axis2/java/core/release-notes/1.7.3.html - axis-site - Git at Google

 <!DOCTYPE html>


 <!--
  | Generated by Apache Maven Doxia Site Renderer 2.0.0 from src/site/markdown/release-notes/1.7.3.md at 2025-03-05
  | Rendered using Apache Maven Fluido Skin 2.0.0-M11
 -->
 <html xmlns="http://www.w3.org/1999/xhtml" lang="en">
   <head>
     <meta charset="UTF-8" />
     <meta name="viewport" content="width=device-width, initial-scale=1" />
     <meta name="generator" content="Apache Maven Doxia Site Renderer 2.0.0" />
     <title>Apache Axis2 1.7.3 Release Note – Apache Axis2</title>
     <link rel="stylesheet" href="../css/apache-maven-fluido-2.0.0-M11.min.css" />
     <link rel="stylesheet" href="../css/site.css" />
     <link rel="stylesheet" href="../css/print.css" media="print" />
     <script src="../js/apache-maven-fluido-2.0.0-M11.min.js"></script>
   </head>
   <body>
     <div class="container-fluid container-fluid-top">
       <header>
         <div id="banner">
           <div class="pull-left"><div id="bannerLeft"><h1><a href="http://www.apache.org/"><img class="class java.lang.Object" src="http://www.apache.org/images/asf_logo_wide.png" /> Apache Axis2</a></h1></div></div>
           <div class="pull-right"><div id="bannerRight"><h1><a href=".././"><img class="class java.lang.Object" src="../images/axis.jpg" /></a></h1></div></div>
           <div class="clear"><hr/></div>
         </div>

         <div id="breadcrumbs">
           <ul class="breadcrumb">
         <li id="publishDate">Last Published: 2025-03-04<span class="divider">|</span>
 </li>
           <li id="projectVersion">Version: 2.0.0<span class="divider">|</span></li>
       <li><a href="http://www.apache.org" class="externalLink">Apache</a><span class="divider">/</span></li>
       <li><a href="../index.html">Axis2/Java</a><span class="divider">/</span></li>
     <li class="active">Apache Axis2 1.7.3 Release Note</li>
           </ul>
         </div>
       </header>
       <div class="row-fluid">
         <header id="leftColumn" class="span2">
           <nav class="well sidebar-nav">
   <ul class="nav nav-list">
    <li class="nav-header">Axis2/Java</li>
     <li><a href="../index.html">Home</a></li>
     <li><a href="../download.html">Downloads</a></li>
     <li><a href="javascript:void(0)"><span class="icon-chevron-down"></span>Release Notes</a>
      <ul class="nav nav-list">
       <li><a href="../release-notes/1.6.1.html">1.6.1</a></li>
       <li><a href="../release-notes/1.6.2.html">1.6.2</a></li>
       <li><a href="../release-notes/1.6.3.html">1.6.3</a></li>
       <li><a href="../release-notes/1.6.4.html">1.6.4</a></li>
       <li><a href="../release-notes/1.7.0.html">1.7.0</a></li>
       <li><a href="../release-notes/1.7.1.html">1.7.1</a></li>
       <li><a href="../release-notes/1.7.2.html">1.7.2</a></li>
       <li class="active"><a>1.7.3</a></li>
       <li><a href="../release-notes/1.7.4.html">1.7.4</a></li>
       <li><a href="../release-notes/1.7.5.html">1.7.5</a></li>
       <li><a href="../release-notes/1.7.6.html">1.7.6</a></li>
       <li><a href="../release-notes/1.7.7.html">1.7.7</a></li>
       <li><a href="../release-notes/1.7.8.html">1.7.8</a></li>
       <li><a href="../release-notes/1.7.9.html">1.7.9</a></li>
       <li><a href="../release-notes/1.8.0.html">1.8.0</a></li>
       <li><a href="../release-notes/1.8.1.html">1.8.1</a></li>
       <li><a href="../release-notes/1.8.2.html">1.8.2</a></li>
       <li><a href="../release-notes/2.0.0.html">2.0.0</a></li>
      </ul></li>
     <li><a href="../modules/index.html">Modules</a></li>
     <li><a href="../tools/index.html">Tools</a></li>
