Repository: wicket-site Updated Branches: refs/heads/asf-site 44715c2f4 -> 8c4a5a553
http://git-wip-us.apache.org/repos/asf/wicket-site/blob/8c4a5a55/content/news/2015/10/index.html ---------------------------------------------------------------------- diff --git a/content/news/2015/10/index.html b/content/news/2015/10/index.html index 700eb92..3e842e0 100644 --- a/content/news/2015/10/index.html +++ b/content/news/2015/10/index.html @@ -74,6 +74,8 @@ use semantic ...</p> <h2>2016</h2> <ul> <li><a href="/news/2016">All of 2016</a></li> + <li><a href="/news/2016/03">March</a></li> + <li><a href="/news/2016/02">February</a></li> <li><a href="/news/2016/01">January</a></li> </ul> <h2>2015</h2> http://git-wip-us.apache.org/repos/asf/wicket-site/blob/8c4a5a55/content/news/2015/11/index.html ---------------------------------------------------------------------- diff --git a/content/news/2015/11/index.html b/content/news/2015/11/index.html index d2e60f6..879816e 100644 --- a/content/news/2015/11/index.html +++ b/content/news/2015/11/index.html @@ -72,6 +72,8 @@ use semantic v...</p> <h2>2016</h2> <ul> <li><a href="/news/2016">All of 2016</a></li> + <li><a href="/news/2016/03">March</a></li> + <li><a href="/news/2016/02">February</a></li> <li><a href="/news/2016/01">January</a></li> </ul> <h2>2015</h2> http://git-wip-us.apache.org/repos/asf/wicket-site/blob/8c4a5a55/content/news/2015/index.html ---------------------------------------------------------------------- diff --git a/content/news/2015/index.html b/content/news/2015/index.html index 5856333..9437f6e 100644 --- a/content/news/2015/index.html +++ b/content/news/2015/index.html @@ -149,6 +149,8 @@ <h2>2016</h2> <ul> <li><a href="/news/2016">All of 2016</a></li> + <li><a href="/news/2016/03">March</a></li> + <li><a href="/news/2016/02">February</a></li> <li><a href="/news/2016/01">January</a></li> </ul> <h2>2015</h2> http://git-wip-us.apache.org/repos/asf/wicket-site/blob/8c4a5a55/content/news/2016/01/index.html ---------------------------------------------------------------------- diff --git a/content/news/2016/01/index.html b/content/news/2016/01/index.html index 09c7a65..6ee4a13 100644 --- a/content/news/2016/01/index.html +++ b/content/news/2016/01/index.html @@ -59,6 +59,8 @@ use semantic ...</p> <h2>2016</h2> <ul> <li><a href="/news/2016">All of 2016</a></li> + <li><a href="/news/2016/03">March</a></li> + <li><a href="/news/2016/02">February</a></li> <li><a href="/news/2016/01">January</a></li> </ul> <h2>2015</h2> http://git-wip-us.apache.org/repos/asf/wicket-site/blob/8c4a5a55/content/news/2016/02/19/wicket-1.5.15-released.html ---------------------------------------------------------------------- diff --git a/content/news/2016/02/19/wicket-1.5.15-released.html b/content/news/2016/02/19/wicket-1.5.15-released.html new file mode 100644 index 0000000..3ad6d8e --- /dev/null +++ b/content/news/2016/02/19/wicket-1.5.15-released.html @@ -0,0 +1,81 @@ +<!DOCTYPE html> +<html> + <head> + <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1"> + <meta charset="utf-8"> + <title>Wicket 1.5.15 released | Apache Wicket</title> + <meta name="viewport" content="width=device-width, initial-scale=1" /> + + <link rel="shortcut icon" href="/favicon.ico" type="image/vnd.microsoft.icon" /> + <link rel="stylesheet" href="/css/style.css" type="text/css" media="screen" /> + <link href="//maxcdn.bootstrapcdn.com/font-awesome/4.3.0/css/font-awesome.min.css" rel="stylesheet" /> + + <script src="//code.jquery.com/jquery-1.11.3.min.js"></script> + + </head> + + <body class=""> + <div class="header default"> + <div class="l-container"> +<nav class="mainmenu"> + <ul> + <!-- /start/quickstart.html || /news/2016/02/19/wicket-1.5.15-released.html --> + <li class=""><a href="/start/quickstart.html">Quick Start</a></li> + <!-- /start/download.html || /news/2016/02/19/wicket-1.5.15-released.html --> + <li class=""><a href="/start/download.html">Download</a></li> + <!-- /learn || /news/2016/02/19/wicket-1.5.15-released.html --> + <li class=""><a href="/learn">Documentation</a></li> + <!-- /help || /news/2016/02/19/wicket-1.5.15-released.html --> + <li class=""><a href="/help">Support</a></li> + <!-- /contribute || /news/2016/02/19/wicket-1.5.15-released.html --> + <li class=""><a href="/contribute">Contribute</a></li> + <!-- /community || /news/2016/02/19/wicket-1.5.15-released.html --> + <li class=""><a href="/community">Community</a></li> + <!