Apache CXF 3.1.16 Release Notes

1. Overview

The 3.1.x versions of Apache CXF is a significant new version of CXF 
that provides several new features and enhancements.  

New features include: 

* New Metrics feature for collecting metrics about a CXF services.  
* New Throttling feature for easily throttling CXF services.  
* New Logging feature for more advanced logging than the logging 
  available in cxf-core
* New Metadata service for SAML SSO to allow you to publish SAML SSO 
  metadata for your service provider.
* Enhancements to the code generator to be more "Java7" friendly
* Update to OpenSAML 3.0
* Support for Karaf 4, Jetty 9

Important notes:
CXF 3.1.x no longer supports Java 6.   You must upgrade to Java 7 or later.

Users are encourage to review the migration guide at:
http://cxf.apache.org/docs/31-migration-guide.html
for further information and requirements for upgrading from earlier
versions of CXF.

3.1.16 fixes over 28 JIRA issues reported by users and the community.


2. Installation Prerequisites 

Before installing Apache CXF, make sure the following products,
with the specified versions, are installed on your system:

    * Java 7 Development Kit
    * Apache Maven 3.x to build the samples


3.  Integrating CXF Into Your Application

If you use Maven to build your application, you need merely add
appropriate dependencies. See the pom.xml files in the samples.

If you don't use Maven, you'll need to add one or more jars to your
classpath. The file lib/WHICH_JARS should help you decide which 
jars you need.

4. Building the Samples

Building the samples included in the binary distribution is easy. Change to
the samples directory and follow the build instructions in the README.txt file 
included with each sample.

5. Reporting Problems

If you have any problems or want to send feedback of any kind, please e-mail the
CXF dev list, dev@cxf.apache.org.  You can also file issues in JIRA at:

http://issues.apache.org/jira/browse/CXF

6. Migration notes:

See the migration guide at:
http://cxf.apache.org/docs/31-migration-guide.html
for caveats when upgrading from CXF 2.7.x and 3.0.x
to 3.1.



7. Specific issues, features, and improvements fixed in this version

** Bug
* [CXF-6324] - cxf-codegen-plugin|cxf-java2ws-plugin: classifier ignored when there are more then one wsdl with different classifier is involved
* [CXF-7317] - Non-URL encoded Content-Id href does not seem be serialized by CXF's AttachmentSerializer
* [CXF-7682] - context.get(MessageContext.HTTP_REQUEST_HEADERS) always returns null for client
* [CXF-7684] - Base64 encoding in AttachmentSerializer does not create correct output for large attachments
* [CXF-7686] - WSS4JStaxOutInterceptor with WSSSecurityProperties doesn't work with LoggingOutInterceptor
* [CXF-7687] - AuthorizationPolicy: AuthorizationType="Bearer" has no effect
* [CXF-7688] - AttachmentDeserializer does not respect "org.apache.cxf.io.CachedOutputStream.Threshold" -property
* [CXF-7691] - Can't add multiple instances of the same security interceptor to the same interceptor chain
* [CXF-7700] - LoggingOutInterceptor doesn't write message body if encoding wasn't set
* [CXF-7705] - Use Java EL api and impl bundle from Servicemix for cxf-bean-validation feature
* [CXF-7716] - IBM Performance Team has found several performance increases
* [CXF-7721] - JwkUtils throws NPE if Message is null
* [CXF-7734] - Swagger2Feature - application/octet-stream media type is returned for index.html
* [CXF-7736] - DispatchImpl doesn't work for an empty Source
* [CXF-7740] - add NPE guard for SAAJStreamWriter
* [CXF-7747] - FileUtils.maybeDeleteDefaultTempDir causes an IllegalStateException if it tries to remove the shutdown hook while the JVM is already shutting down
* [CXF-7751] - Codegen plugin can't work with empty extraarg tag
* [CXF-7754] - WrappedAttachments.toArray failure
* [CXF-7758] - MTOM + SchemaValidation results in empty input stream from data handler

** Improvement
* [CXF-7640] -  Create a form to set the use of Spring in the classHelper on a per client way
* [CXF-7672] - PrimitiveTextProvider: support java.net.URI and java.net.URL
* [CXF-7678] - Fluent setters support in Beanspector
* [CXF-7693] - Allow JWT audience claims validation not RFC 7519 compliant
* [CXF-7704] - False positive warning log: "Unable to recognize the addressing policy"
* [CXF-7711] - Allow providing CXF compiler instance to be used in JavaToWS
* [CXF-7733] - Support different signature algorithms for the SAML SSO filters
* [CXF-7752] - CVE-2018-5968 and CVE-2018-7489

** Task
* [CXF-7756] - JAASLoginInterceptor with server continuation enabled will cause the interceptor before ServiceInvokerInterceptor get invoked twice