    <li class="nav-header">Documentation</li>
     <li><a href="../docs/toc.html">Table of Contents</a></li>
     <li><a href="../docs/installationguide.html">Installation Guide</a></li>
     <li><a href="../docs/quickstartguide.html">QuickStart Guide</a></li>
     <li><a href="../docs/userguide.html">User Guide</a></li>
     <li><a href="../docs/jaxws-guide.html">JAXWS Guide</a></li>
     <li><a href="../docs/pojoguide.html">POJO Guide</a></li>
     <li><a href="../docs/spring.html">Spring Guide</a></li>
     <li><a href="../docs/webadminguide.html">Web Administrator&apos;s Guide</a></li>
     <li><a href="../docs/migration.html">Migration Guide (from Axis1)</a></li>
    <li class="nav-header">Resources</li>
     <li><a href="../faq.html">FAQ</a></li>
     <li><a href="../articles.html">Articles</a></li>
     <li><a href="http://wiki.apache.org/ws/FrontPage/Axis2/" class="externalLink">Wiki</a></li>
     <li><a href="../refLib.html">Reference Library</a></li>
     <li><a href="../apidocs/index.html">Online Java Docs</a></li>
    <li class="nav-header">Get Involved</li>
     <li><a href="../overview.html">Overview</a></li>
     <li><a href="../git.html">Checkout the Source</a></li>
     <li><a href="../mail-lists.html">Mailing Lists</a></li>
     <li><a href="../release-process.html">Release Process</a></li>
     <li><a href="../guidelines.html">Developer Guidelines</a></li>
     <li><a href="../siteHowTo.html">Build the Site</a></li>
    <li class="nav-header">Project Information</li>
     <li><a href="../team-list.html">Project Team</a></li>
     <li><a href="../issue-tracking.html">Issue Tracking</a></li>
     <li><a href="https://github.com/apache/axis-axis2-java-core" class="externalLink">Source Code</a></li>
     <li><a href="../thanks.html">Acknowledgements</a></li>
    <li class="nav-header">Apache</li>
     <li><a href="http://www.apache.org/licenses/LICENSE-2.0.html" class="externalLink">License</a></li>
     <li><a href="http://www.apache.org/foundation/sponsorship.html" class="externalLink">Sponsorship</a></li>
     <li><a href="http://www.apache.org/foundation/thanks.html" class="externalLink">Thanks</a></li>
     <li><a href="http://www.apache.org/security/" class="externalLink">Security</a></li>
   </ul>
           </nav>
           <div class="well sidebar-nav">
             <div id="poweredBy">
               <div class="clear"></div>
               <div class="clear"></div>
 <a href="https://maven.apache.org/" class="builtBy" target="_blank"><img class="builtBy" alt="Built by Maven" src="../images/logos/maven-feather.png" /></a>
             </div>
           </div>
         </header>
         <main id="bodyColumn" class="span10">
 <section><section><a id="Apache_Axis2_1.7.3_Release_Note"></a>
 <h2>Apache Axis2 1.7.3 Release Note</h2>
 <p>Apache Axis2 1.7.3 is a security release that contains a fix for <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3981" class="externalLink">CVE-2010-3981</a>. That security
 vulnerability affects the admin console that is part of the Axis2 Web application and was originally
 reported for SAP BusinessObjects (which includes a version of Axis2). That report didn't mention
 Axis2 at all and the Axis2 project only recently became aware (thanks to Devesh Bhatt and Nishant
 Agarwala) that the issue affects Apache Axis2 as well.</p>
 <p>The admin console now has a CSRF prevention mechanism and all known XSS vulnerabilities as well as
 two non-security bugs in the admin console (<a href="https://issues.apache.org/jira/browse/AXIS2-4764" class="externalLink">AXIS2-4764</a> and <a href="https://issues.apache.org/jira/browse/AXIS2-5716" class="externalLink">AXIS2-5716</a>) have been fixed.
