http://git-wip-us.apache.org/repos/asf/wicket-site/blob/808021f1/content/news/2012/08/index.html ---------------------------------------------------------------------- diff --git a/content/news/2012/08/index.html b/content/news/2012/08/index.html index cb685c5..bae3841 100644 --- a/content/news/2012/08/index.html +++ b/content/news/2012/08/index.html @@ -64,6 +64,7 @@ <h2>2016</h2> <ul> <li><a href="/news/2016">All of 2016</a></li> + <li><a href="/news/2016/11">November</a></li> <li><a href="/news/2016/10">October</a></li> <li><a href="/news/2016/08">August</a></li> <li><a href="/news/2016/07">July</a></li>
http://git-wip-us.apache.org/repos/asf/wicket-site/blob/808021f1/content/news/2012/09/index.html ---------------------------------------------------------------------- diff --git a/content/news/2012/09/index.html b/content/news/2012/09/index.html index 5123e50..7a9184b 100644 --- a/content/news/2012/09/index.html +++ b/content/news/2012/09/index.html @@ -86,6 +86,7 @@ encoded null byte to a URL pointing to a Wicket app. This could be done by...</p <h2>2016</h2> <ul> <li><a href="/news/2016">All of 2016</a></li> + <li><a href="/news/2016/11">November</a></li> <li><a href="/news/2016/10">October</a></li> <li><a href="/news/2016/08">August</a></li> <li><a href="/news/2016/07">July</a></li> http://git-wip-us.apache.org/repos/asf/wicket-site/blob/808021f1/content/news/2012/10/index.html ---------------------------------------------------------------------- diff --git a/content/news/2012/10/index.html b/content/news/2012/10/index.html index 2d7b610..e0a57f4 100644 --- a/content/news/2012/10/index.html +++ b/content/news/2012/10/index.html @@ -74,6 +74,7 @@ with Wicket 6 we u...</p> <h2>2016</h2> <ul> <li><a href="/news/2016">All of 2016</a></li> + <li><a href="/news/2016/11">November</a></li> <li><a href="/news/2016/10">October</a></li> <li><a href="/news/2016/08">August</a></li> <li><a href="/news/2016/07">July</a></li> http://git-wip-us.apache.org/repos/asf/wicket-site/blob/808021f1/content/news/2012/11/index.html ---------------------------------------------------------------------- diff --git a/content/news/2012/11/index.html b/content/news/2012/11/index.html index f2053bd..87750dc 100644 --- a/content/news/2012/11/index.html +++ b/content/news/2012/11/index.html @@ -72,6 +72,7 @@ with Wicket 6 we u...</p> <h2>2016</h2> <ul> <li><a href="/news/2016">All of 2016</a></li> + <li><a href="/news/2016/11">November</a></li> <li><a href="/news/2016/10">October</a></li> <li><a href="/news/2016/08">August</a></li> <li><a href="/news/2016/07">July</a></li> http://git-wip-us.apache.org/repos/asf/wicket-site/blob/808021f1/content/news/2012/12/index.html ---------------------------------------------------------------------- diff --git a/content/news/2012/12/index.html b/content/news/2012/12/index.html index 7175350..197e15b 100644 --- a/content/news/2012/12/index.html +++ b/content/news/2012/12/index.html @@ -59,6 +59,7 @@ with Wicket 6 we u...</p> <h2>2016</h2> <ul> <li><a href="/news/2016">All of 2016</a></li> + <li><a href="/news/2016/11">November</a></li> <li><a href="/news/2016/10">October</a></li> <li><a href="/news/2016/08">August</a></li> <li><a href="/news/2016/07">July</a></li> http://git-wip-us.apache.org/repos/asf/wicket-site/blob/808021f1/content/news/2012/index.html ---------------------------------------------------------------------- diff --git a/content/news/2012/index.html b/content/news/2012/index.html index 8720f1b..9374350 100644 --- a/content/news/2012/index.html +++ b/content/news/2012/index.html @@ -239,6 +239,7 @@ <h2>2016</h2> <ul> <li><a href="/news/2016">All of 2016</a></li> + <li><a href="/news/2016/11">November</a></li> <li><a href="/news/2016/10">October</a></li> <li><a href="/news/2016/08">August</a></li> <li><a href="/news/2016/07">July</a></li> http://git-wip-us.apache.org/repos/asf/wicket-site/blob/808021f1/content/news/2013/01/23/wicket-6.5.0-released.html ---------------------------------------------------------------------- diff --git a/content/news/2013/01/23/wicket-6.5.0-released.html b/content/news/2013/01/23/wicket-6.5.0-released.html index 9e14151..0d8555c 100644 --- a/content/news/2013/01/23/wicket-6.5.0-released.html +++ b/content/news/2013/01/23/wicket-6.5.0-released.html @@ -66,7 +66,7 @@ the attributes for all Ajax requests.</p> <figure class="highlight"><pre><code class="language-java" data-lang="java"><span class="n">application</span><span class="o">.</span><span class="na">getAjaxRequestTargetListeners</span><span class="o">().</span><span class="na">add</span><span class="o">(</span><span class="k">new</span> <span class="n">AjaxRequestTarget</span><span class="o">.</span><span class="na">AbstractListener</span><span class="o">()</span> <span class="o">{</span> <span class="nd">@Override</span> - <span class="kd">public</span> <span class="kt">void</span> <span class="n">updateAjaxAttributes</span><span class="o">(</span><span class="n">AjaxRequestAttributes</span> <span class="n">attributes</span><span class="o">)</span> + <span class="kd">public</span> <span class="kt">void</span> <span class="nf">updateAjaxAttributes</span><span class="o">(</span><span class="n">AjaxRequestAttributes</span> <span class="n">attributes</span><span class="o">)</span> <span class="o">{</span> <span class="kd">super</span><span class="o">.</span><span class="na">updateAjaxAttributes</span><span class="o">(</span><span class="n">attributes</span><span class="o">);</span> <span class="n">attributes</span><span class="o">.</span><span class="na">setChannel</span><span class="o">(</span><span class="k">new</span> <span class="n">AjaxChannel</span><span class="o">(</span><span class="s">"globalAjaxChannel"</span><span class="o">,</span> <span class="n">AjaxChannel</span><span class="o">.</span><span class="na">Type</span><span class="o">.</span><span class="na">ACTIVE</span><span class="o">));</span> http://git-wip-us.apache.org/repos/asf/wicket-site/blob/808021f1/content/news/2013/01/index.html ---------------------------------------------------------------------- diff --git a/content/news/2013/01/index.html b/content/news/2013/01/index.html index 1283a6e..d50f5e9 100644 --- a/content/news/2013/01/index.html +++ b/content/news/2013/01/index.html @@ -59,6 +59,7 @@ with Wicket 6 we u...