Quarkiverse Documentation Docs
Learn
Get Started Documentation "Q" Tip Videos Books
Extensions
Browse Extensions Use Extensions Create Extensions Share Extensions
Community
Chat Support Blog Discussion Podcast Events Newsletter

CXF

    • User guide
      • Create a new project
      • Your first SOAP Web service
      • Your first SOAP Client
      • Configuration
      • Package for JVM and native
      • Logging
      • Complex SOAP payloads with JAXB
      • Contract first and code first
        • Generate Java from WSDL
        • Generate WSDL from Java
      • Interceptors, Features and Handlers
        • CXF Interceptors and Features
        • JAX-WS Handlers
      • Advanced service topics
        • Endpoints and paths
        • JAX-WS Providers
        • REST and SOAP Endpoints
        • Running behind a reverse proxy
      • Advanced client topics
        • client-endpoint-url defaults
        • Configure multiple clients
        • CDI scope of clients injected via @CXFClient
        • Asynchronous client
        • Configure clients programmatically at application startup
        • Dynamic client configuration
        • Pure client applications
        • Prevent resource leaks
      • Camel Integration
      • Examples
    • Security guide
      • SSL, TLS and HTTPS
      • Authentication and authorization
      • WS-SecurityPolicy Authentication
    • Release notes
      • 3.37.0
      • 3.36.0
      • 3.35.1
      • 3.35.0
      • 3.33.7 LTS
      • 3.33.6 LTS
      • 3.33.5 LTS
      • 3.33.4 LTS
      • 3.33.3 LTS aggregated since 3.27.2
      • 3.33.3 LTS
      • 3.33.2 LTS
      • 3.33.1 LTS
      • 3.33.0 LTS
      • 3.32.0
      • 3.31.3
      • 3.31.2
      • 3.31.1
      • 3.31.0
      • 3.30.0
      • 3.29.0
      • 3.27.2 LTS
      • 3.27.1 LTS aggregated since 3.20.2
      • 3.27.1 LTS
      • 3.27.0 LTS
      • 3.26.2
      • 3.26.1
      • 3.26.0
      • 3.25.0
      • 3.23.1
      • 3.23.0
      • 3.22.0
      • 3.21.1
      • 3.21.0
      • 3.20.2 LTS aggregated since 3.15.3
      • Older releases…​
    • Release planning
    • Contributor guide
      • Releasing
    • Reference
      • Quarkus CXF
      • Metrics Feature
      • OpenTelemetry
      • WS-Security
      • WS-ReliableMessaging
      • Security Token Service (STS)
      • XJC Plugins for wsdl2java
      • JAXB Plugins for wsdl2java
CXF dev
  • Amazon Alexa
    • dev
  • Amazon Services
    • dev
    • 3.16.x
    • 3.15.x
    • 3.13.x
    • 3.11.x
    • 3.9.x
    • 3.3.x
    • 2.18.x
    • 2.x
    • 1.x
  • Angus Mail
    • dev
  • Antivirus
    • dev
  • Antora
    • dev
  • APIstax
    • dev
  • ArangoDB Client
    • dev
  • Argocd
    • dev
  • Artemis
    • dev
    • 3.13.x
    • 3.9.x
    • 3.7.x
    • 3.5.x
    • 3.2.x
    • 3.1.x
    • 3.0.x
    • 2.x
  • AsyncApi
    • dev
  • Azure Services
    • dev
  • Backstage
    • dev
  • Barcode
    • dev
  • Batik
    • dev
  • Bucket4j
    • dev
  • Business Score
    • dev
  • Cert-Manager
    • dev
  • Chicory
    • dev
  • Config Extensions
    • dev
  • Couchbase
    • dev
  • Cucumber
    • dev
  • CXF
    • dev
    • 3.33
    • 3.27
    • 3.20
    • 3.15
    • 3.8
    • 2.2
    • 1.5
  • Dapr
    • dev
  • Dashbuilder
    • dev
  • Db Scheduler
    • dev
  • Discord4J
    • dev
  • Docker Client
    • dev
  • Docling
    • dev
  • Doma
    • dev
  • Easy Retrofit
    • dev
  • Embedded Postgresql
    • dev
