Re: Reg vulnerability for Server State saving

Hi 1.1.5 is too old. Please update to 1.1.8 or upper versions. See https://wiki.apache.org/myfaces/Secure_Your_Application for details. regards, Leonardo Uribe 2016-12-19 5:44 GMT-05:00 karthik kn : > Hi, > I am using myfaces-1.1.5 and using the following state saving

Reg vulnerability for Server State saving

Hi, I am using myfaces-1.1.5 and using the following state saving method javax.faces.STATE_SAVING_METHODserver However,i see that the object identifier is being sent to the server as following This is the serialized object identifier sent over the network We are using only https and not