Apache CXF 3.1.11 Release Notes

1. Overview

The 3.1.x versions of Apache CXF is a significant new version of CXF 
that provides several new features and enhancements.  

New features include: 

* New Metrics feature for collecting metrics about a CXF services.  
* New Throttling feature for easily throttling CXF services.  
* New Logging feature for more advanced logging than the logging 
  available in cxf-core
* New Metadata service for SAML SSO to allow you to publish SAML SSO 
  metadata for your service provider.
* Enhancements to the code generator to be more "Java7" friendly
* Update to OpenSAML 3.0
* Support for Karaf 4, Jetty 9

Important notes:
CXF 3.1.x no longer supports Java 6.   You must upgrade to Java 7 or later.

Users are encourage to review the migration guide at:
http://cxf.apache.org/docs/31-migration-guide.html
for further information and requirements for upgrading from earlier
versions of CXF.

3.1.11 fixes over 100 JIRA issues reported by users and the community.


2. Installation Prerequisites 

Before installing Apache CXF, make sure the following products,
with the specified versions, are installed on your system:

    * Java 7 Development Kit
    * Apache Maven 3.x to build the samples


3.  Integrating CXF Into Your Application

If you use Maven to build your application, you need merely add
appropriate dependencies. See the pom.xml files in the samples.

If you don't use Maven, you'll need to add one or more jars to your
classpath. The file lib/WHICH_JARS should help you decide which 
jars you need.

4. Building the Samples

Building the samples included in the binary distribution is easy. Change to
the samples directory and follow the build instructions in the README.txt file 
included with each sample.

5. Reporting Problems

If you have any problems or want to send feedback of any kind, please e-mail the
CXF dev list, dev@cxf.apache.org.  You can also file issues in JIRA at:

http://issues.apache.org/jira/browse/CXF

6. Migration notes:

See the migration guide at:
http://cxf.apache.org/docs/31-migration-guide.html
for caveats when upgrading from CXF 2.7.x and 3.0.x
to 3.1.



