Apache CXF 3.5.1 Release Notes

1. Overview

The 3.5.x versions of Apache CXF is a significant new version of CXF
that provides several new features and enhancements.  

New features include:
* Support for Java 17
* Many updated dependencies.  We've updated to the latest versions of most
  dependencies.  Some may be incompatible with previous versions.
  Some notables that may impact applications include:
    * ehCache upgraded to 3.9.x
    * Jackson to 2.13.x
    * Mozilla Rhino upgraded to 1.7.13 (groupId/artifactId changed, be careful)
    * WSS4j 2.4.x
    * Spring Boot 2.6.x / Spring Framework 5.3.x base line
    * Apache Karaf 4.3.x base line
    * Apache HttpClient 5 support (Asynchronous Client HTTP Transport)
    * HTTP/2 support (server-side only)
    * JUnit 5 support

Important notes:
* 3.5 is the last branch of CXF that will support Java 8.   Future
  non-patch releases of CXF will require Java 11 or newer.
* The old OATH 1.0 module was removed

Users are encouraged to review the migration guide at:
http://cxf.apache.org/docs/34-migration-guide.html
for further information and requirements for upgrading from earlier
versions of CXF.


3.5.1 fixes over 25 JIRA issues reported by users and the community.


2. Installation Prerequisites 

Before installing Apache CXF, make sure the following products,
with the specified versions, are installed on your system:

    * Java 8 Development Kit
    * Apache Maven 3.x to build the samples


3.  Integrating CXF Into Your Application

If you use Maven to build your application, you need merely add
appropriate dependencies. See the pom.xml files in the samples.

If you don't use Maven, you'll need to add one or more jars to your
classpath. The file lib/WHICH_JARS should help you decide which 
jars you need.

4. Building the Samples

Building the samples included in the binary distribution is easy. Change to
the samples directory and follow the build instructions in the README.txt file 
included with each sample.

5. Reporting Problems

If you have any problems or want to send feedback of any kind, please e-mail the
CXF dev list, dev@cxf.apache.org.  You can also file issues in JIRA at:

http://issues.apache.org/jira/browse/CXF

6. Migration notes:

See the migration guide at:
http://cxf.apache.org/docs/35-migration-guide.html
for caveats when upgrading.

7. Specific issues, features, and improvements fixed in this version

** Sub-task
    * [CXF-8477] - jaxrs.ee.rs.constrainedto clientSideReaderIsNotUsedOnServerTest
    * [CXF-8479] - jaxrs.ee.rs.container.responsecontext getEntityAnnotationsTest
    * [CXF-8480] - jaxrs.ee.rs.core.responsebuilder entityObjectTest
    * [CXF-8481] - jaxrs.ee.rs.core.uriinfo getMatchedURIsTest
    * [CXF-8482] - jaxrs.ee.rs.core.uriinfo getMatchedURIsTest1
    * [CXF-8483] - jaxrs.ee.rs.core.uriinfo getMatchedURIsTest2
    * [CXF-8484] - jaxrs.ee.rs.ext.interceptor.containerwriter.interceptorcontext getAnnotationsTest
    * [CXF-8635] - Fix org.apache.cxf.jaxrs.client.logging.RESTLoggingTest.testSlf4
    * [CXF-8650] - Fix org.apache.cxf.systest.jaxrs.JAXRSContinuationsServlet3Test.testSuspendSetTimeout

** Bug
    * [CXF-8632] - StaxTransformFeature deep-dropping doesn't work with any element
    * [CXF-8633] - "http.responseMessage" gets lost in AbstractClient#setResponseBuilder
    * [CXF-8636] - Swagger2Feature: Can't set url in UI through SwaggerUiConfig
    * [CXF-8641] - NPE on NamePasswordCallbackHandler
    * [CXF-8642] - ResponseImpl#hasEntity changed behaviour starting with cxf 3.4.1
    * [CXF-8649] - Deprecated method in jackson-databind still being used even after updating version
    * [CXF-8652] - Implement @ConstrainedTo annotation support
    * [CXF-8654] - Ensure InputStreamDataSource is optional in JAXRSUtils to be able to run without activation dependency
    * [CXF-8657] - Headers are copied as case sensitive in MessageContextImpl

** Improvement
    * [CXF-8630] - Remove mockwebserver dependency, use wiremock instead
    * [CXF-8644] - introduce a cache for AbstractJAXBProvider to avoid unnecessary  ObjectFactory.class|jaxb.index availability check
    * [CXF-8646] - Don't return exception class name when parsing XML
    * [CXF-8647] - add DisallowedMethodsHandler for cxf http-undertow transport
    * [CXF-8648] - Make ClaimsAuthorizingInterceptor configurable in ClaimsAuthorizingFilter
    * [CXF-8653] - Provide an easy way to require PKCE for the AuthorizationCodeGrantHandler
    * [CXF-8659] - Can't filter when attribute type is LocalDate or LocalDateTime
