Details

    • Type: Task
    • Status: Closed (View Workflow)
    • Priority: Blocker
    • Resolution: Done
    • Affects Version/s: EAP_EWP 5.1.1
    • Fix Version/s: EAP_EWP 5.1.2 ER1
    • Component/s: Seam
    • Labels:
      None
    • Affects:
      Documentation (Ref Guide, User Guide, etc.), Release Notes
    • Release Notes Text:
      Hide
      A security vulnerability was identified in OpenID4Java which affected version 0.9.5 and all prior versions. For details of the issue, refer to <ulink url="http://openid.net/2011/05/05/attribute-exchange-security-alert/">http://openid.net/2011/05/05/attribute-exchange-security-alert/&lt;/ulink>. To resolve this issue OpenID4Java has been upgraded to version 0.9.6 in the Seam distribution.As a result of the upgrade, the following jars must be available for any application which uses OpenID integration:

      <itemizedlist>
        <listitem>
          <para>openid4jav-nodeps.jar</para>
        </listitem>
        <listitem>
          <para>httpclient.jar</para>
        </listitem>
        <listitem>
          <para>httpcore.jar</para>
        </listitem>
        <listitem>
          <para>nekohtml.jar</para>
        </listitem>
        <listitem>
          <para>jcip-annotations.jar</para>
        </listitem>
        <listitem>
          <para>guice.jar</para>
        </listitem>
        <listitem>
          <para>commons-codec.jar</para>
        </listitem>
      </itemizedlist>
      Show
      A security vulnerability was identified in OpenID4Java which affected version 0.9.5 and all prior versions. For details of the issue, refer to <ulink url=" http://openid.net/2011/05/05/attribute-exchange-security-alert/ "> http://openid.net/2011/05/05/attribute-exchange-security-alert/&lt;/ulink >. To resolve this issue OpenID4Java has been upgraded to version 0.9.6 in the Seam distribution.As a result of the upgrade, the following jars must be available for any application which uses OpenID integration: <itemizedlist>   <listitem>     <para>openid4jav-nodeps.jar</para>   </listitem>   <listitem>     <para>httpclient.jar</para>   </listitem>   <listitem>     <para>httpcore.jar</para>   </listitem>   <listitem>     <para>nekohtml.jar</para>   </listitem>   <listitem>     <para>jcip-annotations.jar</para>   </listitem>   <listitem>     <para>guice.jar</para>   </listitem>   <listitem>     <para>commons-codec.jar</para>   </listitem> </itemizedlist>
    • Release Notes Docs Status:
      Documented as Resolved Issue
    • Docs QE Status:
      NEW

      Description

      Upgrade openid4java dependency in OpenId integration. The version is affected by security vulnerability reported at http://openid.net/2011/05/05/attribute-exchange-security-alert/

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  manaRH Marek Novotny
                  Reporter:
                  manaRH Marek Novotny
                  Writer:
                  Russell Dickenson
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  1 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: