Apache CXF 2.4.9 Release Notes

1. Overview

The 2.4.x versions of Apache CXF are significant new versions of CXF 
that provides several new features and enhancements.  

New features include: 
* Log Browser Console - see the logbrowser sample for an example
* Transformation feature provides for a fast and effective way to transform inbound 
  and/or outbound XML messages, please see the TransformationFeature page for more 
  information.
* JIBX databinding
* Faster startup and reduced spring configuration. The Spring support has been redone
  to be based on the ExtensionManagerBus. This results in much faster startup. It also
  means that all of the imports of META-INF/cxf/cxf-extension-*.xml are no longer 
  needed and are deprecated.  Additionaly, all features are now available when 
  using the ExtensionManager Bus instead of being forced to use Spring.
* WSS4J has been updated from 1.5.x to 1.6. See http://ws.apache.org/wss4j/wss4j16.html
  for the list of new features and upgrade notes for Apache WSS4J 1.6.  Some notable new 
  features for CXF users include:
    * SAML2 support: WSS4J 1.6 includes full support for creating, manipulating and 
    parsing SAML2 assertions, via the Opensaml2 library. See
    http://coheigea.blogspot.com/2011/02/support-for-saml2-assertions-in-wss4j.html 
    for more information.
    * Performance work: A general code-rewrite has been done with a focus on improving 
    performance.
    * Support for Crypto trust-stores: WSS4J 1.6 separates the concept of keystore and 
    truststores. See http://coheigea.blogspot.com/2011/01/wss4j-16-crypto-property-change.html
    for more information.
 * WS-SecurityPolicy support for SAML tokens.
 * Initial OSGi Blueprint support for JAX-WS and JAX-RS
 * A simple framework for building an STS was added to CXF's WS-Security module.   See the
   sts_issue_operation sample to see this being used to generate SAML tokens based on X509 
   certs used for the authentication.


Users are encourage to review the migration guide at:
http://cxf.apache.org/docs/24-migration-guide.html
for further information and requirements for upgrading to 2.4.0.   In particular, the upgrades 
to WSS4J and Neethi will require some migration work if you use the WSS4J API's directly or
have created your own Policy objects or builders.   Additionally, XmlSchema was update to 2.0 
so any custom Aegis types may need to be updated.


2.4.9 fixes over 41 JIRA issues reported by users and the community.


2. Installation Prerequisites 

Before installing Apache CXF, make sure the following products,
with the specified versions, are installed on your system:

    * Java 5 Development Kit
    * Apache Maven 2.2.1 or 3.x
    * Some samples can be built with Apache Ant 1.6 or later


3.  Integrating CXF Into You Application

If you use Maven to build your application, you need merely add
appropriate dependencies. See the pom.xml files in the samples.

If you don't use Maven, you'll need to add one or more jars to your
classpath. The file lib/WHICH_JARS should help you decide which 
jars you need.

4. Building the Samples

Building the samples included in the binary distribution is easy. Change to
the samples directory and follow the build instructions in the README.txt file 
included with each sample.

5. Reporting Problems

If you have any problems or want to send feedback of any kind, please e-mail the
CXF dev list, dev@cxf.apache.org.  You can also file issues in JIRA at:

http://issues.apache.org/jira/browse/CXF


6. Migration notes:

See the migration guide at:
http://cxf.apache.org/docs/24-migration-guide.html
for caveats when upgrading from CXF 2.3.x to 2.4.x.

7. Specific issues, features, and improvements fixed in this version

** Bug
    * [CXF-3949] - NoClassDefFoundError when using CXF JAX-RS in OSGi environment
    * [CXF-4354] - RMTxStore should explicitly close ResultSet objects
    * [CXF-4356] - Temp file deleted before returning the stream in CachedOutputStream
    * [CXF-4357] - NullPointerException in the TransportBindingHandler
    * [CXF-4364] - Keep TokenStore and ReplayCache instances per-endpoint instead of per-bus
    * [CXF-4366] - If not use WS-SecPolicy, ehcache caches not cleaned up
    * [CXF-4379] - InjectionUtils failes to convert path-value to class annotated with XmlJavaTypeAdapter
    * [CXF-4380] - JAXBElementProvider is calling wrong method for classes extending JAXBElement
    * [CXF-4383] - Some temporary files are not deleted after WS-RM scenarios
    * [CXF-4387] - when I run a "webapp" of CXF in weblogic9.2, it has some errors.
    * [CXF-4396] - UriInfo does not report correct base address for URI with port
    * [CXF-4401] - XMLStreamDataReader does not close the original input stream when it is to be closed
    * [CXF-4402] - remove http-whiteboard feature from cxf features.xml
    * [CXF-4407] - Server.start() doesn't work after the Server.stop() is called when using Servlet transport
    * [CXF-4408] - NPE in DOMUtils when soap header contains null namespace element
    * [CXF-4409] - Proxy-based Client use Multipart getting NullPointerException
    * [CXF-4410] - sp:EncryptSignature policy validation should only check to see if the primary signature is encrypted
    * [CXF-4414] - SecurityPolicy validation fails when a KeyValue is used as an EndorsingSupportingToken
    * [CXF-4417] - Async calls may be silently discarded
    * [CXF-4426] - Unable to Render JSON Content using CXF version 2.6.1 - XML content gets rendered properly
    * [CXF-4434] - SecurityConstants.TIMESTAMP_TTL property is not parsed
    * [CXF-4435] - CounterRepository bean not registering to the bus in blueprint configuration
    * [CXF-4437] - Stack Overflow exception in org.apache.cxf.endpoint.ClientImpl when logging set to FINE
    * [CXF-4443] - MediaType handler is too strict when processing types without subtypes
    * [CXF-4445] - CXFNonSpringJaxrsServlet and initialization jaxrs.providers
    * [CXF-4447] - javascript client outputting invalid and wrong soapaction
    * [CXF-4448] - DocLitBare with @XMLList generating invalid SOAP messages
    * [CXF-4449] - XMLBinding generates different messages if code first or wsdl first
    * [CXF-4450] - STSClient doesn't consider the wsam:Action when looking up Operations...
    * [CXF-4452] - NullPointerException when trying to customize the package name for a service definition without customizing the class name.
    * [CXF-4454] - JSSE KeyManagers and TrustManager XML configurations are ignored if they contain no keystore element.
    * [CXF-4468] - Port the fix for faultTo request is not correctly transmitted to the specified address

** Improvement
    * [CXF-4358] - Support KeyValueTokens via the Transport binding
    * [CXF-4363] - JMS transport uses the "clientReceiveTimeout" on server side
    * [CXF-4394] - should add dependency='true' for spec bundles in cxf features.xml
    * [CXF-4398] - Handling of 303 redirections 
    * [CXF-4413] - CXFNonSpringJAXRSServlet needs to support out fault interceptors and custom invokers
    * [CXF-4418] - Add settings to control how the HTTPConduit handles async calls that overflow the workqueue.
    * [CXF-4420] - CXF JAXWS MTOM should be able to extract Content-Disposition and setName accordingly for AttachmentDataSource
    * [CXF-4453] - Make the CryptoCoverageChecker easier to use for common signature verification and decryption use-cases

** Task
    * [CXF-4439] - Update to Jettison 1.3.2