Apache Axis2 1.7.4 Release Note

Apache Axis2 1.7.4 is a maintenance release that includes fixes for several issues, including the following security issues:

  • Session fixation (AXIS2-4739) and XSS (AXIS2-5683) vulnerabilities affecting the admin console.

  • A dependency on an Apache HttpClient version affected by known security vulnerabilities (CVE-2012-6153 and CVE-2014-3577); see AXIS2-5757.

The complete list of issues fixed in this version can be found here.