Add entries for 1.5.15 and Commons FileUpload vulnerabilities
Project: http://git-wip-us.apache.org/repos/asf/wicket-site/repo Commit: http://git-wip-us.apache.org/repos/asf/wicket-site/commit/c5d32df7 Tree: http://git-wip-us.apache.org/repos/asf/wicket-site/tree/c5d32df7 Diff: http://git-wip-us.apache.org/repos/asf/wicket-site/diff/c5d32df7 Branch: refs/heads/asf-site Commit: c5d32df7e121125d8376baca3aa422275124ad9e Parents: 5f51d4d Author: Martin Tzvetanov Grigorov <[email protected]> Authored: Fri Aug 5 16:13:37 2016 +0200 Committer: Martin Tzvetanov Grigorov <[email protected]> Committed: Fri Aug 5 16:13:37 2016 +0200 ---------------------------------------------------------------------- _posts/2016/2016-08-05-cve-2016-3092.md | 36 + .../2016/2016-08-05-wicket-1.5.16-released.md | 27 + .../_site/2016-01-20-wicket-7.2.0-released.html | 179 +++ .../2016-02-19-wicket-1.5.15-released.html | 22 + .../2016-02-19-wicket-6.22.0-released.html | 88 ++ _posts/2016/_site/2016-03-01-cve-2015-5347.html | 31 + _posts/2016/_site/2016-03-02-cve-2015-7520.html | 27 + .../2016-05-05-wicket-6.23.0-released.html | 106 ++ .../_site/2016-05-05-wicket-7.3.0-released.html | 156 +++ .../2016-07-21-wicket-6.24.0-released.html | 111 ++ .../_site/2016-07-21-wicket-7.4.0-released.html | 137 +++ .../2016-07-25-wicket-8.0.0-M1-released.html | 282 +++++ _posts/2016/_site/2016-08-05-cve-2016-3092.html | 31 + .../2016-08-05-wicket-1.5.16-released.html | 22 + content/atom.xml | 1099 +++++++++--------- content/index.html | 421 +------ content/learn/index.html | 6 +- content/news/2009/07/index.html | 1 + content/news/2009/08/index.html | 1 + content/news/2009/10/index.html | 1 + content/news/2009/12/index.html | 1 + content/news/2009/index.html | 1 + content/news/2010/02/index.html | 1 + content/news/2010/03/index.html | 1 + content/news/2010/05/index.html | 1 + content/news/2010/08/index.html | 1 + content/news/2010/09/index.html | 1 + content/news/2010/11/index.html | 1 + content/news/2010/12/index.html | 1 + content/news/2010/index.html | 1 + content/news/2011/01/index.html | 1 + content/news/2011/02/index.html | 1 + content/news/2011/03/index.html | 1 + content/news/2011/04/index.html | 1 + content/news/2011/05/index.html | 1 + content/news/2011/06/index.html | 1 + content/news/2011/08/index.html | 1 + content/news/2011/09/index.html | 1 + content/news/2011/10/index.html | 1 + content/news/2011/11/index.html | 1 + content/news/2011/index.html | 1 + content/news/2012/01/index.html | 1 + content/news/2012/03/index.html | 1 + content/news/2012/05/index.html | 1 + content/news/2012/06/index.html | 1 + content/news/2012/07/index.html | 1 + content/news/2012/08/index.html | 1 + content/news/2012/09/index.html | 1 + content/news/2012/10/index.html | 1 + content/news/2012/11/index.html | 1 + content/news/2012/12/index.html | 1 + content/news/2012/index.html | 1 + content/news/2013/01/index.html | 1 + content/news/2013/02/index.html | 1 + content/news/2013/03/index.html | 1 + content/news/2013/04/index.html | 1 + content/news/2013/05/index.html | 1 + content/news/2013/06/index.html | 1 + content/news/2013/07/index.html | 1 + content/news/2013/08/index.html | 1 + content/news/2013/09/index.html | 1 + content/news/2013/11/index.html | 1 + content/news/2013/index.html | 1 + content/news/2014/01/index.html | 1 + content/news/2014/02/index.html | 1 + content/news/2014/04/index.html | 1 + content/news/2014/06/index.html | 1 + content/news/2014/08/index.html | 1 + content/news/2014/09/index.html | 1 + content/news/2014/11/index.html | 1 + content/news/2014/index.html | 1 + content/news/2015/02/index.html | 1 + content/news/2015/06/index.html | 1 + content/news/2015/07/index.html | 1 + content/news/2015/10/index.html | 1 + content/news/2015/11/index.html | 1 + content/news/2015/index.html | 1 + .../news/2016/01/20/wicket-7.2.0-released.html | 101 +- content/news/2016/01/index.html | 9 + .../news/2016/02/19/wicket-1.5.15-released.html | 71 +- .../news/2016/02/19/wicket-6.22.0-released.html | 87 +- content/news/2016/02/index.html | 23 + content/news/2016/03/01/cve-2015-5347.html | 76 +- content/news/2016/03/02/cve-2015-7520.html | 75 +- content/news/2016/03/index.html | 26 + .../news/2016/05/05/wicket-6.23.0-released.html | 98 +- .../news/2016/05/05/wicket-7.3.0-released.html | 106 +- content/news/2016/05/index.html | 19 + .../news/2016/07/21/wicket-6.24.0-released.html | 97 +- .../news/2016/07/21/wicket-7.4.0-released.html | 99 +- .../2016/07/25/wicket-8.0.0-M1-released.html | 108 +- content/news/2016/07/index.html | 28 + content/news/2016/08/05/cve-2016-3092.html | 31 + .../news/2016/08/05/wicket-1.5.16-released.html | 22 + content/news/2016/08/index.html | 207 ++++ content/news/2016/index.html | 91 ++ content/news/index.html | 85 ++ 97 files changed, 2731 insertions(+), 1569 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/wicket-site/blob/c5d32df7/_posts/2016/2016-08-05-cve-2016-3092.md ---------------------------------------------------------------------- diff --git a/_posts/2016/2016-08-05-cve-2016-3092.md b/_posts/2016/2016-08-05-cve-2016-3092.md new file mode 100644 index 0000000..c622bc4 --- /dev/null +++ b/_posts/2016/2016-08-05-cve-2016-3092.md @@ -0,0 +1,36 @@ +--- +layout: post +title: CVE-2016-3092 & CVE-2013-2186 Apache Commons Fileupload vulnerabilities +--- + +Severity: Important + +Vendor: +The Apache Software Foundation + +Versions Affected: +Apache Wicket 1.5.x, 6.x and 7.x + +Description: + +CVE-2016-3092: A malicious client can send file upload requests that cause the HTTP server +using the Apache Commons Fileupload library to become unresponsive, preventing +the server from servicing other requests. + +This flaw is not exploitable beyond causing the code to loop expending +CPU resources. + + +CVE-2013-2186: +The DiskFileItem class in Apache Commons FileUpload allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance. + +## The application developers are recommended to upgrade to: + +* [Apache Wicket 1.5.16](/news/2016/08/05/wicket-1.5.16-released.html) +* [Apache Wicket 6.24.0](/news/2016/07/21/wicket-6.24.0-released.html) +* [Apache Wicket 7.4.0](/news/2016/07/21/wicket-7.4.0-released.html) + +Since version 7.0.0 Apache Wicket does not embed Apache Commons FileUpload but uses it as a Maven dependency so an application can just update the dependency to version 1.3.2. + + +Apache Wicket Team \ No newline at end of file http://git-wip-us.apache.org/repos/asf/wicket-site/blob/c5d32df7/_posts/2016/2016-08-05-wicket-1.5.16-released.md ---------------------------------------------------------------------- diff --git a/_posts/2016/2016-08-05-wicket-1.5.16-released.md b/_posts/2016/2016-08-05-wicket-1.5.16-released.md new file mode 100644 index 0000000..0136d20 --- /dev/null +++ b/_posts/2016/2016-08-05-wicket-1.5.16-released.md @@ -0,0 +1,27 @@ +--- +layout: post +title: Wicket 1.5.16 released +--- + +This is the sixteenth maintenance release of the Wicket 1.5.x series. This release brings over 2 bug fixes. + + + CHANGELOG for 1.5.16: + +#### Bug + +* CVE-2013-2186: Disable (de)serialization of Commons FileUpload items. +* CVE-2016-3092: Apache Commons Fileupload information disclosure vulnerability + + +#### To use in Maven: + +{% highlight xml %} +<dependency> + <groupId>org.apache.wicket</groupId> + <artifactId>wicket-core</artifactId> + <version>1.5.16</version> +</dependency> +{% endhighlight %} + +#### Download the [full distribution](http://www.apache.org/dyn/closer.cgi/wicket/1.5.16) (including sources) http://git-wip-us.apache.org/repos/asf/wicket-site/blob/c5d32df7/_posts/2016/_site/2016-01-20-wicket-7.2.0-released.html ---------------------------------------------------------------------- diff --git a/_posts/2016/_site/2016-01-20-wicket-7.2.0-released.html b/_posts/2016/_site/2016-01-20-wicket-7.2.0-released.html new file mode 100644 index 0000000..4edaea4 --- /dev/null +++ b/_posts/2016/_site/2016-01-20-wicket-7.2.0-released.html @@ -0,0 +1,179 @@ +<p>The Apache Wicket PMC is proud to announce Apache Wicket 7.2.0!</p> + +<p>This release marks another minor release of Wicket 7. We +use semantic versioning for the development of Wicket, and as such no +API breaks are present breaks are present in this release compared to +7.0.0.</p> + +<h4 id="new-and-noteworthy">New and noteworthy</h4> + +<p>In this version two new features have been implemented. The first +features is to read resources from out of file systems with Javaâs +NIO API, which also allows you to write own file systems.</p> + +<p>As an example you can read audio files from within a folder of +a ZIP file without extracting it and stream it directly to the +client.</p> + +<p>The second feature is to load images from external servers.</p> + +<p>In addition a lot of bugs has been fixed regarding ajax and enclosures.