-
1. Re: Please consider Releasing 4.2 with Security patch
bleathem Aug 2, 2013 5:27 PM (in response to stephan.m)Have a look at this comment:
http://www.bleathem.ca/blog/2013/07/richfaces-CVE-2013-2165.html#comment-964624749
If it would help, we can prepare a git branch with the patch applied.
I'm curious, can you be more specific about what's holding you back from moving from RF 4.2 to 4.3? Maybe that's something we can overcome and you can use the latest jar with the security patch applied.
-
2. Re: Please consider Releasing 4.2 with Security patch
stephan.m Aug 7, 2013 5:33 AM (in response to bleathem)Thanks I have patched 4.2 with this
https://source.jboss.org/changelog/RichFacesCore?cs=12ee1166f04806b3ba072d27f9a9b3b3feae2ec9
and it seems to work flawlessly.
At the moment we can't update to 4.3 due to resource loading changes. We overloading css styles and javascripts differently on alot of pages. So we can't easily migrate to a higher version without reconsidering the complete resource stuff. This task is too big considering the current page will be rewritten from scratch next year.
Best Regards