Author: mgrigorov
Date: Thu Mar 22 10:03:34 2012
New Revision: 1303708
URL: http://svn.apache.org/viewvc?rev=1303708&view=rev
Log:
Add entries for CVE-2012-0047 and CVE-2012-1089
Added:
wicket/common/site/trunk/_posts/2012-03-22-wicket-cve-2012-0047.md
wicket/common/site/trunk/_posts/2012-03-22-wicket-cve-2012-1089.md
wicket/common/site/trunk/_site/2012/03/22/
wicket/common/site/trunk/_site/2012/03/22/wicket-cve-2012-0047.html
wicket/common/site/trunk/_site/2012/03/22/wicket-cve-2012-1089.html
Modified:
wicket/common/site/trunk/_site/2011/03/25/wicket-cookbook-published.html
wicket/common/site/trunk/_site/2011/05/17/wicket-cookbook-contest.html
wicket/common/site/trunk/_site/atom.xml
wicket/common/site/trunk/_site/index.html
wicket/common/site/trunk/_site/learn/books/index.html
wicket/common/site/trunk/_site/start/index.html
wicket/common/site/trunk/_site/start/quickstart.html
Added: wicket/common/site/trunk/_posts/2012-03-22-wicket-cve-2012-0047.md
URL:
http://svn.apache.org/viewvc/wicket/common/site/trunk/_posts/2012-03-22-wicket-cve-2012-0047.md?rev=1303708&view=auto
==============================================================================
--- wicket/common/site/trunk/_posts/2012-03-22-wicket-cve-2012-0047.md (added)
+++ wicket/common/site/trunk/_posts/2012-03-22-wicket-cve-2012-0047.md Thu Mar
22 10:03:34 2012
@@ -0,0 +1,25 @@
+---
+layout: post
+title: CVE-2012-0047 - Apache Wicket XSS vulnerability via pageMapName request
parameter
+---
+
+Severity: Important
+
+Vendor:
+The Apache Software Foundation
+
+Versions Affected:
+Apache Wicket 1.4.x
+
+Apache Wicket 1.3.x and 1.5.x are not affected
+
+Description:
+A Cross Site Scripting (XSS) attack is possible by manipulating the
+value of 'wicket:pageMapName' request parameter.
+
+Mitigation:
+Upgrade to [Apache Wicket
1.4.20](http://wicket.apache.org/2012/03/12/wicket-1.4.20-released.html) or
+[Apache Wicket
1.5.5](http://wicket.apache.org/2012/03/12/wicket-1.5.5-released.html)
+
+Credit:
+This issue was discovered by Jens Schenck.
Added: wicket/common/site/trunk/_posts/2012-03-22-wicket-cve-2012-1089.md
URL:
http://svn.apache.org/viewvc/wicket/common/site/trunk/_posts/2012-03-22-wicket-cve-2012-1089.md?rev=1303708&view=auto
==============================================================================
--- wicket/common/site/trunk/_posts/2012-03-22-wicket-cve-2012-1089.md (added)
+++ wicket/common/site/trunk/_posts/2012-03-22-wicket-cve-2012-1089.md Thu Mar
22 10:03:34 2012
@@ -0,0 +1,46 @@
+---
+layout: post
+title: CVE-2012-1089 - Apache Wicket serving of hidden files vulnerability
+---
+
+Severity: Important
+
+Vendor:
+The Apache Software Foundation
+
+Versions Affected:
+Apache Wicket 1.4.x and 1.5.x
+
+Description:
+It is possible to view the content of any file of a web application by
+using an Url to a Wicket resource which resolves to a 'null' package.
+With such a Url the attacker can request the content of any file by specifying
+its relative path, i.e. the attacker must know the file name to be able to
+request it.
+
+Mitigation:
+Setup a custom org.apache.wicket.markup.html.IPackageResourceGuard that
provides
+a whitelist of allowed resources.
+Since versions 1.4.20 and 1.5.5 Apache Wicket uses by default
+org.apache.wicket.markup.html.SecurePackageResourceGuard with a preconfigured
+list of allowed file extensions.
+Either setup SecurePackageResourceGuard with code like:
+
+{% highlight java %}
+public class MyApp extends WebApplication {
+ public void init() {
+ super.init();
+ SecurePackageResourceGuard guard = new SecurePackageResourceGuard();
+ guard.addPattern(...);
+ guard.addPattern(...);
+ getResourceSettings().setPackageResourceGuard(guard);
+ }
+}
+{% endhighlight %}
+
+or upgrade [Apache Wicket
1.4.20](http://wicket.apache.org/2012/03/12/wicket-1.4.20-released.html) or
+[Apache Wicket
1.5.5](http://wicket.apache.org/2012/03/12/wicket-1.5.5-released.html)
+
+
+Credit:
+This issue was discovered by Sebastian van Erk.
Modified:
wicket/common/site/trunk/_site/2011/03/25/wicket-cookbook-published.html
URL:
http://svn.apache.org/viewvc/wicket/common/site/trunk/_site/2011/03/25/wicket-cookbook-published.html?rev=1303708&r1=1303707&r2=1303708&view=diff
==============================================================================
--- wicket/common/site/trunk/_site/2011/03/25/wicket-cookbook-published.html
(original)
+++ wicket/common/site/trunk/_site/2011/03/25/wicket-cookbook-published.html
Thu Mar 22 10:03:34 2012
@@ -151,7 +151,7 @@
<div id="contentbody">
<h1>Apache Wicket Cookbook Published!</h1>
- <img style='float: left; margin-left: 10px;
margin-right: 10px;' title='Apache Wicket Cookbook' width='180' height='222'
alt='' src='http://wicket.apache.org/learn/books/awc.png' />
+ <img height='222' style='float: left; margin-left:
10px; margin-right: 10px;' alt='' width='180'
src='http://wicket.apache.org/learn/books/awc.png' title='Apache Wicket
Cookbook' />
<p>For the past nine months I have been quietly working on a book about
Wicket. Unlike other books on the market this one does not attempt to teach you
Wicket from the ground up. Instead, it is for developers who already know the
basics and want to learn how to implement some of the more advanced use cases.
Essentially, it contains recipes that show the reader how to implement
solutions to some of, what I think are, the most commonly asked questions and
stumbling blocks.</p>
<p>This morning I was informed that the book has been published! You can read
more about it and pick up a copy on <a
href='https://www.packtpub.com/apache-wicket-cookbook/book'>PACKT's
Site</a>.</p>
Modified: wicket/common/site/trunk/_site/2011/05/17/wicket-cookbook-contest.html
URL:
http://svn.apache.org/viewvc/wicket/common/site/trunk/_site/2011/05/17/wicket-cookbook-contest.html?rev=1303708&r1=1303707&r2=1303708&view=diff
==============================================================================
--- wicket/common/site/trunk/_site/2011/05/17/wicket-cookbook-contest.html
(original)
+++ wicket/common/site/trunk/_site/2011/05/17/wicket-cookbook-contest.html Thu
Mar 22 10:03:34 2012
@@ -151,7 +151,7 @@
<div id="contentbody">
<h1>Apache Wicket Cookbook Giveaway Contest</h1>
- <img style='float: left; margin-left: 10px;
margin-right: 10px;' title='Apache Wicket Cookbook' width='90' height='111'
alt='' src='http://wicket.apache.org/learn/books/awc.png' />
+ <img height='111' style='float: left; margin-left:
10px; margin-right: 10px;' alt='' width='90'
src='http://wicket.apache.org/learn/books/awc.png' title='Apache Wicket
Cookbook' />
<p>Packt Publishing has generously allowed me to give away a free copy of the
ebook version of <a href='http://link.packtpub.com/AzN8N9'><strong>Apache
Wicket Cookbook</strong></a> (http://link.packtpub.com/AzN8N9), and a
<strong>free one year subscription</strong> to PacktLib. For details see the <a
href='http://wicketinaction.com/2011/05/apache_wicket_cookbook_giveaway_contest'>contest
announcement</a>.</p>
<p>Cheers,<br /> -Igor <br /><br /><br /><br /><br /><br /></p>
Added: wicket/common/site/trunk/_site/2012/03/22/wicket-cve-2012-0047.html
URL:
http://svn.apache.org/viewvc/wicket/common/site/trunk/_site/2012/03/22/wicket-cve-2012-0047.html?rev=1303708&view=auto
==============================================================================
--- wicket/common/site/trunk/_site/2012/03/22/wicket-cve-2012-0047.html (added)
+++ wicket/common/site/trunk/_site/2012/03/22/wicket-cve-2012-0047.html Thu Mar
22 10:03:34 2012
@@ -0,0 +1,177 @@
+<!DOCTYPE html>
+<html>
+<head>
+ <title>Apache Wicket - CVE-2012-0047 - Apache Wicket XSS vulnerability via
pageMapName request parameter</title>
+
+ <link rel="stylesheet" href="/css/screen.css" type="text/css"
media="screen" />
+
+ <!--[if lt ie 7]>
+ <link rel="stylesheet" href="/css/ie.css" type="text/css"
media="screen" />
+ <![endif]-->
+ <link rel="shortcut icon" href="/favicon.ico"
type="image/vnd.microsoft.icon" />
+ <link rel="alternate" type="application/atom+xml" href="/atom.xml" />
+ <meta http-equiv="content-type" content="text/html;charset=utf-8" />
+</head>
+<body>
+<div id="container">
+ <div id="content">
+ <div id="header"><a href="/"><h1 id="logo"><span>Apache
Wicket</span></h1></a></div>
+ <div id="navigation">
+ <h5><a name="Navigation-Wicket"></a>Meet Wicket</h5>
+ <ul>
+ <li>
+ <a href="/" title="Index">Home</a>
+ </li>
+ <li>
+ <a href="/meet/introduction.html"
title="Introduction">Introduction</a>
+ </li>
+ <li>
+ <a href="/meet/features.html"
title="Features">Features</a>
+ </li>
+ <li>
+ <a href="/meet/buzz.html" title="Buzz">Buzz</a>
+ </li>
+ <li>
+ <a href="/meet/vision.html" title="Vision">Vision</a>
+ </li>
+ <li>
+ <a href="/meet/blogs.html" title="Blogs">Blogs</a>
+ </li>
+ </ul>
+ <h5>
+ <a name="Navigation-GettingStarted"
id="Navigation-GettingStarted"></a>Get Started
+ </h5>
+ <ul>
+ <li>
+ <a href="/start/download.html" title="Download
Wicket">Download Wicket</a>
+ </li>
+ <li>
+ <a href="/start/quickstart.html" title="Getting started
via a Maven Archetype">Quickstart</a>
+ </li>
+ <li>
+ <a href="http://www.jweekend.com/dev/LegUp";
rel="nofollow">More archetypes</a>
+ </li>
+ <li>
+ <a href="/help" title="Get help">Get help</a>
+ </li>
+ <li>
+ <a href="/help/email.html" title="Wicket Mailing
Lists">Mailing Lists</a>
+ </li>
+ </ul>
+ <h5>
+ <a name="Navigation-Documentation"
id="Navigation-Documentation"></a>Learn
+ </h5>
+ <ul>
+ <li>
+ <a href="/learn/examples" title="Examples">Examples</a>
+ </li>
+ <li>
+ <a
href="http://wicketstuff.org/wicket14/compref/";>Components</a>
+ </li>
+ <li>
+ <a href="/learn/projects/" title="Projects extending
basic Wicket">Projects</a>
+ </li>
+ <li>
+ <a href="http://cwiki.apache.org/WICKET";>Wiki</a>
+ </li>
+ <li>
+ <a
href="http://cwiki.apache.org/WICKET/reference-library.html";>Reference guide</a>
+ </li>
+ <li>
+ <a href="/learn/books" title="Books">Books</a>
+ </li>
+ <li>
+ <a href="/learn/ides.html" title="IDEs">IDE plugins</a>
+ </li>
+ </ul>
+ <h5>
+ <a name="Navigation-Releases"
id="Navigation-Releases"></a>Releases
+ </h5>
+ <ul>
+ <li>
+ <a
href="http://www.apache.org/dyn/closer.cgi/wicket/1.5.5";>Wicket 1.5</a>
+ (<a href="http://wicket.apache.org/apidocs/1.5";
title="JavaDocs of the latest stable release - 1.5.x">docs</a>)
+ </li>
+ <li>
+ <a
href="http://www.apache.org/dyn/closer.cgi/wicket/1.4.19";>Wicket 1.4</a>
+ (<a
href="http://ci.apache.org/projects/wicket/apidocs/1.4.x"; title="JavaDocs of
Apache Wicket 1.4.x">docs</a>)
+ </li>
+ <li>
+ <a
href="http://www.apache.org/dyn/closer.cgi/wicket/1.3.7";>Wicket 1.3</a>
+ (<a