-- /apache || /news/2016/02/19/wicket-1.5.15-released.html --> + <li class=""><a href="/apache">Apache</a></li> + </ul> +</nav> + <div class="logo"> + <a href="/"><img src="/img/logo-apachewicket-white.svg" alt="Apache Wicket"></a> +</div> + </div> +</div> +<main> + <div class="l-container"> + <header class="l-full preamble"> + <h1>Wicket 1.5.15 released</h1> + </header> + <section class="l-one-third right"> + </section> + <section class="l-two-third left"> + <div class="l-full"> + <p class="meta">19 Feb 2016</p> + <p>This is the fifteenth maintenance release of the Wicket 1.5.x series. This release brings over 2 bug fixes.</p> +<div class="highlighter-rouge"><pre class="highlight"><code>CHANGELOG for 1.5.15: +</code></pre> +</div> +<h4 id="bug">Bug</h4> +<ul> + <li>[WICKET-6037] - ModalWindow vulnerable to Javascript injection through title model</li> + <li>Escape the generated markup for attribute names and values in CheckBoxMultipleChoice and RadioChoice</li> +</ul> +<h4 id="to-use-in-maven">To use in Maven:</h4> +<figure class="highlight"><pre><code class="language-xml" data-lang="xml"><span class="nt"><dependency></span> + <span class="nt"><groupId></span>org.apache.wicket<span class="nt"></groupId></span> + <span class="nt"><artifactId></span>wicket-core<span class="nt"></artifactId></span> + <span class="nt"><version></span>1.5.15<span class="nt"></version></span> +<span class="nt"></dependency></span></code></pre></figure> +<h4 id="download-the-full-distributionhttpwwwapacheorgdynclosercgiwicket1515-including-sources">Download the <a href="http://www.apache.org/dyn/closer.cgi/wicket/1.5.15";>full distribution</a> (including sources)</h4> +</div> + </section> + </div> +</main> + <footer class="l-container"> + <div class="l-full"> + <img src="/img/asf_logo_url.svg" style="height:90px; float:left; margin-right:10px;"> + <div style="margin-top:12px;">Copyright © 2016 â The Apache Software Foundation. Apache Wicket, Wicket, Apache, the Apache feather logo, and the Apache Wicket project logo are trademarks of The Apache Software Foundation. All other marks mentioned may be trademarks or registered trademarks of their respective owners.</div> +</div> + </footer> + </body> + +</html> http://git-wip-us.apache.org/repos/asf/wicket-site/blob/8c4a5a55/content/news/2016/02/19/wicket-6.22.0-released.html ---------------------------------------------------------------------- diff --git a/content/news/2016/02/19/wicket-6.22.0-released.html b/content/news/2016/02/19/wicket-6.22.0-released.html new file mode 100644 index 0000000..a39ebac --- /dev/null +++ b/content/news/2016/02/19/wicket-6.22.0-released.html @@ -0,0 +1,133 @@ +<!DOCTYPE html> +<html> + <head> + <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1"> + <meta charset="utf-8"> + <title>Apache Wicket 6.22.0 released | Apache Wicket</title> + <meta name="viewport" content="width=device-width, initial-scale=1" /> + + <link rel="shortcut icon" href="/favicon.ico" type="image/vnd.microsoft.icon" /> + <link rel="stylesheet" href="/css/style.css" type="text/css" media="screen" /> + <link href="//maxcdn.bootstrapcdn.com/font-awesome/4.3.0/css/font-awesome.min.css" rel="stylesheet" /> + + <script src="//code.jquery.com/jquery-1.11.3.min.js"></script> + + </head> + + <body class=""> + <div class="header default"> + <div class="l-container"> +<nav class="mainmenu"> + <ul> + <!-- /start/quickstart.html || /news/2016/02/19/wicket-6.22.0-released.html --> + <li class=""><a href="/start/quickstart.html">Quick Start</a></li> + <!-- /start/download.html || /news/2016/02/19/wicket-6.22.0-released.html --> + <li class=""><a href="/start/download.html">Download</a></li> + <!-- /learn || /news/2016/02/19/wicket-6.22.0-released.html --> + <li class=""><a href="/learn">Documentation</a></li> + <!-- /help || /news/2016/02/19/wicket-6.22.0-released.html --> + <li class=""><a href="/help">Support</a></li> + <!-- /contribute || /news/2016/02/19/wicket-6.22.0-released.html --> + <li class=""><a href="/contribute">Contribute</a></li> + <!-- /community || /news/2016/02/19/wicket-6.22.0-released.html --> + <li class=""><a href="/community">Community</a></li> + <!-- /apache || /news/2016/02/19/wicket-6.22.0-released.html --> + <li class=""><a href="/apache">Apache</a></li> + </ul> +</nav> + <div class="logo"> + <a href="/"><img src="/img/logo-apachewicket-white.svg" alt="Apache Wicket"></a> +</div> + </div> +</div> +<main> + <div class="l-container"> + <header class="l-full preamble"> + <h1>Apache Wicket 6.22.0 released</h1> + </header> + <section class="l-one-third right"> + </section> + <section class="l-two-third left"> + <div class="l-full"> + <p class="meta">19 Feb 2016</p> + <p>The Apache Wicket PMC is proud to announce Apache Wicket 6.22.0!</p> +<p>This release marks another minor release of Wicket 6. We +use semantic versioning for the development of Wicket, and as such no +API breaks are present breaks are present in this release compared to +6.0.0.</p> +<h3 id="using-this-release">Using this release</h3> +<p>With Apache Maven update your dependency to (and donât forget to +update any other dependencies on Wicket projects to the same version):</p> +<figure class="highlight"><pre><code class="language-xml" data-lang="xml"><span class="nt"><dependency></span> +<span class="nt"><groupId></span>org.apache.wicket<span class="nt"></groupId></span> +<span class="nt"><artifactId></span>wicket-core<span class="nt"></artifactId></span> +<span class="nt"><version></span>6.22.0<span class="nt"></version></span> +<span class="nt"></dependency></span></code></pre></figure> +<p>Or download and build the distribution yourself, or use our +convenience binary package</p> +<ul> + <li><a href="http://www.apache.org/dyn/closer.cgi/wicket/6.22.0";>Sources</a></li> + <li><a href="http://www.apache.org/dyn/closer.cgi/wicket/6.22.0/binaries";>Binaries</a></li> +</ul> +<h3 id="upgrading-from-earlier-versions">Upgrading from earlier versions</h3> +<p>If you upgrade from 6.y.z this release is a drop in replacement. If +you come from a version prior to 6.0.0, please read our Wicket 6 +migration guide found at</p> +<ul> + <li><a href="https://cwiki.apache.org/confluence/display/WICKET/Migration+to+Wicket+6.0";>migration to Wicket 6</a></li> +</ul> +<p>Have fun!</p> +<p>â The Wicket team</p> +<h3 id="this-release">This release</h3> +<h4 id="changelog-for-6220">CHANGELOG for 6.22.0:</h4> +<p>The following changes were made in Wicket for this release.</p> +<h4 id="bug">Bug</h4> +<ul> + <li>[WICKET-6006] - ModalWindow.closeCurrent() causes 414 status error</li> + <li>[WICKET-6017] - Tests fail when executed with not expected locale</li> + <li>[WICKET-6020] - GuiceFieldValueFactory returns the NULL_SENTINEL +from the cache</li> + <li>[WICKET-6030] - Support /META-INF/services/org.apache.wicket.IInitializer (backport to 6.x)</li> + <li>[WICKET-6032] - Wicket.Ajax.done() called twice on redirect</li> + <li>[WICKET-6037] - ModalWindow vulnerable to Javascript injection through title model</li> + <li>[WICKET-6040] - DebugBar not serializable exception</li> + <li>[WICKET-6044] - AjaxFormChoiceComponentUpdatingBehavior: Duplicate input values according to WICKET-5948</li> + <li>[WICKET-6048] - German Translation for EqualInputValidator wrong</li> + <li>[WICKET-6050] - Wicket Ajax (Wicket.From.serializeElement) causes 400 bad request</li> + <li>[WICKET-6052] - CSS header contribution overlap</li> + <li>[WICKET-6062] - MockHttpSession should renew its id after invalidation</li> + <li>[WICKET-6063] - Add support for WebSocketRequest#getUrl() and other properties which are available in the handshake request</li> + <li>[WICKET-6064] - WebSocketResponse.sendRedirect could be supported with <ajax-response><redirect>...</></></redirect></ajax-response></li> + <li>[WICKET-6068] - The key RangeValidator.exact is not mapped in Application_de.properties</li> + <li>[WICKET-6069] - OnChangeAjaxBehavior does not work if the url contains a request parameter with same name as wicket id</li> + <li>[WICKET-6084] - ajax request failure handler receives incorrect arguments</li> + <li>[WICKET-6085] - AjaxTimerBehavior with failure handler cause memory leak in browser</li> + <li>[WICKET-6087] - Invalid AbstractRequestWrapperFactory.needsWrapper method scope: package - cannot create a custom implementation</li> +</ul> +<h4 id="improvement">Improvement</h4> +<ul> + <li>[WICKET-5950] - Model and GenericBaseModel could both implement IObjectClassAwareModel</li> + <li>[WICKET-5969] - Please give us access to PageTable.index pageId queue</li> + <li>[WICKET-6019] - Remove âfinalâ modifier for Localizer#getStringIgnoreSettings() methods</li> + <li>[WICKET-6051] - Improve performance of CssUrlReplacer</li> + <li>[WICKET-6054] - Provide a factory method for the WebSocketResponse & WebSocketRequest</li> + <li>[WICKET-6073] - Use NIO Jetty connector for the quickstart</li> + <li>[WICKET-6081] - Add âassertNotRequiredâ to the WicketTester</li> +</ul> +<h4 id="task">Task</h4> +<ul> + <li>[WICKET-6071] - Upgrade jQuery to 1.12 / 2.2.0</li> +</ul> +</div> + </section> + </div> +</main> + <footer class="l-container"> + <div class="l-full"> + <img src="/img/asf_logo_url.svg" style="height:90px; float:left; margin-right:10px;"> + <div style="margin-top:12px;">Copyright © 2016 â The Apache Software Foundation. Apache Wicket, Wicket, Apache, the Apache feather logo, and the Apache Wicket project logo are trademarks of The Apache Software Foundation. All other marks mentioned may be trademarks or registered trademarks of their respective owners.</div> +</div> + </footer> + </body> + +</html> http://git-wip-us.apache.org/repos/asf/wicket-site/blob/8c4a5a55/content/news/2016/02/index.html ---------------------------------------------------------------------- diff --git a/content/news/2016/02/index.html b/content/news/2016/02/index.html new file mode 100644 index 0000000..315e7d5 --- /dev/null +++ b/content/news/2016/02/index.html @@ -0,0 +1,172 @@ +<!DOCTYPE html> +<html> + <head> + <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1"> + <meta charset="utf-8"> + <title>Monthly archive for February 2016 | Apache Wicket</title> + <meta name="viewport" content="width=device-width, initial-scale=1" /> + + <link rel="shortcut icon" href="/favicon.ico" type="image/vnd.microsoft.icon" /> + <link rel="stylesheet" href="/css/style.css" type="text/css" media="screen" /> + <link href="//maxcdn.bootstrapcdn.com/font-awesome/4.3.0/css/font-awesome.min.css" rel="stylesheet" /> + + <script src="//code.jquery.com/jquery-1.11.3.min.js"></script> + + </head> + + <body class=""> + <div class="header default"> + <div class="l-container"> +<nav class="mainmenu"> + <ul> + <!-- /start/quickstart.html || /news/2016/02 --> + <li class=""><a href="/start/quickstart.html">Quick Start</a></li> + <!-- /start/download.html || /news/2016/02 --> + <li class=""><a href="/start/download.html">Download</a></li> + <!-- /learn || /news/2016/02 --> + <li class=""><a href="/learn">Documentation</a></li> + <!-- /help || /news/2016/02 --> + <li class=""><a href="/help">Support</a></li> + <!-- /contribute || /news/2016/02 --> + <li class=""><a href="/contribute">Contribute</a></li> + <!-- /community || /news/2016/02 --> + <li class=""><a href="/community">Community</a></li> + <!-- /apache || /news/2016/02 --> + <li class=""><a href="/apache">Apache</a></li> + </ul> +</nav> + <div class="logo"> + <a href="/"><img src="/img/logo-apachewicket-white.svg" alt="Apache Wicket"></a> +</div> + </div> +</div> +<main> + <div class="l-container"> + <header class="l-full preamble"> + <h1>Monthly archive for February 2016</h1> + </header> + <div class="l-two-third"> +<div class="news"> + <h3>Wicket 1.5.15 released</h3> + <p><small>19 Feb 2016</small></p> + <p>This is the fifteenth maintenance release of the Wicket 1.5.x series. This release brings over 2 bug fixes.</p> +<div class="highlighter-rouge"> +<pre class="highlight"><code>CHANGELOG for 1.5.15: +</code></pre> +</div> +<h4 id="bug">Bug</h4> +<ul> + <li>[WICKET-6037] - ModalWindo...</li> +</ul> + <a href="/news/2016/02/19/wicket-1.5.15-released.html">more</a></li> +</div> +<div class="news"> + <h3>Apache Wicket 6.22.0 released</h3> + <p><small>19 Feb 2016</small></p> + <p>The Apache Wicket PMC is proud to announce Apache Wicket 6.22.0!</p> +<p>This release marks another minor release of Wicket 6. We +use semantic v...</p> + <a href="/news/2016/02/19/wicket-6.22.0-released.html">more</a></li> +</div> + </div> + <div class="l-one-third"> + <h2>2016</h2> + <ul> + <li><a href="/news/2016">All of 2016</a></li> + <li><a href="/news/2016/03">March</a></li> + <li><a href="/news/2016/02">February</a></li> + <li><a href="/news/2016/01">January</a></li> + </ul> + <h2>2015</h2> + <ul> + <li><a href="/news/2015">All of 2015</a></li> + <li><a href="/news/2015/11">November</a></li> + <li><a href="/news/2015/10">October</a></li> + <li><a href="/news/2015/07">July</a></li> + <li><a href="/news/2015/06">June</a></li> + <li><a href="/news/2015/02">February</a></li> + </ul> + <h2>2014</h2> + <ul> + <li><a href="/news/2014">All of 2014</a></li> + <li><a href="/news/2014/11">November</a></li> + <li><a href="/news/2014/09">September</a></li> + <li><a href="/news/2014/08">August</a></li> + <li><a href="/news/2014/06">June</a></li> + <li><a href="/news/2014/04">April</a></li> + <li><a href="/news/2014/02">February</a></li> + <li><a href="/news/2014/01">January</a></li> + </ul> + <h2>2013</h2> + <ul> + <li><a href="/news/2013">All of 2013</a></li> + <li><a href="/news/2013/11">November</a></li> + <li><a href="/news/2013/09">September</a></li> + <li><a href="/news/2013/08">August</a></li> + <li><a href="/news/2013/07">July</a></li> + <li><a href="/news/2013/06">June</a></li> + <li><a href="/news/2013/05">May</a></li> + <li><a href="/news/2013/04">April</a></li> + <li><a href="/news/2013/03">March</a></li> + <li><a href="/news/2013/02">February</a></li> + <li><a href="/news/2013/01">January</a></li> + </ul> + <h2>2012</h2> + <ul> + <li><a href="/news/2012">All of 2012</a></li> + <li><a href="/news/2012/12">December</a></li> + <li><a href="/news/2012/11">November</a></li> + <li><a href="/news/2012/10">October</a></li> + <li><a href="/news/2012/09">September</a></li> + <li><a href="/news/2012/08">August</a></li> + <li><a href="/news/2012/07">July</a></li> + <li><a href="/news/2012/06">June</a></li> + <li><a href="/news/2012/05">May</a></li> + <li><a href="/news/2012/03">March</a></li> + <li><a href="/news/2012/01">January</a></li> + </ul> + <h2>2011</h2> + <ul> + <li><a href="/news/2011">All of 2011</a></li> + <li><a href="/news/2011/11">November</a></li> + <li><a href="/news/2011/10">October</a></li> + <li><a href="/news/2011/09">September</a></li> + <li><a href="/news/2011/08">August</a></li> + <li><a href="/news/2011/06">June</a></li> + <li><a href="/news/2011/05">May</a></li> + <li><a href="/news/2011/04">April</a></li> + <li><a href="/news/2011/03">March</a></li> + <li><a href="/news/2011/02">February</a></li> + <li><a href="/news/2011/01">January</a></li> + </ul> + <h2>2010</h2> + <ul> + <li><a href="/news/2010">All of 2010</a></li> + <li><a href="/news/2010/12">December</a></li> + <li><a href="/news/2010/11">November</a></li> + <li><a href="/news/2010/09">September</a></li> + <li><a href="/news/2010/08">August</a></li> + <li><a href="/news/2010/05">May</a></li> + <li><a href="/news/2010/03">March</a></li> + <li><a href="/news/2010/02">February</a></li> + </ul> + <h2>2009</h2> + <ul> + <li><a href="/news/2009">All of 2009</a></li> + <li><a href="/news/2009/12">December</a></li> + <li><a href="/news/2009/10">October</a></li> + <li><a href="/news/2009/08">August</a></li> + <li><a href="/news/2009/07">July</a></li> + </ul> + </div> + </div> +</main> + <footer class="l-container"> + <div class="l-full"> + <img src="/img/asf_logo_url.svg" style="height:90px; float:left; margin-right:10px;"> + <div style="margin-top:12px;">Copyright © 2016 â The Apache Software Foundation. Apache Wicket, Wicket, Apache, the Apache feather logo, and the Apache Wicket project logo are trademarks of The Apache Software Foundation. All other marks mentioned may be trademarks or registered trademarks of their respective owners.</div> +</div> + </footer> + </body> + +</html> http://git-wip-us.apache.org/repos/asf/wicket-site/blob/8c4a5a55/content/news/2016/03/01/cve-2015-5347.html ---------------------------------------------------------------------- diff --git a/content/news/2016/03/01/cve-2015-5347.html b/content/news/2016/03/01/cve-2015-5347.html new file mode 100644 index 0000000..5607611 --- /dev/null +++ b/content/news/2016/03/01/cve-2015-5347.html @@ -0,0 +1,87 @@ +<!DOCTYPE html> +<html> + <head> + <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1"> + <meta charset="utf-8"> + <title>CVE-2015-5347 Apache Wicket XSS vulnerability | Apache Wicket</title> + <meta name="viewport" content="width=device-width, initial-scale=1" /> + + <link rel="shortcut icon" href="/favicon.ico" type="image/vnd.microsoft.icon" /> + <link rel="stylesheet" href="/css/style.css" type="text/css" media="screen" /> + <link href="//maxcdn.bootstrapcdn.com/font-awesome/4.3.0/css/font-awesome.min.css" rel="stylesheet" /> + + <script src="//code.jquery.com/jquery-1.11.3.min.js"></script> + + </head> + + <body class=""> + <div class="header default"> + <div class="l-container"> +<nav class="mainmenu"> + <ul> + <!-- /start/quickstart.html || /news/2016/03/01/cve-2015-5347.html --> + <li class=""><a href="/start/quickstart.html">Quick Start</a></li> + <!-- /start/download.html || /news/2016/03/01/cve-2015-5347.html --> + <li class=""><a href="/start/download.html">Download</a></li> + <!-- /learn || /news/2016/03/01/cve-2015-5347.html --> + <li class=""><a href="/learn">Documentation</a></li> + <!-- /help || /news/2016/03/01/cve-2015-5347.html --> + <li class=""><a href="/help">Support</a></li> + <!-- /contribute || /news/2016/03/01/cve-2015-5347.html --> + <li class=""><a href="/contribute">Contribute</a></li> + <!-- /community || /news/2016/03/01/cve-2015-5347.html --> + <li class=""><a href="/community">Community</a></li> + <!