www-announce mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andreas Veithen <veit...@apache.org>
Subject [ANN][Axis2] Axis2 1.5.2 released
Date Mon, 27 Sep 2010 10:44:52 GMT
The Apache Axis2 team is pleased to announce the general availability
of the Axis2 1.5.2 release.

1.5.2 is a maintenance release to fix the security issue described in
CVE-2010-1632 [1] as well as an XSS vulnerability in the admin console
and some other minor issues. It also upgrades Axiom to version 1.2.9.

Changes since 1.5.1:

[AXIS2-3290] surefire is still run even if maven.test.skip is true
[AXIS2-4113] Unable to sign axis2 jar 1.4/1.4.1: ZipException
[AXIS2-4371] Unable to compile class for JSP: axis2-web/viewphases.jsp
[AXIS2-4450] CVE-2010-1632: Message builders for SOAP and XML should
not attempt to load DTDs
[AXIS2-4751] Cookie value is always kept whatever
[AXIS2-4752] Timeout due to connection pool is starved in latest
1.5.2-SNAPSHOT code.
[AXIS2-4768] Mtom optimization doesn't work when using simple bean
[AXIS2-4787] Hardcoded Bundle-Versions in adb, jaxws, kernel, metadata
and saaj modules
[AXIS2-4788] axis2-jibx has conflicting bcel dependencies

You can find the new version at the usual location:
http://ws.apache.org/axis2 (please note that this location will change
due to the migration of Axis2 to the new Axis TLP)

Please report any issues via JIRA: http://issues.apache.org/jira/browse/AXIS2.

As always, we welcome any and all feedback at:

java-dev@axis.apache.org - for developer-related questions/concerns
java-user@axis.apache.org - for general questions, usage, etc.

Thanks for your interest in Apache Axis2!

[1] http://svn.apache.org/repos/asf/axis/axis2/java/core/security/CVE-2010-1632.pdf

View raw message