</p> + +<h4 id="using-this-release">Using this release</h4> + +<p>With Apache Maven update your dependency to (and donât forget to +update any other dependencies on Wicket projects to the same version):</p> + +<figure class="highlight"><pre><code class="language-xml" data-lang="xml"><span class="nt"><dependency></span> + <span class="nt"><groupId></span>org.apache.wicket<span class="nt"></groupId></span> + <span class="nt"><artifactId></span>wicket-core<span class="nt"></artifactId></span> + <span class="nt"><version></span>7.2.0<span class="nt"></version></span> +<span class="nt"></dependency></span></code></pre></figure> + +<p>Or download and build the distribution yourself, or use our +convenience binary package</p> + +<div class="highlight"><pre> + * Source: http://www.apache.org/dyn/closer.cgi/wicket/7.2.0 + * Binary: http://www.apache.org/dyn/closer.cgi/wicket/7.2.0/binaries +</pre></div> + +<h4 id="upgrading-from-earlier-versions">Upgrading from earlier versions</h4> + +<p>If you upgrade from 7.y.z this release is a drop in replacement. If +you come from a version prior to 7.0.0, please read our Wicket 7 +migration guide found at</p> + +<ul> + <li>http://s.apache.org/wicket7migrate</li> +</ul> + +<h4 id="the-signatures-for-the-source-release-artefacts">The signatures for the source release artefacts:</h4> + +<p>Signature for apache-wicket-7.2.0.zip:</p> + +<div class="highlight"><pre> +-----BEGIN PGP SIGNATURE----- +Comment: GPGTools - https://gpgtools.org + +iQIcBAABCgAGBQJWqyoKAAoJENaEKd8Bv4IClgYP/i9tJKKFIcz4uB4BLrej41HS +oy8w7iBEAt+PbNU5QeCRJawiGLfuc8WblXsRfu2F3HLwuCyW4HXzIjGxAFf2bjDL +GyATgVYiR0U4JVO4oCcO855e8Sgde9gVj1Eza5QuaIpDquBF9OTresydragcqJs8 +eFrHEOMtRlsnI5LmYjq2+d1j5BqQ3lBzYXD17/my67zxAGG0pAiPyZSA2patQUTj +1RJiL8n6vMq1w351t4WmLi8wm1hMJFueqw5XRKDbQPyRr+VjD1hM43zi/SW5w1We +lxch8kRo3PQNOiTX7T09pxigBbqJ9vkuZ+t1mBN6eoXS93OyuGwJ5fvunxbmD9zf +MneHB1+pPJv8rbYngoPBnBu913tIwgJwG3mwu6F8oHevEVC3NT83RtSOYVvoXNve +lMP23pBL6bGqV0wFNXWMKGUbr4DXcAwNeqZCr2/nD/VZ7ud45RHS7x9iNIbRNrus +HPiAlmwVk7YQ5ohf90T7fBrd6YNBit8NIVJmYRMzasd4L7a88xVLqS7WDhgXMzk2 +zjhd+jpvPa/Ty3cJwGrMlYKbDsR1WToXGC6eakqKBkT9xylzmaXijBH8bTDhok3u +Cw9KnUC+mhMHCjuCap+ZgOqNiSpT5b8/An3EOWySpfnKXzx5UOkzCKxY4G74raov +T3huTv7fKGk7k+DxIyRi +=Eokv +-----END PGP SIGNATURE----- +</pre></div> + +<p>Signature for apache-wicket-7.2.0.tar.gz:</p> + +<div class="highlight"><pre> +-----BEGIN PGP SIGNATURE----- +Comment: GPGTools - https://gpgtools.org + +iQIcBAABCgAGBQJWqywsAAoJENaEKd8Bv4IC0KIP/2qWdbmhs6BYdX/bj3sjkrVx +r3tsuYWt8dYrK+qyUI2D1tB5i4Vd3i+2BPnvOGhyjUevTaiIvRQirYkYwRx7ZamE +9jsLzuoprYzQBObOd42Gy+uOH33necSyNwgEOoXoGk/L6l+TBc30tedSWS7zsBJY +ajYBnxGJ8w9dOPd1wIW2Mt0hcAQgEKvCfRfOmCDQbfrsZ8zEbRf+D8qgrQSoc0a3 +1ZQhtHHr4YIaA/fb91/9H8g7aNBwcLeAiYaIdsvuWPGMgbTerFPN7lyEraIv73ra +hv3//NdTlfUzljmUuLlRa4m1o9LAB7KwpTcZYRz0Z6vyUBhnhOAZoIaT7vtbM7jA +FcLZf8zOiOUrtW+GXRFcUMOEhEje3SZcxe9hpdTAc8rCtdIKmY80TIZe8LbmZfQB +QFcBN97jR+XMhO7raDkxcyS1yJD4VxMSumo5PNNrxaIGfoqsHuFIdOgwxDuXmta3 +FPO4aMOedD/It6YWfK4aEG2sDmTtXZzO7RXzQaCJNs9Ko+3EsG4EqrY5Cnrb2pKf +0naJmVDGHYBx98FYV+ZE+Qc+SxItpGM5Dy5oeYcrnqpy4HatSrOocntrEO74qQ3z +6qPEJwpEyxbb3WZBgZSZom4TeNrg0aSb98T623RN+Fi6GEJLloX5JiAdVWl/1IiF +pdzbYsa2IMyPjC3a5hVK +=pbxZ +-----END PGP SIGNATURE----- + +</pre></div> + +<h4 id="changelog-for-720">CHANGELOG for 7.2.0</h4> + +<h4 id="bug">Bug</h4> + +<div class="highlighter-rouge"><pre class="highlight"><code>* [WICKET-6001] - Exception raised while refreshing a page with queued components missing in the markup +* [WICKET-6002] - FileUploadField makes form-component models become null on submit +* [WICKET-6006] - ModalWindow.closeCurrent() causes 414 status error +* [WICKET-6010] - Downloading filenames containing ',' or ';' gives problems +* [WICKET-6011] - NPE in case DebugBar is added to AjaxRequestTarget +* [WICKET-6013] - CLONE - AjaxFallbackOrderByBorder wicketOrder[Up|Down|None] class missing in 7.1.0 +* [WICKET-6014] - TransparentWebMarkupContainer breaks OnChangeAjaxBehavior for Select2 +* [WICKET-6017] - Tests fail when executed with not expected locale +* [WICKET-6018] - TransparentWebMarkupContainer is not really "transparent" +* [WICKET-6020] - GuiceFieldValueFactory returns the NULL_SENTINEL from the cache +* [WICKET-6021] - ConcurrentModificationException in MarkupContainer##iterator##next +* [WICKET-6024] - Possible issue with Border and LoadableDetachableModel in 7.1.0 +* [WICKET-6026] - Problem in detecting child id on nested <wicket:enclosure> +* [WICKET-6027] - Nested TransparentWebMarkupContainer, markup of inner component not found +* [WICKET-6028] - Detach called on enclosure component while it had a non-empty queue +* [WICKET-6031] - NPE in PackageResourceReference##getResource() when there is no request +* [WICKET-6032] - Wicket.Ajax.done() called twice on redirect +* [WICKET-6034] - AjaxFallbackOrderByBorder does not generate any CSS class in order link +* [WICKET-6036] - Failure to process markup with nested tags inside a Label +* [WICKET-6037] - ModalWindow vulnerable to Javascript injection through title model +* [WICKET-6043] - Cannot set wicket:enclosure on queued component in ListView +* [WICKET-6044] - AjaxFormChoiceComponentUpdatingBehavior: Duplicate input values according to WICKET-5948 +* [WICKET-6045] - ListView NullPointerException when viewSize is set explicitly +* [WICKET-6048] - German Translation for EqualInputValidator wrong +* [WICKET-6050] - Wicket Ajax (Wicket.From.serializeElement) causes 400 bad request +* [WICKET-6052] - CSS header contribution overlap +* [WICKET-6058] - Error in calculation of byte ranges +* [WICKET-6059] - TransparentWebMarkupContainer can not resolve autocomponents in its parent +* [WICKET-6062] - MockHttpSession should renew its id after invalidation +* [WICKET-6063] - Add support for WebSocketRequest##getUrl() and other properties which are available in the handshake request +* [WICKET-6064] - WebSocketResponse.sendRedirect could be supported with <ajax-response><redirect>...</></> +* [WICKET-6065] - Calling http://examples7x.wicket.apache.org/resourceaggregation/ generate Internal error +* [WICKET-6068] - The key RangeValidator.exact is not mapped in Application_de.properties +* [WICKET-6076] - Problem with queued components and enclosure +* [WICKET-6077] - Border's body is not added as a child due to dequeuing +</code></pre> +</div> + +<h4 id="improvement">Improvement</h4> + +<div class="highlighter-rouge"><pre class="highlight"><code>* [WICKET-5950] - Model and GenericBaseModel could both implement IObjectClassAwareModel +* [WICKET-5969] - Please give us access to PageTable.index pageId queue +* [WICKET-6015] - AjaxFallbackOrderByBorder/Link should support updateAjaxAttributes() idiom +* [WICKET-6019] - Remove 'final' modifier for Localizer##getStringIgnoreSettings() methods +* [WICKET-6023] - small tweak for component queuing for the AbstractRepeater +* [WICKET-6029] - Make Border's methods consistent with commit f14e03f +* [WICKET-6046] - Wicket Quickstart Example Application shows deployment memory leak in Tomcat +* [WICKET-6051] - Improve performance of CssUrlReplacer +* [WICKET-6054] - Provide a factory method for the WebSocketResponse & WebSocketRequest +* [WICKET-6061] - Improved PackageResource##getCacheKey +* [WICKET-6070] - Provide factory methods for WizardButtonBar buttons +* [WICKET-6072] - Improve the quickstart to make it easier to use JSR-356 web sockets +</code></pre> +</div> + +<h4 id="new-feature">New Feature</h4> + +<div class="highlighter-rouge"><pre class="highlight"><code>* [WICKET-6025] - Read resource files with Java's NIO API +* [WICKET-6042] - Implementation of ExternalImage component +</code></pre> +</div> + +<h4 id="task">Task</h4> + +<div class="highlighter-rouge"><pre class="highlight"><code>* [WICKET-6049] - Update the site to point to the new deployments of the examples +* [WICKET-6057] - Upgrade commons-collections to 4.1 +* [WICKET-6071] - Upgrade jQuery to 1.12 / 2.2.0 +</code></pre> +</div> + +<h4 id="wish">Wish</h4> +<div class="highlighter-rouge"><pre class="highlight"><code>* [WICKET-6067] - Provide an Ajax Behavior that prevents form submit on ENTER +</code></pre> +</div> + +<p>Have fun!</p> + +<p>â The Wicket team</p> http://git-wip-us.apache.org/repos/asf/wicket-site/blob/c5d32df7/_posts/2016/_site/2016-02-19-wicket-1.5.15-released.html ---------------------------------------------------------------------- diff --git a/_posts/2016/_site/2016-02-19-wicket-1.5.15-released.html b/_posts/2016/_site/2016-02-19-wicket-1.5.15-released.html new file mode 100644 index 0000000..010112c --- /dev/null +++ b/_posts/2016/_site/2016-02-19-wicket-1.5.15-released.html @@ -0,0 +1,22 @@ +<p>This is the fifteenth maintenance release of the Wicket 1.5.x series. This release brings over 2 bug fixes.</p> + +<div class="highlighter-rouge"><pre class="highlight"><code>CHANGELOG for 1.5.15: +</code></pre> +</div> + +<h4 id="bug">Bug</h4> + +<ul> + <li>[WICKET-6037] - ModalWindow vulnerable to Javascript injection through title model</li> + <li>Escape the generated markup for attribute names and values in CheckBoxMultipleChoice and RadioChoice</li> +</ul> + +<h4 id="to-use-in-maven">To use in Maven:</h4> + +<figure class="highlight"><pre><code class="language-xml" data-lang="xml"><span class="nt"><dependency></span> + <span class="nt"><groupId></span>org.apache.wicket<span class="nt"></groupId></span> + <span class="nt"><artifactId></span>wicket-core<span class="nt"></artifactId></span> + <span class="nt"><version></span>1.5.15<span class="nt"></version></span> +<span class="nt"></dependency></span></code></pre></figure> + +<h4 id="download-the-full-distributionhttpwwwapacheorgdynclosercgiwicket1515-including-sources">Download the <a href="http://www.apache.org/dyn/closer.cgi/wicket/1.5.15";>full distribution</a> (including sources)</h4> http://git-wip-us.apache.org/repos/asf/wicket-site/blob/c5d32df7/_posts/2016/_site/2016-02-19-wicket-6.22.0-released.html ---------------------------------------------------------------------- diff --git a/_posts/2016/_site/2016-02-19-wicket-6.22.0-released.html b/_posts/2016/_site/2016-02-19-wicket-6.22.0-released.html new file mode 100644 index 0000000..c9dc434 --- /dev/null +++ b/_posts/2016/_site/2016-02-19-wicket-6.22.0-released.html @@ -0,0 +1,88 @@ +<p>The Apache Wicket PMC is proud to announce Apache Wicket 6.22.0!