www-announce mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Manfred Geiler" <manol...@apache.org>
Subject [ANNOUNCE] MyFaces Tomahawk v1.1.6 Security Update Release
Date Wed, 13 Jun 2007 10:14:51 GMT
The Apache MyFaces team is pleased to announce the release of "MyFaces
Tomahawk 1.1.6".

Please note: This release is a security update that fixes a severe
cross-site scripting vulnerability when using the "autoscroll" feature
(CVE-2007-3101).

MyFaces Tomahawk provides a series of JavaServer Faces components that
go beyond the JSF specification. These components are compatible with
the Sun JSF 1.1 Reference Implementation (RI) or any other JSF 1.1
compatible implementation. Of course the custom components can also be
used with the Apache JSF implementation "MyFaces Core 1.1.5".

MyFaces Tomahawk 1.1.6 is available in both binary and source distributions.

   * http://myfaces.apache.org/download.html

MyFaces Tomahawk is also available in the central Maven repository
under Group ID "org.apache.myfaces.tomahawk".

Enjoy!
Manfred



Release Notes - MyFaces Tomahawk - Version 1.1.6

** Bug
    * [TOMAHAWK-983] - Cross-site scripting in autoscroll parameter
    * [TOMAHAWK-1021] - CVE-2007-3101

Mime
View raw message