-- /apache || /news/2016/03/01/cve-2015-5347.html --> + <li class=""><a href="/apache">Apache</a></li> + </ul> +</nav> + <div class="logo"> + <a href="/"><img src="/img/logo-apachewicket-white.svg" alt="Apache Wicket"></a> +</div> + </div> +</div> +<main> + <div class="l-container"> + <header class="l-full preamble"> + <h1>CVE-2015-5347 Apache Wicket XSS vulnerability</h1> + </header> + <section class="l-one-third right"> + <div id="toc" class="toc"><div id="toc-title"><h2>Table of Contents</h2></div><ul><li class="toc--level-1 toc--section-1"><a href="#the-application-developers-are-recommended-to-upgrade-to"><span class="toc-number">1</span> <span class="toc-text">The application developers are recommended to upgrade to:</span></a></li></ul></div> + </section> + <section class="l-two-third left"> + <div class="l-full"> + <p class="meta">01 Mar 2016</p> + <p>Severity: Important</p> +<p>Vendor: +The Apache Software Foundation</p> +<p>Versions Affected: +Apache Wicket 1.5.x, 6.x and 7.x</p> +<p>Description:</p> +<p>It is possible for JavaScript statements to break out of a ModalWindowâs +title - only quotes are escaped in the JavaScript settings object, allowing JavaScript +to be injected into the markup.</p> +<p>This might pose a security threat if the written JavaScript contains user provided data.</p> +<p>The title is now escaped by default, this can be disabled explicitly via + modalWindow.setEscapeModelStrings(false).</p> +<h2 id="the-application-developers-are-recommended-to-upgrade-to">The application developers are recommended to upgrade to:</h2> +<ul> + <li><a href="/news/2016/02/19/wicket-1.5.15-released.html">Apache Wicket 1.5.15</a></li> + <li><a href="/news/2016/02/19/wicket-6.22.0-released.html">Apache Wicket 6.22.0</a></li> + <li><a href="/news/2016/01/20/wicket-7.2.0-released.html">Apache Wicket 7.2.0</a></li> +</ul> +<p>Credit: +This issue was reported by Tobias Gierke!</p> +<p>Apache Wicket Team</p> +</div> + </section> + </div> +</main> + <footer class="l-container"> + <div class="l-full"> + <img src="/img/asf_logo_url.svg" style="height:90px; float:left; margin-right:10px;"> + <div style="margin-top:12px;">Copyright © 2016 â The Apache Software Foundation. Apache Wicket, Wicket, Apache, the Apache feather logo, and the Apache Wicket project logo are trademarks of The Apache Software Foundation. All other marks mentioned may be trademarks or registered trademarks of their respective owners.</div> +</div> + </footer> + </body> + +</html> http://git-wip-us.apache.org/repos/asf/wicket-site/blob/8c4a5a55/content/news/2016/03/index.html ---------------------------------------------------------------------- diff --git a/content/news/2016/03/index.html b/content/news/2016/03/index.html new file mode 100644 index 0000000..01d0a1b --- /dev/null +++ b/content/news/2016/03/index.html @@ -0,0 +1,163 @@ +<!DOCTYPE html> +<html> + <head> + <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1"> + <meta charset="utf-8"> + <title>Monthly archive for March 2016 | Apache Wicket</title> + <meta name="viewport" content="width=device-width, initial-scale=1" /> + + <link rel="shortcut icon" href="/favicon.ico" type="image/vnd.microsoft.icon" /> + <link rel="stylesheet" href="/css/style.css" type="text/css" media="screen" /> + <link href="//maxcdn.bootstrapcdn.com/font-awesome/4.3.0/css/font-awesome.min.css" rel="stylesheet" /> + + <script src="//code.jquery.com/jquery-1.11.3.min.js"></script> + + </head> + + <body class=""> + <div class="header default"> + <div class="l-container"> +<nav class="mainmenu"> + <ul> + <!-- /start/quickstart.html || /news/2016/03 --> + <li class=""><a href="/start/quickstart.html">Quick Start</a></li> + <!-- /start/download.html || /news/2016/03 --> + <li class=""><a href="/start/download.html">Download</a></li> + <!-- /learn || /news/2016/03 --> + <li class=""><a href="/learn">Documentation</a></li> + <!-- /help || /news/2016/03 --> + <li class=""><a href="/help">Support</a></li> + <!-- /contribute || /news/2016/03 --> + <li class=""><a href="/contribute">Contribute</a></li> + <!-- /community || /news/2016/03 --> + <li class=""><a href="/community">Community</a></li> + <!-- /apache || /news/2016/03 --> + <li class=""><a href="/apache">Apache</a></li> + </ul> +</nav> + <div class="logo"> + <a href="/"><img src="/img/logo-apachewicket-white.svg" alt="Apache Wicket"></a> +</div> + </div> +</div> +<main> + <div class="l-container"> + <header class="l-full preamble"> + <h1>Monthly archive for March 2016</h1> + </header> + <div class="l-two-third"> +<div class="news"> + <h3>CVE-2015-5347 Apache Wicket XSS vulnerability</h3> + <p><small>01 Mar 2016</small></p> + <p>Severity: Important</p> +<p>Vendor: +The Apache Software Foundation</p> +<p>Versions Affected: +Apache Wicket 1.5.x, 6.x and 7.x</p> +<p>Description:</p> +<p>It is possible for JavaScript statements to break out of a ModalWindowâs +title - only quotes are escaped in the JavaScrip...