</p> <h2>2016</h2> <ul> <li><a href="/news/2016">All of 2016</a></li> + <li><a href="/news/2016/11">November</a></li> <li><a href="/news/2016/10">October</a></li> <li><a href="/news/2016/08">August</a></li> <li><a href="/news/2016/07">July</a></li> http://git-wip-us.apache.org/repos/asf/wicket-site/blob/808021f1/content/news/2013/02/index.html ---------------------------------------------------------------------- diff --git a/content/news/2013/02/index.html b/content/news/2013/02/index.html index 4b42941..42e6252 100644 --- a/content/news/2013/02/index.html +++ b/content/news/2013/02/index.html @@ -72,6 +72,7 @@ with Wicket 6 we u...</p> <h2>2016</h2> <ul> <li><a href="/news/2016">All of 2016</a></li> + <li><a href="/news/2016/11">November</a></li> <li><a href="/news/2016/10">October</a></li> <li><a href="/news/2016/08">August</a></li> <li><a href="/news/2016/07">July</a></li> http://git-wip-us.apache.org/repos/asf/wicket-site/blob/808021f1/content/news/2013/03/index.html ---------------------------------------------------------------------- diff --git a/content/news/2013/03/index.html b/content/news/2013/03/index.html index d0cdad2..9b84d3b 100644 --- a/content/news/2013/03/index.html +++ b/content/news/2013/03/index.html @@ -64,6 +64,7 @@ This mig...</p> <h2>2016</h2> <ul> <li><a href="/news/2016">All of 2016</a></li> + <li><a href="/news/2016/11">November</a></li> <li><a href="/news/2016/10">October</a></li> <li><a href="/news/2016/08">August</a></li> <li><a href="/news/2016/07">July</a></li> http://git-wip-us.apache.org/repos/asf/wicket-site/blob/808021f1/content/news/2013/04/index.html ---------------------------------------------------------------------- diff --git a/content/news/2013/04/index.html b/content/news/2013/04/index.html index 4701566..5199001 100644 --- a/content/news/2013/04/index.html +++ b/content/news/2013/04/index.html @@ -59,6 +59,7 @@ with Wicket 6 we u...</p> <h2>2016</h2> <ul> <li><a href="/news/2016">All of 2016</a></li> + <li><a href="/news/2016/11">November</a></li> <li><a href="/news/2016/10">October</a></li> <li><a href="/news/2016/08">August</a></li> <li><a href="/news/2016/07">July</a></li> http://git-wip-us.apache.org/repos/asf/wicket-site/blob/808021f1/content/news/2013/05/index.html ---------------------------------------------------------------------- diff --git a/content/news/2013/05/index.html b/content/news/2013/05/index.html index 849d520..47c5e9b 100644 --- a/content/news/2013/05/index.html +++ b/content/news/2013/05/index.html @@ -59,6 +59,7 @@ with Wicket 6 we u...</p> <h2>2016</h2> <ul> <li><a href="/news/2016">All of 2016</a></li> + <li><a href="/news/2016/11">November</a></li> <li><a href="/news/2016/10">October</a></li> <li><a href="/news/2016/08">August</a></li> <li><a href="/news/2016/07">July</a></li> http://git-wip-us.apache.org/repos/asf/wicket-site/blob/808021f1/content/news/2013/06/27/wicket-6.9.0-released.html ---------------------------------------------------------------------- diff --git a/content/news/2013/06/27/wicket-6.9.0-released.html b/content/news/2013/06/27/wicket-6.9.0-released.html index 1d89266..1ecfa60 100644 --- a/content/news/2013/06/27/wicket-6.9.0-released.html +++ b/content/news/2013/06/27/wicket-6.9.0-released.html @@ -59,7 +59,7 @@ compared to 6.0.0.</p> <p>Switch between jQuery 1.x and 2.x depending on the user agent. For IE 6/7/8 jQuery ver. 1.x will be used, for any other browser - ver. 2.x. To use this resource reference do in your applicationâs init method:</p> -<figure class="highlight"><pre><code class="language-java" data-lang="java"><span class="kd">protected</span> <span class="kt">void</span> <span class="nf">init</span><span class="p">(</span><span class="o">)</span> <span class="o">{</span> +<figure class="highlight"><pre><code class="language-java" data-lang="java"><span class="kd">protected</span> <span class="kt">void</span> <span class="nf">init</span><span class="o">()</span> <span class="o">{</span> <span class="n">getJavaScriptLibrarySettings</span><span class="o">()</span> <span class="o">.</span><span class="na">setJQueryReference</span><span class="o">(</span><span class="n">DynamicJQueryResourceReference</span><span class="o">.</span><span class="na">INSTANCE</span><span class="o">);</span> <span class="o">}</span></code></pre></figure> http://git-wip-us.apache.org/repos/asf/wicket-site/blob/808021f1/content/news/2013/06/index.html ---------------------------------------------------------------------- diff --git a/content/news/2013/06/index.html b/content/news/2013/06/index.html index e60a4c4..e4387a7 100644 --- a/content/news/2013/06/index.html +++ b/content/news/2013/06/index.html @@ -59,6 +59,7 @@ Wicket 6 we u...</p> <h2>2016</h2> <ul> <li><a href="/news/2016">All of 2016</a></li> + <li><a href="/news/2016/11">November</a></li> <li><a href="/news/2016/10">October</a></li> <li><a href="/news/2016/08">August</a></li> <li><a href="/news/2016/07">July</a></li> http://git-wip-us.apache.org/repos/asf/wicket-site/blob/808021f1/content/news/2013/07/10/wicket-6.9.1-released.html ---------------------------------------------------------------------- diff --git a/content/news/2013/07/10/wicket-6.9.1-released.html b/content/news/2013/07/10/wicket-6.9.1-released.html index 2978e2f..2482300 100644 --- a/content/news/2013/07/10/wicket-6.9.1-released.html +++ b/content/news/2013/07/10/wicket-6.9.1-released.html @@ -69,7 +69,7 @@ downgrade to JQuery 1.8.3-the previously provided JQuery that still contains these APIs. Download the 1.8.3 release of jquery and add it to your project in its applicationâs init method:</p> <figure class="highlight"><pre><code class="language-java" data-lang="java"><span class="nd">@Override</span> -<span class="kd">protected</span> <span class="kt">void</span> <span class="nf">init</span><span class="p">(</span><span class="o">)</span> <span class="o">{</span> +<span class="kd">protected</span> <span class="kt">void</span> <span class="nf">init</span><span class="o">()</span> <span class="o">{</span> <span class="n">getJavaScriptLibrarySettings</span><span class="o">()</span> <span class="o">.