</p> + +<p>This release marks another minor release of Wicket 6. We +use semantic versioning for the development of Wicket, and as such no +API breaks are present breaks are present in this release compared to +6.0.0.</p> + +<h3 id="using-this-release">Using this release</h3> + +<p>With Apache Maven update your dependency to (and donât forget to +update any other dependencies on Wicket projects to the same version):</p> + +<figure class="highlight"><pre><code class="language-xml" data-lang="xml"><span class="nt"><dependency></span> +<span class="nt"><groupId></span>org.apache.wicket<span class="nt"></groupId></span> +<span class="nt"><artifactId></span>wicket-core<span class="nt"></artifactId></span> +<span class="nt"><version></span>6.22.0<span class="nt"></version></span> +<span class="nt"></dependency></span></code></pre></figure> + +<p>Or download and build the distribution yourself, or use our +convenience binary package</p> + +<ul> + <li><a href="http://www.apache.org/dyn/closer.cgi/wicket/6.22.0";>Sources</a></li> + <li><a href="http://www.apache.org/dyn/closer.cgi/wicket/6.22.0/binaries";>Binaries</a></li> +</ul> + +<h3 id="upgrading-from-earlier-versions">Upgrading from earlier versions</h3> + +<p>If you upgrade from 6.y.z this release is a drop in replacement. If +you come from a version prior to 6.0.0, please read our Wicket 6 +migration guide found at</p> + +<ul> + <li><a href="https://cwiki.apache.org/confluence/display/WICKET/Migration+to+Wicket+6.0";>migration to Wicket 6</a></li> +</ul> + +<p>Have fun!</p> + +<p>â The Wicket team</p> + +<h3 id="this-release">This release</h3> + +<h4 id="changelog-for-6220">CHANGELOG for 6.22.0:</h4> + +<p>The following changes were made in Wicket for this release.</p> + +<h4 id="bug">Bug</h4> + +<ul> + <li>[WICKET-6006] - ModalWindow.closeCurrent() causes 414 status error</li> + <li>[WICKET-6017] - Tests fail when executed with not expected locale</li> + <li>[WICKET-6020] - GuiceFieldValueFactory returns the NULL_SENTINEL +from the cache</li> + <li>[WICKET-6030] - Support /META-INF/services/org.apache.wicket.IInitializer (backport to 6.x)</li> + <li>[WICKET-6032] - Wicket.Ajax.done() called twice on redirect</li> + <li>[WICKET-6037] - ModalWindow vulnerable to Javascript injection through title model</li> + <li>[WICKET-6040] - DebugBar not serializable exception</li> + <li>[WICKET-6044] - AjaxFormChoiceComponentUpdatingBehavior: Duplicate input values according to WICKET-5948</li> + <li>[WICKET-6048] - German Translation for EqualInputValidator wrong</li> + <li>[WICKET-6050] - Wicket Ajax (Wicket.From.serializeElement) causes 400 bad request</li> + <li>[WICKET-6052] - CSS header contribution overlap</li> + <li>[WICKET-6062] - MockHttpSession should renew its id after invalidation</li> + <li>[WICKET-6063] - Add support for WebSocketRequest#getUrl() and other properties which are available in the handshake request</li> + <li>[WICKET-6064] - WebSocketResponse.sendRedirect could be supported with <ajax-response><redirect>...</></></redirect></ajax-response></li> + <li>[WICKET-6068] - The key RangeValidator.exact is not mapped in Application_de.properties</li> + <li>[WICKET-6069] - OnChangeAjaxBehavior does not work if the url contains a request parameter with same name as wicket id</li> + <li>[WICKET-6084] - ajax request failure handler receives incorrect arguments</li> + <li>[WICKET-6085] - AjaxTimerBehavior with failure handler cause memory leak in browser</li> + <li>[WICKET-6087] - Invalid AbstractRequestWrapperFactory.needsWrapper method scope: package - cannot create a custom implementation</li> +</ul> + +<h4 id="improvement">Improvement</h4> + +<ul> + <li>[WICKET-5950] - Model and GenericBaseModel could both implement IObjectClassAwareModel</li> + <li>[WICKET-5969] - Please give us access to PageTable.index pageId queue</li> + <li>[WICKET-6019] - Remove âfinalâ modifier for Localizer#getStringIgnoreSettings() methods</li> + <li>[WICKET-6051] - Improve performance of CssUrlReplacer</li> + <li>[WICKET-6054] - Provide a factory method for the WebSocketResponse & WebSocketRequest</li> + <li>[WICKET-6073] - Use NIO Jetty connector for the quickstart</li> + <li>[WICKET-6081] - Add âassertNotRequiredâ to the WicketTester</li> +</ul> + +<h4 id="task">Task</h4> + +<ul> + <li>[WICKET-6071] - Upgrade jQuery to 1.12 / 2.2.0</li> +</ul> http://git-wip-us.apache.org/repos/asf/wicket-site/blob/c5d32df7/_posts/2016/_site/2016-03-01-cve-2015-5347.html ---------------------------------------------------------------------- diff --git a/_posts/2016/_site/2016-03-01-cve-2015-5347.html b/_posts/2016/_site/2016-03-01-cve-2015-5347.html new file mode 100644 index 0000000..6d1fc74 --- /dev/null +++ b/_posts/2016/_site/2016-03-01-cve-2015-5347.html @@ -0,0 +1,31 @@ +<p>Severity: Important</p> + +<p>Vendor: +The Apache Software Foundation</p> + +<p>Versions Affected: +Apache Wicket 1.5.x, 6.x and 7.x</p> + +<p>Description:</p> + +<p>It is possible for JavaScript statements to break out of a ModalWindowâs +title - only quotes are escaped in the JavaScript settings object, allowing JavaScript +to be injected into the markup.</p> + +<p>This might pose a security threat if the written JavaScript contains user provided data.</p> + +<p>The title is now escaped by default, this can be disabled explicitly via + modalWindow.setEscapeModelStrings(false).</p> + +<h2 id="the-application-developers-are-recommended-to-upgrade-to">The application developers are recommended to upgrade to:</h2> + +<ul> + <li><a href="/news/2016/02/19/wicket-1.5.15-released.html">Apache Wicket 1.5.15</a></li> + <li><a href="/news/2016/02/19/wicket-6.22.0-released.html">Apache Wicket 6.22.0</a></li> + <li><a href="/news/2016/01/20/wicket-7.2.0-released.html">Apache Wicket 7.2.0</a></li> +</ul> + +<p>Credit: +This issue was reported by Tobias Gierke!</p> + +<p>Apache Wicket Team</p> http://git-wip-us.apache.org/repos/asf/wicket-site/blob/c5d32df7/_posts/2016/_site/2016-03-02-cve-2015-7520.html ---------------------------------------------------------------------- diff --git a/_posts/2016/_site/2016-03-02-cve-2015-7520.html b/_posts/2016/_site/2016-03-02-cve-2015-7520.html new file mode 100644 index 0000000..79fb7ff --- /dev/null +++ b/_posts/2016/_site/2016-03-02-cve-2015-7520.html @@ -0,0 +1,27 @@ +<p>Severity: Important</p> + +<p>Vendor: +The Apache Software Foundation</p> + +<p>Versions Affected: +Apache Wicket 1.5.x, 6.x and 7.x</p> + +<p>Description:</p> + +<p>It is possible for JavaScript statements to break out of a RadioGroupâs +and CheckBoxMultipleChoiceâs âvalueâ attribute of <code class="highlighter-rouge"><input></code> elements</p> + +<p>This might pose a security threat if the written JavaScript contains user provided data.</p> + +<h2 id="the-application-developers-are-recommended-to-upgrade-to">The application developers are recommended to upgrade to:</h2> + +<ul> + <li><a href="/news/2016/02/19/wicket-1.5.15-released.html">Apache Wicket 1.5.15</a></li> + <li><a href="/news/2016/02/19/wicket-6.22.0-released.html">Apache Wicket 6.22.0</a></li> + <li><a href="/news/2016/01/20/wicket-7.2.0-released.html">Apache Wicket 7.2.0</a></li> +</ul> + +<p>Credit: +This issue was reported by Canh Ngo!</p> + +<p>Apache Wicket Team</p> http://git-wip-us.apache.org/repos/asf/wicket-site/blob/c5d32df7/_posts/2016/_site/2016-05-05-wicket-6.23.0-released.html ---------------------------------------------------------------------- diff --git a/_posts/2016/_site/2016-05-05-wicket-6.23.0-released.html b/_posts/2016/_site/2016-05-05-wicket-6.23.0-released.html new file mode 100644 index 0000000..1fc88da --- /dev/null +++ b/_posts/2016/_site/2016-05-05-wicket-6.23.0-released.html @@ -0,0 +1,106 @@ +<p>The Apache Wicket PMC is proud to announce Apache Wicket 6.23.0!</p> + +<p>Apache Wicket is an open source Java component oriented web application +framework that powers thousands of web applications and web sites for +governments, stores, universities, cities, banks, email providers, and +more. You can find more about Apache Wicket at https://wicket.apache.org</p> + +<p>This release marks another minor release of Wicket 6. We +use semantic versioning for the development of Wicket, and as such no +API breaks are present breaks are present in this release compared to +6.0.0.</p> + +<h2 id="new-and-noteworthy">New and noteworthy</h2> + +<h4 id="jquery-upgrade">jQuery upgrade</h4> + +<p>Wicket ships standard with itâs own jQuery. With this release jQuery was upgraded to 1.12.3/2.2.3.</p> + +<!