Nuxeo Security HotFix 1
By Nuxeo
This package fixes the RichFaces CVE-2013-2165 flaw. JBoss RichFaces has a known flaw related to deserialization: * https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2165 Details of the patch are here: * http://www.bleathem.ca/blog/2013/07/richfaces-CVE-2013-2165.html Note that Nuxeo 5.6.0-HF27 and 5.8.0-HF-01 automatically include this security fix. It is strongly recommended to install this package. Alternatively, you can manually update Nuxeo's RichFaces jars. Please refer to the following documentation to do so: * http://doc.nuxeo.com/x/bIAPAQ Credit to Arun Neelicattu and David Jorm of Red Hat for reporting this issue.
LTS 2023 | LTS 2021 | 11.x | LTS 2019 | LTS 2017 | LTS 2016 | LTS 2015 | 6.0 | 5.8 | 5.6 | |
---|---|---|---|---|---|---|---|---|---|---|
1.0.0 |