</span><span class="na">setJQueryReference</span><span class="o">(</span><span class="n">yourJquery183ResourceReference</span><span class="o">);</span> <span class="o">}</span></code></pre></figure> http://git-wip-us.apache.org/repos/asf/wicket-site/blob/808021f1/content/news/2013/07/index.html ---------------------------------------------------------------------- diff --git a/content/news/2013/07/index.html b/content/news/2013/07/index.html index 7116534..a6fcf1c 100644 --- a/content/news/2013/07/index.html +++ b/content/news/2013/07/index.html @@ -58,6 +58,7 @@ <h2>2016</h2> <ul> <li><a href="/news/2016">All of 2016</a></li> + <li><a href="/news/2016/11">November</a></li> <li><a href="/news/2016/10">October</a></li> <li><a href="/news/2016/08">August</a></li> <li><a href="/news/2016/07">July</a></li> http://git-wip-us.apache.org/repos/asf/wicket-site/blob/808021f1/content/news/2013/08/18/wicket-6.10.0-released.html ---------------------------------------------------------------------- diff --git a/content/news/2013/08/18/wicket-6.10.0-released.html b/content/news/2013/08/18/wicket-6.10.0-released.html index 709421c..4a2bbfd 100644 --- a/content/news/2013/08/18/wicket-6.10.0-released.html +++ b/content/news/2013/08/18/wicket-6.10.0-released.html @@ -82,7 +82,7 @@ downgrade to JQuery 1.8.3-the previously provided JQuery that still contains these APIs. Download the 1.8.3 release of jquery and add it to your project in its applicationâs init method:</p> <figure class="highlight"><pre><code class="language-java" data-lang="java"><span class="nd">@Override</span> -<span class="kd">protected</span> <span class="kt">void</span> <span class="nf">init</span><span class="p">(</span><span class="o">)</span> <span class="o">{</span> +<span class="kd">protected</span> <span class="kt">void</span> <span class="nf">init</span><span class="o">()</span> <span class="o">{</span> <span class="n">getJavaScriptLibrarySettings</span><span class="o">()</span> <span class="o">.</span><span class="na">setJQueryReference</span><span class="o">(</span><span class="n">yourJquery183ResourceReference</span><span class="o">);</span> <span class="o">}</span></code></pre></figure> http://git-wip-us.apache.org/repos/asf/wicket-site/blob/808021f1/content/news/2013/08/index.html ---------------------------------------------------------------------- diff --git a/content/news/2013/08/index.html b/content/news/2013/08/index.html index 2c13b35..dc17a65 100644 --- a/content/news/2013/08/index.html +++ b/content/news/2013/08/index.html @@ -59,6 +59,7 @@ Wicket 6 we us...</p> <h2>2016</h2> <ul> <li><a href="/news/2016">All of 2016</a></li> + <li><a href="/news/2016/11">November</a></li> <li><a href="/news/2016/10">October</a></li> <li><a href="/news/2016/08">August</a></li> <li><a href="/news/2016/07">July</a></li> http://git-wip-us.apache.org/repos/asf/wicket-site/blob/808021f1/content/news/2013/09/20/wicket-6.11.0-released.html ---------------------------------------------------------------------- diff --git a/content/news/2013/09/20/wicket-6.11.0-released.html b/content/news/2013/09/20/wicket-6.11.0-released.html index a4ba764..60e8c9e 100644 --- a/content/news/2013/09/20/wicket-6.11.0-released.html +++ b/content/news/2013/09/20/wicket-6.11.0-released.html @@ -92,7 +92,7 @@ downgrade to JQuery 1.8.3-the previously provided JQuery that still contains these APIs. Download the 1.8.3 release of jquery and add it to your project in its applicationâs init method:</p> <figure class="highlight"><pre><code class="language-java" data-lang="java"> <span class="nd">@Override</span> - <span class="kd">protected</span> <span class="kt">void</span> <span class="n">init</span><span class="o">()</span> <span class="o">{</span> + <span class="kd">protected</span> <span class="kt">void</span> <span class="nf">init</span><span class="o">()</span> <span class="o">{</span> <span class="n">getJavaScriptLibrarySettings</span><span class="o">()</span> <span class="o">.</span><span class="na">setJQueryReference</span><span class="o">(</span><span class="n">yourJquery183ResourceReference</span><span class="o">);</span> <span class="o">}</span></code></pre></figure> http://git-wip-us.apache.org/repos/asf/wicket-site/blob/808021f1/content/news/2013/09/index.html ---------------------------------------------------------------------- diff --git a/content/news/2013/09/index.html b/content/news/2013/09/index.html index c347384..1dd7fee 100644 --- a/content/news/2013/09/index.html +++ b/content/news/2013/09/index.html @@ -59,6 +59,7 @@ with Wicket 6 we us...</p> <h2>2016</h2> <ul> <li><a href="/news/2016">All of 2016</a></li> + <li><a href="/news/2016/11">November</a></li> <li><a href="/news/2016/10">October</a></li> <li><a href="/news/2016/08">August</a></li> <li><a href="/news/2016/07">July</a></li> http://git-wip-us.apache.org/repos/asf/wicket-site/blob/808021f1/content/news/2013/11/01/wicket-6.12.0-released.html ---------------------------------------------------------------------- diff --git a/content/news/2013/11/01/wicket-6.12.0-released.html b/content/news/2013/11/01/wicket-6.12.0-released.html index ccb2500..433c23d 100644 --- a/content/news/2013/11/01/wicket-6.12.0-released.html +++ b/content/news/2013/11/01/wicket-6.12.0-released.html @@ -78,7 +78,7 @@ downgrade to JQuery 1.8.3-the previously provided JQuery that still contains these APIs. Download the 1.8.3 release of jquery and add it to your project in its applicationâs init method:</p> <figure class="highlight"><pre><code class="language-java" data-lang="java"> <span class="nd">@Override</span> - <span class="kd">protected</span> <span class="kt">void</span> <span class="n">init</span><span class="o">()</span> <span class="o">{</span> + <span class="kd">protected</span> <span class="kt">void</span> <span class="nf">init</span><span class="o">()</span> <span class="o">{</span> <span class="n">getJavaScriptLibrarySettings</span><span class="o">()</span> <span class="o">.</span><span class="na">setJQueryReference</span><span class="o">(</span><span class="n">yourJquery183ResourceReference</span><span class="o">);</span> <span class="o">}</span></code></pre></figure> http://git-wip-us.apache.org/repos/asf/wicket-site/blob/808021f1/content/news/2013/11/index.html ---------------------------------------------------------------------- diff --git a/content/news/2013/11/index.html b/content/news/2013/11/index.html index b8f1035..2f2ab13 100644 --- a/content/news/2013/11/index.html +++ b/content/news/2013/11/index.html @@ -59,6 +59,7 @@ with Wicket 6 we us...