href="http://ci.apache.org/projects/wicket/apidocs/1.3.x"; title="JavaDocs of
Apache Wicket 1.3.x">docs</a>)
+ </li>
+ <li>
+ <a href="http://wicket.sf.net/wicket-1.2";
class="external-link" rel="nofollow">Wicket 1.2</a>
+ </li>
+ <li>
+ <a href="http://wicket.sf.net/wicket-1.1";
class="external-link" rel="nofollow">Wicket 1.1</a>
+ </li>
+ <li>
+ <a href="http://wicket.sf.net/wicket-1.0";
class="external-link" rel="nofollow">Wicket 1.0</a>
+ </li>
+ </ul>
+ <h5>
+ <a name="Navigation-Developers"
id="Navigation-Developers"></a>Contribute
+ </h5>
+ <ul>
+ <li>
+ <a href="/contribute/write.html" title="Writing
documentation">Writing docs</a>
+ </li>
+ <li>
+ <a href="/contribute/build.html" title="Building from
SVN">Build Wicket</a>
+ </li>
+ <li>
+ <a href="/contribute/patch.html" title="Provide a
patch">Provide a patch</a>
+ </li>
+ <li>
+ <a href="/contribute/release.html" title="Release
Wicket">Release Wicket</a>
+ </li>
+ <li>
+ <a href="http://fisheye6.atlassian.com/browse/wicket";
title="SVN Overview" class="external-link" rel="nofollow">Fisheye</a>
+ </li>
+ </ul>
+ <h5>
+ <a name="Navigation-Apache" id="Navigation-Apache"></a>Apache
+ </h5>
+ <ul>
+ <li>
+ <a href="http://www.apache.org/"; class="external-link"
rel="nofollow">Apache</a>
+ </li>
+ <li>
+ <a href="http://www.apache.org/licenses/";
class="external-link" rel="nofollow">License</a>
+ </li>
+ <li>
+ <a
href="http://www.apache.org/foundation/sponsorship.html"; class="external-link"
rel="nofollow">Sponsorship</a>
+ </li>
+ <li>
+ <a href="http://apache.org/foundation/thanks.html";
class="external-link" rel="nofollow">Thanks</a>
+ </li>
+ </ul>
+</div>
+
+ <div id="contentbody">
+ <h1>CVE-2012-0047 - Apache Wicket XSS vulnerability via
pageMapName request parameter</h1>
+ <p>Vendor: The Apache Software Foundation</p>
+
+<p>Versions Affected: Apache Wicket 1.4.x</p>
+
+<p>Apache Wicket 1.3.x and 1.5.x are not affected</p>
+
+<p>Description: A Cross Site Scripting (XSS) attack is possible by
manipulating the value of ‘wicket:pageMapName’ request
parameter.</p>
+
+<p>Mitigation: Upgrade to <a
href='http://wicket.apache.org/2012/03/12/wicket-1.4.20-released.html'>Apache
Wicket 1.4.20</a> or <a
href='http://wicket.apache.org/2012/03/12/wicket-1.5.5-released.html'>Apache
Wicket 1.5.5</a></p>
+
+<p>Credit: This issue was discovered by Jens Schenck.</p>
+ </div>
+ <div id="clearer"></div>
+ <div id="footer"><span>
+Copyright © 2012 — The Apache Software Foundation. Apache Wicket,
+Wicket, Apache, the Apache feather logo, and the Apache Wicket project logo
+are trademarks of The Apache Software Foundation. All other marks mentioned
+may be trademarks or registered trademarks of their respective owners.
+</span></div>
+
+ </div>
+</div>
+</body>
+</html>
Added: wicket/common/site/trunk/_site/2012/03/22/wicket-cve-2012-1089.html
URL:
http://svn.apache.org/viewvc/wicket/common/site/trunk/_site/2012/03/22/wicket-cve-2012-1089.html?rev=1303708&view=auto
==============================================================================
--- wicket/common/site/trunk/_site/2012/03/22/wicket-cve-2012-1089.html (added)
+++ wicket/common/site/trunk/_site/2012/03/22/wicket-cve-2012-1089.html Thu Mar
22 10:03:34 2012
@@ -0,0 +1,187 @@
+<!DOCTYPE html>
+<html>
+<head>
+ <title>Apache Wicket - CVE-2012-1089 - Apache Wicket serving of hidden
files vulnerability</title>
+
+ <link rel="stylesheet" href="/css/screen.css" type="text/css"
media="screen" />
+
+ <!--[if lt ie 7]>
+ <link rel="stylesheet" href="/css/ie.css" type="text/css"
media="screen" />
+ <![endif]-->
+ <link rel="shortcut icon" href="/favicon.ico"
type="image/vnd.microsoft.icon" />
+ <link rel="alternate" type="application/atom+xml" href="/atom.xml" />
+ <meta http-equiv="content-type" content="text/html;charset=utf-8" />
+</head>
+<body>
+<div id="container">
+ <div id="content">
+ <div id="header"><a href="/"><h1 id="logo"><span>Apache
Wicket</span></h1></a></div>
+ <div id="navigation">
+ <h5><a name="Navigation-Wicket"></a>Meet Wicket</h5>
+ <ul>
+ <li>
+ <a href="/" title="Index">Home</a>
+ </li>
+ <li>
+ <a href="/meet/introduction.html"
title="Introduction">Introduction</a>
+ </li>
+ <li>
+ <a href="/meet/features.html"
title="Features">Features</a>
+ </li>
+ <li>
+ <a href="/meet/buzz.html" title="Buzz">Buzz</a>
+ </li>
+ <li>
+ <a href="/meet/vision.html" title="Vision">Vision</a>
+ </li>
+ <li>
+ <a href="/meet/blogs.html" title="Blogs">Blogs</a>
+ </li>
+ </ul>
+ <h5>
+ <a name="Navigation-GettingStarted"
id="Navigation-GettingStarted"></a>Get Started
+ </h5>
+ <ul>
+ <li>
+ <a href="/start/download.html" title="Download
Wicket">Download Wicket</a>
+ </li>
+ <li>
+ <a href="/start/quickstart.html" title="Getting started
via a Maven Archetype">Quickstart</a>
+ </li>
+ <li>
+ <a href="http://www.jweekend.com/dev/LegUp";
rel="nofollow">More archetypes</a>
+ </li>
+ <li>
+ <a href="/help" title="Get help">Get help</a>
+ </li>
+ <li>
+ <a href="/help/email.html" title="Wicket Mailing
Lists">Mailing Lists</a>
+ </li>
+ </ul>
+ <h5>
+ <a name="Navigation-Documentation"
id="Navigation-Documentation"></a>Learn
+ </h5>
+ <ul>
+ <li>
+ <a href="/learn/examples" title="Examples">Examples</a>
+ </li>
+ <li>
+ <a
href="http://wicketstuff.org/wicket14/compref/";>Components</a>
+ </li>
+ <li>
+ <a href="/learn/projects/" title="Projects extending
