Due to a security vulnerability, we were forced to vote on the release
of Trinidad 2.12, 2.0.2, and 1.2.15 on the private@ list. Now that the
vulnerability and releases to fix it have been made public, here is a
summary of those votes.
The vote started on 2016-09-21 and closed on 2016-09-26.
The
+1 on this. While the "for web applications" limitation isn't
technically correct, it is true in practice.
On Fri, Sep 23, 2016 at 5:27 AM, Dennis Kieselhorst wrote:
> Mike Kienenberger wrote
>> We should probably add a description with less buzz words to describe
>> JavaServer
Clarification: The first line in this CVE [1] was a copy error
during message composition and is not part of the CVE. This line can
make it sound as if CVE-2016-5019 is only an information disclosure
vulnerability rather than a deserialization attack vector. I
apologize for the confusion.
On
[
https://issues.apache.org/jira/browse/TRINIDAD-2542?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15533282#comment-15533282
]
Mike Kienenberger commented on TRINIDAD-2542:
-
The "information disclosure vulnerability"
[
https://issues.apache.org/jira/browse/TRINIDAD-2542?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15533270#comment-15533270
]
Brian Martin commented on TRINIDAD-2542:
Generally, deserialization attacks lead to remote code
[
https://issues.apache.org/jira/browse/TRINIDAD-2542?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15533170#comment-15533170
]
Mike Kienenberger commented on TRINIDAD-2542:
-
All users of Apache Trinidad should upgrade
[
https://issues.apache.org/jira/browse/TRINIDAD-2542?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Mike Kienenberger resolved TRINIDAD-2542.
-
Resolution: Fixed
Assignee: Leonardo Uribe
Fix Version/s:
CVE-2016-5019 Apache MyFaces Trinidad information disclosure vulnerability
Severity: Important
Vendor:
The Apache Software Foundation
Versions Affected:
Trinidad from 1.0.0 to 1.0.13
Trinidad from 1.2.1 to 1.2.14
Trinidad from 2.0.0 to 2.0.1
Trinidad from 2.1.0 to 2.1.1
Description:
The Apache MyFaces team is pleased to announce the release of Apache
MyFaces Trinidad 1.2.15.
MyFaces Trinidad is a feature-rich renderkit for JavaServer(tm) Faces
that provides an extendibles framework and extensive skinning support.
This version is designed to be used with the JSF 1.2
The Apache MyFaces team is pleased to announce the release of Apache
MyFaces Trinidad 2.0.2.
MyFaces Trinidad is a feature-rich renderkit for JavaServer(tm) Faces
that provides an extendibles framework and extensive skinning support.
This version is designed to be used with the JSF 2.0
The Apache MyFaces team is pleased to announce the release of Apache
MyFaces Trinidad 2.1.2.
.
MyFaces Trinidad is a feature-rich renderkit for JavaServer(tm) Faces
that provides an extendibles framework and extensive skinning support.
This version is designed to be used with the JSF 2.1
Mike Kienenberger created TRINIDAD-2542:
---
Summary: placeholder
Key: TRINIDAD-2542
URL: https://issues.apache.org/jira/browse/TRINIDAD-2542
Project: MyFaces Trinidad
Issue Type: Bug
[
https://issues.apache.org/jira/browse/TOBAGO-1368?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15532392#comment-15532392
]
Hudson commented on TOBAGO-1368:
SUCCESS: Integrated in Jenkins build Tobago 3.0.x #556 (See
Markus Dreher created EXTVAL-162:
Summary: DefaultValidatorId will not be set
Key: EXTVAL-162
URL: https://issues.apache.org/jira/browse/EXTVAL-162
Project: MyFaces Extensions Validator
14 matches
Mail list logo