</p> <h2>2016</h2> <ul> <li><a href="/news/2016">All of 2016</a></li> + <li><a href="/news/2016/11">November</a></li> <li><a href="/news/2016/10">October</a></li> <li><a href="/news/2016/08">August</a></li> <li><a href="/news/2016/07">July</a></li> http://git-wip-us.apache.org/repos/asf/wicket-site/blob/808021f1/content/news/2013/index.html ---------------------------------------------------------------------- diff --git a/content/news/2013/index.html b/content/news/2013/index.html index 676c0b6..9a738ff 100644 --- a/content/news/2013/index.html +++ b/content/news/2013/index.html @@ -179,6 +179,7 @@ <h2>2016</h2> <ul> <li><a href="/news/2016">All of 2016</a></li> + <li><a href="/news/2016/11">November</a></li> <li><a href="/news/2016/10">October</a></li> <li><a href="/news/2016/08">August</a></li> <li><a href="/news/2016/07">July</a></li> http://git-wip-us.apache.org/repos/asf/wicket-site/blob/808021f1/content/news/2014/01/05/wicket-6.13.0-released.html ---------------------------------------------------------------------- diff --git a/content/news/2014/01/05/wicket-6.13.0-released.html b/content/news/2014/01/05/wicket-6.13.0-released.html index e217dc0..94c019a 100644 --- a/content/news/2014/01/05/wicket-6.13.0-released.html +++ b/content/news/2014/01/05/wicket-6.13.0-released.html @@ -131,7 +131,7 @@ downgrade to JQuery 1.8.3-the previously provided JQuery that still contains these APIs. Download the 1.8.3 release of jquery and add it to your project in its applicationâs init method:</p> <figure class="highlight"><pre><code class="language-java" data-lang="java"> <span class="nd">@Override</span> - <span class="kd">protected</span> <span class="kt">void</span> <span class="n">init</span><span class="o">()</span> <span class="o">{</span> + <span class="kd">protected</span> <span class="kt">void</span> <span class="nf">init</span><span class="o">()</span> <span class="o">{</span> <span class="n">getJavaScriptLibrarySettings</span><span class="o">()</span> <span class="o">.</span><span class="na">setJQueryReference</span><span class="o">(</span><span class="n">yourJquery183ResourceReference</span><span class="o">);</span> <span class="o">}</span></code></pre></figure> http://git-wip-us.apache.org/repos/asf/wicket-site/blob/808021f1/content/news/2014/01/index.html ---------------------------------------------------------------------- diff --git a/content/news/2014/01/index.html b/content/news/2014/01/index.html index 80be107..6fb2d63 100644 --- a/content/news/2014/01/index.html +++ b/content/news/2014/01/index.html @@ -59,6 +59,7 @@ with Wicket 6 we us...</p> <h2>2016</h2> <ul> <li><a href="/news/2016">All of 2016</a></li> + <li><a href="/news/2016/11">November</a></li> <li><a href="/news/2016/10">October</a></li> <li><a href="/news/2016/08">August</a></li> <li><a href="/news/2016/07">July</a></li> http://git-wip-us.apache.org/repos/asf/wicket-site/blob/808021f1/content/news/2014/02/06/cve-2013-2055.html ---------------------------------------------------------------------- diff --git a/content/news/2014/02/06/cve-2013-2055.html b/content/news/2014/02/06/cve-2013-2055.html index 4358ce3..db76b2f 100644 --- a/content/news/2014/02/06/cve-2013-2055.html +++ b/content/news/2014/02/06/cve-2013-2055.html @@ -65,10 +65,12 @@ For example if there is sensitive information before or after the Wicket Panel/B <span class="nt"></wicket:panel></span> something sensitive here 2</code></pre></figure> <p>Usually Wicket will render only the âreal application codeâ part but by exploiting this vulnerability an attacker can see also the code with the sensitive information.</p> -<p>The application developers are recommended to upgrade to: -- <a href="/news/2014/02/06/wicket-1.4.23-released.html">Apache Wicket 1.4.23</a> -- <a href="/news/2014/02/06/wicket-1.5.11-released.html">Apache Wicket 1.5.11</a> -- <a href="/news/2013/05/17/wicket-6.8.0-released.html">Apache Wicket 6.8.0</a></p> +<p>The application developers are recommended to upgrade to:</p> +<ul> + <li><a href="/news/2014/02/06/wicket-1.4.23-released.html">Apache Wicket 1.4.23</a></li> + <li><a href="/news/2014/02/06/wicket-1.5.11-released.html">Apache Wicket 1.5.11</a></li> + <li><a href="/news/2013/05/17/wicket-6.8.0-released.html">Apache Wicket 6.8.0</a></li> +</ul> <p>and/or to remove any sensitive information in the HTML templates.</p> <p>Apache Wicket Team</p> </div> http://git-wip-us.apache.org/repos/asf/wicket-site/blob/808021f1/content/news/2014/02/21/cve-2014-0043.html ---------------------------------------------------------------------- diff --git a/content/news/2014/02/21/cve-2014-0043.html b/content/news/2014/02/21/cve-2014-0043.html index 853ae93..f748d0b 100644 --- a/content/news/2014/02/21/cve-2014-0043.html +++ b/content/news/2014/02/21/cve-2014-0043.html @@ -57,9 +57,11 @@ The Apache Software Foundation</p> Apache Wicket 1.5.10 and 6.13.0</p> <p>Description:</p> <p>By issuing requests to special urls handled by Wicket it is possible to check for the existence of particular classes in the classpath and thus check whether a third party library with a known security vulnerability is in use.</p> -<p>The application developers are recommended to upgrade to: -- <a href="/news/2014/02/06/wicket-1.5.11-released.html">Apache Wicket 1.5.11</a> -- <a href="/news/2014/02/20/wicket-6.14.0-released.html">Apache Wicket 6.14.0</a></p> +<p>The application developers are recommended to upgrade to:</p> +<ul> + <li><a href="/news/2014/02/06/wicket-1.5.11-released.html">Apache Wicket 1.5.11</a></li> + <li><a href="/news/2014/02/20/wicket-6.14.0-released.html">Apache Wicket 6.14.0</a></li> +</ul> <p>Credit: This issue was reported by Christian Schneider!</p> <p>Apache Wicket Team</p> http://git-wip-us.apache.org/repos/asf/wicket-site/blob/808021f1/content/news/2014/02/index.html ---------------------------------------------------------------------- diff --git a/content/news/2014/02/index.html b/content/news/2014/02/index.html index 41e10b6..7be7fc2 100644 --- a/content/news/2014/02/index.html +++ b/content/news/2014/02/index.html @@ -111,6 +111,7 @@ Apache Wicket 1.5.10 and 6.13.0</p> <h2>2016</h2> <ul> <li><a href="/news/2016">All of 2016</a></li> + <li><a href="/news/2016/11">November</a></li> <li><a href="/news/2016/10">October</a></li> <li><a href="/news/2016/08">August</a></li> <li><a href="/news/2016/07">July</a></li> http://git-wip-us.apache.org/repos/asf/wicket-site/blob/808021f1/content/news/2014/04/index.html ---------------------------------------------------------------------- diff --git a/content/news/2014/04/index.html b/content/news/2014/04/index.html index f83ce91..63fa263 100644 --- a/content/news/2014/04/index.html +++ b/content/news/2014/04/index.html @@ -70,6 +70,7 @@ the course of the coming milestone releases....</p> <h2>2016</h2> <ul> <li><a href="/news/2016">All of 2016</a></li> + <li><a href="/news/2016/11">November</a></li> <li><a href="/news/2016/10">October</a></li> <li><a href="/news/2016/08">August</a></li> <li><a href="/news/2016/07">July</a></li> http://git-wip-us.apache.org/repos/asf/wicket-site/blob/808021f1/content/news/2014/06/index.html ---------------------------------------------------------------------- diff --git a/content/news/2014/06/index.html b/content/news/2014/06/index.html index 394ec85..e8dd7bc 100644 --- a/content/news/2014/06/index.html +++ b/content/news/2014/06/index.html @@ -70,6 +70,7 @@ with Wicket 6 we us...