myfaces-announce mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Manfred Geiler" <>
Subject [ANNOUNCE] MyFaces Tomahawk v1.1.6 Security Update Release
Date Wed, 13 Jun 2007 10:14:51 GMT
The Apache MyFaces team is pleased to announce the release of "MyFaces
Tomahawk 1.1.6".

Please note: This release is a security update that fixes a severe
cross-site scripting vulnerability when using the "autoscroll" feature

MyFaces Tomahawk provides a series of JavaServer Faces components that
go beyond the JSF specification. These components are compatible with
the Sun JSF 1.1 Reference Implementation (RI) or any other JSF 1.1
compatible implementation. Of course the custom components can also be
used with the Apache JSF implementation "MyFaces Core 1.1.5".

MyFaces Tomahawk 1.1.6 is available in both binary and source distributions.


MyFaces Tomahawk is also available in the central Maven repository
under Group ID "org.apache.myfaces.tomahawk".


Release Notes - MyFaces Tomahawk - Version 1.1.6

** Bug
    * [TOMAHAWK-983] - Cross-site scripting in autoscroll parameter
    * [TOMAHAWK-1021] - CVE-2007-3101

View raw message