for security-model discoverability [cxf-fediz] via GitHub
[PR] Add umbrella threat model + AGENTS.md and link from SECURITY.md for security-model discoverability [cxf] via GitHub
- Re: [PR] Add umbrella threat model + AGENTS.md and link from SECURITY.md for security-model discoverability [cxf] via GitHub
- Re: [PR] Add umbrella threat model + AGENTS.md and link from SECURITY.md for security-model discoverability [cxf] via GitHub
- Re: [PR] Add umbrella threat model + AGENTS.md and link from SECURITY.md for security-model discoverability [cxf] via GitHub
- Re: [PR] Add umbrella threat model + AGENTS.md and link from SECURITY.md for security-model discoverability [cxf] via GitHub
[PR] More SchemaFactory hardenings [cxf] via GitHub
- Re: [PR] More SchemaFactory hardenings [cxf] via GitHub
- Re: [PR] More SchemaFactory hardenings [cxf] via GitHub
- Re: [PR] More SchemaFactory hardenings [cxf] via GitHub
- Re: [PR] More SchemaFactory hardenings [cxf] via GitHub

Earlier messages