</p> <h2>2016</h2> <ul> <li><a href="/news/2016">All of 2016</a></li> + <li><a href="/news/2016/11">November</a></li> <li><a href="/news/2016/10">October</a></li> <li><a href="/news/2016/08">August</a></li> <li><a href="/news/2016/07">July</a></li> http://git-wip-us.apache.org/repos/asf/wicket-site/blob/808021f1/content/news/2014/08/index.html ---------------------------------------------------------------------- diff --git a/content/news/2014/08/index.html b/content/news/2014/08/index.html index 99671fd..b50fd9a 100644 --- a/content/news/2014/08/index.html +++ b/content/news/2014/08/index.html @@ -70,6 +70,7 @@ with Wicket 6 we us...</p> <h2>2016</h2> <ul> <li><a href="/news/2016">All of 2016</a></li> + <li><a href="/news/2016/11">November</a></li> <li><a href="/news/2016/10">October</a></li> <li><a href="/news/2016/08">August</a></li> <li><a href="/news/2016/07">July</a></li> http://git-wip-us.apache.org/repos/asf/wicket-site/blob/808021f1/content/news/2014/09/22/cve-2014-3526.html ---------------------------------------------------------------------- diff --git a/content/news/2014/09/22/cve-2014-3526.html b/content/news/2014/09/22/cve-2014-3526.html index d387ae5..ab2935e 100644 --- a/content/news/2014/09/22/cve-2014-3526.html +++ b/content/news/2014/09/22/cve-2014-3526.html @@ -59,10 +59,12 @@ Apache Wicket 1.5.11, 6.16.0 and 7.0.0-M2</p> <p>When rendering a web page Wicket checks the request url against the one at the render time. It is possible the application to change the page parameters (this includes both the query parameters and parameters encoded into the request path). When the requested url differs with the one at the rendering time Wicket stores the response (i.e. the page markup) at the server side and issues an HTTP redirect to the new url. When the second request comes Wicket just flushes the stored response from the first request into the http output stream. This way the browser address bar shows the updated page parameters. When storing the page markup at the server side Wicket uses as an identifier a pair of the current session id plus the new url. However, Wicket does not check if user session is temporary (i.e. sessionId is null). This could lead to a security issue if two or more users with a temporary session are redirected to the same url at the same time. Then user1 might see the markup for user2 which has overridden the markup for user1 while user1 was following the HTTP redirect. In this way user-sensitive informations can be seen by other users.</p> -<p>The application developers are recommended to upgrade to: -- <a href="/news/2014/09/15/wicket-1.5.12-released.html">Apache Wicket 1.5.12</a> -- <a href="/news/2014/08/24/wicket-6.17.0-released.html">Apache Wicket 6.17.0</a> -- <a href="/news/2014/08/23/wicket-7.0.0-M3-released.html">Apache Wicket 7.0.0-M3</a></p> +<p>The application developers are recommended to upgrade to:</p> +<ul> + <li><a href="/news/2014/09/15/wicket-1.5.12-released.html">Apache Wicket 1.5.12</a></li> + <li><a href="/news/2014/08/24/wicket-6.17.0-released.html">Apache Wicket 6.17.0</a></li> + <li><a href="/news/2014/08/23/wicket-7.0.0-M3-released.html">Apache Wicket 7.0.0-M3</a></li> +</ul> <p>Credit: This issue was reported by Andrea Del Bene and Martin Grigorov!</p> <p>Apache Wicket Team</p> http://git-wip-us.apache.org/repos/asf/wicket-site/blob/808021f1/content/news/2014/09/index.html ---------------------------------------------------------------------- diff --git a/content/news/2014/09/index.html b/content/news/2014/09/index.html index 46c436d..05e9fa1 100644 --- a/content/news/2014/09/index.html +++ b/content/news/2014/09/index.html @@ -78,6 +78,7 @@ This could lead to a security issue if two or more users with a temporary sessio <h2>2016</h2> <ul> <li><a href="/news/2016">All of 2016</a></li> + <li><a href="/news/2016/11">November</a></li> <li><a href="/news/2016/10">October</a></li> <li><a href="/news/2016/08">August</a></li> <li><a href="/news/2016/07">July</a></li> http://git-wip-us.apache.org/repos/asf/wicket-site/blob/808021f1/content/news/2014/11/index.html ---------------------------------------------------------------------- diff --git a/content/news/2014/11/index.html b/content/news/2014/11/index.html index e531a49..643c88a 100644 --- a/content/news/2014/11/index.html +++ b/content/news/2014/11/index.html @@ -66,6 +66,7 @@ with Wicket 6 we us...</p> <h2>2016</h2> <ul> <li><a href="/news/2016">All of 2016</a></li> + <li><a href="/news/2016/11">November</a></li> <li><a href="/news/2016/10">October</a></li> <li><a href="/news/2016/08">August</a></li> <li><a href="/news/2016/07">July</a></li> http://git-wip-us.apache.org/repos/asf/wicket-site/blob/808021f1/content/news/2014/index.html ---------------------------------------------------------------------- diff --git a/content/news/2014/index.html b/content/news/2014/index.html index 404a5c0..42464ae 100644 --- a/content/news/2014/index.html +++ b/content/news/2014/index.html @@ -191,6 +191,7 @@ <h2>2016</h2> <ul> <li><a href="/news/2016">All of 2016</a></li> + <li><a href="/news/2016/11">November</a></li> <li><a href="/news/2016/10">October</a></li> <li><a href="/news/2016/08">August</a></li> <li><a href="/news/2016/07">July</a></li> http://git-wip-us.apache.org/repos/asf/wicket-site/blob/808021f1/content/news/2015/02/index.html ---------------------------------------------------------------------- diff --git a/content/news/2015/02/index.html b/content/news/2015/02/index.html index 29f896c..e685093 100644 --- a/content/news/2015/02/index.html +++ b/content/news/2015/02/index.html @@ -88,6 +88,7 @@ to announce that he has accepted.</p> <h2>2016</h2> <ul> <li><a href="/news/2016">All of 2016</a></li> + <li><a href="/news/2016/11">November</a></li> <li><a href="/news/2016/10">October</a></li> <li><a href="/news/2016/08">August</a></li> <li><a href="/news/2016/07">July</a></li> http://git-wip-us.apache.org/repos/asf/wicket-site/blob/808021f1/content/news/2015/06/index.html ---------------------------------------------------------------------- diff --git a/content/news/2015/06/index.html b/content/news/2015/06/index.html index 322b275..40ec247 100644 --- a/content/news/2015/06/index.html +++ b/content/news/2015/06/index.html @@ -66,6 +66,7 @@ with Wicket 6 we us...