We are thinking to change the seam dependency in application from
2.3.1.Final to 2.3.4.Final-redhat-1. is this advisable and what are its implications?
A security report flagged one of the application where Seam 2.3.1.Final is used with below vulnerabilities.
[RHSA-2014:0045-01] Moderate: Red Hat JBoss Web Framework Kit 2.4.0 upda
1044784 - CVE-2013-6447 JBoss Seam: XML eXternal Entity (XXE) flaw in remoting
1044794 - CVE-2013-6448 JBoss Seam: Information disclosure in remoting
our application does not use Web Framework Kit jars from Redhat but it has some seam dependencies referred from maven repo.
Retrieving data ...