-
1. Re: Fix for CVE2011-2196 for Seam 2.2.x Community Edititon
CVE 2011-1484 was fixed in https://sourceforge.net/projects/jboss/files/JBoss%20Seam/2.2.2.Final
CVE 2011-2196 was fixed in Seam 2: 2.3.0.ALPHA this version is still using JSF 1.2 so you can go with that if you need to stick with JSF 1, the 2.3.0.ALPHA is just mavenized 2.2.2.Final and a bunch of fixes.
-
3. Re: Fix for CVE2011-2196 for Seam 2.2.x Community Edititon
Hello Marek,
thanks for your reply. I couldn't find any hint in the changelog for that fix or a JBSEAM ticket for that.
What I like to do is fix our current version 2.2.0, however I cannot find a commit in the git repository. Would you please provide some information which commit number that was or at least who fixed that issue?
Thanks in advance,
Eddy
-
4. Re: Fix for CVE2011-2196 for Seam 2.2.x Community Edititon
It is in Release notes - Release Notes - JBoss Issue Tracker
The related issues are:
- [#JBSEAM-4844] Seam 2 does not properly block access to EL expressions - JBoss Issue Tracker
- [#JBSEAM-4816] NullPointerException in EL Expression evaluation - JBoss Issue Tracker
You should apply commits: