Quarkus CXF 3.15.2 LTS release notes

Important dependency upgrades

Quarkus 3.15.0 → 3.15.1 - release notes

New and noteworthy in Quarkus CXF

#1533 Per client or service configuration of `sensitive-element-names` and `sensitive-protocol-header-names` not honored

The following options are supposed to prevent logging of sensitive information in application log, when SOAP payload logging is enabled:

They were not honored since Quarkus CXF 2.7.0 due to a bug in code handling the precedence between the above options and the following global options

As a consequence of that, sensitive information may have leaked to the application log.

The global options quarkus.cxf.logging.sensitive-element-names and quarkus.cxf.logging.sensitive-protocol-header-names worked as expected. Those have to be used a workaround for versions from Quarkus CXF 2.7.0 though 3.8.7 and 3.15.2.

This issue was fixed in Quarkus CXF 3.15.2 and 3.8.7.

Documentation improvements

Improved the SSL/TLS/HTTP guide

Full changelog

https://github.com/quarkiverse/quarkus-cxf/compare/3.15.1...3.15.2