The Apache MyFaces team is pleased to announce the release of "MyFaces Tomahawk 1.1.6".
Please note: This release is a security update that fixes a severe cross-site scripting vulnerability when using the "autoscroll" feature (CVE-2007-3101). MyFaces Tomahawk provides a series of JavaServer Faces components that go beyond the JSF specification. These components are compatible with the Sun JSF 1.1 Reference Implementation (RI) or any other JSF 1.1 compatible implementation. Of course the custom components can also be used with the Apache JSF implementation "MyFaces Core 1.1.5". MyFaces Tomahawk 1.1.6 is available in both binary and source distributions. * http://myfaces.apache.org/download.html MyFaces Tomahawk is also available in the central Maven repository under Group ID "org.apache.myfaces.tomahawk". Enjoy! Manfred Release Notes - MyFaces Tomahawk - Version 1.1.6 ** Bug * [TOMAHAWK-983] - Cross-site scripting in autoscroll parameter * [TOMAHAWK-1021] - CVE-2007-3101