On Wed, May 26, 2021, 18:37 Mihir Chhaya wrote:
> Thank you for the reply.
>
> We have something like below in our code. Will this be enough or still we
> need to replace the jar file?
>
The CVE is about usage of Wicket APIs.
Anything you do in your app code is your responsibility to make sure
Thank you for the reply.
We have something like below in our code. Will this be enough or still we
need to replace the jar file?
public static String getRemoteAddr(HttpServletRequest request) {
//If routed behind the Load Balancer, network guys put the original IP in
the header as XForwarded-F
Thank you for the notice, and the already fixed releases =)
Is there a JIRA or associated PR with the fix? I’m not seeing a specific fix in
the changelogs for 9.3.0 and 8.12.0.
Thanks,
Matt Pavlovich
> On May 25, 2021, at 2:51 AM, Emond Papegaaij
> wrote:
>
> Description:
>
> A DNS proxy an
Hi,
Please use users@ or dev@. There is nothing to announce@
On Wed, May 26, 2021 at 5:36 PM Mihir Chhaya wrote:
> Thank you for sharing this information.
>
> Questions:
> 1. Will there be any upgrades from Wicket-CDI, Wicket-bootstrap etc.
> libraries related to this Vulnerability?
>
wicket-c
Thank you for sharing this information.
Questions:
1. Will there be any upgrades from Wicket-CDI, Wicket-bootstrap etc.
libraries related to this Vulnerability?
2. If yes, then should I wait for those libraries or go ahead and put the
core Apache Wicket libraries first and then upgrade other libra