basic Wicket">Projects</a>
+ </li>
+ <li>
+ <a href="http://cwiki.apache.org/WICKET";>Wiki</a>
+ </li>
+ <li>
+ <a
href="http://cwiki.apache.org/WICKET/reference-library.html";>Reference guide</a>
+ </li>
+ <li>
+ <a href="/learn/books" title="Books">Books</a>
+ </li>
+ <li>
+ <a href="/learn/ides.html" title="IDEs">IDE plugins</a>
+ </li>
+ </ul>
+ <h5>
+ <a name="Navigation-Releases"
id="Navigation-Releases"></a>Releases
+ </h5>
+ <ul>
+ <li>
+ <a
href="http://www.apache.org/dyn/closer.cgi/wicket/1.5.5";>Wicket 1.5</a>
+ (<a href="http://wicket.apache.org/apidocs/1.5";
title="JavaDocs of the latest stable release - 1.5.x">docs</a>)
+ </li>
+ <li>
+ <a
href="http://www.apache.org/dyn/closer.cgi/wicket/1.4.19";>Wicket 1.4</a>
+ (<a
href="http://ci.apache.org/projects/wicket/apidocs/1.4.x"; title="JavaDocs of
Apache Wicket 1.4.x">docs</a>)
+ </li>
+ <li>
+ <a
href="http://www.apache.org/dyn/closer.cgi/wicket/1.3.7";>Wicket 1.3</a>
+ (<a
href="http://ci.apache.org/projects/wicket/apidocs/1.3.x"; title="JavaDocs of
Apache Wicket 1.3.x">docs</a>)
+ </li>
+ <li>
+ <a href="http://wicket.sf.net/wicket-1.2";
class="external-link" rel="nofollow">Wicket 1.2</a>
+ </li>
+ <li>
+ <a href="http://wicket.sf.net/wicket-1.1";
class="external-link" rel="nofollow">Wicket 1.1</a>
+ </li>
+ <li>
+ <a href="http://wicket.sf.net/wicket-1.0";
class="external-link" rel="nofollow">Wicket 1.0</a>
+ </li>
+ </ul>
+ <h5>
+ <a name="Navigation-Developers"
id="Navigation-Developers"></a>Contribute
+ </h5>
+ <ul>
+ <li>
+ <a href="/contribute/write.html" title="Writing
documentation">Writing docs</a>
+ </li>
+ <li>
+ <a href="/contribute/build.html" title="Building from
SVN">Build Wicket</a>
+ </li>
+ <li>
+ <a href="/contribute/patch.html" title="Provide a
patch">Provide a patch</a>
+ </li>
+ <li>
+ <a href="/contribute/release.html" title="Release
Wicket">Release Wicket</a>
+ </li>
+ <li>
+ <a href="http://fisheye6.atlassian.com/browse/wicket";
title="SVN Overview" class="external-link" rel="nofollow">Fisheye</a>
+ </li>
+ </ul>
+ <h5>
+ <a name="Navigation-Apache" id="Navigation-Apache"></a>Apache
+ </h5>
+ <ul>
+ <li>
+ <a href="http://www.apache.org/"; class="external-link"
rel="nofollow">Apache</a>
+ </li>
+ <li>
+ <a href="http://www.apache.org/licenses/";
class="external-link" rel="nofollow">License</a>
+ </li>
+ <li>
+ <a
href="http://www.apache.org/foundation/sponsorship.html"; class="external-link"
rel="nofollow">Sponsorship</a>
+ </li>
+ <li>
+ <a href="http://apache.org/foundation/thanks.html";
class="external-link" rel="nofollow">Thanks</a>
+ </li>
+ </ul>
+</div>
+
+ <div id="contentbody">
+ <h1>CVE-2012-1089 - Apache Wicket serving of hidden
files vulnerability</h1>
+ <p>Vendor: The Apache Software Foundation</p>
+
+<p>Versions Affected: Apache Wicket 1.4.x and 1.5.x</p>
+
+<p>Description: It is possible to view the content of any file of a web
application by using an Url to a Wicket resource which resolves to a
‘null’ package. With such a Url the attacker can request the
content of any file by specifying its relative path, i.e. the attacker must
know the file name to be able to request it.</p>
+
+<p>Mitigation: Setup a custom
org.apache.wicket.markup.html.IPackageResourceGuard that provides a whitelist
of allowed resources. Since versions 1.4.20 and 1.5.5 Apache Wicket uses by
default org.apache.wicket.markup.html.SecurePackageResourceGuard with a
preconfigured list of allowed file extensions. Either setup
SecurePackageResourceGuard with code like:</p>
+<div class='highlight'><pre><code class='java'><span class='kd'>public</span>
<span class='kd'>class</span> <span class='nc'>MyApp</span> <span
class='kd'>extends</span> <span class='n'>WebApplication</span> <span
class='o'>{</span>
+ <span class='kd'>public</span> <span class='kt'>void</span> <span
class='nf'>init</span><span class='o'>()</span> <span class='o'>{</span>
+ <span class='kd'>super</span><span class='o'>.</span><span
class='na'>init</span><span class='o'>();</span>
+ <span class='n'>SecurePackageResourceGuard</span> <span
class='n'>guard</span> <span class='o'>=</span> <span class='k'>new</span>
<span class='n'>SecurePackageResourceGuard</span><span class='o'>();</span>
+ <span class='n'>guard</span><span class='o'>.</span><span
class='na'>addPattern</span><span class='o'>(...);</span>
+ <span class='n'>guard</span><span class='o'>.</span><span
class='na'>addPattern</span><span class='o'>(...);</span>
+ <span class='n'>getResourceSettings</span><span
class='o'>().</span><span class='na'>setPackageResourceGuard</span><span
class='o'>(</span><span class='n'>guard</span><span class='o'>);</span>
+ <span class='o'>}</span>
+<span class='o'>}</span>
+</code></pre>
+</div>
+<p>or upgrade <a
href='http://wicket.apache.org/2012/03/12/wicket-1.4.20-released.html'>Apache
Wicket 1.4.20</a> or <a
href='http://wicket.apache.org/2012/03/12/wicket-1.5.5-released.html'>Apache
Wicket 1.5.5</a></p>
+
+<p>Credit: This issue was discovered by Sebastian van Erk.</p>
+ </div>
+ <div id="clearer"></div>
+ <div id="footer"><span>
+Copyright © 2012 — The Apache Software Foundation. Apache Wicket,
+Wicket, Apache, the Apache feather logo, and the Apache Wicket project logo
+are trademarks of The Apache Software Foundation. All other marks mentioned
+may be trademarks or registered trademarks of their respective owners.
