A potential denial of service vulnerability is present in versions of Apache CXF before�3.5.10, 3.6.5 and 4.0.6.�In some edge cases, the CachedOutputStream instances may not be closed and, if backed by temporary files, may fill up the file system (it applies to servers and clients).