  • Feature Flags
    • dev
  • File Vault
    • dev
  • Flow
    • latest
  • Fluentjdbc
    • dev
  • Fluss
    • dev
  • Fory
    • dev
  • Freemarker
    • dev
  • FX
    • dev
  • GitHub Action
    • dev
  • GitHub App
    • dev
  • Google Cloud Services
    • main
  • Groovy
    • dev
  • Helm
    • dev
  • Hibernate Search Extras
    • dev
    • 4.x
    • 3.x
    • 2.x
    • 1.x
  • Hibernate Types
    • dev
  • HiveMQ Client
    • dev
  • HTTP Idempotency
    • dev
  • Infinispan Embedded
    • dev
  • IronJacamar
    • dev
  • Itext
    • dev
  • Jackson Jq
    • dev
  • Jaeger
    • dev
  • JasperReports
    • dev
  • Java Embedded Framework
    • dev
  • JBeret
    • dev
  • JDBC Clickhouse
    • dev
  • JDBC Singlestore
    • dev
  • JDBC Sqlite
    • dev
  • JDBC Sqlite4j
    • dev
  • Jdbi
    • dev
  • JDiameter
    • dev
  • JGit
    • dev
  • JGraphT
    • dev
  • JNoSQL
    • dev
  • JPAStreamer
    • dev
    • 1.x
  • JSch
    • dev
  • Json Rpc
    • dev
  • Kafka Streams Processor
    • dev
  • Kerberos
    • dev
  • Kiota
    • dev
  • LangChain4j
    • dev
  • Langfuse
    • dev
  • Logging JSON
    • dev
  • Logging Logback
    • dev
  • Logging Manager
    • dev
  • Logging Sentry
    • dev
  • Logging Splunk
    • dev
  • Mailpit
    • dev
  • Mapstruct
    • dev
  • MCP Server
    • dev
    • 1.13.x
    • 1.12.x
    • 1.10.x
  • Mdns
    • dev
  • Messaginghub Pooled JMS
    • dev
    • 2.3.x
    • 2.1.x
    • 1.x
  • Micrometer Registry extensions
    • dev
    • 1.x
  • Min.io
    • dev
    • v2.9.x
  • Mockk
    • dev
  • Mockserver
    • dev
    • 0.x
  • Mongock
    • dev
  • Multitenancy
    • dev
  • MyBatis
    • dev
    • 1.x
  • Nagios
    • dev
  • Neo4j
    • dev
  • Ngrok
    • dev
  • OIDC Proxy
    • dev
  • Omnifaces
    • dev
  • OpenAPI Generator
    • dev
    • 2.4.x
  • OpenFGA Client
    • dev
  • OpenID SSF
    • dev
  • Opensearch
    • dev
  • Opentelemetry Exporter
    • dev
    • 1.x
  • Operator SDK
    • dev
  • ORAS
    • dev
  • Pact
    • dev
    • 0.x
  • PDFBox
    • dev
  • Pi4j
    • dev
  • Playwright
    • dev
  • POI
    • dev
    • 1.x
  • Presidio
    • dev
  • Prettytime
    • dev
  • PrimeFaces
    • dev
  • Proxy Wasm
    • dev
  • Qdrant
    • dev
  • Qubit
    • dev
  • Quinoa
    • dev
  • Qute Web
    • dev
  • RabbitMQ Client
    • dev
  • Reactive Messaging HTTP
    • dev
  • Reactive messaging Nats Jetstream
    • dev
  • Redoc
    • dev
  • Renarde
    • dev
  • Roq
    • dev
  • Scala 3
    • dev
  • Shardingsphere JDBC
    • dev
  • SmallRye OpenTracing
    • dev
  • Solr
    • dev
  • Systemd Notify
    • dev
  • Temporal
    • dev
  • Tika
    • dev
    • 1.x
  • Unleash
    • dev
    • 0.x
  • Vault
    • dev
  • Web Bundler
    • dev
    • 1.x
  • WireMock
    • dev
    • 0.x
  • Zanzibar
    • dev
  • Zeebe
    • dev
    • 0.x
  • Zookeeper Client
    • dev
  • CXF
  • Release notes
  • 3.33.7 LTS
dev 3.33 3.27 3.20 3.15 3.8 2.2 1.5
Edit this Page
Extension source

Quarkus CXF 3.33.7 LTS release notes

Important dependency upgrades

  • Apache CXF 4.1.6 → 4.1.7 - release notes, changelog

    • CVE-2026-50645 Apache CXF: Uncontrolled Resource Consumption via unlimited attachment headers - severity high

Full changelog

https://github.com/quarkiverse/quarkus-cxf/compare/3.33.6...3.33.7

3.35.0 3.33.6 LTS

Copyright (C) 2020-2026 Red Hat and individual contributors to Quarkiverse.