myfaces-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Leonardo Uribe <lu4...@gmail.com>
Subject Re: Upgrade commons-collections to 3.2.2.
Date Mon, 23 Nov 2015 21:45:05 GMT
Hi

Ouch, I'm already running the TCK (artifacts already on nexus).

I don't thing that one affects JSF, because the viewState is
encrypted/tampered by default. No need to do it right now, but
good to know that for further releases (or if we do a rollback
of the current one).

regards,

Leonardo Uribe

2015-11-23 16:37 GMT-05:00 Mike Kienenberger <mkienenb@gmail.com>:

> Before we do another release, let's upgrade our commons-collections
> dependency to 3.2.2 as certain JSF configurations likely present
> attack vectors.
>
> https://issues.apache.org/jira/browse/COLLECTIONS-580
>

Mime
View raw message