Apache CXF 3.2.5 Release Notes

1. Overview

The 3.2.x versios of Apache CXF is a significant new version of CXF
that provides several new features and enhancements.  

New features include: 
* JAX-RS 2.1 (JSR370) support including the implementation of Reactive Client 
  and Server Sent Events API
* Enhanced Swagger2 support including new java2swagger Maven plugin
* WS-Transfer specification support
* Enhanced Tracing support with Brave
* Support for Spring Boot 2.x
* JAX-WS - support for per-operation schema validation configuration
* WSS4J Signatures can support MTOM attachments
* Preliminary support for running on Java 9  (no module support yet)
* New http-undertow transport

3.2.5 fixes over 50 JIRA issues reported by users and the community since 3.2.4.


Important notes:
CXF 3.2.x no longer supports Java 7.   You must upgrade to Java 8 or later.

Users are encouraged to review the migration guide at:
http://cxf.apache.org/docs/32-migration-guide.html
for further information and requirements for upgrading from earlier
versions of CXF.


2. Installation Prerequisites 

Before installing Apache CXF, make sure the following products,
with the specified versions, are installed on your system:

    * Java 8 Development Kit
    * Apache Maven 3.x to build the samples


3.  Integrating CXF Into Your Application

If you use Maven to build your application, you need merely add
appropriate dependencies. See the pom.xml files in the samples.

If you don't use Maven, you'll need to add one or more jars to your
classpath. The file lib/WHICH_JARS should help you decide which 
jars you need.

4. Building the Samples

Building the samples included in the binary distribution is easy. Change to
the samples directory and follow the build instructions in the README.txt file 
included with each sample.

5. Reporting Problems

If you have any problems or want to send feedback of any kind, please e-mail the
CXF dev list, dev@cxf.apache.org.  You can also file issues in JIRA at:

http://issues.apache.org/jira/browse/CXF

6. Migration notes:

See the migration guide at:
http://cxf.apache.org/docs/32-migration-guide.html
for caveats when upgrading.


7. Specific issues, features, and improvements fixed in this version


** Bug
* [CXF-6324] - cxf-codegen-plugin|cxf-java2ws-plugin: classifier ignored when there are more then one wsdl with different classifier is involved
* [CXF-6443] - CXF streaming-enabled web service cannot process MTOM/XOP-optimized content within a CipherValue element
* [CXF-6968] - WS-Security policies placed on bus level are not registered
* [CXF-7317] - Non-URL encoded Content-Id href does not seem be serialized by CXF's AttachmentSerializer
* [CXF-7363] - Support saaj-impl 1.4
* [CXF-7658] - SSE destinations unreachable deployed in OSGi
* [CXF-7682] - context.get(MessageContext.HTTP_REQUEST_HEADERS) always returns null for client
* [CXF-7683] - Codegen fails when using JDK10 with maven and cxf-plugin
* [CXF-7688] - AttachmentDeserializer does not respect "org.apache.cxf.io.CachedOutputStream.Threshold" -property
* [CXF-7689] - ensure don't have content-type|content-length as jms message headers when use REST on JMS Transport
* [CXF-7691] - Can't add multiple instances of the same security interceptor to the same interceptor chain
* [CXF-7692] - Swagger UI is not shown in OSGi deployment
* [CXF-7694] - spring boot jax-rs sample creates incorrect urls in swagger
* [CXF-7700] - LoggingOutInterceptor doesn't write message body if encoding wasn't set
* [CXF-7703] - Public constructor of SwaggerUiService takes package-private argument of SwaggerUiResourceLocator
* [CXF-7705] - Use Java EL api and impl bundle from Servicemix for cxf-bean-validation feature
* [CXF-7707] - JAXB doesn't (un)marshall property with @XmlElementRef
* [CXF-7708] - Options mark-generated and suppress-generated-date don't effect on generating Java classes
* [CXF-7713] - CLONE - JAXRS CTS/TCK issue:  register(...) should ignore components when invalid contracts are passed in
* [CXF-7716] - IBM Performance Team has found several performance increases
* [CXF-7720] - Header values are lost
* [CXF-7721] - JwkUtils throws NPE if Message is null
* [CXF-7726] - CircuitBreakerFailoverFeature should allow targetSelector to be set
* [CXF-7736] - DispatchImpl doesn't work for an empty Source
* [CXF-7737] - Missing setter in UndertowHTTPServerEngineFactoryHolder
* [CXF-7740] - add NPE guard for SAAJStreamWriter
* [CXF-7742] - CdiResourceProvider is not thread safe
* [CXF-7745] - NPE thrown from MAPAggregatorImpl when replyto is non-anonymous and faultto doesn't exists
* [CXF-7746] - Swagger2Feature - SwaggerUiResolver & JBoss 7.0 EAP
* [CXF-7747] - FileUtils.maybeDeleteDefaultTempDir causes an IllegalStateException if it tries to remove the shutdown hook while the JVM is already shutting down
* [CXF-7751] - Codegen plugin can't work with empty extraarg tag
* [CXF-7754] - WrappedAttachments.toArray failure
* [CXF-7758] - MTOM + SchemaValidation results in empty input stream from data handler

** New Feature
* [CXF-7743] - wadl2java: generate throws declaration for fault response

** Improvement
* [CXF-6857] - Provide CXF BOM
* [CXF-7600] - Add Automatic-Module-Name MANIFEST entry for Java 9 compatibility
* [CXF-7634] - Enrich support for Swagger Core 2.0 (OpenApi Spec 3.0)
* [CXF-7640] -  Create a form to set the use of Spring in the classHelper on a per client way
* [CXF-7693] - Allow JWT audience claims validation not RFC 7519 compliant
* [CXF-7701] - Encode JAX-RS Search query values for the LdapQueryVisitor
* [CXF-7702] - Remove methods in QueryContext that don't use a custom bean class
* [CXF-7704] - False positive warning log: "Unable to recognize the addressing policy"
* [CXF-7711] - Allow providing CXF compiler instance to be used in JavaToWS
* [CXF-7728] - Scan for OpenAPI config files
* [CXF-7729] - Merge duplicate Attribute elements within an AttributeStatement
* [CXF-7733] - Support different signature algorithms for the SAML SSO filters
* [CXF-7744] - CXF clients do not fall back to use the javax.net.ssl.trustStore System property
* [CXF-7750] - cxf parent pom should have dependencyManagement entries for cxf artifacts
* [CXF-7752] - CVE-2018-5968 and CVE-2018-7489

** Test
* [CXF-7715] - EmptySOAPBodyTest fails on master with Java 9

** Task
* [CXF-7756] - JAASLoginInterceptor with server continuation enabled will cause the interceptor before ServiceInvokerInterceptor get invoked twice