 Users of the Axis2 WAR distribution are encouraged to upgrade to 1.7.3 to take advantage of these
 improvements.</p>
 <p>This release also fixes a regression in the HTTP client code that is triggered by the presence of
 certain types of cookies in HTTP responses (see <a href="https://issues.apache.org/jira/browse/AXIS2-5772" class="externalLink">AXIS2-5772</a>).</p></section></section>        </main>
       </div>
     </div>
     <hr/>
     <footer>
       <div class="container-fluid">
         <div class="row-fluid">
             <p>©      2004–2025
 <a href="https://www.apache.org/">The Apache Software Foundation</a>
 </p>
         </div>
       </div>
     </footer>
   </body>
 </html>
	<!DOCTYPE html>


	<!--
	\| Generated by Apache Maven Doxia Site Renderer 2.0.0 from src/site/markdown/release-notes/1.7.3.md at 2025-03-05
	\| Rendered using Apache Maven Fluido Skin 2.0.0-M11
	-->
	<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
	<head>
	<meta charset="UTF-8" />
	<meta name="viewport" content="width=device-width, initial-scale=1" />
	<meta name="generator" content="Apache Maven Doxia Site Renderer 2.0.0" />
	<title>Apache Axis2 1.7.3 Release Note – Apache Axis2</title>
	<link rel="stylesheet" href="../css/apache-maven-fluido-2.0.0-M11.min.css" />
	<link rel="stylesheet" href="../css/site.css" />
	<link rel="stylesheet" href="../css/print.css" media="print" />
	<script src="../js/apache-maven-fluido-2.0.0-M11.min.js"></script>
	</head>
	<body>
	<div class="container-fluid container-fluid-top">
	<header>
	<div id="banner">
	<div class="pull-left"><div id="bannerLeft"><h1><a href="http://www.apache.org/"><img class="class java.lang.Object" src="http://www.apache.org/images/asf_logo_wide.png" /> Apache Axis2</a></h1></div></div>
	<div class="pull-right"><div id="bannerRight"><h1><a href=".././"><img class="class java.lang.Object" src="../images/axis.jpg" /></a></h1></div></div>
	<div class="clear"><hr/></div>
	</div>

	<div id="breadcrumbs">
	<ul class="breadcrumb">
	<li id="publishDate">Last Published: 2025-03-04<span class="divider">\|</span>
	</li>
	<li id="projectVersion">Version: 2.0.0<span class="divider">\|</span></li>
	<li><a href="http://www.apache.org" class="externalLink">Apache</a><span class="divider">/</span></li>
	<li><a href="../index.html">Axis2/Java</a><span class="divider">/</span></li>
	<li class="active">Apache Axis2 1.7.3 Release Note</li>
	</ul>
	</div>
	</header>
	<div class="row-fluid">
	<header id="leftColumn" class="span2">
	<nav class="well sidebar-nav">
	<ul class="nav nav-list">
	<li class="nav-header">Axis2/Java</li>
	<li><a href="../index.html">Home</a></li>
	<li><a href="../download.html">Downloads</a></li>
	<li><a href="javascript:void(0)"><span class="icon-chevron-down"></span>Release Notes</a>
	<ul class="nav nav-list">
	<li><a href="../release-notes/1.6.1.html">1.6.1</a></li>
	<li><a href="../release-notes/1.6.2.html">1.6.2</a></li>
	<li><a href="../release-notes/1.6.3.html">1.6.3</a></li>
	<li><a href="../release-notes/1.6.4.html">1.6.4</a></li>
	<li><a href="../release-notes/1.7.0.html">1.7.0</a></li>
	<li><a href="../release-notes/1.7.1.html">1.7.1</a></li>
	<li><a href="../release-notes/1.7.2.html">1.7.2</a></li>
	<li class="active"><a>1.7.3</a></li>
	<li><a href="../release-notes/1.7.4.html">1.7.4</a></li>
	<li><a href="../release-notes/1.7.5.html">1.7.5</a></li>
	<li><a href="../release-notes/1.7.6.html">1.7.6</a></li>
	<li><a href="../release-notes/1.7.7.html">1.7.7</a></li>
	<li><a href="../release-notes/1.7.8.html">1.7.8</a></li>
	<li><a href="../release-notes/1.7.9.html">1.7.9</a></li>
	<li><a href="../release-notes/1.8.0.html">1.8.0</a></li>
	<li><a href="../release-notes/1.8.1.html">1.8.1</a></li>
	<li><a href="../release-notes/1.8.2.html">1.8.2</a></li>
	<li><a href="../release-notes/2.0.0.html">2.0.0</a></li>
	</ul></li>
	<li><a href="../modules/index.html">Modules</a></li>
	<li><a href="../tools/index.html">Tools</a></li>
	<li class="nav-header">Documentation</li>
