Description:
A DNS proxy and possible amplification attack vulnerability in
WebClientInfo of Apache Wicket allows an attacker to trigger arbitrary
DNS lookups from the server when the X-Forwarded-For header is not
properly sanitized. This DNS lookup can be engineered to overload an
internal DNS
Hi Marco,
Wicket 8 contains 2 CDI integration modules: wicket-cdi for CDI 1.0 and
wicket-cdi-1.1 for CDI 1.1 and up. I don't know what CDI version is
supported by the application servers you mentioned, but CDI 1.0 is rather
old and it's likely your server supports 1.1 or higher. If you wish to
s)))
.toString();
}
private void apply(RedirectionAction action, JEEContext context)
{
JEEHttpActionAdapter.INSTANCE.adapt(action, context);
}
}
On Wed, Jan 19, 2022 at 8:36 AM Emond Papegaaij
wrote:
> Hi Boris,
>
> I would go for pac4j-o
Hi Boris,
I would go for pac4j-oidc. It does not provide Wicket integration out of
the box, but it is very easy to setup and you only need a few lines of code
to check the authentication. Perhaps @dashorst can share the code:
https://twitter.com/dashorst/status/280001847054336
You can find
Op di 9 apr 2024 om 17:16 schreef Mihir Chhaya :
> Thank you, Emond for sharing this. We had our JBoss Server patched up
> recently which broke the system. It was working fine before the server
> update.
>
The change came as a fix for CVE-2023-3171: WFCORE-6578 WildFly heap
exhaustion via
Op ma 8 apr 2024 18:16 schreef Mihir Chhaya :
> We have the following configuration for one of the Apache Wicket projects.
>
> Apache Wicket: 7.6.0
> OpenJDK Java Version: 1.8.402
> JBoss Server: 7.4.13
>
> *Issue: Caused by: java.io.InvalidClassException: filter status: REJECTED*
>
> The
Op do 11 jul 2024 om 15:09 schreef Sven Meier :
> the ListItemModel does not hold a reference to the model of the
> ListView, so it's not its responsibility to detach it.
>
IMHO, the implementation of ListItemModel is strange. It does not hold a
direct reference to the model of the ListView, but
101 - 107 of 107 matches
Mail list logo
