The Apache MyFaces team is pleased to announce the release of MyFaces
Core 1.1.8.
MyFaces Core is a JavaServer(tm) Faces 1.1 implementation as specified
by JSR-127. MyFaces Core has passed Sun's JSR-127 TCK and is 100%
compliant with the JSR-127 specification.
Please note this release also contains a fix for:
MYFACES-2749 Encrypted View State does not include Message
Authentication Code (MAC)
This fix prevents padding oracle attack on view state when client side
state saving is used.
MyFaces Core 1.1.8 is available in both binary and source distributions.
* http://myfaces.apache.org/download.html
MyFaces Core is also available in the central Maven repository under
Group ID "org.apache.myfaces.core".
Release Notes - MyFaces Core - Version 1.1.8
Bug
* [MYFACES-2006] - getTableIndex: Integer to String (ClassCastException)
* [MYFACES-2382] - Duplicate id exception when weblogic portal and
jsf native portlet (faces-adapter.jar) is used
* [MYFACES-2525] - Split javax.faces package in OSGi
* [MYFACES-2566] - HTMLEncoder requiring StringBuilder class from JDK 5
* [MYFACES-2684] - UIComponentBase.saveAttachedState save transient
elements as null values on List case
* [MYFACES-2726] - CommandLink renderer do not escape \ characters
in generated javascript
* [MYFACES-2749] - Encrypted View State does not include Message
Authentication Code (MAC)
Improvement
* [MYFACES-2680] - Cache renderKit used
* [MYFACES-2691] - Enhance MessageUtils adding methods when custom
library bundle should be scanned
* [MYFACES-2737] - Cache FacesContext on UIComponentBase instances
Enjoy!
regards
Leonardo Uribe
