Quarkus CXF 3.8.7 (LTS) release notes

New and noteworthy in Quarkus CXF

#1533 Per client or service configuration of `sensitive-element-names` and `sensitive-protocol-header-names` not honored

The following options are supposed to prevent logging of sensitive information in application log, when SOAP payload logging is enabled:

They were not honored since Quarkus CXF 2.7.0 due to a bug in code handling the precedence between the above options and the following global options

As a consequence of that, sensitive information may have leaked to the application log.

The global options quarkus.cxf.logging.sensitive-element-names and quarkus.cxf.logging.sensitive-protocol-header-names worked as expected. Those have to be used a workaround for versions from Quarkus CXF 2.7.0 though 3.8.7 and 3.15.2.

This issue was fixed in Quarkus CXF 3.15.2 and 3.8.7.

Full changelog

https://github.com/quarkiverse/quarkus-cxf/compare/3.8.6...3.8.7