</p> <h2>2016</h2> <ul> <li><a href="/news/2016">All of 2016</a></li> + <li><a href="/news/2016/11">November</a></li> <li><a href="/news/2016/10">October</a></li> <li><a href="/news/2016/08">August</a></li> <li><a href="/news/2016/07">July</a></li> http://git-wip-us.apache.org/repos/asf/wicket-site/blob/808021f1/content/news/2015/07/index.html ---------------------------------------------------------------------- diff --git a/content/news/2015/07/index.html b/content/news/2015/07/index.html index 09aaf4b..6ab6128 100644 --- a/content/news/2015/07/index.html +++ b/content/news/2015/07/index.html @@ -57,6 +57,7 @@ <h2>2016</h2> <ul> <li><a href="/news/2016">All of 2016</a></li> + <li><a href="/news/2016/11">November</a></li> <li><a href="/news/2016/10">October</a></li> <li><a href="/news/2016/08">August</a></li> <li><a href="/news/2016/07">July</a></li> http://git-wip-us.apache.org/repos/asf/wicket-site/blob/808021f1/content/news/2015/10/index.html ---------------------------------------------------------------------- diff --git a/content/news/2015/10/index.html b/content/news/2015/10/index.html index 344e287..93aa30f 100644 --- a/content/news/2015/10/index.html +++ b/content/news/2015/10/index.html @@ -74,6 +74,7 @@ use semantic ...</p> <h2>2016</h2> <ul> <li><a href="/news/2016">All of 2016</a></li> + <li><a href="/news/2016/11">November</a></li> <li><a href="/news/2016/10">October</a></li> <li><a href="/news/2016/08">August</a></li> <li><a href="/news/2016/07">July</a></li> http://git-wip-us.apache.org/repos/asf/wicket-site/blob/808021f1/content/news/2015/11/15/wicket-1.4.x-eol.html ---------------------------------------------------------------------- diff --git a/content/news/2015/11/15/wicket-1.4.x-eol.html b/content/news/2015/11/15/wicket-1.4.x-eol.html index 3be665d..15594d6 100644 --- a/content/news/2015/11/15/wicket-1.4.x-eol.html +++ b/content/news/2015/11/15/wicket-1.4.x-eol.html @@ -52,12 +52,14 @@ <p class="meta">15 Nov 2015</p> <p>The Apache Wicket team announces that support for Apache Wicket 1.4.x ends on 16 November 2015. On the same day Wicket 1.5.x enters âsecurity fixesâ maintenance mode.</p> -<p>This means that after 16 October 2015: -- no more releases from the 1.4.x branch -- bugs affecting only the 1.4.x branch will not be addressed -- security vulnerability reports will not be checked against the 1.4.x branch -- releases from the 1.5.x branch are highly unlikely -- only security patches will be applied to the 1.5.x branch</p> +<p>This means that after 16 October 2015:</p> +<ul> + <li>no more releases from the 1.4.x branch</li> + <li>bugs affecting only the 1.4.x branch will not be addressed</li> + <li>security vulnerability reports will not be checked against the 1.4.x branch</li> + <li>releases from the 1.5.x branch are highly unlikely</li> + <li>only security patches will be applied to the 1.5.x branch</li> +</ul> <p>The Wicket Team</p> </div> </section> http://git-wip-us.apache.org/repos/asf/wicket-site/blob/808021f1/content/news/2015/11/index.html ---------------------------------------------------------------------- diff --git a/content/news/2015/11/index.html b/content/news/2015/11/index.html index dcf128f..e4f151d 100644 --- a/content/news/2015/11/index.html +++ b/content/news/2015/11/index.html @@ -51,12 +51,7 @@ <p><small>15 Nov 2015</small></p> <p>The Apache Wicket team announces that support for Apache Wicket 1.4.x ends on 16 November 2015. On the same day Wicket 1.5.x enters âsecurity fixesâ maintenance mode.</p> -<p>This means that after 16 October 2015: -- no more releases from the 1.4.x branch -- bugs affecting only the 1.4.x branch will not be addressed -- security vulnerability reports will not be checked against the 1.4.x branch -- releases from the 1.5.x branch are highly unlikely -- only security patches will ...</p> +<p>This mea...</p> <a href="/news/2015/11/15/wicket-1.4.x-eol.html">more</a></li> </div> <div class="news"> @@ -72,6 +67,7 @@ use semantic v...</p> <h2>2016</h2> <ul> <li><a href="/news/2016">All of 2016</a></li> + <li><a href="/news/2016/11">November</a></li> <li><a href="/news/2016/10">October</a></li> <li><a href="/news/2016/08">August</a></li> <li><a href="/news/2016/07">July</a></li> http://git-wip-us.apache.org/repos/asf/wicket-site/blob/808021f1/content/news/2015/index.html ---------------------------------------------------------------------- diff --git a/content/news/2015/index.html b/content/news/2015/index.html index e0034a3..e8815b6 100644 --- a/content/news/2015/index.html +++ b/content/news/2015/index.html @@ -149,6 +149,7 @@ <h2>2016</h2> <ul> <li><a href="/news/2016">All of 2016</a></li> + <li><a href="/news/2016/11">November</a></li> <li><a href="/news/2016/10">October</a></li> <li><a href="/news/2016/08">August</a></li> <li><a href="/news/2016/07">July</a></li> http://git-wip-us.apache.org/repos/asf/wicket-site/blob/808021f1/content/news/2016/01/index.html ---------------------------------------------------------------------- diff --git a/content/news/2016/01/index.html b/content/news/2016/01/index.html index 4b8fdc6..0d01c2d 100644 --- a/content/news/2016/01/index.html +++ b/content/news/2016/01/index.html @@ -59,6 +59,7 @@ use semantic ...</p> <h2>2016</h2> <ul> <li><a href="/news/2016">All of 2016</a></li> + <li><a href="/news/2016/11">November</a></li> <li><a href="/news/2016/10">October</a></li> <li><a href="/news/2016/08">August</a></li> <li><a href="/news/2016/07">July</a></li> http://git-wip-us.apache.org/repos/asf/wicket-site/blob/808021f1/content/news/2016/02/index.html ---------------------------------------------------------------------- diff --git a/content/news/2016/02/index.html b/content/news/2016/02/index.html index fc0b67f..c2b1288 100644 --- a/content/news/2016/02/index.html +++ b/content/news/2016/02/index.html @@ -73,6 +73,7 @@ use semantic v...</p> <h2>2016</h2> <ul> <li><a href="/news/2016">All of 2016</a></li> + <li><a href="/news/2016/11">November</a></li> <li><a href="/news/2016/10">October</a></li> <li><a href="/news/2016/08">August</a></li> <li><a href="/news/2016/07">July</a></li> http://git-wip-us.apache.org/repos/asf/wicket-site/blob/808021f1/content/news/2016/03/index.html ---------------------------------------------------------------------- diff --git a/content/news/2016/03/index.html b/content/news/2016/03/index.html index cf752f9..e49891c 100644 --- a/content/news/2016/03/index.html +++ b/content/news/2016/03/index.html @@ -76,6 +76,7 @@ Apache Wicket 1.5.x, 6.x and 7.x</p> <h2>2016</h2> <ul> <li><a href="/news/2016">All of 2016</a></li> + <li><a href="/news/2016/11">November</a></li> <li><a href="/news/2016/10">October</a></li> <li><a href="/news/2016/08">August</a></li> <li><a href="/news/2016/07">July</a></li> http://git-wip-us.apache.org/repos/asf/wicket-site/blob/808021f1/content/news/2016/05/index.html ---------------------------------------------------------------------- diff --git a/content/news/2016/05/index.html b/content/news/2016/05/index.html index 3c25570..ed9f4be 100644 --- a/content/news/2016/05/index.html +++ b/content/news/2016/05/index.html @@ -69,6 +69,7 @@ government...