myfaces-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Leonardo Uribe <>
Subject Re: Upgrade commons-collections to 3.2.2.
Date Mon, 23 Nov 2015 21:45:05 GMT

Ouch, I'm already running the TCK (artifacts already on nexus).

I don't thing that one affects JSF, because the viewState is
encrypted/tampered by default. No need to do it right now, but
good to know that for further releases (or if we do a rollback
of the current one).


Leonardo Uribe

2015-11-23 16:37 GMT-05:00 Mike Kienenberger <>:

> Before we do another release, let's upgrade our commons-collections
> dependency to 3.2.2 as certain JSF configurations likely present
> attack vectors.

View raw message