Apache CXF 3.4.2 Release Notes

1. Overview

The 3.4.x versions of Apache CXF is a significant new version of CXF
that provides several new features and enhancements.  

New features include: 
* New cxf-bom artifactId for importing all the CXF artifacts
* New support for Microprofile OpenAPI (as alternative to Swagger Core 2.0)
* New samples to show WS-Transaction usage, OpenAPI v3.0 with Microprofile
* Ability in Logging feature to mask sensitive information
* New support for SSEs in Microprofile Rest Client
* OAuth 2.0 Authorization Server Metadata / OpenID Provider Metadata

Important notes:
* Many dependencies have been upgraded to newer versions.  Check
  the migration guide.


Users are encouraged to review the migration guide at:
http://cxf.apache.org/docs/34-migration-guide.html
for further information and requirements for upgrading from earlier
versions of CXF.

3.4.2 fixes over 19 JIRA issues reported by users and the community.


2. Installation Prerequisites 

Before installing Apache CXF, make sure the following products,
with the specified versions, are installed on your system:

    * Java 8 Development Kit
    * Apache Maven 3.x to build the samples


3.  Integrating CXF Into Your Application

If you use Maven to build your application, you need merely add
appropriate dependencies. See the pom.xml files in the samples.

If you don't use Maven, you'll need to add one or more jars to your
classpath. The file lib/WHICH_JARS should help you decide which 
jars you need.

4. Building the Samples

Building the samples included in the binary distribution is easy. Change to
the samples directory and follow the build instructions in the README.txt file 
included with each sample.

5. Reporting Problems

If you have any problems or want to send feedback of any kind, please e-mail the
CXF dev list, dev@cxf.apache.org.  You can also file issues in JIRA at:

http://issues.apache.org/jira/browse/CXF

6. Migration notes:

See the migration guide at:
http://cxf.apache.org/docs/34-migration-guide.html
for caveats when upgrading.

7. Specific issues, features, and improvements fixed in this version

** Bug
    * [CXF-8340] - Graalvm native image fails to run
    * [CXF-8356] - JAXRS Multipart-Handling broken for InputStream/Datasource parameters
    * [CXF-8361] - Support for Jakarta EE9 namespace in AnnotationHandlerChainBuilder
    * [CXF-8367] - Micrometer always reports outcome=UNKNOWN on success cases
    * [CXF-8368] - org.apache.cxf.rs.security.oauth2.services.AuthorizationCodeGrantService#createAuthorizationData wrongly sets code_challenge
    * [CXF-8369] - [oauth2] code_challenge_method not forwarded
    * [CXF-8370] - org.apache.cxf.rs.security.oauth2.services.RedirectionBasedGrantService#startAuthorization(javax.ws.rs.core.MultivaluedMap<java.lang.String,java.lang.String>) shouldn't require an user
    * [CXF-8376] - Misleading Error Message From UriBuilder.path(Method)
    * [CXF-8378] - NoClassDefFoundError: org/apache/cxf/common/util/ReflectionUtil from ReferencingAuthenticator
    * [CXF-8380] - MultipartProvider:ensure contentType is specified when initializing ByteDataSource

** Improvement
    * [CXF-7988] - SSE sink warning on tomcat
    * [CXF-8363] - Jetty certificate hot reload throws exception due to usage of depreciated SslContextFactory
    * [CXF-8388] - Revert OidcUserSubject "blob" changes in 3.4.0

** Test
    * [CXF-8385] - a test to verify http-undertow transport access log

** Task
    * [CXF-8357] - RxJava2/RxJava3: Add support of MayBe type
    * [CXF-8362] - Add Micrometer metric support for JAX-RS / JAX-WS (Client)
    * [CXF-8386] - Upgrade BouncyCastle to 1.67
