Apache CXF 2.7.6 Release Notes

1. Overview

The 2.7.x versions of Apache CXF are significant new versions of CXF 
that provides several new features and enhancements.  

New features include: 

* New UDP Transport.
* New optional HTTP transport based on Apache HTTP Components HttpAsyncClient.
* Support for the SOAP over UDP Specification.
* SchemaValidation enhancements to allow just incoming messages to be validated
* Support for WS-Discovery.
   * Services can send Hello/Bye when started/stopped as well as respond to 
     Probe requests
   * API for sending probes and resolving to EndpointReferences
* Initial support for parts of the JAX-RS 2.0 (JSR-339) specification
   * Additional methods on WebClient to provide asynchronous invocations
   * Support for new filters, interceptors, dynamic features, exception classes, 
     and more, please see JAX-RS Basics for more information.

Users are encourage to review the migration guide at:
http://cxf.apache.org/docs/27-migration-guide.html
for further information and requirements for upgrading to 2.7.x.

In particular, Apache CXF no longer supports Java5.   Users must upgrade to 
Java 6 in order to upgrade to Apache CXF 2.7.x.


2.7.6 fixes over 75 JIRA issues reported by users and the community.



2. Installation Prerequisites 

Before installing Apache CXF, make sure the following products,
with the specified versions, are installed on your system:

    * Java 6 Development Kit
    * Apache Maven 2.2.1 or 3.x to build the samples


3.  Integrating CXF Into You Application

If you use Maven to build your application, you need merely add
appropriate dependencies. See the pom.xml files in the samples.

If you don't use Maven, you'll need to add one or more jars to your
classpath. The file lib/WHICH_JARS should help you decide which 
jars you need.

4. Building the Samples

Building the samples included in the binary distribution is easy. Change to
the samples directory and follow the build instructions in the README.txt file 
included with each sample.

5. Reporting Problems

If you have any problems or want to send feedback of any kind, please e-mail the
CXF dev list, dev@cxf.apache.org.  You can also file issues in JIRA at:

http://issues.apache.org/jira/browse/CXF

6. Migration notes:

See the migration guide at:
http://cxf.apache.org/docs/27-migration-guide.html
for caveats when upgrading from CXF 2.6.x to 2.7.x.


