We are thinking to change the seam dependency in application from

2.3.1.Final to 2.3.4.Final-redhat-1. is this advisable and what are its implications?

A security report flagged one of the application where Seam 2.3.1.Final is used with below vulnerabilities.

[RHSA-2014:0045-01] Moderate: Red Hat JBoss Web Framework Kit 2.4.0 upda

1044784 - CVE-2013-6447 JBoss Seam: XML eXternal Entity (XXE) flaw in remoting

1044794 - CVE-2013-6448 JBoss Seam: Information disclosure in remoting

our application does not use Web Framework Kit jars from Redhat but it has some seam dependencies referred from maven repo.