Details

    • Type: Task Task
    • Status: Closed (View Workflow)
    • Priority: Blocker Blocker
    • Resolution: Done
    • Affects Version/s: EAP_EWP 5.1.1
    • Fix Version/s: EAP_EWP 5.1.2 ER1
    • Component/s: Seam
    • Labels:
      None
    • Affects:
      Documentation (Ref Guide, User Guide, etc.), Release Notes
    • Release Notes Text:
      Hide
      A security vulnerability was identified in OpenID4Java which affected version 0.9.5 and all prior versions. For details of the issue, refer to <ulink url="http://openid.net/2011/05/05/attribute-exchange-security-alert/">http://openid.net/2011/05/05/attribute-exchange-security-alert/&lt;/ulink>. To resolve this issue OpenID4Java has been upgraded to version 0.9.6 in the Seam distribution.As a result of the upgrade, the following jars must be available for any application which uses OpenID integration:

      <itemizedlist>
        <listitem>
          <para>openid4jav-nodeps.jar</para>
        </listitem>
        <listitem>
          <para>httpclient.jar</para>
        </listitem>
        <listitem>
          <para>httpcore.jar</para>
        </listitem>
        <listitem>
          <para>nekohtml.jar</para>
        </listitem>
        <listitem>
          <para>jcip-annotations.jar</para>
        </listitem>
        <listitem>
          <para>guice.jar</para>
        </listitem>
        <listitem>
          <para>commons-codec.jar</para>
        </listitem>
      </itemizedlist>
      Show
      A security vulnerability was identified in OpenID4Java which affected version 0.9.5 and all prior versions. For details of the issue, refer to <ulink url=" http://openid.net/2011/05/05/attribute-exchange-security-alert/ "> http://openid.net/2011/05/05/attribute-exchange-security-alert/&lt;/ulink >. To resolve this issue OpenID4Java has been upgraded to version 0.9.6 in the Seam distribution.As a result of the upgrade, the following jars must be available for any application which uses OpenID integration: <itemizedlist>   <listitem>     <para>openid4jav-nodeps.jar</para>   </listitem>   <listitem>     <para>httpclient.jar</para>   </listitem>   <listitem>     <para>httpcore.jar</para>   </listitem>   <listitem>     <para>nekohtml.jar</para>   </listitem>   <listitem>     <para>jcip-annotations.jar</para>   </listitem>   <listitem>     <para>guice.jar</para>   </listitem>   <listitem>     <para>commons-codec.jar</para>   </listitem> </itemizedlist>
    • Release Notes Docs Status:
      Documented as Resolved Issue
    • Docs QE Status:
      NEW
    • Similar Issues:
      Show 10 results 

      Description

      Upgrade openid4java dependency in OpenId integration. The version is affected by security vulnerability reported at http://openid.net/2011/05/05/attribute-exchange-security-alert/

        Gliffy Diagrams

          Issue Links

            Activity

            Hide
            Marek Novotny added a comment -

            upgraded

            Show
            Marek Novotny added a comment - upgraded
            Hide
            Marek Novotny added a comment -

            This upgrade affects also documentation due changed openid4java dependencies. There are now required to have these jars in application which uses OpenId integration:

            • openid4jav-nodeps.jar,
            • httpclient.jar,
            • httpcore.jar
            • nekohtml.jar,
            • jcip-annotations.jar,
            • guice.jar,
            • commons-codec.jar.
            Show
            Marek Novotny added a comment - This upgrade affects also documentation due changed openid4java dependencies. There are now required to have these jars in application which uses OpenId integration: openid4jav-nodeps.jar, httpclient.jar, httpcore.jar nekohtml.jar, jcip-annotations.jar, guice.jar, commons-codec.jar.
            Show
            Marek Novotny added a comment - Documentation changes are covered by https://source.jboss.org/changelog/Seam/?cs=14173 and https://source.jboss.org/changelog/Seam/?cs=14174 .
            Hide
            Marek Schmidt added a comment -

            Verified on EAP 5.1.2 ER1 and EWP 5.1.2 ER1

            Show
            Marek Schmidt added a comment - Verified on EAP 5.1.2 ER1 and EWP 5.1.2 ER1

              People

              • Assignee:
                Marek Novotny
                Reporter:
                Marek Novotny
                Writer:
                Russell Dickenson
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Development