Loading...

XML

Word

Printable

Type: Component Upgrade
Resolution: Done-Errata
Priority: Major
Fix Version/s: 8.0 Update 3
Affects Version/s: None
Component/s: Build System, Web Services
Labels:
- downstream_dependency

Blocked:
False
Blocked Reason:
None
Ready:
False
CDW devel_ack:
CDW docs_ack:
CDW pm_ack:
CDW qa_ack:
CDW release:
Target Release:

8.0.z.GA
Git Pull Request:
https://github.com/jbossas/jboss-eap8/pull/390
Intelligence Requested:
Market:

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Upgrade CXF to 4.0.4:
CXF Release notes : https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310511&version=12353622

Tag: https://github.com/apache/cxf/releases/tag/cxf-4.0.4
Hash: 40ad2263e5c080bf3b55542bf3ee052fa7465733
Diff: https://github.com/apache/cxf/compare/cxf-4.0.0...cxf-4.0.4

This includes these CXF dependency upgrade:

The neethi 3.2.0:
neethi release notes : https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12311260&version=12350147
Tag: https://github.com/apache/ws-neethi/releases/tag/neethi-3.2.0
Hash: 0c0b0ffb670f0586d056c3d634e51dcdddff26f5
Diff: https://github.com/apache/ws-neethi/compare/neethi-3.1.1...neethi-3.2.0

WSS4j 3.0.3:
Release notes: https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310063&version=12353796
Tag: https://github.com/apache/ws-wss4j/releases/tag/wss4j-3.0.3
Hash: b45612a9a7f09d5bb843747173b0f8c89d5e65c4
Diff: https://github.com/apache/ws-wss4j/compare/wss4j-3.0.0...wss4j-3.0.3

Apache Santuario 3.0.4:
Tag: https://github.com/apache/santuario-xml-security-java/releases/tag/xmlsec-3.0.4
Hash: 070a98eeb3f7ba5eb8de6f5169b7cb299797a55e
Diff: https://github.com/apache/santuario-xml-security-java/compare/xmlsec-3.0.3...xmlsec-3.0.4

jbossws-cxf: 7.1.0.Final
Tag: https://github.com/jbossws/jbossws-cxf/releases/tag/jbossws-cxf-7.1.0.Final
Hash: afa2ef462fcd9a25548fdb2ace7dd03ee0c57df5
Diff: https://github.com/jbossws/jbossws-cxf/compare/jbossws-cxf-7.0.0.Final...jbossws-cxf-7.1.0.Final

causes

JBEAP-28310 [GSS](8.0.z) JBWS-4430 - Sever throws IllegalStateException when call a handler with the CDI bean invocation in EAP 8.0.3 or later

Verified

clones

WFLY-18520 Upgrade CXF to 4.0.4(resolve CVE-2024-28752)

Closed

is cloned by

JBEAP-27548 (7.4.z) Upgrade JBossws cxf from 5.4.9.Final-redhat-00001 to 5.4.12.Final-redhat-00001

Closed

is incorporated by

JBEAP-26816 (8.0.z) Upgrade EAP codebase to 8.0.4.GA-redhat-SNAPSHOT in EAP 8.0 update 3

Closed

links to

RHSA-2024:129264 Red Hat JBoss Enterprise Application Platform 8.0.3 Security update

RHSA-2024:129265 Red Hat JBoss Enterprise Application Platform 8.0.3 Security update

RHSA-2024:129266 Red Hat JBoss Enterprise Application Platform 8.0.3 Security update

mentioned on

Merge request - Block CXF 4.0.4.redhat-00001 until JBEAP-26932 is resolved

(2 links to, 1 mentioned on)

Assignee:: Chao Wang

Reporter:: Lin Gao

Votes:: 0 Vote for this issue

Watchers:: 6 Start watching this issue

Created:: 2024/04/10 1:26 PM

Updated:: 2024/10/22 4:47 AM

Resolved:: 2024/08/15 8:07 PM