Seam 2.2.1.CR2 is available for public. This second candidate release of version 2.2.1 was aimed to bring security fixes and also bug fixes found in previous CR1. This release is important, because it fixes a security issue in parametrized JBoss Expression Language (EL) expressions - CVE-2010-1871 and Seam team thanks Meder Kydyraliev of the Google Security Team for responsibly reporting this issue to JBoss.
Next security fix is in upgrade of Spring dependency from 2.5.6.SEC01 to 2.5.6.SEC02. Instead of these security issue, we fixed 39 issues including some performance ones and also bugs with JBoss AS 6 M3/4 or documentation fixes. More in Release notes are at https://jira.jboss.org/jira/secure/ReleaseNote.jspa?version=12314471&styleName=Text&projectId=10071 Distribution downloads are available at https://sourceforge.net/projects/jboss/files/JBoss%20Seam/2.2.1.CR2 Documentation for 2.2.1.CR2 is available at http://www.seamframework.org/Seam2/Documentation (e.g http://docs.jboss.org/seam/2.2.1.CR2/reference/en-US/html/). What is missing? Uploading Seam maven artifacts, which is now stucked on some infrastracture permision issues. I will inform about the availability of them ASAP. And blogging about the release - I will wait till maven repository contains seam 2.2.1.CR2 artifacts. -- Marek Novotny -- JBoss Seam Product Lead Red Hat Czech s.r.o. Purkynova 99 612 45 Brno Email: [email protected] Office phone: +420 532 294 287, ext. 82-62 087 mobile: +420 608 509 230 _______________________________________________ seam-dev mailing list [email protected] https://lists.jboss.org/mailman/listinfo/seam-dev
