Quarkus CXF 3.36.0 release notes
Important dependency upgrades
-
Quarkus 3.35.x → 3.36.0 - release notes
-
Apache CXF 4.2.0 → 4.2.1 - release notes, changelog
-
CVE-2026-44417 Apache CXF: Incomplete fix for CVE-2025-48913 (Untrusted JMS configuration can lead to RCE) - severity moderate
-
CVE-2026-44618 Apache CXF: XXE vulnerability in WS-Transfer functionality - severity moderate
-
CVE-2026-44930 Apache CXF: LDAP Injection vulnerability in XKMS LDAP Repository - severity moderate
-
-
CXF XJC Plugins 4.1.2 → 4.2.0
-
JAXB Plugins 4.0.12 → 4.0.14 - release notes 4.0.13, release notes 4.0.14
-
Apache Neethi 3.2.1 → 3.2.2 - CVE-2026-42404, CVE-2026-42403 and CVE-2026-42402 fixed.
-
Woodstox 7.1.1 → 7.2.0 - release notes, changelog
-
Notably, this release contains a fix for CXF-8966.
-