Apache Axis2 1.7.4 is a maintenance release that includes fixes for several issues, including the following security issues:
Session fixation (AXIS2-4739) and XSS (AXIS2-5683) vulnerabilities affecting the admin console.
A dependency on an Apache HttpClient version affected by known security vulnerabilities (CVE-2012-6153 and CVE-2014-3577); see AXIS2-5757.
The complete list of issues fixed in this version can be found here.