</p> + <a href="/news/2016/03/01/cve-2015-5347.html">more</a></li> +</div> + </div> + <div class="l-one-third"> + <h2>2016</h2> + <ul> + <li><a href="/news/2016">All of 2016</a></li> + <li><a href="/news/2016/03">March</a></li> + <li><a href="/news/2016/02">February</a></li> + <li><a href="/news/2016/01">January</a></li> + </ul> + <h2>2015</h2> + <ul> + <li><a href="/news/2015">All of 2015</a></li> + <li><a href="/news/2015/11">November</a></li> + <li><a href="/news/2015/10">October</a></li> + <li><a href="/news/2015/07">July</a></li> + <li><a href="/news/2015/06">June</a></li> + <li><a href="/news/2015/02">February</a></li> + </ul> + <h2>2014</h2> + <ul> + <li><a href="/news/2014">All of 2014</a></li> + <li><a href="/news/2014/11">November</a></li> + <li><a href="/news/2014/09">September</a></li> + <li><a href="/news/2014/08">August</a></li> + <li><a href="/news/2014/06">June</a></li> + <li><a href="/news/2014/04">April</a></li> + <li><a href="/news/2014/02">February</a></li> + <li><a href="/news/2014/01">January</a></li> + </ul> + <h2>2013</h2> + <ul> + <li><a href="/news/2013">All of 2013</a></li> + <li><a href="/news/2013/11">November</a></li> + <li><a href="/news/2013/09">September</a></li> + <li><a href="/news/2013/08">August</a></li> + <li><a href="/news/2013/07">July</a></li> + <li><a href="/news/2013/06">June</a></li> + <li><a href="/news/2013/05">May</a></li> + <li><a href="/news/2013/04">April</a></li> + <li><a href="/news/2013/03">March</a></li> + <li><a href="/news/2013/02">February</a></li> + <li><a href="/news/2013/01">January</a></li> + </ul> + <h2>2012</h2> + <ul> + <li><a href="/news/2012">All of 2012</a></li> + <li><a href="/news/2012/12">December</a></li> + <li><a href="/news/2012/11">November</a></li> + <li><a href="/news/2012/10">October</a></li> + <li><a href="/news/2012/09">September</a></li> + <li><a href="/news/2012/08">August</a></li> + <li><a href="/news/2012/07">July</a></li> + <li><a href="/news/2012/06">June</a></li> + <li><a href="/news/2012/05">May</a></li> + <li><a href="/news/2012/03">March</a></li> + <li><a href="/news/2012/01">January</a></li> + </ul> + <h2>2011</h2> + <ul> + <li><a href="/news/2011">All of 2011</a></li> + <li><a href="/news/2011/11">November</a></li> + <li><a href="/news/2011/10">October</a></li> + <li><a href="/news/2011/09">September</a></li> + <li><a href="/news/2011/08">August</a></li> + <li><a href="/news/2011/06">June</a></li> + <li><a href="/news/2011/05">May</a></li> + <li><a href="/news/2011/04">April</a></li> + <li><a href="/news/2011/03">March</a></li> + <li><a href="/news/2011/02">February</a></li> + <li><a href="/news/2011/01">January</a></li> + </ul> + <h2>2010</h2> + <ul> + <li><a href="/news/2010">All of 2010</a></li> + <li><a href="/news/2010/12">December</a></li> + <li><a href="/news/2010/11">November</a></li> + <li><a href="/news/2010/09">September</a></li> + <li><a href="/news/2010/08">August</a></li> + <li><a href="/news/2010/05">May</a></li> + <li><a href="/news/2010/03">March</a></li> + <li><a href="/news/2010/02">February</a></li> + </ul> + <h2>2009</h2> + <ul> + <li><a href="/news/2009">All of 2009</a></li> + <li><a href="/news/2009/12">December</a></li> + <li><a href="/news/2009/10">October</a></li> + <li><a href="/news/2009/08">August</a></li> + <li><a href="/news/2009/07">July</a></li> + </ul> + </div> + </div> +</main> + <footer class="l-container"> + <div class="l-full"> + <img src="/img/asf_logo_url.svg" style="height:90px; float:left; margin-right:10px;"> + <div style="margin-top:12px;">Copyright © 2016 â The Apache Software Foundation. Apache Wicket, Wicket, Apache, the Apache feather logo, and the Apache Wicket project logo are trademarks of The Apache Software Foundation. All other marks mentioned may be trademarks or registered trademarks of their respective owners.</div> +</div> + </footer> + </body> + +</html> http://git-wip-us.apache.org/repos/asf/wicket-site/blob/8c4a5a55/content/news/2016/index.html ---------------------------------------------------------------------- diff --git a/content/news/2016/index.html b/content/news/2016/index.html index 97dcf0d..a99133b 100644 --- a/content/news/2016/index.html +++ b/content/news/2016/index.html @@ -48,6 +48,36 @@ <div class="l-two-third"> <div class="l-first"> <div class="l-full"> + <h1>All News for March 2016</h1> + <p>This section contains all news items published in <a href="/news/2016/03">March 2016</a>.