7. Specific issues, features, and improvements fixed in this version

** Bug
    * [CXF-4832] - META-INF/services/org.apache.cxf.bus.factory contains extra data on a second line
    * [CXF-4953] - JAXRSClientFactoryBean doesn't take the bus features into consideration 
    * [CXF-4985] - ResponseBuilder should set 204 status if the status has not been set and the entity is null
    * [CXF-4996] - Issue after upgrading to jackson-jaxrs-json-provider 2.2.0 (from 2.1.4)
    * [CXF-5000] - NameBindings are ignored for Reader and Writer interceptors 
    * [CXF-5009] - Allow multiple subcodes in a SOAP 1.2 fault
    * [CXF-5013] - Need support for SHA256 Signature Algorithms
    * [CXF-5014] - HTTP Response headers are split by default
    * [CXF-5016] - ArithmeticException on ResponseTimeCounterMBean.getAvgResponseTime() after counter reset()
    * [CXF-5017] - CrossOriginResourceSharingFilter FIELD_COMMA_PATTERN mangles firefox headers
    * [CXF-5018] - EHCache TimeToLive value overriden in EHCacheReplayCache
    * [CXF-5020] - add NPE guard when we restore original java.class.path system property
    * [CXF-5021] - Static resources need the "application/javascript" content type for javascript files
    * [CXF-5022] - Multiple JAX-RS services will start on the same address, but "last one" wins
    * [CXF-5026] - JAX-RS Async client does not work if HTTP error is returned
    * [CXF-5027] - JAX-RS XOP marshaller does not support SWA attachments
    * [CXF-5030] - Exception in opensaml initialization in OSGi: NoClassDefFoundError: org/apache/xml/security/Init
    * [CXF-5033] - Error No component with id 'blueprintContainer' could be found in pax exam test occurs at BlueprintBeanLocator.getBeansOfType
    * [CXF-5037] - DefaultSecurityContext Principal is incorrectly set from Subject
    * [CXF-5040] - support new asm4 shade of xbean
    * [CXF-5045] - UndeclaredThrowableException thrown in the client side when server responses with wsa:OnlyNonAnonymousAddressSupported soap12 version fault message
    * [CXF-5046] - EncryptedSupportingTokens used with EncryptBeforeSigning does not encrypt Username token
    * [CXF-5047] - Wrong soap:address generated in WSDL 
    * [CXF-5050] - Already connected exception when using CXF client to invoke to the server
    * [CXF-5051] - ProtectTokens assertion is not respected for SAML tokens
    * [CXF-5056] - EndorsingSupportingTokens with both transport security and message layer security applied
    * [CXF-5057] - NPE at the decoupled endpoint when receiving a response message with an unknown identifier
    * [CXF-5059] - Refine classloader in org.apache.cxf.wsdl11.WSDLManagerImpl
    * [CXF-5063] - When using AsyncHttpConduit with a certificate alias CXF hangs after a bunch of requests
    * [CXF-5064] - XmlJavaTypeAdapter ignored on SOAP Headers
    * [CXF-5065] - Subresource operations do not see root resource Produces or Consumes annotations 
    * [CXF-5070] - CDATA sections are not taken into account by wsdl2java but are by xjc
    * [CXF-5071] - Async Http transport: Injecting an sslSocketFactory in the tlsClientParameters has no effect 
    * [CXF-5073] - endless recursion in creating JAX-RS client proxy
    * [CXF-5078] - WSDLGetInterceptor holds a lock for too long
    * [CXF-5082] - JAX-RS frontend has non-optional dependency on blueprint
    * [CXF-5084] - URIBuilder optimization prevents relative paths that startWith "h" "t" "t" "p"
    * [CXF-5086] - JSONProvider can not read explicit collections if unmarshallAsJaxbElement property is set
    * [CXF-5089] - java2ws generate both ref and nillabe attributes in a schema element 
    * [CXF-5092] - RequestTokenService signature verification bug [OAuthUtils]
    * [CXF-5093] - HTTPConduit prevents AsyncConduit from sending the payloads when custom HTTP methods are used
    * [CXF-5095] - Allow adding attachments to the contetx using jaxws attachments
    * [CXF-5098] - References to Kerberos Tokens are not created correctly in responses
    * [CXF-5099] - Optional extensions that refer to classes that cannot be found are not treated as optional
    * [CXF-5100] - JAXB-based providers fail when they try to set JAXB RI-specific properties on non-RI implementations
    * [CXF-5102] - schema resource loading code in various blueprint namespace handlers not working in some environment
    * [CXF-5104] - JAX-RS not injecting contexts after resuming a suspended continuation
    * [CXF-5108] - parameter beans feature not working through dynamic proxy based clients for JAXRS
    * [CXF-5110] - Wrong processing of @XmlJavaTypeAdapter with RPC style endpoints
    * [CXF-5111] - JAX-RS providers typed on arrays like String[] are not selected
    * [CXF-5112] - OAuthUtils causes IllegalArgumentException when returning 400 instead of 401
    * [CXF-5113] - leading spaces in karaf features.xml bundle elements lead to errors when using karaf 3.0.0
    * [CXF-5114] - CXF Client issue when try to handle session for One-Way Operation call
    * [CXF-5115] - Primitive arrays for capturing HTTP parameters are not supported
    * [CXF-5116] - DelegatingInputStream created in AbstractHTTPDestination is cached into wrong Message instance
    * [CXF-5119] - jetty endpoint may log exception when it is assigned to a non-default cxf bus in spring beans
    * [CXF-5129] - Content type is always "text/xml" in case of using @Context HttpServletResponse response

** Improvement
    * [CXF-4457] - Extend WS-SecureConversation to support SAML Assertions for authentication
    * [CXF-4577] - Support EHCACHE 2.5.2+ 
    * [CXF-5025] - Support WS-SecurityPolicy "Strict" Layout validation
    * [CXF-5031] - Add support for SupportingToken policy assertions without a binding
    * [CXF-5032] - Support SOAP 1.2 in DynamicClient
    * [CXF-5039] - IdentityMapping support in ClaimsManager
    * [CXF-5049] - Support for schema compiler options in DynamicClientFactory
    * [CXF-5053] - JAX-RS behavior differs from JAX-WS for MessageContext.get( Message.class.getName() ) 
    * [CXF-5055] - Support Clients pre-registering scopes and OOB response in OAuth2 Authorization Flow
    * [CXF-5069] - Create utility caching MessageBodyWriter and MessageBodyReader
    * [CXF-5074] - GZIP Feature activation
    * [CXF-5079] - Add support for mustunderstand = false in PolicyBasedWSS4JOutInterceptor
    * [CXF-5081] - FIQL - use custome query param name instead of default _s
    * [CXF-5088] - Make the service file of cxf-core.jar Web Application Server friendly
    * [CXF-5101] - Add more options for validating the search values
    * [CXF-5130] - Update WebClient to provide a link to SyncInvoker

** New Feature
    * [CXF-3883] - Support for identity mapping as part of issue token process
    * [CXF-4464] - Support ClaimsHandler per realm
    * [CXF-5010] - Add customizable request logging capability to STS

** Task
    * [CXF-5090] - Update Jettison version to 1.3.4

