myfaces-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Matthias Wessendorf" <mat...@apache.org>
Subject Re: [ANNOUNCE] MyFaces Tomahawk v1.1.6 Security Update Release
Date Sat, 16 Jun 2007 14:52:39 GMT
Manfred,

I noticed, that the Javadoc JAR doesn't contain notice and license.

Thanks,
Matthias

On 6/13/07, Manfred Geiler <manolito@apache.org> wrote:
> The Apache MyFaces team is pleased to announce the release of "MyFaces
> Tomahawk 1.1.6".
>
> Please note: This release is a security update that fixes a severe
> cross-site scripting vulnerability when using the "autoscroll" feature
> (CVE-2007-3101).
>
> MyFaces Tomahawk provides a series of JavaServer Faces components that
> go beyond the JSF specification. These components are compatible with
> the Sun JSF 1.1 Reference Implementation (RI) or any other JSF 1.1
> compatible implementation. Of course the custom components can also be
> used with the Apache JSF implementation "MyFaces Core 1.1.5".
>
> MyFaces Tomahawk 1.1.6 is available in both binary and source distributions.
>
>    * http://myfaces.apache.org/download.html
>
> MyFaces Tomahawk is also available in the central Maven repository
> under Group ID "org.apache.myfaces.tomahawk".
>
> Enjoy!
> Manfred
>
>
>
> Release Notes - MyFaces Tomahawk - Version 1.1.6
>
> ** Bug
>     * [TOMAHAWK-983] - Cross-site scripting in autoscroll parameter
>     * [TOMAHAWK-1021] - CVE-2007-3101
>


-- 
Matthias Wessendorf

further stuff:
blog: http://matthiaswessendorf.wordpress.com/
mail: matzew-at-apache-dot-org

Mime
View raw message