</p> + </div> + <div class="l-full"> + <h3 id="/news/2016/03/01/cve-2015-5347.html">CVE-2015-5347 Apache Wicket XSS vulnerability</h3> + <small>01 Mar 2016</small> + <p>Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache Wicket 1.5.x, 6.x and 7.x Description: It is possible for JavaScript statements to break out... + <a href="/news/2016/03/01/cve-2015-5347.html">more</a></li></p> + </div> + <hr> + <div class="l-first"></div> + <div class="l-full"> + <h1>All News for February 2016</h1> + <p>This section contains all news items published in <a href="/news/2016/02">February 2016</a>.</p> + </div> + <div class="l-full"> + <h3 id="/news/2016/02/19/wicket-6.22.0-released.html">Apache Wicket 6.22.0 released</h3> + <small>19 Feb 2016</small> + <p>The Apache Wicket PMC is proud to announce Apache Wicket 6.22.0! This release marks another minor release of Wicket 6. We use semantic versioning for... + <a href="/news/2016/02/19/wicket-6.22.0-released.html">more</a></li></p> + </div> + <div class="l-full"> + <h3 id="/news/2016/02/19/wicket-1.5.15-released.html">Wicket 1.5.15 released</h3> + <small>19 Feb 2016</small> + <p>This is the fifteenth maintenance release of the Wicket 1.5.x series. This release brings over 2 bug fixes. CHANGELOG for 1.5.15: Bug [WICKET-6037] - ModalWindow... + <a href="/news/2016/02/19/wicket-1.5.15-released.html">more</a></li></p> + </div> + <hr> + <div class="l-first"></div> + <div class="l-full"> <h1>All News for January 2016</h1> <p>This section contains all news items published in <a href="/news/2016/01">January 2016</a>.</p> </div> @@ -65,6 +95,8 @@ <h2>2016</h2> <ul> <li><a href="/news/2016">All of 2016</a></li> + <li><a href="/news/2016/03">March</a></li> + <li><a href="/news/2016/02">February</a></li> <li><a href="/news/2016/01">January</a></li> </ul> <h2>2015</h2> http://git-wip-us.apache.org/repos/asf/wicket-site/blob/8c4a5a55/content/news/index.html ---------------------------------------------------------------------- diff --git a/content/news/index.html b/content/news/index.html index f4aa982..f8a6f5e 100644 --- a/content/news/index.html +++ b/content/news/index.html @@ -52,6 +52,24 @@ <h1 id="all-news-for-2016">All News for 2016</h1> <p>This section contains all news items published in <a href="/news/2016">2016</a>.</p> <article> + <h3 id="/news/2016/03/01/cve-2015-5347.html">CVE-2015-5347 Apache Wicket XSS vulnerability</h3> + <small>01 Mar 2016</small> + <p>Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache Wicket 1.5.x, 6.x and 7.x Description: It is possible for JavaScript statements to break out of a ModalWindowâs title - only quotes are escaped in the JavaScript settings object, allowing JavaScript to be injected into the markup. This might pose... + <a href="/news/2016/03/01/cve-2015-5347.html">more</a></p> +</article> + <article> + <h3 id="/news/2016/02/19/wicket-6.22.0-released.html">Apache Wicket 6.22.0 released</h3> + <small>19 Feb 2016</small> + <p>The Apache Wicket PMC is proud to announce Apache Wicket 6.22.0! This release marks another minor release of Wicket 6. We use semantic versioning for the development of Wicket, and as such no API breaks are present breaks are present in this release compared to 6.0.0. Using this release With... + <a href="/news/2016/02/19/wicket-6.22.0-released.html">more</a></p> +</article> + <article> + <h3 id="/news/2016/02/19/wicket-1.5.15-released.html">Wicket 1.5.15 released</h3> + <small>19 Feb 2016</small> + <p>This is the fifteenth maintenance release of the Wicket 1.5.x series. This release brings over 2 bug fixes. CHANGELOG for 1.5.15: Bug [WICKET-6037] - ModalWindow vulnerable to Javascript injection through title model Escape the generated markup for attribute names and values in CheckBoxMultipleChoice and RadioChoice To use in Maven: <dependency>... + <a href="/news/2016/02/19/wicket-1.5.15-released.html">more</a></p> +</article> + <article> <h3 id="/news/2016/01/20/wicket-7.2.0-released.html">Apache Wicket 7.2.0 released</h3> <small>20 Jan 2016</small> <p>The Apache Wicket PMC is proud to announce Apache Wicket 7.2.0! This release marks another minor release of Wicket 7. We use semantic versioning for the development of Wicket, and as such no API breaks are present breaks are present in this release compared to 7.0.0. New and noteworthy In... @@ -942,6 +960,8 @@ This is the eighth maintenance release of 1.4.x series and brings over <h2>2016</h2> <ul> <li><a href="/news/2016">All of 2016</a></li> + <li><a href="/news/2016/03">March</a></li> + <li><a href="/news/2016/02">February</a></li> <li><a href="/news/2016/01">January</a></li> </ul> <h2>2015</h2>
