HI Team, We have recently figured out a critical security vulnerability for spring-framework that is embedded within CXF package - the same has been addressed via ticket https://issues.apache.org/jira/browse/CXF-9016 which is expected to be available in next release versions 3.5.9 <https://issues.apache.org/jira/issues/?jql=project+%3D+CXF+AND+fixVersion+%3D+3.5.9> , 4.1.0 <https://issues.apache.org/jira/issues/?jql=project+%3D+CXF+AND+fixVersion+%3D+4.1.0> , 4.0.5 <https://issues.apache.org/jira/issues/?jql=project+%3D+CXF+AND+fixVersion+%3D+4.0.5> , 3.6.4 <https://issues.apache.org/jira/issues/?jql=project+%3D+CXF+AND+fixVersion+%3D+3.6.4> Could you please provide any update (if possible) on the timelines for these versions ? Particularly version 3.5.9 ?
Thank you in advance. Regards, Nikhil