--more--> + +<h2 id="using-this-release">Using this release</h2> + +<p>With Apache Maven update your dependency to (and donât forget to +update any other dependencies on Wicket projects to the same version):</p> + +<figure class="highlight"><pre><code class="language-xml" data-lang="xml"><span class="nt"><dependency></span> + <span class="nt"><groupId></span>org.apache.wicket<span class="nt"></groupId></span> + <span class="nt"><artifactId></span>wicket-core<span class="nt"></artifactId></span> + <span class="nt"><version></span>6.23.0<span class="nt"></version></span> +<span class="nt"></dependency></span></code></pre></figure> + +<p>Or download and build the distribution yourself, or use our +convenience binary package</p> + +<ul> + <li>Source: <a href="http://www.apache.org/dyn/closer.cgi/wicket/6.23.0";>http://www.apache.org/dyn/closer.cgi/wicket/6.23.0</a></li> + <li>Binary: <a href="http://www.apache.org/dyn/closer.cgi/wicket/6.23.0/binaries";>http://www.apache.org/dyn/closer.cgi/wicket/6.23.0/binaries</a></li> +</ul> + +<h2 id="upgrading-from-earlier-versions">Upgrading from earlier versions</h2> + +<p>If you upgrade from 6.y.z this release is a drop in replacement. If +you come from a version prior to 6.0.0, please read our Wicket 6 +migration guide found at</p> + +<ul> + <li><a href="http://s.apache.org/wicket6migrate";>http://s.apache.org/wicket6migrate</a></li> +</ul> + +<p>Have fun!</p> + +<p>â The Wicket team</p> + +<p>================================</p> + +<p>The signatures for the source release artefacts:</p> + +<p>Signature for apache-wicket-6.23.0.zip:</p> + +<div class="highlighter-rouge"><pre class="highlight"><code>-----BEGIN PGP SIGNATURE----- +Comment: GPGTools - https://gpgtools.org + +iEYEABECAAYFAlcd7YkACgkQJBX8W/xy/UXj0ACgrhCPPnuW7xSd2p7zo6pxQKeU +uC4AmwaavBtALbyC0w4eaK6qgOTTbTFa +=thu6 +-----END PGP SIGNATURE----- +</code></pre> +</div> + +<p>Signature for apache-wicket-6.23.0.tar.gz:</p> + +<div class="highlighter-rouge"><pre class="highlight"><code>-----BEGIN PGP SIGNATURE----- +Comment: GPGTools - https://gpgtools.org + +iEYEABECAAYFAlcd7YkACgkQJBX8W/xy/UXWXQCeNWa8xIe4dtrXrognVudOonXf +fPwAn2meYov9oWZ8C1rG4MG2Sc8LfvHa +=7Anf +-----END PGP SIGNATURE----- +</code></pre> +</div> + +<p>================================</p> + +<h3 id="changelog-for-6230">CHANGELOG for 6.23.0</h3> + +<h4 id="bug">Bug</h4> + +<ul> + <li><a href="https://issues.apache.org/jira/browse/WICKET-6108";>WICKET-6108</a> - Closing a ModalWindow with jQuery 2.2.0 produces javascript errors</li> + <li><a href="https://issues.apache.org/jira/browse/WICKET-6111";>WICKET-6111</a> - Empty redirect on redirect to home page if home page already shown</li> + <li><a href="https://issues.apache.org/jira/browse/WICKET-6131";>WICKET-6131</a> - IndexOutOfBoundsException in org.apache.wicket.core. request.mapper.CryptoMapper.decryptEntireUrl</li> + <li><a href="https://issues.apache.org/jira/browse/WICKET-6135";>WICKET-6135</a> - There is no good way to get POST body content</li> +</ul> + +<h4 id="improvement">Improvement</h4> + +<ul> + <li><a href="https://issues.apache.org/jira/browse/WICKET-6098";>WICKET-6098</a> - Add logging to HttpSessionDataStore</li> + <li><a href="https://issues.apache.org/jira/browse/WICKET-6100";>WICKET-6100</a> - Upgrade jQuery to 1.12.3/2.2.3</li> + <li><a href="https://issues.apache.org/jira/browse/WICKET-6110";>WICKET-6110</a> - Add a message to StalePageException for better debugging</li> + <li><a href="https://issues.apache.org/jira/browse/WICKET-6122";>WICKET-6122</a> - Add .map to the list of allowed file extensions in SecurePackageResourceGuard</li> + <li><a href="https://issues.apache.org/jira/browse/WICKET-6123";>WICKET-6123</a> - Remove âabstractâ from ChainingModel</li> + <li><a href="https://issues.apache.org/jira/browse/WICKET-6144";>WICKET-6144</a> - Wicket-ajax parameter / header may be used to bypass proper exception handling</li> + <li><a href="https://issues.apache.org/jira/browse/WICKET-6145";>WICKET-6145</a> - Enable DeltaManager to replicate PageTable in Sessions</li> + <li><a href="https://issues.apache.org/jira/browse/WICKET-6152";>WICKET-6152</a> - Allow to add more than one WebSocketBehavior in the component tree</li> +</ul> http://git-wip-us.apache.org/repos/asf/wicket-site/blob/c5d32df7/_posts/2016/_site/2016-05-05-wicket-7.3.0-released.html ---------------------------------------------------------------------- diff --git a/_posts/2016/_site/2016-05-05-wicket-7.3.0-released.html b/_posts/2016/_site/2016-05-05-wicket-7.3.0-released.html new file mode 100644 index 0000000..cde7a34 --- /dev/null +++ b/_posts/2016/_site/2016-05-05-wicket-7.3.0-released.html @@ -0,0 +1,156 @@ +<p>The Apache Wicket PMC is proud to announce Apache Wicket 7.3.0!</p> + +<p>Apache Wicket is an open source Java component oriented web application +framework that powers thousands of web applications and web sites for +governments, stores, universities, cities, banks, email providers, and +more. You can find more about Apache Wicket at https://wicket.apache.org</p> + +<p>This release marks another minor release of Wicket 7. We +use semantic versioning for the development of Wicket, and as such no +API breaks are present breaks are present in this release compared to +7.0.0.</p> + +<h2 id="new-and-noteworthy">New and noteworthy</h2> + +<h4 id="wicket-metrics-added">Wicket Metrics added</h4> + +<p>A new experimental module for integrating with <a href="http://metrics.dropwizard.io/";>DropWizardâs Metrics</a> project was created. +Metrics provides a powerful toolkit of ways to measure the behavior of critical components in your production environment. +Using the Metrics integration requires the use of AspectJ (which is licensed under the Eclipse Public License 1.0)</p> + +<p>You can read more about using the Metrics integration in our user guideâs <a href="https://ci.apache.org/projects/wicket/guide/7.x/guide/single.html#monitoring";>monitoring chapter</a>.</p> + +<h4 id="jquery-upgrade">jQuery upgrade</h4> + +<p>Wicket ships standard with itâs own jQuery. With this release jQuery was upgraded to 1.12.3/2.2.3.</p> + +<!--more--> + +<h2 id="using-this-release">Using this release</h2> + +<p>With Apache Maven update your dependency to (and donât forget to +update any other dependencies on Wicket projects to the same version):</p> + +<figure class="highlight"><pre><code class="language-xml" data-lang="xml"><span class="nt"><dependency></span> + <span class="nt"><groupId></span>org.apache.wicket<span class="nt"></groupId></span> + <span class="nt"><artifactId></span>wicket-core<span class="nt"></artifactId></span> + <span class="nt"><version></span>7.3.0<span class="nt"></version></span> +<span class="nt"></dependency></span></code></pre></figure> + +<p>Or download and build the distribution yourself, or use our +convenience binary package</p> + +<ul> + <li>Source: <a href="http://www.apache.org/dyn/closer.cgi/wicket/7.3.0";>http://www.apache.org/dyn/closer.cgi/wicket/7.3.0</a></li> + <li>Binary: <a href="http://www.apache.org/dyn/closer.cgi/wicket/7.3.0/binaries";>http://www.apache.org/dyn/closer.cgi/wicket/7.3.0/binaries</a></li> +</ul> + +<h2 id="upgrading-from-earlier-versions">Upgrading from earlier versions</h2> + +<p>If you upgrade from 7.y.z this release is a drop in replacement. If +you come from a version prior to 7.0.0, please read our Wicket 7 +migration guide found at</p> + +<ul> + <li><a href="http://s.apache.org/wicket7migrate";>http://s.apache.org/wicket7migrate</a></li> +</ul> + +<p>Have fun!</p> + +<p>â The Wicket team</p> + +<p>================================</p> + +<p>The signatures for the source release artefacts:</p> + +<p>Signature for apache-wicket-7.3.0.zip:</p> + +<div class="highlighter-rouge"><pre class="highlight"><code>-----BEGIN PGP SIGNATURE----- +Comment: GPGTools - https://gpgtools.org + +iEYEABECAAYFAlcd4ngACgkQJBX8W/xy/UVP8ACgkHvmhm3RZ006jUfyW7o0DyUk +gloAmgJ6YSA/owx3VLldI7LC/5DoZwQr +=8TQC +-----END PGP SIGNATURE----- +</code></pre> +</div> + +<p>Signature for apache-wicket-7.3.0.tar.gz:</p> + +<div class="highlighter-rouge"><pre class="highlight"><code>-----BEGIN PGP SIGNATURE----- +Comment: GPGTools - https://gpgtools.org + +iEYEABECAAYFAlcd4ngACgkQJBX8W/xy/UXmDgCcCW9n15hdrKVKpona4SwaRtrM +ZJcAnREA/PnxMckF2HWqgeunp+siydFJ +=tRv/ +-----END PGP SIGNATURE----- +</code></pre> +</div> + +<p>================================</p> + +<h3 id="this-release">This Release</h3> + +<h4 id="changelog-for-730">CHANGELOG for 7.3.0:</h4> + +<h5 id="bug">Bug</h5> + +<ul> + <li><a href="https://issues.apache.org/jira/browse/WICKET-6069";>WICKET-6069</a> - OnChangeAjaxBehavior does not work if the url contains a request parameter with same name as wicket id</li> + <li><a href="https://issues.apache.org/jira/browse/WICKET-6078";>WICKET-6078</a> - Problem with queued components and auto linking</li> + <li><a href="https://issues.apache.org/jira/browse/WICKET-6079";>WICKET-6079</a> - Problem with queued components and label</li> + <li><a href="https://issues.apache.org/jira/browse/WICKET-6080";>WICKET-6080</a> - Encapsulation of 3 enclosures leads to WicketRuntimeException</li> + <li><a href="https://issues.apache.org/jira/browse/WICKET-6084";>WICKET-6084</a> - ajax request failure handler receives incorrect arguments</li> + <li><a href="https://issues.apache.org/jira/browse/WICKET-6085";>WICKET-6085</a> - AjaxTimerBehavior with failure handler cause memory leak in browser</li> + <li><a href="https://issues.apache.org/jira/browse/WICKET-6087";>WICKET-6087</a> - Invalid AbstractRequestWrapperFactory.needsWrapper method scope: package - cannot create a custom implementation</li> + <li><a href="https://issues.apache.org/jira/browse/WICKET-6088";>WICKET-6088</a> - Problem with queued components and setting the model</li> + <li><a href="https://issues.apache.org/jira/browse/WICKET-6091";>WICKET-6091</a> - NPE in RequestLoggerRequestCycleListener when using native-websockets</li> + <li><a href="https://issues.apache.org/jira/browse/WICKET-6093";>WICKET-6093</a> - MarkupException due to ID collision in RelativePathPrefixHandler</li> + <li><a href="https://issues.apache.org/jira/browse/WICKET-6094";>WICKET-6094</a> - Find adequate ResourceReference with mount parameters</li> + <li><a href="https://issues.apache.org/jira/browse/WICKET-6097";>WICKET-6097</a> - JsonRequestLogger â> JsonMappingException â> StackOverflowError Infinite recursion</li> + <li><a href="https://issues.apache.org/jira/browse/WICKET-6102";>WICKET-6102</a> - StackoverflowError related to enclosures</li> + <li><a href="https://issues.apache.org/jira/browse/WICKET-6108";>WICKET-6108</a> - Closing a ModalWindow with jQuery 2.2.0 produces javascript errors</li> + <li><a href="https://issues.apache.org/jira/browse/WICKET-6109";>WICKET-6109</a> - Enclosure - âIllegalArgumentException: Argument âmarkupâ may not be nullâ after app restart</li> + <li><a href="https://issues.apache.org/jira/browse/WICKET-6111";>WICKET-6111</a> - Empty redirect on redirect to home page if home page already shown</li> + <li><a href="https://issues.apache.org/jira/browse/WICKET-6116";>WICKET-6116</a> - Exception âA child already existsâ when backing to a page with some markups in a Border</li> + <li><a href="https://issues.apache.org/jira/browse/WICKET-6131";>WICKET-6131</a> - IndexOutOfBoundsException in org.apache.wicket.core.request.mapper.CryptoMapper.decryptEntireUrl</li> + <li><a href="https://issues.apache.org/jira/browse/WICKET-6133";>WICKET-6133</a> - Failing test SpringBeanWithGenericsTest in 7.3.0.0 SNAPSHOT</li> + <li><a href="https://issues.apache.org/jira/browse/WICKET-6134";>WICKET-6134</a> - NPE when using ListView with missing markup</li> + <li><a href="https://issues.apache.org/jira/browse/WICKET-6135";>WICKET-6135</a> - There is no good way to get POST body content</li> + <li><a href="https://issues.apache.org/jira/browse/WICKET-6139";>WICKET-6139</a> - AjaxButton forces rendering type=âbuttonâ</li> + <li><a href="https://issues.apache.org/jira/browse/WICKET-6141";>WICKET-6141</a> - Runtime Exception rendering ComponentTag with RelativePathPrefixHandler</li> + <li><a href="https://issues.apache.org/jira/browse/WICKET-6151";>WICKET-6151</a> - DebugBar/PageSizeDebugPanel throws NullPointerException (need wrapper exception with more detail)</li> +</ul> + +<h5 id="improvement">Improvement</h5> + +<ul> + <li><a href="https://issues.apache.org/jira/browse/WICKET-6053";>WICKET-6053</a> - Allow to reuse the same application instance in several tests</li> + <li><a href="https://issues.apache.org/jira/browse/WICKET-6081";>WICKET-6081</a> - Add âassertNotRequiredâ to the WicketTester</li> + <li><a href="https://issues.apache.org/jira/browse/WICKET-6098";>WICKET-6098</a> - Add logging to HttpSessionDataStore</li> + <li><a href="https://issues.apache.org/jira/browse/WICKET-6100";>WICKET-6100</a> - Upgrade jQuery to 1.12.3/2.2.3</li> + <li><a href="https://issues.apache.org/jira/browse/WICKET-6103";>WICKET-6103</a> - Synchronization on JSR 356 connection</li> + <li><a href="https://issues.apache.org/jira/browse/WICKET-6106";>WICKET-6106</a> - Propagate JSR 356 WebSocket connection error to a page</li> + <li><a href="https://issues.apache.org/jira/browse/WICKET-6107";>WICKET-6107</a> - Broadcast onClose event regardless of the JSR 356 WebSocket connection closed state</li> + <li><a href="https://issues.apache.org/jira/browse/WICKET-6110";>WICKET-6110</a> - Add a message to StalePageException for better debugging</li> + <li><a href="https://issues.apache.org/jira/browse/WICKET-6122";>WICKET-6122</a> - Add .map to the list of allowed file extensions in SecurePackageResourceGuard</li> + <li><a href="https://issues.apache.org/jira/browse/WICKET-6123";>WICKET-6123</a> - Remove âabstractâ from ChainingModel</li> + <li><a href="https://issues.apache.org/jira/browse/WICKET-6127";>WICKET-6127</a> - Add metrics for request duration</li> + <li><a href="https://issues.apache.org/jira/browse/WICKET-6128";>WICKET-6128</a> - Add metrics for currently active sessions</li> + <li><a href="https://issues.apache.org/jira/browse/WICKET-6130";>WICKET-6130</a> - Make it easier to override parts of SystemMapper</li> + <li><a href="https://issues.apache.org/jira/browse/WICKET-6144";>WICKET-6144</a> - Wicket-ajax parameter / header may be used to bypass proper exception handling</li> + <li><a href="https://issues.apache.org/jira/browse/WICKET-6145";>WICKET-6145</a> - Enable DeltaManager to replicate PageTable in Sessions</li> + <li><a href="https://issues.apache.org/jira/browse/WICKET-6152";>WICKET-6152</a> - Allow to add more than one WebSocketBehavior in the component tree</li> +</ul> + +<h5 id="new-feature">New Feature</h5> + +<ul> + <li><a href="https://issues.apache.org/jira/browse/WICKET-6120";>WICKET-6120</a> - Wicket Metrics</li> +</ul> + +<h5 id="wish">Wish</h5> + +<ul> + <li><a href="https://issues.apache.org/jira/browse/WICKET-6095";>WICKET-6095</a> - Multiline headers in DataTable</li> +</ul> http://git-wip-us.apache.org/repos/asf/wicket-site/blob/c5d32df7/_posts/2016/_site/2016-07-21-wicket-6.24.0-released.html ---------------------------------------------------------------------- diff --git a/_posts/2016/_site/2016-07-21-wicket-6.24.0-released.html b/_posts/2016/_site/2016-07-21-wicket-6.24.0-released.html new file mode 100644 index 0000000..005bf2e --- /dev/null +++ b/_posts/2016/_site/2016-07-21-wicket-6.24.0-released.html @@ -0,0 +1,111 @@ +<p>The Apache Wicket PMC is proud to announce Apache Wicket 6.24.0!</p> + +<p>Apache Wicket is an open source Java component oriented web application +framework that powers thousands of web applications and web sites for +governments, stores, universities, cities, banks, email providers, and +more. You can find more about Apache Wicket at https://wicket.apache.org</p> + +<p>This release marks another minor release of Wicket 6. We +use semantic versioning for the development of Wicket, and as such no +API breaks are present breaks are present in this release compared to +6.0.0.</p> + +<h2 id="new-and-noteworthy">New and noteworthy</h2> + +<ul> + <li> + <p>upgrades JQuery dependency to 1.12.4 and 2.2.4</p> + </li> + <li> + <p>increases performance when using KeyInSessionSunJceCryptFactory</p> + </li> +</ul> + +<h2 id="using-this-release">Using this release</h2> + +<p>With Apache Maven update your dependency to (and donât forget to +update any other dependencies on Wicket projects to the same version):</p> + +<figure class="highlight"><pre><code class="language-xml" data-lang="xml"><span class="nt"><dependency></span> + <span class="nt"><groupId></span>org.apache.wicket<span class="nt"></groupId></span> + <span class="nt"><artifactId></span>wicket-core<span class="nt"></artifactId></span> + <span class="nt"><version></span>6.24.0<span class="nt"></version></span> +<span class="nt"></dependency></span></code></pre></figure> + +<p>Or download and build the distribution yourself, or use our +convenience binary package</p> + +<ul> + <li>Source: <a href="http://www.apache.org/dyn/closer.cgi/wicket/6.24.0";>http://www.apache.org/dyn/closer.cgi/wicket/6.24.0</a></li> + <li>Binary: <a href="http://www.apache.org/dyn/closer.cgi/wicket/6.24.0/binaries";>http://www.apache.org/dyn/closer.cgi/wicket/6.24.0/binaries</a></li> +</ul> + +<h2 id="upgrading-from-earlier-versions">Upgrading from earlier versions</h2> + +<p>If you upgrade from 6.y.z this release is a drop in replacement. If +you come from a version prior to 6.0.0, please read our Wicket 6 +migration guide found at</p> + +<ul> + <li><a href="http://s.apache.org/wicket6migration";>http://s.apache.org/wicket6migration</a></li> +</ul> + +<p>Have fun!</p> + +<p>â The Wicket team</p> + +<p>================================</p> + +<p>The signatures for the source release artefacts:</p> + +<p>Signature for apache-wicket-6.24.0.zip:</p> + +<div class="highlighter-rouge"><pre class="highlight"><code>-----BEGIN PGP SIGNATURE----- +Comment: GPGTools - https://gpgtools.org + +iEYEABECAAYFAleLyQ4ACgkQJBX8W/xy/UU+KgCg1k+wBV51fa1YXIZWkObNA3WS +JDcAn3nrxumEXqau3kMoFd3Nb2FpOHjz +=OALQ +-----END PGP SIGNATURE----- +</code></pre> +</div> + +<p>Signature for apache-wicket-6.24.0.tar.gz:</p> + +<div class="highlighter-rouge"><pre class="highlight"><code>-----BEGIN PGP SIGNATURE----- +Comment: GPGTools - https://gpgtools.org + +iEYEABECAAYFAleLyQ4ACgkQJBX8W/xy/UXYFwCeP13OmmFBJqljbW5CKYwUbFSY +QxEAnif6bikYEgoeNv7eBeUsoutC8Hp8 +=lDjk +-----END PGP SIGNATURE----- +</code></pre> +</div> + +<p>================================</p> + +<h3 id="this-release">This Release</h3> + +<h4 id="changelog-for-6240">CHANGELOG for 6.24.0:</h4> + +<h5 id="bug">Bug</h5> + +<ul> + <li>[WICKET-6154] - Performance bottleneck when using KeyInSessionSunJceCryptFactory</li> + <li>[WICKET-6169] - NullPointerException accessing AbstractRequestLogger.getLiveSessions</li> + <li>[WICKET-6172] - Inconsistent results from getTag[s]ByWicketId</li> + <li>[WICKET-6174] - Browser/Client info navigatorJavaEnabled property returns undefined</li> + <li>[WICKET-6175] - Aautocomplete suggestion window is not closing in IE11</li> + <li>[WICKET-6181] - Revert the removal of the default error message when uploading too big files</li> + <li>[WICKET-6191] - AjaxTimerBehavior will stop after ajax update of component it is attached to</li> + <li>[WICKET-6202] - Guide: 26.1 Page storing, section HttpSessionDataStore - example code is not correct</li> + <li>[WICKET-6204] - Copy only the provided attributes for Ajax link inclusion</li> +</ul> + +<h5 id="improvement">Improvement</h5> + +<ul> + <li>[WICKET-6053] - Allow to reuse the same application instance in several tests</li> + <li>[WICKET-6178] - MetaDataHeaderItem # generateString() should return specials characters escaped like StringEscapeUtils.escapeHtml(s) does</li> + <li>[WICKET-6186] - Upgrade JQuery to 1.12.4/2.2.4</li> +</ul> http://git-wip-us.apache.org/repos/asf/wicket-site/blob/c5d32df7/_posts/2016/_site/2016-07-21-wicket-7.4.0-released.html ---------------------------------------------------------------------- diff --git a/_posts/2016/_site/2016-07-21-wicket-7.4.0-released.html b/_posts/2016/_site/2016-07-21-wicket-7.4.0-released.html new file mode 100644 index 0000000..a8aa198 --- /dev/null +++ b/_posts/2016/_site/2016-07-21-wicket-7.4.0-released.html @@ -0,0 +1,137 @@ +<p>The Apache Wicket PMC is proud to announce Apache Wicket 7.4.0!