Apache CXF 3.1.15 Release Notes

1. Overview

The 3.1.x versions of Apache CXF is a significant new version of CXF 
that provides several new features and enhancements.  

New features include: 

* New Metrics feature for collecting metrics about a CXF services.  
* New Throttling feature for easily throttling CXF services.  
* New Logging feature for more advanced logging than the logging 
  available in cxf-core
* New Metadata service for SAML SSO to allow you to publish SAML SSO 
  metadata for your service provider.
* Enhancements to the code generator to be more "Java7" friendly
* Update to OpenSAML 3.0
* Support for Karaf 4, Jetty 9

Important notes:
CXF 3.1.x no longer supports Java 6.   You must upgrade to Java 7 or later.

Users are encourage to review the migration guide at:
http://cxf.apache.org/docs/31-migration-guide.html
for further information and requirements for upgrading from earlier
versions of CXF.

3.1.15 fixes over 55 JIRA issues reported by users and the community.


2. Installation Prerequisites 

Before installing Apache CXF, make sure the following products,
with the specified versions, are installed on your system:

    * Java 7 Development Kit
    * Apache Maven 3.x to build the samples


3.  Integrating CXF Into Your Application

If you use Maven to build your application, you need merely add
appropriate dependencies. See the pom.xml files in the samples.

If you don't use Maven, you'll need to add one or more jars to your
classpath. The file lib/WHICH_JARS should help you decide which 
jars you need.

4. Building the Samples

Building the samples included in the binary distribution is easy. Change to
the samples directory and follow the build instructions in the README.txt file 
included with each sample.

5. Reporting Problems

If you have any problems or want to send feedback of any kind, please e-mail the
CXF dev list, dev@cxf.apache.org.  You can also file issues in JIRA at:

http://issues.apache.org/jira/browse/CXF

6. Migration notes:

See the migration guide at:
http://cxf.apache.org/docs/31-migration-guide.html
for caveats when upgrading from CXF 2.7.x and 3.0.x
to 3.1.



7. Specific issues, features, and improvements fixed in this version

** Bug
* [CXF-5051] - ProtectTokens assertion is not respected for SAML tokens
* [CXF-6134] - Apache CXF generating constructor with duplicate argument names causing compilation error
* [CXF-6811] - org.apache.cxf.common.util.ClassHelper.getJavaVersion() method will fail on JDK9
* [CXF-7048] - Response does not include SequenceAcknowledgement
* [CXF-7389] - JAXRSUtils warning logs
* [CXF-7473] - ExceptionMapper class hierarchies: incompatible ExceptionMapper selected
* [CXF-7508] - WSRM - CloseSequenceResponse does not have acknowledgments
* [CXF-7518] - Loggers logs request twice in case of Fault
* [CXF-7522] - WSRM - Exponential backoff not configurable for Redelivery
* [CXF-7527] - JAXRS UriInfo.getMatchedUris does return matched URIs twice for sub resources
* [CXF-7545] - Problem to generate WADL when a implementation of generic type is used
* [CXF-7547] - Problem to generate Java from WADL file when method id defined
* [CXF-7549] - Can't register Feature from inside another Feature in JAX-RS
* [CXF-7550] - StaxActionInInterceptor can't function completely with WSS4JStaxInInterceptor
* [CXF-7551] - Policy Based WSS4J Stax Interceptors may not be correctly initialized
* [CXF-7552] - wsdl2java fails on SwA WSDL using SOAP 1.2 Bindings
* [CXF-7553] - selectVariant doesn't take into account quality factors in Accept header
* [CXF-7555] - Failure to construct bean of org.apache.cxf.jaxrs.spring.SpringViewResolverProvider
* [CXF-7561] - CrossOriginResourceSharing annotation on a super interface is not interpreted
* [CXF-7562] - ext.logging: truncated flag not set
* [CXF-7572] - OAuth/OIDC endpoints in discovery document contains default ports
* [CXF-7573] - CXF Jose not closing Inpustream when loading Keystore
* [CXF-7575] - @Suspended race condition
* [CXF-7578] - WS-Trust Secured Request casts SecretKeySpec to PrivateKey
* [CXF-7581] - SwaggerUIResourceFilter doesn't allow call to service endpoint
* [CXF-7584] - proxy client: forbid empty path param
* [CXF-7585] - base64 attachment encoding does not close the InputSteam
* [CXF-7587] - JAXRS Server fails to serve requests when context path ends with asterisk '*' caracter
* [CXF-7588] - SAML audience restriction validation is enabled by default for REST services
* [CXF-7592] - Wrong JAX-RS 2.1 request filter handling for IOException
* [CXF-7593] - Application is not visible in Feature.configure
* [CXF-7595] - Swagger2Feature - inputstream of stream swagger.properties after loading not closed
* [CXF-7596] - ClassNotFoundException: javax.net.SocketFactory not found by org.apache.cxf.cxf-rt-transports-http
* [CXF-7597] - Suspicious calls to ClassLoader.findResource when resolving absolute base and actual URIs
* [CXF-7604] - Change to "Error occurred during error handling, give up!" message
* [CXF-7607] - JAXRS only consider the first "Accept" header in the request
* [CXF-7608] - [brave feature] Propagate trace ids as it lets log correlation to be consistent even if not sampling
* [CXF-7613] - Support Derived keys policy validation for EndorsingSupportingTokens
* [CXF-7629] - When registering a provider that implements MessageBodyReader and MessageBodyWriter interfaces through a Feature CXF ignores the interfaces in the contract and registers them all
* [CXF-7630] - NameBindings are ignored for (at least) ContextResponseFilters
* [CXF-7637] - Using SwaggerToOpenApiConversionFilter with JAXRS extension mappings will never engage the filter
* [CXF-7653] - Null pointer in JaxwsResponseCallback
* [CXF-7654] - Swagger 2 document doesn't contain Info/BasePath on Karaf


** Improvement
* [CXF-7200] - wadl2java does not see generated classes with jaxb:nameXmlTransform
* [CXF-7471] - WSRM - Use createResendCandidate() instead of constructor directly
* [CXF-7558] - set retryInterval default value to 5 sec if not specify it in JMSConfiguration
* [CXF-7568] - Support JWE PBES encryption
* [CXF-7569] - PrimitiveTextProvider: support enums
* [CXF-7603] - private a way that only a set of client IP can access the WADL
* [CXF-7616] - Add support for (SAML) IssuedToken policy validation
* [CXF-7617] - Support Derived keys policy validation for endorsing IssuedTokens/SamlTokens
* [CXF-7619] - Support deprecated 1.5 WS-Policy URI in the STS
* [CXF-7652] - UriBuilderImpl: null-empty differentiation for query/matrix param
* [CXF-7661] - add isTimeout flag for Continutation so that we can easily know when the timeout happen outside CXF
* [CXF-7665] - Provide an easy way to set the TLSClientParameters on the STSClient client object
* [CXF-7667] - Don't add an STS operation in the DefaultSecurityTokenServiceProvider if no STSProperties are available