</p> <h2>2016</h2> <ul> <li><a href="/news/2016">All of 2016</a></li> + <li><a href="/news/2016/11">November</a></li> <li><a href="/news/2016/10">October</a></li> <li><a href="/news/2016/08">August</a></li> <li><a href="/news/2016/07">July</a></li> http://git-wip-us.apache.org/repos/asf/wicket-site/blob/808021f1/content/news/2016/07/25/wicket-8.0.0-M1-released.html ---------------------------------------------------------------------- diff --git a/content/news/2016/07/25/wicket-8.0.0-M1-released.html b/content/news/2016/07/25/wicket-8.0.0-M1-released.html index f365239..dd59fb4 100644 --- a/content/news/2016/07/25/wicket-8.0.0-M1-released.html +++ b/content/news/2016/07/25/wicket-8.0.0-M1-released.html @@ -223,7 +223,7 @@ cTwAn0jMYcafuw0aHDATKwbTv8U3uZX1 <li>[WICKET-5920] - roll a version of ListDataProvider implementing ISortableDetachable model</li> <li>[WICKET-5950] - Model and GenericBaseModel could both implement IObjectClassAwareModel</li> <li>[WICKET-5969] - Please give us access to PageTable.index pageId queue</li> - <li>[WICKET-5986] - NumberTextField<n> should use Models for minimum, maximum and step</n></li> + <li>[WICKET-5986] - NumberTextField<N> should use Models for minimum, maximum and step</N></li> <li>[WICKET-6015] - AjaxFallbackOrderByBorder/Link should support updateAjaxAttributes() idiom</li> <li>[WICKET-6019] - Remove âfinalâ modifier for Localizer#getStringIgnoreSettings() methods</li> <li>[WICKET-6023] - small tweak for component queuing for the AbstractRepeater</li> @@ -267,7 +267,7 @@ cTwAn0jMYcafuw0aHDATKwbTv8U3uZX1 <li>[WICKET-6183] - Improve stateless support for AJAX</li> <li>[WICKET-6184] - Remove form argument from AjaxButton and AjaxLink callbacks</li> <li>[WICKET-6188] - Use DynamicJQueryResourceReference by default</li> - <li>[WICKET-6189] - Return Optional<t> from RequestCycle.find(Class<t>)</t></t></li> + <li>[WICKET-6189] - Return Optional<T> from RequestCycle.find(Class<T>)</T></T></li> </ul> <h5 id="new-feature">New Feature</h5> <ul> http://git-wip-us.apache.org/repos/asf/wicket-site/blob/808021f1/content/news/2016/07/index.html ---------------------------------------------------------------------- diff --git a/content/news/2016/07/index.html b/content/news/2016/07/index.html index 2c99dd8..0a4fa89 100644 --- a/content/news/2016/07/index.html +++ b/content/news/2016/07/index.html @@ -78,6 +78,7 @@ governments, ...</p> <h2>2016</h2> <ul> <li><a href="/news/2016">All of 2016</a></li> + <li><a href="/news/2016/11">November</a></li> <li><a href="/news/2016/10">October</a></li> <li><a href="/news/2016/08">August</a></li> <li><a href="/news/2016/07">July</a></li> http://git-wip-us.apache.org/repos/asf/wicket-site/blob/808021f1/content/news/2016/08/index.html ---------------------------------------------------------------------- diff --git a/content/news/2016/08/index.html b/content/news/2016/08/index.html index 764e766..a83dec1 100644 --- a/content/news/2016/08/index.html +++ b/content/news/2016/08/index.html @@ -78,6 +78,7 @@ using the Apache Commons Fileupload library to bec...</p> <h2>2016</h2> <ul> <li><a href="/news/2016">All of 2016</a></li> + <li><a href="/news/2016/11">November</a></li> <li><a href="/news/2016/10">October</a></li> <li><a href="/news/2016/08">August</a></li> <li><a href="/news/2016/07">July</a></li> http://git-wip-us.apache.org/repos/asf/wicket-site/blob/808021f1/content/news/2016/10/index.html ---------------------------------------------------------------------- diff --git a/content/news/2016/10/index.html b/content/news/2016/10/index.html index bf65545..efe5413 100644 --- a/content/news/2016/10/index.html +++ b/content/news/2016/10/index.html @@ -78,6 +78,7 @@ governments, ...</p> <h2>2016</h2> <ul> <li><a href="/news/2016">All of 2016</a></li> + <li><a href="/news/2016/11">November</a></li> <li><a href="/news/2016/10">October</a></li> <li><a href="/news/2016/08">August</a></li> <li><a href="/news/2016/07">July</a></li> http://git-wip-us.apache.org/repos/asf/wicket-site/blob/808021f1/content/news/2016/11/08/cve-2016-6806.html ---------------------------------------------------------------------- diff --git a/content/news/2016/11/08/cve-2016-6806.html b/content/news/2016/11/08/cve-2016-6806.html new file mode 100644 index 0000000..690eb2e --- /dev/null +++ b/content/news/2016/11/08/cve-2016-6806.html @@ -0,0 +1,87 @@ +<!DOCTYPE html> +<html> + <head> + <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1"> + <meta charset="utf-8"> + <title>CVE-2016-6806 Apache Wicket CSRF detection vulnerability | Apache Wicket</title> + <meta name="viewport" content="width=device-width, initial-scale=1" /> + + <link rel="shortcut icon" href="/favicon.ico" type="image/vnd.microsoft.icon" /> + <link rel="stylesheet" href="/css/style.css" type="text/css" media="screen" /> + <link href="//maxcdn.bootstrapcdn.com/font-awesome/4.3.0/css/font-awesome.min.css" rel="stylesheet" /> + + <script src="//code.jquery.com/jquery-1.11.3.min.js"></script> + + </head> + + <body class=""> + <div class="header default"> + <div class="l-container"> +<nav class="mainmenu"> + <ul> + <!-- /start/quickstart.html || /news/2016/11/08/cve-2016-6806.html --> + <li class=""><a href="/start/quickstart.html">Quick Start</a></li> + <!-- /start/download.html || /news/2016/11/08/cve-2016-6806.html --> + <li class=""><a href="/start/download.html">Download</a></li> + <!-- /learn || /news/2016/11/08/cve-2016-6806.html --> + <li class=""><a href="/learn">Documentation</a></li> + <!-- /help || /news/2016/11/08/cve-2016-6806.html --> + <li class=""><a href="/help">Support</a></li> + <!-- /contribute || /news/2016/11/08/cve-2016-6806.html --> + <li class=""><a href="/contribute">Contribute</a></li> + <!-- /community || /news/2016/11/08/cve-2016-6806.html --> + <li class=""><a href="/community">Community</a></li> + <!