</p> + +<p>Apache Wicket is an open source Java component oriented web application +framework that powers thousands of web applications and web sites for +governments, stores, universities, cities, banks, email providers, and +more. You can find more about Apache Wicket at https://wicket.apache.org</p> + +<p>This release marks another minor release of Wicket 7. We +use semantic versioning for the development of Wicket, and as such no +API breaks are present breaks are present in this release compared to +7.0.0.</p> + +<h2 id="new-and-noteworthy">New and noteworthy</h2> + +<ul> + <li> + <p>improves stateless AJAX support by integrating the Wicket Stuff +wicket-stateless module (WICKET-6183)</p> + </li> + <li> + <p>improves compatibility for playing videos on iOS devices due to missing +media type in MediaComponent</p> + </li> + <li> + <p>upgrades provided JQuery to 1.12.4 and 2.2.4</p> + </li> + <li> + <p>improves compatibility with CGLIB when using wicket-jmx</p> + </li> +</ul> + +<h2 id="using-this-release">Using this release</h2> + +<p>With Apache Maven update your dependency to (and donât forget to +update any other dependencies on Wicket projects to the same version):</p> + +<figure class="highlight"><pre><code class="language-xml" data-lang="xml"><span class="nt"><dependency></span> + <span class="nt"><groupId></span>org.apache.wicket<span class="nt"></groupId></span> + <span class="nt"><artifactId></span>wicket-core<span class="nt"></artifactId></span> + <span class="nt"><version></span>7.4.0<span class="nt"></version></span> +<span class="nt"></dependency></span></code></pre></figure> + +<p>Or download and build the distribution yourself, or use our +convenience binary package</p> + +<ul> + <li>Source: <a href="http://www.apache.org/dyn/closer.cgi/wicket/7.4.0";>http://www.apache.org/dyn/closer.cgi/wicket/7.4.0</a></li> + <li>Binary: <a href="http://www.apache.org/dyn/closer.cgi/wicket/7.4.0/binaries";>http://www.apache.org/dyn/closer.cgi/wicket/7.4.0/binaries</a></li> +</ul> + +<h2 id="upgrading-from-earlier-versions">Upgrading from earlier versions</h2> + +<p>If you upgrade from 7.y.z this release is a drop in replacement. If +you come from a version prior to 7.0.0, please read our Wicket 7 +migration guide found at</p> + +<ul> + <li><a href="http://s.apache.org/wicket7migrate";>http://s.apache.org/wicket7migrate</a></li> +</ul> + +<p>Have fun!</p> + +<p>â The Wicket team</p> + +<p>================================</p> + +<p>The signatures for the source release artefacts:</p> + +<p>Signature for apache-wicket-7.4.0.zip:</p> + +<div class="highlighter-rouge"><pre class="highlight"><code>-----BEGIN PGP SIGNATURE----- +Comment: GPGTools - https://gpgtools.org + +iEYEABECAAYFAleLztAACgkQJBX8W/xy/UU1tACgnetUeJcjAGegJJ175UMjq2z3 +QJAAnjLmcDjcUKGOd/hfBvdvXfo2RL2d +=sPs0 +-----END PGP SIGNATURE----- +</code></pre> +</div> + +<p>Signature for apache-wicket-7.4.0.tar.gz:</p> + +<div class="highlighter-rouge"><pre class="highlight"><code>-----BEGIN PGP SIGNATURE----- +Comment: GPGTools - https://gpgtools.org + +iEYEABECAAYFAleLzs8ACgkQJBX8W/xy/UVNogCgvokjiIH8p/tH3FO27qW0uHfY +pS8AoINM8PFic38Lbf55tNmeegzROZYx +=iTAS +-----END PGP SIGNATURE----- +</code></pre> +</div> + +<p>================================</p> + +<h3 id="this-release">This Release</h3> + +<h4 id="changelog-for-740">CHANGELOG for 7.4.0:</h4> + +<h5 id="bug">Bug</h5> + +<ul> + <li>[WICKET-6154] - Performance bottleneck when using KeyInSessionSunJceCryptFactory</li> + <li>[WICKET-6155] - Newline in ModalWindow title</li> + <li>[WICKET-6157] - WicketTester and application servers are destroying app differently</li> + <li>[WICKET-6160] - Missing type for MediaComponent causing iOS devices not to be able to play videos</li> + <li>[WICKET-6162] - Reload leads to unexpected RuntimeException âUnable to find component with idâ</li> + <li>[WICKET-6169] - NullPointerException accessing AbstractRequestLogger.getLiveSessions</li> + <li>[WICKET-6170] - Wrong requestmapper used for cache decorated resources</li> + <li>[WICKET-6172] - Inconsistent results from getTag[s]ByWicketId</li> + <li>[WICKET-6173] - WICKET-6172 makes TagTester.createTagsByAttribute stop working</li> + <li>[WICKET-6174] - Browser/Client info navigatorJavaEnabled property returns undefined</li> + <li>[WICKET-6175] - Aautocomplete suggestion window is not closing in IE11</li> + <li>[WICKET-6180] - JMX Initializerâs usage of CGLIB makes it impossible to upgrade to CGLIB 3.2.3</li> + <li>[WICKET-6185] - Border body not reachable for visitors</li> + <li>[WICKET-6187] - Enclosures rendered twice in derived component</li> + <li>[WICKET-6191] - AjaxTimerBehavior will stop after ajax update of component it is attached to</li> + <li>[WICKET-6196] - CheckingObjectOutputStream broken in Wicket 7</li> + <li>[WICKET-6198] - Unable to disable a MultiFileUploadField</li> + <li>[WICKET-6202] - Guide: 26.1 Page storing, section HttpSessionDataStore - example code is not correct</li> + <li>[WICKET-6204] - Copy only the provided attributes for Ajax link inclusion</li> +</ul> + +<h5 id="improvement">Improvement</h5> + +<ul> + <li>[WICKET-6153] - WicketTesterâs MockHttpServletRequest doesnât expose setLocale(aLocale) method</li> + <li>[WICKET-6178] - MetaDataHeaderItem # generateString() should return specials characters escaped like StringEscapeUtils.escapeHtml(s) does</li> + <li>[WICKET-6182] - Remove recreateBookmarkablePagesAfterExpiry check in Component#createRequestHandler</li> + <li>[WICKET-6183] - Improve stateless support for AJAX</li> + <li>[WICKET-6186] - Upgrade JQuery to 1.12.4/2.2.4</li> +</ul> + +<h5 id="new-feature">New Feature</h5> + +<ul> + <li>[WICKET-6193] - NestedStringResourceLoader - replaces nested keys within property files</li> +</ul> http://git-wip-us.apache.org/repos/asf/wicket-site/blob/c5d32df7/_posts/2016/_site/2016-07-25-wicket-8.0.0-M1-released.html ---------------------------------------------------------------------- diff --git a/_posts/2016/_site/2016-07-25-wicket-8.0.0-M1-released.html b/_posts/2016/_site/2016-07-25-wicket-8.0.0-M1-released.html new file mode 100644 index 0000000..ffec7e8 --- /dev/null +++ b/_posts/2016/_site/2016-07-25-wicket-8.0.0-M1-released.html @@ -0,0 +1,282 @@ +<p>The Apache Wicket PMC is proud to announce Apache Wicket 8.0.0-M1!</p> + +<p>Apache Wicket is an open source Java component oriented web application +framework that powers thousands of web applications and web sites for +governments, stores, universities, cities, banks, email providers, and +more. You can find more about Apache Wicket at https://wicket.apache.org</p> + +<p>This release marks the first milestone of the major release of Wicket 8. We +use semantic versioning for the development of Wicket, and as such no +API breaks are present breaks are present in this release compared to +8.0.0.</p> + +<h2 id="new-and-noteworthy">New and noteworthy</h2> + +<p><strong>Beside a lot of changes which were implemented in Apache Wicket 7, the new +milestone of the major version of Apache Wicket 8 provides some +great features.</strong></p> + +<ul> + <li> + <p>Lambda support for Models and Components (See âLambda Expressionsâ chapter in the user guide)</p> + </li> + <li> + <p>NestedStringResourceLoader to replace nested keys within property files</p> + </li> + <li> + <p>A lot of bugfixes and improvements</p> + </li> +</ul> + +<p><strong>Features which were almost ready and will be available with 8.0.0-M2</strong></p> + +<ul> + <li>PushBuilder API integration [WICKET-6194] +(See âWicket HTTP/2 Support (Experimental)â chapter in the user guide)</li> +</ul> + +<p><strong>Features which were set to âwonât fixâ</strong></p> + +<ul> + <li>Microservices support (decoupled component usage) [WICKET-6112]</li> +</ul> + +<h2 id="using-this-release">Using this release</h2> + +<p>With Apache Maven update your dependency to (and donât forget to +update any other dependencies on Wicket projects to the same version):</p> + +<figure class="highlight"><pre><code class="language-xml" data-lang="xml"><span class="nt"><dependency></span> + <span class="nt"><groupId></span>org.apache.wicket<span class="nt"></groupId></span> + <span class="nt"><artifactId></span>wicket-core<span class="nt"></artifactId></span> + <span class="nt"><version></span>8.0.0-M1<span class="nt"></version></span> +<span class="nt"></dependency></span></code></pre></figure> + +<p>Or download and build the distribution yourself, or use our +convenience binary package</p> + +<ul> + <li>Source: <a href="http://www.apache.org/dyn/closer.cgi/wicket/8.0.0-M1";>http://www.apache.org/dyn/closer.cgi/wicket/8.0.0-M1</a></li> + <li>Binary: <a href="http://www.apache.org/dyn/closer.cgi/wicket/8.0.0-M1/binaries";>http://www.apache.org/dyn/closer.cgi/wicket/8.0.0-M1/binaries</a></li> +</ul> + +<h2 id="upgrading-from-earlier-versions">Upgrading from earlier versions</h2> + +<p>If you upgrade from 8.y.z this release is a drop in replacement. If +you come from a version prior to 8.0.0, please read our Wicket 7 +migration guide found at</p> + +<ul> + <li><a href="http://s.apache.org/wicket8migration";>http://s.apache.org/wicket8migration</a></li> +</ul> + +<p>Have fun!