+</span></div>
+
+ </div>
+</div>
+</body>
+</html>
Modified: wicket/common/site/trunk/_site/atom.xml
URL:
http://svn.apache.org/viewvc/wicket/common/site/trunk/_site/atom.xml?rev=1303708&r1=1303707&r2=1303708&view=diff
==============================================================================
--- wicket/common/site/trunk/_site/atom.xml (original)
+++ wicket/common/site/trunk/_site/atom.xml Thu Mar 22 10:03:34 2012
@@ -4,7 +4,7 @@
<title>Apache Wicket</title>
<link href="http://wicket.apache.org/atom.xml"; rel="self"/>
<link href="http://wicket.apache.org/"/>
- <updated>2012-03-12T17:47:32+02:00</updated>
+ <updated>2012-03-22T12:00:52+02:00</updated>
<id>http://wicket.apache.org/</id>
<author>
<name>Apache Wicket</name>
@@ -13,6 +13,52 @@
<entry>
+ <title>CVE-2012-1089 - Apache Wicket serving of hidden files
vulnerability</title>
+ <link href="http://wicket.apache.org/2012/03/22/wicket-cve-2012-1089.html"/>
+ <updated>2012-03-22T00:00:00+02:00</updated>
+ <id>http://wicket.apache.org/2012/03/22/wicket-cve-2012-1089</id>
+ <content type="html"><p>Vendor: The Apache Software
Foundation</p>
+
+<p>Versions Affected: Apache Wicket 1.4.x and 1.5.x</p>
+
+<p>Description: It is possible to view the content of any file of a web
application by using an Url to a Wicket resource which resolves to a
&#8216;null&#8217; package. With such a Url the attacker can request
the content of any file by specifying its relative path, i.e. the attacker must
know the file name to be able to request it.</p>
+
+<p>Mitigation: Setup a custom
org.apache.wicket.markup.html.IPackageResourceGuard that provides a whitelist
of allowed resources. Since versions 1.4.20 and 1.5.5 Apache Wicket uses by
default org.apache.wicket.markup.html.SecurePackageResourceGuard with a
preconfigured list of allowed file extensions. Either setup
SecurePackageResourceGuard with code like:</p>
+<div class='highlight'><pre><code class='java'><span
class='kd'>public</span> <span class='kd'>class</span>
<span class='nc'>MyApp</span> <span
class='kd'>extends</span> <span
class='n'>WebApplication</span> <span class='o'>{</span>
+ <span class='kd'>public</span> <span
class='kt'>void</span> <span
class='nf'>init</span><span class='o'>()</span> <span
class='o'>{</span>
+ <span class='kd'>super</span><span
class='o'>.</span><span class='na'>init</span><span
class='o'>();</span>
+ <span class='n'>SecurePackageResourceGuard</span> <span
class='n'>guard</span> <span class='o'>=</span> <span
class='k'>new</span> <span
class='n'>SecurePackageResourceGuard</span><span
class='o'>();</span>
+ <span class='n'>guard</span><span
class='o'>.</span><span
class='na'>addPattern</span><span class='o'>(...);</span>
+ <span class='n'>guard</span><span
class='o'>.</span><span
class='na'>addPattern</span><span class='o'>(...);</span>
+ <span class='n'>getResourceSettings</span><span
class='o'>().</span><span
class='na'>setPackageResourceGuard</span><span
class='o'>(</span><span class='n'>guard</span><span
class='o'>);</span>
+ <span class='o'>}</span>
+<span class='o'>}</span>
+</code></pre>
+</div>
+<p>or upgrade <a
href='http://wicket.apache.org/2012/03/12/wicket-1.4.20-released.html'>Apache
Wicket 1.4.20</a> or <a
href='http://wicket.apache.org/2012/03/12/wicket-1.5.5-released.html'>Apache
Wicket 1.5.5</a></p>
+
+<p>Credit: This issue was discovered by Sebastian van
Erk.</p></content>
+ </entry>
+
+ <entry>
+ <title>CVE-2012-0047 - Apache Wicket XSS vulnerability via pageMapName
request parameter</title>
+ <link href="http://wicket.apache.org/2012/03/22/wicket-cve-2012-0047.html"/>
+ <updated>2012-03-22T00:00:00+02:00</updated>
+ <id>http://wicket.apache.org/2012/03/22/wicket-cve-2012-0047</id>
+ <content type="html"><p>Vendor: The Apache Software
Foundation</p>
+
+<p>Versions Affected: Apache Wicket 1.4.x</p>
+
+<p>Apache Wicket 1.3.x and 1.5.x are not affected</p>
+
+<p>Description: A Cross Site Scripting (XSS) attack is possible by
manipulating the value of &#8216;wicket:pageMapName&#8217; request
parameter.</p>
+
+<p>Mitigation: Upgrade to <a
href='http://wicket.apache.org/2012/03/12/wicket-1.4.20-released.html'>Apache
Wicket 1.4.20</a> or <a
href='http://wicket.apache.org/2012/03/12/wicket-1.5.5-released.html'>Apache
Wicket 1.5.5</a></p>
+
+<p>Credit: This issue was discovered by Jens Schenck.</p></content>
+ </entry>
+
+ <entry>
<title>Wicket 1.5.5 released</title>
<link
href="http://wicket.apache.org/2012/03/12/wicket-1.5.5-released.html"/>
<updated>2012-03-12T00:00:00+02:00</updated>
@@ -317,63 +363,4 @@
</div></content>
</entry>
- <entry>
- <title>Wicket 1.5-RC7 released</title>
- <link href="http://wicket.apache.org/2011/08/28/1.5-RC7-released.html"/>
- <updated>2011-08-28T00:00:00+03:00</updated>
- <id>http://wicket.apache.org/2011/08/28/1.5-RC7-released</id>
- <content type="html"><p>The Wicket Team is proud to introduce the
seventh Release Candidate in Wicket 1.5 series. See the changelog for the list
of bug fixes and improvements done between 1.5-RC5.1 and 1.5-RC7</p>
-
-<p>More detailed migration notes are available on our <a
href='https://cwiki.apache.org/WICKET/migration-to-wicket-15.html'>Migrate