7. Specific issues, features, and improvements fixed in this version

** Sub-task
    * [CXF-6942] - cxf-codegen-plugin wsdlArtifact failed to resolve WSDL

** Bug
    * [CXF-3574] - JMSPropertyType should support non string properties
    * [CXF-4028] - X509TokenValidator uses signature-crypto-provider instead of encryption-crypto-provider
    * [CXF-4821] - UseAsyncMethod annotation does not work with Provider interface
    * [CXF-4851] - AttachmentDeserializer cannot handle attachments with Quoted Printable content transfer encoding in initializeRootMessage
    * [CXF-5096] - cxf-utils.js has incorrect error handling
    * [CXF-5637] - WSDL First approach : Xsd import in wsdl causing validation errors while generating client.
    * [CXF-5697] - WHICH_JARS inconsistent with lib/ contents for 2.7.11
    * [CXF-5743] - Full path is missing from schema included in imported schema when parsing WSDL
    * [CXF-5754] - JMSConduit - temporary queue not beeing closed if relpyMessage is null (timeout)
    * [CXF-5800] - Exceptions and response problems when using schema-validation and base64Binary element (with or without MTOM)
    * [CXF-6029] - Questionable exception handling
    * [CXF-6161] - wsdl2java can use invalid local filename when working with wsdl imports
    * [CXF-6185] - cxf org.apache.cxf.transport.http.policy.impl.ClientPolicyCalculator
    * [CXF-6239] - Out of memory when using Async connections in Apache CXF
    * [CXF-6240] - W3CDOMStreamReader does not report processing instructions
    * [CXF-6523] - org.apache.cxf.interceptor.Fault: wrong number of arguments (due to explicit soap header)
    * [CXF-6549] - JMX MBean for IdentityCache throws RuntimeOperationsException
    * [CXF-6590] - MAPCodec: memory leak with sync client when soapfaults returned from endpoint
    * [CXF-6598] - java.lang.IndexOutOfBoundsException when processing response
    * [CXF-6672] - PollingMessageListenerContainer does fail silently upon java.lang.Error
    * [CXF-6717] - Live WSDL regression: Fails updating schemaLocation in catalog-imported schema
    * [CXF-6731] - wsdl2java returning error "'{A_Type}' is already defined" from versions 3.1.3, 2.7.18, 3.0.7
    * [CXF-6768] - WS-Discovery missing schema when internet connection not present
    * [CXF-6852] - Java 8 java.lang.OutOfMemoryException: Metaspace issue while generating dynamic client
    * [CXF-6866] - bindingId on Client/ServerFactoryBean does not overrule WSDL
    * [CXF-6894] - NullPointerException when running Maven plugin cxf-codegen-plugin
    * [CXF-6919] - {http://cxf.apache.org/faultcode}HandleFault is not a standard Code value
    * [CXF-6976] - High memory footprint when maven assembly plugin is used together with cxf-codegen-plugin
    * [CXF-6993] - JweJsonProducer does not support multiple recipients if CEK is auto-generated
    * [CXF-7025] - Find boundary from InputStream
    * [CXF-7071] - HttpServletRequest.getParameter only get String from query not both posted form data
    * [CXF-7083] - Maven Plugins: System properties handling in ClassLoaderSwitcher breaks thread safety
    * [CXF-7096] - Server side memory leaking if clients do not send CloseSequence
    * [CXF-7101] - SpringBoot JAX-WS example fails
    * [CXF-7132] - CDI Multi-app tests fail when classes have scope
    * [CXF-7141] - cxf-rt-transports-http incorrectly requires org.osgi.http.service
    * [CXF-7187] - MAPCodec: memory leak with sync client when soapfaults returned from endpoint
    * [CXF-7198] - cxf-spring-boot-starter does not work with Spring Boot 1.5.0 or above
    * [CXF-7236] - JAXRSInInterceptor throw java.lang.IndexOutOfBoundsException if Accept header is empty
    * [CXF-7240] - JAX-WS Dispatch incorrectly asserts that Message mode with XML/HTTP binding is invalid when using instances of DataSource
    * [CXF-7241] - JAX-RS ContainerRequestContext#setRequestUri() will cause a 404 when Uri contains a query string
    * [CXF-7242] - New cxf-rt-features-logging doesn't log incoming payloads
    * [CXF-7244] - CXF 3.1.10 AbstractSearchConditionParser importing Olingo Collection class
    * [CXF-7248] - JAX-RS @Context injected fields cause a NPE in re-used providers from OSGI
    * [CXF-7250] - NPE in HTTPTransportActivator stop if DISABLE_DEFAULT_HTTP_TRANSPORT is true
    * [CXF-7251] - Connection timeouts set as ints are disregarded
    * [CXF-7252] - TLSParameterJaxBUtils.getTrustManagers getting password from wrong system property
    * [CXF-7254] - New LoggingFeature Sl4jEventSender does not log the request headers
    * [CXF-7258] - SwaggerUiResolver: Swagger UI root can't be found
    * [CXF-7262] - JAXRS: ClientConfig lost when using templates in the path method
    * [CXF-7264] - NPE on OAuth RO/CC flows using JPA
    * [CXF-7267] - Member names must match bean attribute for BeanParam to work
    * [CXF-7269] - schemavalidate failed when use mtom and  Provider
    * [CXF-7271] - add cxf-rt-rs-json-basic bundle into cxf-jaxrs feature
    * [CXF-7278] - Netty HttpResponseEncoder is not set before HttpObjectAggregator
    * [CXF-7279] - Leaky generic type resolver doesn't work with more than 1 parameter
    * [CXF-7286] - JPA : PersistenceException on refreshAccessToken
    * [CXF-7287] - Incorrect JSON decoding in JsonMapObjectReaderWriter when commas are used in value
    * [CXF-7288] - cxf-rs-description-swagger2 cannot be installed in karaf
    * [CXF-7291] - sharedPackageName for Swagger description should ignore proxy classes
    * [CXF-7292] - Additional privileged blocks for JAXWS client running with Security Manager enabled
    * [CXF-7293] - AbstractSpringComponentScanServer must ignore client proxy classes
    * [CXF-7294] - Incorrect header parameter for Jose ECDH KA public key
    * [CXF-7298] - JacksonJaxbJsonProvider does not work in OSGi
    * [CXF-7299] - No way to configure TLS for the JettyHTTPServerEngineFactory in code
    * [CXF-7300] - JWS verification issue
    * [CXF-7301] - Exceptions thrown from the inbound JAXRS client interceptors are not reported
    * [CXF-7303] - java.io.FileNotFoundException on JIBX binding with customization 
    * [CXF-7307] - empty query string injects  into number type will lead 404 error
    * [CXF-7310] - org.apache.cxf.jaxrs.client.ClientProxyImpl#getAccept does not handle Accept header with multiple media types
    * [CXF-7312] - FailoverTargetSelector.replaceEndpointAddressPropertyIfNeeded does not update REQUEST_URI
    * [CXF-7314] - Custom BinarySecurityTokens are not used to set up the security context

** Improvement
    * [CXF-4692] - Allow customization of Request Security Token Response
    * [CXF-5782] - Lower logging level of generated class names
    * [CXF-5903] - Change TransportURIResolver to at least log exceptions
    * [CXF-6728] - Review and improve the way EC keys are handled in JOSE code
    * [CXF-6907] - CXF-WSN improvment in onMessage listenner
    * [CXF-7129] - Provide an optional HTrace Logging receiver 
    * [CXF-7255] - Allow empty ("") passwords when calling a service
    * [CXF-7256] - CrossOriginResourceSharingFilter should have @Provider annotation
    * [CXF-7259] - LoggingOutInterceptor filtering
    * [CXF-7263] - ResourceOwnerLoginHandler needs to accept Client parameter
    * [CXF-7265] - Symmetric INFO logging for registering and unregistering MBeans
    * [CXF-7268] - Make it easier to pre/post process OAuth2 client retrieval in AbstractOauth provider  
    * [CXF-7277] - Make ClientProxyImpl reset client state after a call
    * [CXF-7280] - Avoid unnecessary string allocation in IOUtils::toString
    * [CXF-7282] - Support the overriding of Application resource life-cycle when it is autodiscovered
    * [CXF-7285] - Subclasses of FailoverTargetSelector should have a way to obtain the InvocationKey
    * [CXF-7290] - Restrict which @Bean components are treated as JAX-RS providers
    * [CXF-7296] - Add support to enable revocation for TLS via configuration
    * [CXF-7313] - RedirectionBasedGrantService scopesRequiringNoConsent check is too restrictive
    * [CXF-7315] - Abstract the STS client token caching behaviour to allow the user to plug in a custom implementation

** New Feature
    * [CXF-7084] - Pass a value for the KeyName element from the XmlSecOutInterceptor to Santuario
    * [CXF-7086] - Dynamically load signature validation keys using KeyName



