Nuxeo Security HotFix 1
By Nuxeo
This package fixes the RichFaces CVE-2013-2165 flaw. JBoss RichFaces has a known flaw related to deserialization: * https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2165 Details of the patch are here: * http://www.bleathem.ca/blog/2013/07/richfaces-CVE-2013-2165.html Note that Nuxeo 5.6.0-HF27 and 5.8.0-HF-01 automatically include this security fix. It is strongly recommended to install this package. Alternatively, you can manually update Nuxeo's RichFaces jars. Please refer to the following documentation to do so: * http://doc.nuxeo.com/x/bIAPAQ Credit to Arun Neelicattu and David Jorm of Red Hat for reporting this issue.