Details

    • Type: Task Task
    • Status: Closed Closed (View Workflow)
    • Priority: Blocker Blocker
    • Resolution: Done
    • Affects Version/s: EAP_EWP 5.1.1
    • Fix Version/s: EAP_EWP 5.1.2 ER1
    • Component/s: Seam
    • Security Level: Public (Everyone can see)
    • Labels:
      None
    • Affects:
      Documentation (Ref Guide, User Guide, etc.), Release Notes
    • Release Notes Text:
      Hide
      A security vulnerability was identified in OpenID4Java which affected version 0.9.5 and all prior versions. For details of the issue, refer to <ulink url="http://openid.net/2011/05/05/attribute-exchange-security-alert/">http://openid.net/2011/05/05/attribute-exchange-security-alert/&lt;/ulink>. To resolve this issue OpenID4Java has been upgraded to version 0.9.6 in the Seam distribution.As a result of the upgrade, the following jars must be available for any application which uses OpenID integration:

      <itemizedlist>
        <listitem>
          <para>openid4jav-nodeps.jar</para>
        </listitem>
        <listitem>
          <para>httpclient.jar</para>
        </listitem>
        <listitem>
          <para>httpcore.jar</para>
        </listitem>
        <listitem>
          <para>nekohtml.jar</para>
        </listitem>
        <listitem>
          <para>jcip-annotations.jar</para>
        </listitem>
        <listitem>
          <para>guice.jar</para>
        </listitem>
        <listitem>
          <para>commons-codec.jar</para>
        </listitem>
      </itemizedlist>
      Show
      A security vulnerability was identified in OpenID4Java which affected version 0.9.5 and all prior versions. For details of the issue, refer to <ulink url=" http://openid.net/2011/05/05/attribute-exchange-security-alert/ "> http://openid.net/2011/05/05/attribute-exchange-security-alert/&lt;/ulink >. To resolve this issue OpenID4Java has been upgraded to version 0.9.6 in the Seam distribution.As a result of the upgrade, the following jars must be available for any application which uses OpenID integration: <itemizedlist>   <listitem>     <para>openid4jav-nodeps.jar</para>   </listitem>   <listitem>     <para>httpclient.jar</para>   </listitem>   <listitem>     <para>httpcore.jar</para>   </listitem>   <listitem>     <para>nekohtml.jar</para>   </listitem>   <listitem>     <para>jcip-annotations.jar</para>   </listitem>   <listitem>     <para>guice.jar</para>   </listitem>   <listitem>     <para>commons-codec.jar</para>   </listitem> </itemizedlist>
    • Release Notes Docs Status:
      Documented as Resolved Issue
    • Docs QE Status:
      NEW
    • Similar Issues:
      Show 10 results 

      Description

      Upgrade openid4java dependency in OpenId integration. The version is affected by security vulnerability reported at http://openid.net/2011/05/05/attribute-exchange-security-alert/

        Issue Links

          Activity

          Hide
          Marek Novotny
          added a comment -

          upgraded

          Show
          Marek Novotny
          added a comment - upgraded
          Hide
          Marek Novotny
          added a comment -

          This upgrade affects also documentation due changed openid4java dependencies. There are now required to have these jars in application which uses OpenId integration:

          • openid4jav-nodeps.jar,
          • httpclient.jar,
          • httpcore.jar
          • nekohtml.jar,
          • jcip-annotations.jar,
          • guice.jar,
          • commons-codec.jar.
          Show
          Marek Novotny
          added a comment - This upgrade affects also documentation due changed openid4java dependencies. There are now required to have these jars in application which uses OpenId integration: openid4jav-nodeps.jar, httpclient.jar, httpcore.jar nekohtml.jar, jcip-annotations.jar, guice.jar, commons-codec.jar.
          Show
          Marek Novotny
          added a comment - Documentation changes are covered by https://source.jboss.org/changelog/Seam/?cs=14173 and https://source.jboss.org/changelog/Seam/?cs=14174 .
          Hide
          Marek Schmidt
          added a comment -

          Verified on EAP 5.1.2 ER1 and EWP 5.1.2 ER1

          Show
          Marek Schmidt
          added a comment - Verified on EAP 5.1.2 ER1 and EWP 5.1.2 ER1

            People

            • Assignee:
              Marek Novotny
              Reporter:
              Marek Novotny
              Writer:
              Russell Dickenson
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: