Apache CXF 3.3.5 Release Notes

1. Overview

The 3.3.x versions of Apache CXF is a significant new version of CXF
that provides several new features and enhancements.  

New features include: 
* Support for signing HTTP messages via the HTTP Signature draft spec
   (https://tools.ietf.org/html/draft-cavage-http-signatures)
   in the cxf-rt-rs-security-http-signature module.
* Initial support for Java 11 - CXF has been built and tested with
  Java 11.   It is not using the Java 11 modules, but it can be built
  and the tests pass with Java 11.
* MicroProfile Rest Client v1.2 implementation


Important notes:
CXF 3.3.x no longer supports Java 7.   You must upgrade to Java 8 or later.

Users are encouraged to review the migration guide at:
http://cxf.apache.org/docs/33-migration-guide.html
for further information and requirements for upgrading from earlier
versions of CXF.

3.3.5 fixes over 32 JIRA issues reported by users and the community.



2. Installation Prerequisites 

Before installing Apache CXF, make sure the following products,
with the specified versions, are installed on your system:

    * Java 8 Development Kit
    * Apache Maven 3.x to build the samples


3.  Integrating CXF Into Your Application

If you use Maven to build your application, you need merely add
appropriate dependencies. See the pom.xml files in the samples.

If you don't use Maven, you'll need to add one or more jars to your
classpath. The file lib/WHICH_JARS should help you decide which 
jars you need.

4. Building the Samples

Building the samples included in the binary distribution is easy. Change to
the samples directory and follow the build instructions in the README.txt file 
included with each sample.

5. Reporting Problems

If you have any problems or want to send feedback of any kind, please e-mail the
CXF dev list, dev@cxf.apache.org.  You can also file issues in JIRA at:

http://issues.apache.org/jira/browse/CXF

6. Migration notes:

See the migration guide at:
http://cxf.apache.org/docs/33-migration-guide.html
for caveats when upgrading.

7. Specific issues, features, and improvements fixed in this version

** Bug
    * [CXF-8097] - Equal candidates for handling the current request (HEAD / GET)
    * [CXF-8130] - Since Spring 5.1.5 Release CXFServlet application listener dissapears by context refresh
    * [CXF-8137] - Using SecurityConstants.VALIDATE_TOKEN with WSS4JInInterceptor no longer allows skipping validation of token
    * [CXF-8139] - SecurityToken, parsing the lifetime may cause a NullPointerException
    * [CXF-8143] - ensure java2wadl-plugin m2e compatible
    * [CXF-8144] - OpenAPI v3 Feature: duplicated "getOpenApi" methods
    * [CXF-8153] -  @Path with REGEX in path parameter and checkMethodsForInvalidURITemplates(userType, methods);
    * [CXF-8158] - @BeanParam arguments not properly translated to OpenApi
    * [CXF-8161] - Memory Leak/Thread Leak in JMSDestination & PollingMessageListenerContainer
    * [CXF-8162] - JWE with multiple recipients does not work for AES CBC Encryption
    * [CXF-8163] - javax.ws.rs.core.Response#getCookies() fails when cookie has no value
    * [CXF-8169] - CXF opentracing - Span#finish is never called in case of client timeouts
    * [CXF-8170] - Failure to parse multiple comma separated links in an HTTP Link header on a Jaxrs Response object
    * [CXF-8171] - SSE Client does not support multiple data fields
    * [CXF-8174] - Incorrect service method resolution
    * [CXF-8178] - ECDH KeyAgreement with Key Wrapping is not in line with the specification
    * [CXF-8179] - JSON Jackson does not handle resource returning CompletionStage<X>
    * [CXF-8180] - UnsupportedOperationException in AbstractEndpointFactory
    * [CXF-8181] - CXFNonSpringJaxrsServlet Feature registration fails via javax.ws.rs.Application
    * [CXF-8185] - Generated Ephemeral Public Key missing in JWE Headers when Json Serialization is used
    * [CXF-8186] - On connection refused, XSLTOutInterceptor mangles the error
    * [CXF-8187] - Codegen-Plugin failed when maven is executed on jdk9+ with Toolchains specifying jdk 8

** Improvement
    * [CXF-8140] - setAccessible(true) before reflection method java.security.acl.Group#members invocation in DefaultSecurityContext
    * [CXF-8145] - Need property for suffix-list data file
    * [CXF-8152] - Add a property so it's possible to build cxf with posix tarLongFileMode
    * [CXF-8160] - Workaround in the cxf-jackson feature has to be removed
    * [CXF-8167] - Restrict the URI schemes allowed when importing schemas or WSDLs
    * [CXF-8177] - JWE API does not support ECDH Direct Encryption/Decryption

** Wish
    * [CXF-8168] - Wadl2java maven plugin not allows mapping to array types

** Task
    * [CXF-8150] - Update to Spring Boot 2.1.10
    * [CXF-8155] - Update to Jackson 2.10.1
    * [CXF-8157] - Update to Jackson Databind 2.9.10.1




