to 1.5 Wiki Page</a></p>
-
-<p>Release Artifacts:</p>
-
-<ul>
-<li><a
href='http://svn.apache.org/repos/asf/wicket/releases/wicket-1.5-RC7'>Subversion
tag</a></li>
-
-<li><a
href='https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310561&amp;version=12316657'>Changelog
RC6</a></li>
-
-<li><a
href='https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310561&amp;version=12317645'>Changelog
RC7</a></li>
-
-<li>To use in Maven:</li>
-</ul>
-<div class='highlight'><pre><code class='xml'><span
class='nt'>&lt;dependency&gt;</span>
- <span
class='nt'>&lt;groupId&gt;</span>org.apache.wicket<span
class='nt'>&lt;/groupId&gt;</span>
- <span
class='nt'>&lt;artifactId&gt;</span>wicket-core<span
class='nt'>&lt;/artifactId&gt;</span>
- <span class='nt'>&lt;version&gt;</span>1.5-RC7<span
class='nt'>&lt;/version&gt;</span>
-<span class='nt'>&lt;/dependency&gt;</span>
-</code></pre>
-</div>
-<ul>
-<li>Download the <a
href='http://www.apache.org/dyn/closer.cgi/wicket/1.5-RC7'>full
distribution</a> (including source)</li>
-</ul></content>
- </entry>
-
- <entry>
- <title>CVE-2011-2712 - Apache Wicket XSS vulnerability</title>
- <link href="http://wicket.apache.org/2011/08/23/cve-2011-2712.html"/>
- <updated>2011-08-23T00:00:00+03:00</updated>
- <id>http://wicket.apache.org/2011/08/23/cve-2011-2712</id>
- <content type="html"><p>Vendor: The Apache Software
Foundation</p>
-
-<p>Versions Affected: Apache Wicket 1.4.x</p>
-
-<p>Apache Wicket 1.3.x and 1.5-RCx are not affected</p>
-
-<p>Description: With multi window support application configuration and
special query parameters it is possible to execute any kind of JavaScript on a
site running with the affected versions.</p>
-
-<p>Mitigation: Either disable multi window support with</p>
-<div class='highlight'><pre><code class='java'><span
class='kd'>public</span> <span class='kd'>class</span>
<span class='nc'>MyApp</span> <span
class='kd'>extends</span> <span
class='n'>WebApplication</span> <span class='o'>{</span>
- <span class='kd'>public</span> <span
class='kt'>void</span> <span
class='nf'>init</span><span class='o'>()</span> <span
class='o'>{</span>
- <span class='kd'>super</span><span
class='o'>.</span><span class='na'>init</span><span
class='o'>();</span>
- <span class='n'>getPageSettings</span><span
class='o'>.</span><span
class='na'>setAutomaticMultiWindowSupport</span><span
class='o'>(</span><span class='kc'>false</span><span
class='o'>);</span>
- <span class='o'>}</span>
-<span class='o'>}</span>
-</code></pre>
-</div>
-<p>or upgrade to <a
href='http://wicket.apache.org/2011/08/09/wicket-1.4.18-released.html'>Apache
Wicket 1.4.18</a> or <a
href='http://wicket.apache.org/2011/06/25/wicket-1.5-RC5.1-released.html'>Apache
Wicket 1.5-RC5.1</a></p>
-
-<p>Credit: This issue was discovered by Sven Krewitt of TÃV
Rheinland i-sec GmbH.</p></content>
- </entry>
-
</feed>
Modified: wicket/common/site/trunk/_site/index.html
URL:
http://svn.apache.org/viewvc/wicket/common/site/trunk/_site/index.html?rev=1303708&r1=1303707&r2=1303708&view=diff
==============================================================================
--- wicket/common/site/trunk/_site/index.html (original)
+++ wicket/common/site/trunk/_site/index.html Thu Mar 22 10:03:34 2012
@@ -173,38 +173,32 @@
<h1>Security announcement: CVE-2011-2712</h1>
<p>A XSS vulnerability has been found in Apache Wicket version 1.4. This is
solved in Apache Wicket 1.4.18. Please upgrade your applications to this
release. Wicket versions 1.3.x and 1.5.x are not affected by this
vulnerability. <a href='2011/08/23/cve-2011-2712.html'>More information</a></p>
-<h1 id='wicket_155_released'><a
href='/2012/03/12/wicket-1.5.5-released.html'>Wicket 1.5.5 released</a></h1>
-<p>This is the fifth maintenance release of the Wicket 1.5.x series. This
release brings over 50 bug fixes and improvements.</p><ul>
-<li><a
href='http://git-wip-us.apache.org/repos/asf/wicket/repo?p=wicket.git;a=shortlog;h=refs/tags/release/wicket-1.5.5'>Git
tag</a></li>
-
-<li><a
href='https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310561&version=12319052'>Changelog</a></li>
-
-<li>To use in Maven:</li>
-</ul><div class='highlight'><pre><code class='xml'><span
class='nt'><dependency></span>
- <span class='nt'><groupId></span>org.apache.wicket<span
class='nt'></groupId></span>
- <span class='nt'><artifactId></span>wicket-core<span
class='nt'></artifactId></span>
- <span class='nt'><version></span>1.5.5<span
class='nt'></version></span>
-<span class='nt'></dependency></span>
+<h1 id='cve20121089__apache_wicket_serving_of_hidden_files_vulnerability'><a
href='/2012/03/22/wicket-cve-2012-1089.html'>CVE-2012-1089 - Apache Wicket
serving of hidden files vulnerability</a></h1>
+<p>Vendor: The Apache Software Foundation</p><p>Versions Affected: Apache
Wicket 1.4.x and 1.5.x</p><p>Description: It is possible to view the content of
any file of a web application by using an Url to a Wicket resource which
resolves to a ‘null’ package. With such a Url the attacker can
request the content of any file by specifying its relative path, i.e. the
attacker must know the file name to be able to request it.</p><p>Mitigation:
Setup a custom org.apache.wicket.markup.html.IPackageResourceGuard that
provides a whitelist of allowed resources. Since versions 1.4.20 and 1.5.5
Apache Wicket uses by default
org.apache.wicket.markup.html.SecurePackageResourceGuard with a preconfigured
list of allowed file extensions. Either setup SecurePackageResourceGuard with
code like:</p><div class='highlight'><pre><code class='java'><span
class='kd'>public</span> <span class='kd'>class</span> <span
class='nc'>MyApp</span> <span class='kd'>extends</span> <span class='n'>Web
Application</span> <span class='o'>{</span>
+ <span class='kd'>public</span> <span class='kt'>void</span> <span
class='nf'>init</span><span class='o'>()</span> <span class='o'>{</span>
+ <span class='kd'>super</span><span class='o'>.</span><span
class='na'>init</span><span class='o'>();</span>
+ <span class='n'>SecurePackageResourceGuard</span> <span
class='n'>guard</span> <span class='o'>=</span> <span class='k'>new</span>
<span class='n'>SecurePackageResourceGuard</span><span class='o'>();</span>
+ <span class='n'>guard</span><span class='o'>.</span><span
class='na'>addPattern</span><span class='o'>(...);</span>
+ <span class='n'>guard</span><span class='o'>.</span><span
class='na'>addPattern</span><span class='o'>(...);</span>
+ <span class='n'>getResourceSettings</span><span
class='o'>().</span><span class='na'>setPackageResourceGuard</span><span
class='o'>(</span><span class='n'>guard</span><span class='o'>);</span>
+ <span class='o'>}</span>
+<span class='o'>}</span>
</code></pre>
-</div><ul>
-<li>Download the <a
href='http://www.apache.org/dyn/closer.cgi/wicket/1.5.5'>full distribution</a>
(including source)</li>
-</ul>
-<h1 id='wicket_1420_released'><a
href='/2012/03/12/wicket-1.4.20-released.html'>Wicket 1.4.20 released</a></h1>
-<p>This is twentieth release of the Wicket 1.4.x series. This is primarily a
minor bugfix release on the 1.4.x (stable) branch.</p><ul>
-<li><a
href='http://git-wip-us.apache.org/repos/asf/wicket/repo?p=wicket.git;a=shortlog;h=refs/tags/release/wicket-1.4.20'>Subversion
tag</a></li>
-
-<li><a
href='https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310561&version=12318545'>Changelog</a></li>
-
-<li>To use in Maven:</li>
-</ul><div class='highlight'><pre><code class='xml'><span
class='nt'><dependency></span>
- <span class='nt'><groupId></span>org.apache.wicket<span
class='nt'></groupId></span>
- <span class='nt'><artifactId></span>wicket<span
class='nt'></artifactId></span>
- <span class='nt'><version></span>1.4.20<span
class='nt'></version></span>
-<span class='nt'></dependency></span>
-</code></pre>
-</div><ul>
-<li>Download the <a
href='http://www.apache.org/dyn/closer.cgi/wicket/1.4.20'>full distribution</a>
(including source)</li>
-</ul><h1>Older news items</h1><ul>
+</div><p>or upgrade <a
href='http://wicket.apache.org/2012/03/12/wicket-1.4.20-released.html'>Apache
Wicket 1.4.20</a> or <a
href='http://wicket.apache.org/2012/03/12/wicket-1.5.5-released.html'>Apache
Wicket 1.5.5</a></p><p>Credit: This issue was discovered by Sebastian van
Erk.</p>
+<h1
id='cve20120047__apache_wicket_xss_vulnerability_via_pagemapname_request_parameter'><a
href='/2012/03/22/wicket-cve-2012-0047.html'>CVE-2012-0047 - Apache Wicket XSS
vulnerability via pageMapName request parameter</a></h1>
+<p>Vendor: The Apache Software Foundation</p><p>Versions Affected: Apache
Wicket 1.4.x</p><p>Apache Wicket 1.3.x and 1.5.x are not
affected</p><p>Description: A Cross Site Scripting (XSS) attack is possible by
manipulating the value of ‘wicket:pageMapName’ request
parameter.</p><p>Mitigation: Upgrade to <a
href='http://wicket.apache.org/2012/03/12/wicket-1.4.20-released.html'>Apache
Wicket 1.4.20</a> or <a
href='http://wicket.apache.org/2012/03/12/wicket-1.5.5-released.html'>Apache
Wicket 1.5.5</a></p><p>Credit: This issue was discovered by Jens
Schenck.</p><h1>Older news items</h1><ul>
+
+
+<li>
+ <a href='/2012/03/12/wicket-1.5.5-released.html'>Wicket 1.5.5
released</a> - <span>12 Mar 2012</span><br />
+ This is the fifth maintenance release of the Wicket 1.5.x series. This
release brings over 50 bug fixes and improvements. Git tag Changelog To use...
+ <a href='/2012/03/12/wicket-1.5.5-released.html'>more</a></li>
+
+
+<li>
+ <a href='/2012/03/12/wicket-1.4.20-released.html'>Wicket 1.4.20
released</a> - <span>12 Mar 2012</span><br />
+ This is twentieth release of the Wicket 1.4.x series. This is
primarily a minor bugfix release on the 1.4.x (stable) branch. Subversion tag
Changelog To...
+ <a href='/2012/03/12/wicket-1.4.20-released.html'>more</a></li>
<li>
@@ -254,18 +248,6 @@
Vendor: The Apache Software Foundation Versions Affected: Apache
Wicket 1.4.x Apache Wicket 1.3.x and 1.5-RCx are not affected Description: With
multi window support application configuration...
<a href='/2011/08/23/cve-2011-2712.html'>more</a></li>
-
-<li>
- <a href='/2011/08/09/wicket-1.4.18-released.html'>Wicket 1.4.18
released</a> - <span>09 Aug 2011</span><br />
- This is eightteenth release of the Wicket 1.4.x series. This is
primarily a minor bugfix release on the 1.4.x (stable) branch. Subversion tag
Changelog To...
