Nuxeo Marketplace

Find Nuxeo packages for your application

Nuxeo Security HotFix 1
Install 1.0.0

How to install nuxeo-security-HF01 1.0.0

Please ensure you've already downloaded and installed the Nuxeo Platform.

For a Nuxeo Online Services registered instance with internet access:

$NUXEO_HOME/bin/nuxeoctl mp-install nuxeo-security-HF01-1.0.0

For an unregistered instance, or an offline instance:

First Download nuxeo-security-HF01-1.0.0.zip, then

$NUXEO_HOME/bin/nuxeoctl mp-install /path/to/nuxeo-security-HF01-1.0.0.zip
NO SUBSCRIPTION REQUIRED NUXEO SUPPORTED
About this Package
Production State
Production Ready
Latest Update
Jan 13, 2020, 9:54:45 AM
Type
Hotfix
Package Dependencies
None
Optional Dependencies
None
License
LGPL
Marketplace Nuxeo Security HotFix 1

Nuxeo Security HotFix 1

By Nuxeo

This package fixes the RichFaces CVE-2013-2165 flaw. JBoss RichFaces has a known flaw related to deserialization: * https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2165 Details of the patch are here: * http://www.bleathem.ca/blog/2013/07/richfaces-CVE-2013-2165.html Note that Nuxeo 5.6.0-HF27 and 5.8.0-HF-01 automatically include this security fix. It is strongly recommended to install this package. Alternatively, you can manually update Nuxeo's RichFaces jars. Please refer to the following documentation to do so: * http://doc.nuxeo.com/x/bIAPAQ Credit to Arun Neelicattu and David Jorm of Red Hat for reporting this issue.

Compatible Target Platforms
LTS 2023 LTS 2021 11.x LTS 2019 LTS 2017 LTS 2016 LTS 2015 6.0 5.8 5.6
1.0.0 Yes Yes