This page just came to my attention. http://www.apache.org/dev/crypto.html
My understanding is that any software that calls encryption APIs is affected by this, so this affects MyFaces due to our client-side state saving encryption code. Is anyone who is currently subscribed to the legal-discuss mailing lists willing to follow up on this and determine if MyFaces needs to do something? My reading is that MyFaces clearly is affected and needs to follow these steps: 1. Check the Export Control Classification Number (ECCN). -- Looks like MyFaces is ECCN 5D002 2. Update the Exports Page with Source Links. -- http://www.apache.org/legal/export.html is a broken link -- something else to report to legal-discuss. 3. Notify the U.S. Government of the new code. -- needs to be done 4. Inform users with a crypto notice in the distribution's README and download pages. -- needs to be done