Monthly archive for December 2016
Apache Wicket 6.26.0 released
29 Dec 2016
The Apache Wicket PMC is proud to announce Apache Wicket 6.26.0!
Apache Wicket is an open source Java component oriented web application framework that powers thousands of web applications and web sites for governments...
moreApache Wicket 7.6.0 released
29 Dec 2016
The Apache Wicket PMC is proud to announce Apache Wicket 7.6.0!
Apache Wicket is an open source Java component oriented web application framework that powers thousands of web applications and web sites for government...
moreApache Wicket 8.0.0-M3 released
29 Dec 2016
The Apache Wicket PMC is proud to announce Apache Wicket 8.0.0-M3!
Apache Wicket is an open source Java component oriented web application framework that powers thousands of web applications and web sites for governments, ...
moreCVE-2016-6793 Apache Wicket deserialization vulnerability
31 Dec 2016
Severity: Low
Vendor: The Apache Software Foundation
Versions Affected: Apache Wicket 6.x and 1.5.x
Description: Depending on the ISerializer set in the Wicket application, it’s possible that a Wicket’s object deserialized from an untrusted source and utilized by the application to causes the code to enter in an infinite loop. Specifically, Wicket’s DiskFileItem class, serialized by Kryo, allows an attacker to hack its serialized form to put a client on an infin...
more