</p> + +<p>â The Wicket team</p> + +<p>================================</p> + +<p>The signatures for the source release artefacts:</p> + +<p>Signature for apache-wicket-8.0.0-M1.zip:</p> + +<div class="highlighter-rouge"><pre class="highlight"><code>-----BEGIN PGP SIGNATURE----- +Comment: GPGTools - https://gpgtools.org + +iEYEABECAAYFAld5Gc8ACgkQJBX8W/xy/UV/wwCfa+/9cOB0KEOHB6vT41/ISIP/ +udAAoNM46vtM+T2RYU5uSV08fWjzUjiV +=4pKN +-----END PGP SIGNATURE----- +</code></pre> +</div> + +<p>Signature for apache-wicket-8.0.0-M1.tar.gz:</p> + +<div class="highlighter-rouge"><pre class="highlight"><code>-----BEGIN PGP SIGNATURE----- +Comment: GPGTools - https://gpgtools.org + +iEYEABECAAYFAld5Gc8ACgkQJBX8W/xy/UX5ngCgvckuOYDq+x6yVgTdDrhGskEz +cTwAn0jMYcafuw0aHDATKwbTv8U3uZX1 +=9v6u +-----END PGP SIGNATURE----- +</code></pre> +</div> + +<p>================================</p> + +<h3 id="this-release">This Release</h3> + +<h4 id="changelog-for-800-m1">CHANGELOG for 8.0.0-M1:</h4> + +<h5 id="bug">Bug</h5> + +<ul> + <li>[WICKET-5836] - Update the version of clirr-maven-plugin (current 2.6.1)</li> + <li>[WICKET-5993] - AjaxButton - image is not shown even though type=âimageâ is in html-template</li> + <li>[WICKET-5994] - Mounted TemplateResourceReference throws org.apache.wicket.WicketRuntimeException when https is used</li> + <li>[WICKET-5995] - âRangeâ header parsing is broken</li> + <li>[WICKET-5996] - Mounted packages throw IllegalArgumentException when visiting base package url.</li> + <li>[WICKET-5997] - Compatibility problem with Websphere liberty profile</li> + <li>[WICKET-5999] - AjaxFormValidatingBehavior not updates initially hidden feedback component</li> + <li>[WICKET-6001] - Exception raised while refreshing a page with queued components missing in the markup</li> + <li>[WICKET-6002] - FileUploadField makes form-component models become null on submit</li> + <li>[WICKET-6005] - WicketRuntimeException from AjaxPagingNavigator#onAjaxEvent</li> + <li>[WICKET-6006] - ModalWindow.closeCurrent() causes 414 status error</li> + <li>[WICKET-6007] - PageableListView constructor argument and set/getItemsPerPage are inconsistent</li> + <li>[WICKET-6010] - Downloading filenames containing â,â or â;â gives problems</li> + <li>[WICKET-6011] - NPE in case DebugBar is added to AjaxRequestTarget</li> + <li>[WICKET-6013] - CLONE AjaxFallbackOrderByBorder wicketOrder[Up,Down,None] class missing in 7.1.0</li> + <li>[WICKET-6014] - TransparentWebMarkupContainer breaks OnChangeAjaxBehavior for Select2</li> + <li>[WICKET-6017] - Tests fail when executed with not expected locale</li> + <li>[WICKET-6018] - TransparentWebMarkupContainer is not really âtransparentâ</li> + <li>[WICKET-6020] - GuiceFieldValueFactory returns the NULL_SENTINEL from the cache</li> + <li>[WICKET-6021] - ConcurrentModificationException in MarkupContainer#iterator#next</li> + <li>[WICKET-6024] - Possible issue with Border and LoadableDetachableModel in 7.1.0</li> + <li>[WICKET-6026] - Problem in detecting child id on nested <wicket:enclosure></wicket:enclosure></li> + <li>[WICKET-6027] - Nested TransparentWebMarkupContainer, markup of inner component not found</li> + <li>[WICKET-6028] - Detach called on enclosure component while it had a non-empty queue</li> + <li>[WICKET-6031] - NPE in PackageResourceReference#getResource() when there is no request</li> + <li>[WICKET-6032] - Wicket.Ajax.done() called twice on redirect</li> + <li>[WICKET-6036] - Failure to process markup with nested tags inside a Label</li> + <li>[WICKET-6037] - ModalWindow vulnerable to Javascript injection through title model</li> + <li>[WICKET-6041] - Nested forms / parent FormComponents do not reflect updated model when nested form submitted</li> + <li>[WICKET-6043] - Cannot set wicket:enclosure on queued component in ListView</li> + <li>[WICKET-6044] - AjaxFormChoiceComponentUpdatingBehavior: Duplicate input values according to WICKET-5948</li> + <li>[WICKET-6045] - ListView NullPointerException when viewSize is set explicitly</li> + <li>[WICKET-6048] - German Translation for EqualInputValidator wrong</li> + <li>[WICKET-6050] - Wicket Ajax (Wicket.From.serializeElement) causes 400 bad request</li> + <li>[WICKET-6052] - CSS header contribution overlap</li> + <li>[WICKET-6058] - Error in calculation of byte ranges</li> + <li>[WICKET-6059] - TransparentWebMarkupContainer can not resolve autocomponents in its parent</li> + <li>[WICKET-6062] - MockHttpSession should renew its id after invalidation</li> + <li>[WICKET-6063] - Add support for WebSocketRequest#getUrl() and other properties which are available in the handshake request</li> + <li>[WICKET-6064] - WebSocketResponse.sendRedirect could be supported with <ajax-response><redirect>...</></></redirect></ajax-response></li> + <li>[WICKET-6065] - Calling http://examples7x.wicket.apache.org/resourceaggregation/ generate Internal error</li> + <li>[WICKET-6068] - The key RangeValidator.exact is not mapped in Application_de.properties</li> + <li>[WICKET-6069] - OnChangeAjaxBehavior does not work if the url contains a request parameter with same name as wicket id</li> + <li>[WICKET-6076] - Problem with queued components and enclosure</li> + <li>[WICKET-6078] - Problem with queued components and auto linking</li> + <li>[WICKET-6079] - Problem with queued components and label</li> + <li>[WICKET-6080] - Encapsulation of 3 enclosures leads to WicketRuntimeException</li> + <li>[WICKET-6084] - ajax request failure handler receives incorrect arguments</li> + <li>[WICKET-6085] - AjaxTimerBehavior with failure handler cause memory leak in browser</li> + <li>[WICKET-6087] - Invalid AbstractRequestWrapperFactory.needsWrapper method scope: package - cannot create a custom implementation</li> + <li>[WICKET-6088] - Problem with queued components and setting the model</li> + <li>[WICKET-6091] - NPE in RequestLoggerRequestCycleListener when using native-websockets</li> + <li>[WICKET-6094] - Find adequate ResourceReference with mount parameters</li> + <li>[WICKET-6097] - JsonRequestLogger â> JsonMappingException â> StackOverflowError Infinite recursion</li> + <li>[WICKET-6102] - StackoverflowError related to enclosures</li> + <li>[WICKET-6108] - Closing a ModalWindow with jQuery 2.2.0 produces javascript errors</li> + <li>[WICKET-6109] - Enclosure - âIllegalArgumentException: Argument âmarkupâ may not be nullâ after app restart</li> + <li>[WICKET-6111] - Empty redirect on redirect to home page if home page already shown</li> + <li>[WICKET-6116] - Exception âA child already existsâ when backing to a page with some markups in a Border</li> + <li>[WICKET-6129] - IRequestCycleListener not notified of all executed handlers</li> + <li>[WICKET-6131] - IndexOutOfBoundsException in org.apache.wicket.core. request.mapper.CryptoMapper.decryptEntireUrl</li> + <li>[WICKET-6133] - Failing test SpringBeanWithGenericsTest in 7.3.0.0 SNAPSHOT</li> + <li>[WICKET-6134] - NPE when using ListView with missing markup</li> + <li>[WICKET-6135] - There is no good way to get POST body content</li> + <li>[WICKET-6139] - AjaxButton forces rendering type=âbuttonâ</li> + <li>[WICKET-6141] - Runtime Exception rendering ComponentTag with RelativePathPrefixHandler</li> + <li>[WICKET-6151] - DebugBar/PageSizeDebugPanel throws NullPointerException (need wrapper exception with more detail)</li> + <li>[WICKET-6154] - Performance bottleneck when using KeyInSessionSunJceCryptFactory</li> + <li>[WICKET-6155] - Newline in ModalWindow title</li> + <li>[WICKET-6157] - WicketTester and application servers are destroying app differently</li> + <li>[WICKET-6160] - Missing type for MediaComponent causing iOS devices not to be able to play videos</li> + <li>[WICKET-6161] - SecuritySettings.setEnforceMounts() should be applicable for all kind of pages</li> + <li>[WICKET-6162] - Reload leads to unexpected RuntimeException âUnable to find component with idâ</li> + <li>[WICKET-6169] - NullPointerException accessing AbstractRequestLogger.getLiveSessions</li> + <li>[WICKET-6170] - Wrong requestmapper used for cache decorated resources</li> + <li>[WICKET-6171] - Problem with nested dialog with multipart form</li> + <li>[WICKET-6172] - Inconsistent results from getTag[s]ByWicketId</li> + <li>[WICKET-6173] - WICKET-6172 makes TagTester.createTagsByAttribute stop working</li> + <li>[WICKET-6174] - Browser/Client