Monthly archive for March 2012
Wicket 1.4.20 released
12 Mar 2012
This is twentieth release of the Wicket 1.4.x series. This is primarily a minor bugfix release on the 1.4.x (stable) branch.
- Subversion tag
- Changelog
- To use in Maven:
Wicket 1.5.5 released
12 Mar 2012
This is the fifth maintenance release of the Wicket 1.5.x series. This release brings over 50 bug fixes and improvements.
moreCVE-2012-0047 - Apache Wicket XSS vulnerability via pageMapName request parameter
22 Mar 2012
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected: Apache Wicket 1.4.x
Apache Wicket 1.3.x and 1.5.x are not affected
Description: A Cross Site Scripting (XSS) attack is possible by manipulating the...
moreCVE-2012-1089 - Apache Wicket serving of hidden files vulnerability
22 Mar 2012
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected: Apache Wicket 1.4.x and 1.5.x
Description: It is possible to view the content of any file of a web application by using an Url to a Wicket resource which resolves to a ‘null’ package. With such a Url the attacker can request the content of any file by specifying...
more