A new security advisory has been released for Apache CXF, that is fixed in the recent 3.2.1 and 3.1.14 releases: CVE-2017-12624: Apache CXF web services that process attachments are vulnerable to Denial of Service (DoS) attacks The full text of the advisory is available here: http://cxf.apache.org/security-advisories.data/CVE-2017-12624.txt.asc Colm. -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com