Apache CXF 3.3.2 Release Notes

1. Overview

The 3.3.x versions of Apache CXF is a significant new version of CXF
that provides several new features and enhancements.  

New features include: 
* Support for signing HTTP messages via the HTTP Signature draft spec
   (https://tools.ietf.org/html/draft-cavage-http-signatures)
   in the cxf-rt-rs-security-http-signature module.
* Initial support for Java 11 - CXF has been built and tested with
  Java 11.   It is not using the Java 11 modules, but it can be built
  and the tests pass with Java 11.
* MicroProfile Rest Client v1.2 implementation


Important notes:
CXF 3.3.x no longer supports Java 7.   You must upgrade to Java 8 or later.

Users are encouraged to review the migration guide at:
http://cxf.apache.org/docs/33-migration-guide.html
for further information and requirements for upgrading from earlier
versions of CXF.

3.3.2 fixes over 31 JIRA issues reported by users and the community.



2. Installation Prerequisites 

Before installing Apache CXF, make sure the following products,
with the specified versions, are installed on your system:

    * Java 8 Development Kit
    * Apache Maven 3.x to build the samples


3.  Integrating CXF Into Your Application

If you use Maven to build your application, you need merely add
appropriate dependencies. See the pom.xml files in the samples.

If you don't use Maven, you'll need to add one or more jars to your
classpath. The file lib/WHICH_JARS should help you decide which 
jars you need.

4. Building the Samples

Building the samples included in the binary distribution is easy. Change to
the samples directory and follow the build instructions in the README.txt file 
included with each sample.

5. Reporting Problems

If you have any problems or want to send feedback of any kind, please e-mail the
CXF dev list, dev@cxf.apache.org.  You can also file issues in JIRA at:

http://issues.apache.org/jira/browse/CXF

6. Migration notes:

See the migration guide at:
http://cxf.apache.org/docs/33-migration-guide.html
for caveats when upgrading.

7. Specific issues, features, and improvements fixed in this version

** Bug
* [CXF-7885] - SOAP Action ignored by CXF JMS webservice method invoker
* [CXF-7960] - Exception when SOAP service URI contains whitespace
* [CXF-7971] - bin/scripts does't work on Java 11
* [CXF-7977] - http-undertow|http-jetty transport: Port 8282 is configured with wrong protocol "https" with blueprint configuration
* [CXF-7980] - RestClientExtension leaks
* [CXF-7983] - JweClientResponseFilter fails to decrypt response, when it has status 204 No Content
* [CXF-7990] - CXF goes in Infinite loop when service endpoint throws SOAPFaultException
* [CXF-7991] - Google+ API is deprecated
* [CXF-7992] - MP Rest Client leaks async interceptors
* [CXF-8007] - HTTP Signature adds an extra "Signature" component to the Signature header
* [CXF-8009] - CXF should not use ClassUtils for cglib checks
* [CXF-8022] - Thread hangs using Reactor Flux when Exeption is Thrown
* [CXF-8027] - illegal reflective access operation in EndpointReferenceUtils
* [CXF-8028] - Performance problem with very big request
* [CXF-8030] - CXF WSDLToJava generated local WSDL does not map included local XSDs
* [CXF-8031] - CVE-2019-0231 - Vulnerability in Apache MINA
* [CXF-8035] - Checking on null values in HTTP Header for protected JWS header
* [CXF-8037] - Apache CXF (AsyncHTTPConduit) ignores system keyStore property

** Improvement
* [CXF-7982] - Extract common OpenAPI / Swagger scaffolding into dedicated module (to prevent/eliminate duplication)
* [CXF-7987] - SSE buffer size should be configurable
* [CXF-7989] - org.apache.cxf.jaxrs.JAXRSInvoker#checkFutureResponse should probably handle CompletionException
* [CXF-8010] - Avoid applying the SAAJInInterceptor to unsecured messages when using WS-SecurityPolicy
* [CXF-8015] - Support "security.signature.password" property to configure a signature password for WS-Security/RS-Security
* [CXF-8023] - Refactor systest/jaxrs/reactor/* test cases to use StepVerifier
* [CXF-8029] - CXF WSDLToJava Generation fails if included XSD needs redirecting

** Test
* [CXF-8006] - X509TokenTest.testAsymmetricIssuerSerialDispatchMessage failed on JDK11&12

** Wish
* [CXF-7953] - make corba binding working with JDK11

** Task
* [CXF-7950] - Update Johnzon to 1.1.11
* [CXF-7955] - Update HttpComponents client to 4.5.8 and core 4.4.11
* [CXF-8004] - Share security configuration tags between Jose + HTTP Signature
* [CXF-8011] - Remove commons-lang3 dependency from tools






