	<li><a href="../docs/toc.html">Table of Contents</a></li>
	<li><a href="../docs/installationguide.html">Installation Guide</a></li>
	<li><a href="../docs/quickstartguide.html">QuickStart Guide</a></li>
	<li><a href="../docs/userguide.html">User Guide</a></li>
	<li><a href="../docs/jaxws-guide.html">JAXWS Guide</a></li>
	<li><a href="../docs/pojoguide.html">POJO Guide</a></li>
	<li><a href="../docs/spring.html">Spring Guide</a></li>
	<li><a href="../docs/webadminguide.html">Web Administrator's Guide</a></li>
	<li><a href="../docs/migration.html">Migration Guide (from Axis1)</a></li>
	<li class="nav-header">Resources</li>
	<li><a href="../faq.html">FAQ</a></li>
	<li><a href="../articles.html">Articles</a></li>
	<li><a href="http://wiki.apache.org/ws/FrontPage/Axis2/" class="externalLink">Wiki</a></li>
	<li><a href="../refLib.html">Reference Library</a></li>
	<li><a href="../apidocs/index.html">Online Java Docs</a></li>
	<li class="nav-header">Get Involved</li>
	<li><a href="../overview.html">Overview</a></li>
	<li><a href="../git.html">Checkout the Source</a></li>
	<li><a href="../mail-lists.html">Mailing Lists</a></li>
	<li><a href="../release-process.html">Release Process</a></li>
	<li><a href="../guidelines.html">Developer Guidelines</a></li>
	<li><a href="../siteHowTo.html">Build the Site</a></li>
	<li class="nav-header">Project Information</li>
	<li><a href="../team-list.html">Project Team</a></li>
	<li><a href="../issue-tracking.html">Issue Tracking</a></li>
	<li><a href="https://github.com/apache/axis-axis2-java-core" class="externalLink">Source Code</a></li>
	<li><a href="../thanks.html">Acknowledgements</a></li>
	<li class="nav-header">Apache</li>
	<li><a href="http://www.apache.org/licenses/LICENSE-2.0.html" class="externalLink">License</a></li>
	<li><a href="http://www.apache.org/foundation/sponsorship.html" class="externalLink">Sponsorship</a></li>
	<li><a href="http://www.apache.org/foundation/thanks.html" class="externalLink">Thanks</a></li>
	<li><a href="http://www.apache.org/security/" class="externalLink">Security</a></li>
	</ul>
	</nav>
	<div class="well sidebar-nav">
	<div id="poweredBy">
	<div class="clear"></div>
	<div class="clear"></div>
	<a href="https://maven.apache.org/" class="builtBy" target="_blank"><img class="builtBy" alt="Built by Maven" src="../images/logos/maven-feather.png" /></a>
	</div>
	</div>
	</header>
	<main id="bodyColumn" class="span10">
	<section><section><a id="Apache_Axis2_1.7.3_Release_Note"></a>
	<h2>Apache Axis2 1.7.3 Release Note</h2>
	<p>Apache Axis2 1.7.3 is a security release that contains a fix for <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3981" class="externalLink">CVE-2010-3981</a>. That security
	vulnerability affects the admin console that is part of the Axis2 Web application and was originally
	reported for SAP BusinessObjects (which includes a version of Axis2). That report didn't mention
	Axis2 at all and the Axis2 project only recently became aware (thanks to Devesh Bhatt and Nishant
	Agarwala) that the issue affects Apache Axis2 as well.</p>
	<p>The admin console now has a CSRF prevention mechanism and all known XSS vulnerabilities as well as
	two non-security bugs in the admin console (<a href="https://issues.apache.org/jira/browse/AXIS2-4764" class="externalLink">AXIS2-4764</a> and <a href="https://issues.apache.org/jira/browse/AXIS2-5716" class="externalLink">AXIS2-5716</a>) have been fixed.
	Users of the Axis2 WAR distribution are encouraged to upgrade to 1.7.3 to take advantage of these
	improvements.</p>
	<p>This release also fixes a regression in the HTTP client code that is triggered by the presence of
	certain types of cookies in HTTP responses (see <a href="https://issues.apache.org/jira/browse/AXIS2-5772" class="externalLink">AXIS2-5772</a>).</p></section></section> </main>
	</div>
	</div>
	<hr/>
	<footer>
	<div class="container-fluid">
	<div class="row-fluid">
	<p>© 2004–2025
	<a href="https://www.apache.org/">The Apache Software Foundation</a>
	</p>
	</div>
	</div>
	</footer>
	</body>
	</html>