info navigatorJavaEnabled property returns undefined</li> + <li>[WICKET-6175] - Aautocomplete suggestion window is not closing in IE11</li> + <li>[WICKET-6180] - JMX Initializerâs usage of CGLIB makes it impossible to upgrade to CGLIB 3.2.3</li> + <li>[WICKET-6185] - Border body not reachable for visitors</li> + <li>[WICKET-6187] - Enclosures rendered twice in derived component</li> + <li>[WICKET-6191] - AjaxTimerBehavior will stop after ajax update of component it is attached to</li> +</ul> + +<h5 id="improvement">Improvement</h5> + +<ul> + <li>[WICKET-5866] - Reconsider generics of IConverterLocator#getConverter()</li> + <li>[WICKET-5920] - roll a version of ListDataProvider implementing ISortableDetachable model</li> + <li>[WICKET-5950] - Model and GenericBaseModel could both implement IObjectClassAwareModel</li> + <li>[WICKET-5969] - Please give us access to PageTable.index pageId queue</li> + <li>[WICKET-5986] - NumberTextField<N> should use Models for minimum, maximum and step</N></li> + <li>[WICKET-6015] - AjaxFallbackOrderByBorder/Link should support updateAjaxAttributes() idiom</li> + <li>[WICKET-6019] - Remove âfinalâ modifier for Localizer#getStringIgnoreSettings() methods</li> + <li>[WICKET-6023] - small tweak for component queuing for the AbstractRepeater</li> + <li>[WICKET-6029] - Make Borderâs methods consistent with commit f14e03f</li> + <li>[WICKET-6046] - Wicket Quickstart Example Application shows deployment memory leak in Tomcat</li> + <li>[WICKET-6051] - Improve performance of CssUrlReplacer</li> + <li>[WICKET-6053] - Allow to reuse the same application instance in several tests</li> + <li>[WICKET-6054] - Provide a factory method for the WebSocketResponse & WebSocketRequest</li> + <li>[WICKET-6060] - Deprecate org.apache.wicket.util.IProvider</li> + <li>[WICKET-6061] - Improved PackageResource#getCacheKey</li> + <li>[WICKET-6070] - Provide factory methods for WizardButtonBar buttons</li> + <li>[WICKET-6072] - Improve the quickstart to make it easier to use JSR-356 web sockets</li> + <li>[WICKET-6081] - Add âassertNotRequiredâ to the WicketTester</li> + <li>[WICKET-6098] - Add logging to HttpSessionDataStore</li> + <li>[WICKET-6100] - Upgrade jQuery to 1.12.3/2.2.3</li> + <li>[WICKET-6103] - Synchronization on JSR 356 connection</li> + <li>[WICKET-6104] - Rework AjaxFallback** components to use java.util.Optional for their #onEvent methods</li> + <li>[WICKET-6106] - Propagate JSR 356 WebSocket connection error to a page</li> + <li>[WICKET-6107] - Broadcast onClose event regardless of the JSR 356 WebSocket connection closed state</li> + <li>[WICKET-6110] - Add a message to StalePageException for better debugging</li> + <li>[WICKET-6113] - Improve ResourceStreamResource API by passing Attributes to #getResourceStream()</li> + <li>[WICKET-6114] - FormComponentPanel#clearInput() should delegate to its FormComponent children</li> + <li>[WICKET-6115] - Provide default implementation of IDetachable#detach() in IModel</li> + <li>[WICKET-6117] - Make IGenericComponent a mixin/trait so it could be easily reused in custom components</li> + <li>[WICKET-6118] - Deprecate org.apache.wicket.util.IContextProvider</li> + <li>[WICKET-6122] - Add .map to the list of allowed file extensions in SecurePackageResourceGuard</li> + <li>[WICKET-6123] - Remove âabstractâ from ChainingModel</li> + <li>[WICKET-6127] - Add metrics for request duration</li> + <li>[WICKET-6128] - Add metrics for currently active sessions</li> + <li>[WICKET-6130] - Make it easier to override parts of SystemMapper</li> + <li>[WICKET-6132] - AbstractChoice#getChoices() should be final</li> + <li>[WICKET-6137] - ListenerInterfaceRequestHandler simplification</li> + <li>[WICKET-6140] - Ajax should prevent updating components which are not on page</li> + <li>[WICKET-6144] - Wicket-ajax parameter / header may be used to bypass proper exception handling</li> + <li>[WICKET-6145] - Enable DeltaManager to replicate PageTable in Sessions</li> + <li>[WICKET-6146] - Provide default implementation of IRequestHandler#detach()</li> + <li>[WICKET-6152] - Allow to add more than one WebSocketBehavior in the component tree</li> + <li>[WICKET-6153] - WicketTesterâs MockHttpServletRequest doesnât expose setLocale(aLocale) method</li> + <li>[WICKET-6178] - MetaDataHeaderItem # generateString() should return specials characters escaped like StringEscapeUtils.escapeHtml(s) does</li> + <li>[WICKET-6182] - Remove recreateBookmarkablePagesAfterExpiry check in Component#createRequestHandler</li> + <li>[WICKET-6183] - Improve stateless support for AJAX</li> + <li>[WICKET-6184] - Remove form argument from AjaxButton and AjaxLink callbacks</li> + <li>[WICKET-6188] - Use DynamicJQueryResourceReference by default</li> + <li>[WICKET-6189] - Return Optional<T> from RequestCycle.find(Class<T>)</T></T></li> +</ul> + +<h5 id="new-feature">New Feature</h5> + +<ul> + <li>[WICKET-5991] - Introduce models which use Java 8 supplier/consumer</li> + <li>[WICKET-6025] - Read resource files with Javaâs NIO API</li> + <li>[WICKET-6042] - Implementation of ExternalImage component</li> + <li>[WICKET-6120] - Wicket Metrics</li> + <li>[WICKET-6121] - use lambdas for columns</li> + <li>[WICKET-6193] - NestedStringResourceLoader - replaces nested keys within property files</li> +</ul> + +<h5 id="tasks">Tasks</h5> + +<ul> + <li>[WICKET-5990] - Upgrade Jetty usage in Wicket tests/quickstart to Jetty 9.3.x</li> + <li>[WICKET-6004] - Wicket 8 cleanup - TODOs and deprecated methods</li> + <li>[WICKET-6057] - Upgrade commons-collections to 4.1</li> + <li>[WICKET-6071] - Upgrade jQuery to 1.12 / 2.2.0</li> + <li>[WICKET-6119] - Deprecate HtmlDocumentValidator</li> + <li>[WICKET-6147] - Remove the support for the deprecated /wicket.properties and /META-INF/wicket/**.properties</li> + <li>[WICKET-6150] - Deprecate org.apache.wicket.util.crypt.Base64 and use java.util.Base64</li> +</ul> + +<h5 id="wish">Wish</h5> + +<ul> + <li>[WICKET-6067] - Provide an Ajax Behavior that prevents form submit on ENTER</li> + <li>[WICKET-6095] - Multiline headers in DataTable</li> +</ul> http://git-wip-us.apache.org/repos/asf/wicket-site/blob/c5d32df7/_posts/2016/_site/2016-08-05-cve-2016-3092.html ---------------------------------------------------------------------- diff --git a/_posts/2016/_site/2016-08-05-cve-2016-3092.html b/_posts/2016/_site/2016-08-05-cve-2016-3092.html new file mode 100644 index 0000000..9145084 --- /dev/null +++ b/_posts/2016/_site/2016-08-05-cve-2016-3092.html @@ -0,0 +1,31 @@ +<p>Severity: Important</p> + +<p>Vendor: +The Apache Software Foundation</p> + +<p>Versions Affected: +Apache Wicket 1.5.x, 6.x and 7.x</p> + +<p>Description:</p> + +<p>CVE-2016-3092: A malicious client can send file upload requests that cause the HTTP server +using the Apache Commons Fileupload library to become unresponsive, preventing +the server from servicing other requests.</p> + +<p>This flaw is not exploitable beyond causing the code to loop expending +CPU resources.</p> + +<p>CVE-2013-2186: +The DiskFileItem class in Apache Commons FileUpload allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance.</p> + +<h2 id="the-application-developers-are-recommended-to-upgrade-to">The application developers are recommended to upgrade to:</h2> + +<ul> + <li><a href="/news/2016/08/05/wicket-1.5.16-released.html">Apache Wicket 1.5.16</a></li> + <li><a href="/news/2016/07/21/wicket-6.24.0-released.html">Apache Wicket 6.24.0</a></li> + <li><a href="/news/2016/07/21/wicket-7.4.0-released.html">Apache Wicket 7.4.0</a></li> +</ul> + +<p>Since version 7.0.0 Apache Wicket does not embed Apache Commons FileUpload but uses it as a Maven dependency so an application can just update the dependency to version 1.3.2.</p> + +<p>Apache Wicket Team</p> http://git-wip-us.apache.org/repos/asf/wicket-site/blob/c5d32df7/_posts/2016/_site/2016-08-05-wicket-1.5.16-released.html ---------------------------------------------------------------------- diff --git a/_posts/2016/_site/2016-08-05-wicket-1.5.16-released.html b/_posts/2016/_site/2016-08-05-wicket-1.5.16-released.html new file mode 100644 index 0000000..1c8b1a7 --- /dev/null +++ b/_posts/2016/_site/2016-08-05-wicket-1.5.16-released.html @@ -0,0 +1,22 @@ +<p>This is the sixteenth maintenance release of the Wicket 1.5.x series. This release brings over 2 bug fixes.</p> + +<div class="highlighter-rouge"><pre class="highlight"><code>CHANGELOG for 1.5.16: +</code></pre> +</div> + +<h4 id="bug">Bug</h4> + +<ul> + <li>CVE-2013-2186: Disable (de)serialization of Commons FileUpload items.</li> + <li>CVE-2016-3092: Apache Commons Fileupload information disclosure vulnerability</li> +</ul> + +<h4 id="to-use-in-maven">To use in Maven:</h4> + +<figure class="highlight"><pre><code class="language-xml" data-lang="xml"><span class="nt"><dependency></span> + <span class="nt"><groupId></span>org.apache.wicket<span class="nt"></groupId></span> + <span class="nt"><artifactId></span>wicket-core<span class="nt"></artifactId></span> + <span class="nt"><version></span>1.5.16<span class="nt"></version></span> +<span class="nt"></dependency></span></code></pre></figure> + +<h4 id="download-the-full-distributionhttpwwwapacheorgdynclosercgiwicket1516-including-sources">Download the <a href="http://www.apache.org/dyn/closer.cgi/wicket/1.5.16";>full distribution</a> (including sources)</h4>