- <a href='/2011/08/09/wicket-1.4.18-released.html'>more</a></li>
-
-
-<li>
- <a href='/2011/06/25/wicket-1.5-RC5.1-released.html'>Wicket 1.5-RC5.1
released</a> - <span>25 Jun 2011</span><br />
- The Wicket Team is proud to introduce the fourth Release Candidate in
Wicket 1.5 series. See the changelog for the list of bug fixes and...
- <a href='/2011/06/25/wicket-1.5-RC5.1-released.html'>more</a></li>
-
</ul>
<h1 id='books_about_wicket'>Books about Wicket</h1>
Modified: wicket/common/site/trunk/_site/learn/books/index.html
URL:
http://svn.apache.org/viewvc/wicket/common/site/trunk/_site/learn/books/index.html?rev=1303708&r1=1303707&r2=1303708&view=diff
==============================================================================
--- wicket/common/site/trunk/_site/learn/books/index.html (original)
+++ wicket/common/site/trunk/_site/learn/books/index.html Thu Mar 22 10:03:34
2012
@@ -152,7 +152,7 @@
<div id="contentbody">
<h1>Books about Wicket</h1>
<p>Several books have been written about Apache Wicket,
4 in English, 2 in German and 1 in Japanese. Click on a cover to learn more
about each book.</p>
-<a href='awc.html'><img title='Apache Wicket Cookbook' height='300px'
alt='Apache Wicket Cookbook cover' src='awc.png' /></a><a href='wia.html'><img
title='Wicket in Action' height='300px' alt='Wicket in Action cover'
src='wia.png' /></a><a href='ewdww.html'><img title='Enjoying Web Development
with Wicket' height='300px' alt='Enjoying Web Development with Wicket cover'
src='ewdww.png' /></a><a href='prowicket.html'><img title='Pro Wicket'
height='300px' alt='Pro Wicket cover' src='prowicket.png' /></a><a
href='paxisbuchwicket.html'><img title='Praxisbuch Wicket' height='300px'
alt='Praxisbuch Wicket cover' src='praxisbuchwicket.png' /></a><a
href='kwij.html'><img title='Wicket: Komponentenbasierte Webanwendungen in
Java' height='300px' alt='Wicket: Komponentenbasierte Webanwendungen in Java
cover' src='kwij.png' /></a><a href='wicket-jp.html'><img title='Wicket
Japanese' height='300px' alt='Wicket Japanese cover' src='wicket-jp.png' /></a>
+<a href='awc.html'><img height='300px' alt='Apache Wicket Cookbook cover'
src='awc.png' title='Apache Wicket Cookbook' /></a><a href='wia.html'><img
height='300px' alt='Wicket in Action cover' src='wia.png' title='Wicket in
Action' /></a><a href='ewdww.html'><img height='300px' alt='Enjoying Web
Development with Wicket cover' src='ewdww.png' title='Enjoying Web Development
with Wicket' /></a><a href='prowicket.html'><img height='300px' alt='Pro Wicket
cover' src='prowicket.png' title='Pro Wicket' /></a><a
href='paxisbuchwicket.html'><img height='300px' alt='Praxisbuch Wicket cover'
src='praxisbuchwicket.png' title='Praxisbuch Wicket' /></a><a
href='kwij.html'><img height='300px' alt='Wicket: Komponentenbasierte
Webanwendungen in Java cover' src='kwij.png' title='Wicket: Komponentenbasierte
Webanwendungen in Java' /></a><a href='wicket-jp.html'><img height='300px'
alt='Wicket Japanese cover' src='wicket-jp.png' title='Wicket Japanese' /></a>
</div>
<div id="clearer"></div>
<div id="footer"><span>
Modified: wicket/common/site/trunk/_site/start/index.html
URL:
http://svn.apache.org/viewvc/wicket/common/site/trunk/_site/start/index.html?rev=1303708&r1=1303707&r2=1303708&view=diff
==============================================================================
--- wicket/common/site/trunk/_site/start/index.html (original)
+++ wicket/common/site/trunk/_site/start/index.html Thu Mar 22 10:03:34 2012
@@ -156,7 +156,7 @@
<li><a href='download.html'>Download</a> the latest and greatest Wicket
release</li>
-<li>Or use one of the available third party <a
href='http://www.jweekend.com/dev/LegUp' rel='nofollow'>Maven
archetypes</a></li>
+<li>Or use one of the available third party <a rel='nofollow'
href='http://www.jweekend.com/dev/LegUp'>Maven archetypes</a></li>
</ul>
</div>
<div id="clearer"></div>
Modified: wicket/common/site/trunk/_site/start/quickstart.html
URL:
http://svn.apache.org/viewvc/wicket/common/site/trunk/_site/start/quickstart.html?rev=1303708&r1=1303707&r2=1303708&view=diff
==============================================================================
--- wicket/common/site/trunk/_site/start/quickstart.html (original)
+++ wicket/common/site/trunk/_site/start/quickstart.html Thu Mar 22 10:03:34
2012
@@ -193,12 +193,12 @@
}
</script><div id='mvncmd'>
<div>
- <label title='Base Package' for='groupId'>GroupId:</label>
- <input type='text' id='groupId' onkeyup='changeIt();'
value='com.mycompany' /><span title='Base Package'> (?)</span><br />
- <label title='Project Name'
for='artifactId'>ArtifactId:</label>
- <input type='text' id='artifactId' onkeyup='changeIt();'
value='myproject' /><span title='Project Name'> (?)</span><br />
- <label title='Wicket Version' for='version'>Version:</label>
- <select id='version' onchange='changeIt();'>
+ <label for='groupId' title='Base Package'>GroupId:</label>
+ <input value='com.mycompany' id='groupId' type='text'
onkeyup='changeIt();' /><span title='Base Package'> (?)</span><br />
+ <label for='artifactId' title='Project
Name'>ArtifactId:</label>
+ <input value='myproject' id='artifactId' type='text'
onkeyup='changeIt();' /><span title='Project Name'> (?)</span><br />
+ <label for='version' title='Wicket Version'>Version:</label>
+ <select onchange='changeIt();' id='version'>
<option value='6.0-SNAPSHOT'>6.0-SNAPSHOT</option>
@@ -217,7 +217,7 @@
- <option selected='selected' value='1.5.5'>1.5.5</option>
+ <option value='1.5.5' selected='selected'>1.5.5</option>
</select><span title='Wicket Version'> (?)</span>