-- /apache || /news/2016/11/08/cve-2016-6806.html --> + <li class=""><a href="/apache">Apache</a></li> + </ul> +</nav> + <div class="logo"> + <a href="/"><img src="/img/logo-apachewicket-white.svg" alt="Apache Wicket"></a> +</div> + </div> +</div> +<main> + <div class="l-container"> + <header class="l-full preamble"> + <h1>CVE-2016-6806 Apache Wicket CSRF detection vulnerability</h1> + </header> + <section class="l-one-third right"> + <div id="toc" class="toc"><div id="toc-title"><h2>Table of Contents</h2></div><ul><li class="toc--level-1 toc--section-1"><a href="#the-application-developers-are-recommended-to-upgrade-to"><span class="toc-number">1</span> <span class="toc-text">The application developers are recommended to upgrade to:</span></a></li></ul></div> + </section> + <section class="l-two-third left"> + <div class="l-full"> + <p class="meta">08 Nov 2016</p> + <p><em>Severity</em>: Important</p> +<p><em>Vendor</em>: The Apache Software Foundation</p> +<p><em>Versions Affected</em>: Apache Wicket 6.20.0, 6.21.0, 6.22.0, 6.23.0, 6.24.0, +7.0.0, 7.1.0, 7.2.0, 7.3.0, 7.4.0 and 8.0.0-M1</p> +<p><em>Description</em>: Affected versions of Apache Wicket provide a CSRF prevention +measure that fails to discover some cross origin requests. The mitigation is to +not only check the Origin HTTP header, but also take the Referer HTTP header +into account when no Origin was provided. Furthermore, not all Wicket server +side targets were subjected to the CSRF check. This was also fixed.</p> +<p><em>Mitigation</em>: 6.x users should upgrade to 6.25.0, 7.x users should upgrade to +7.5.0 and 8.0.0-M1 users should upgrade to 8.0.0-M2.</p> +<p><em>Credit</em>: This issue was discovered by Gerben Janssen van Doorn</p> +<p>References: https://wicket.apache.org/news</p> +<h2 id="the-application-developers-are-recommended-to-upgrade-to">The application developers are recommended to upgrade to:</h2> +<ul> + <li><a href="/news/2016/10/26/wicket-6.25.0-released.html">Apache Wicket 6.25.0</a></li> + <li><a href="/news/2016/10/26/wicket-7.5.0-released.html">Apache Wicket 7.5.0</a></li> + <li><a href="/news/2016/10/26/wicket-8.0.0-M2-released.html">Apache Wicket 8.0.0-M2</a></li> +</ul> +<p>Users of Wicket verions prior to 6.20 are not affected because the particular +component was introduced in 6.20.0.</p> +</div> + </section> + </div> +</main> + <footer class="l-container"> + <div class="l-full"> + <img src="/img/asf_logo_url.svg" style="height:90px; float:left; margin-right:10px;"> + <div style="margin-top:12px;">Copyright © 2016 â The Apache Software Foundation. Apache Wicket, Wicket, Apache, the Apache feather logo, and the Apache Wicket project logo are trademarks of The Apache Software Foundation. All other marks mentioned may be trademarks or registered trademarks of their respective owners.</div> +</div> + </footer> + </body> + +</html> http://git-wip-us.apache.org/repos/asf/wicket-site/blob/808021f1/content/news/2016/11/index.html ---------------------------------------------------------------------- diff --git a/content/news/2016/11/index.html b/content/news/2016/11/index.html new file mode 100644 index 0000000..673c3f9 --- /dev/null +++ b/content/news/2016/11/index.html @@ -0,0 +1,169 @@ +<!DOCTYPE html> +<html> + <head> + <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1"> + <meta charset="utf-8"> + <title>Monthly archive for November 2016 | Apache Wicket</title> + <meta name="viewport" content="width=device-width, initial-scale=1" /> + + <link rel="shortcut icon" href="/favicon.ico" type="image/vnd.microsoft.icon" /> + <link rel="stylesheet" href="/css/style.css" type="text/css" media="screen" /> + <link href="//maxcdn.bootstrapcdn.com/font-awesome/4.3.0/css/font-awesome.min.css" rel="stylesheet" /> + + <script src="//code.jquery.com/jquery-1.11.3.min.js"></script> + + </head> + + <body class=""> + <div class="header default"> + <div class="l-container"> +<nav class="mainmenu"> + <ul> + <!-- /start/quickstart.html || /news/2016/11 --> + <li class=""><a href="/start/quickstart.html">Quick Start</a></li> + <!-- /start/download.html || /news/2016/11 --> + <li class=""><a href="/start/download.html">Download</a></li> + <!-- /learn || /news/2016/11 --> + <li class=""><a href="/learn">Documentation</a></li> + <!-- /help || /news/2016/11 --> + <li class=""><a href="/help">Support</a></li> + <!-- /contribute || /news/2016/11 --> + <li class=""><a href="/contribute">Contribute</a></li> + <!-- /community || /news/2016/11 --> + <li class=""><a href="/community">Community</a></li> + <!-- /apache || /news/2016/11 --> + <li class=""><a href="/apache">Apache</a></li> + </ul> +</nav> + <div class="logo"> + <a href="/"><img src="/img/logo-apachewicket-white.svg" alt="Apache Wicket"></a> +</div> + </div> +</div> +<main> + <div class="l-container"> + <header class="l-full preamble"> + <h1>Monthly archive for November 2016</h1> + </header> + <div class="l-two-third"> +<div class="news"> + <h3>CVE-2016-6806 Apache Wicket CSRF detection vulnerability</h3> + <p><small>08 Nov 2016</small></p> + <p><em>Severity</em>: Important</p> +<p><em>Vendor</em>: The Apache Software Foundation</p> +<p><em>Versions Affected</em>: Apache Wicket 6.20.0, 6.21.0, 6.22.0, 6.23.0, 6.24.0, +7.0.0, 7.1.0, 7.2.0, 7.3.0, 7.4.0 and 8.0.0-M1</p> +<p><em>Description</em>: Affected versions of Apache Wicket provide a CSRF prevention +measure that fails to discover some cross origin requests. The mitigation is to +not only check the Origin HTTP header, but also take the Referer HTTP header +into account when no Origin was provided. Furthermore, not all Wicket server +side targets were subjected to the CSRF check. This was also f...</p> + <a href="/news/2016/11/08/cve-2016-6806.html">more</a></li> +</div> + </div> + <div class="l-one-third"> + <h2>2016</h2> + <ul> + <li><a href="/news/2016">All of 2016</a></li> + <li><a href="/news/2016/11">November</a></li> + <li><a href="/news/2016/10">October</a></li> + <li><a href="/news/2016/08">August</a></li> + <li><a href="/news/2016/07">July</a></li> + <li><a href="/news/2016/05">May</a></li> + <li><a href="/news/2016/03">March</a></li> + <li><a href="/news/2016/02">February</a></li> + <li><a href="/news/2016/01">January</a></li> + </ul> + <h2>2015</h2> + <ul> + <li><a href="/news/2015">All of 2015</a></li> + <li><a href="/news/2015/11">November</a></li> + <li><a href="/news/2015/10">October</a></li> + <li><a href="/news/2015/07">July</a></li> + <li><a href="/news/2015/06">June</a></li> + <li><a href="/news/2015/02">February</a></li> + </ul> + <h2>2014</h2> + <ul> + <li><a href="/news/2014">All of 2014</a></li> + <li><a href="/news/2014/11">November</a></li> + <li><a href="/news/2014/09">September</a></li> + <li><a href="/news/2014/08">August</a></li> + <li><a href="/news/2014/06">June</a></li> + <li><a href="/news/2014/04">April</a></li> + <li><a href="/news/2014/02">February</a></li> + <li><a href="/news/2014/01">January</a></li> + </ul> + <h2>2013</h2> + <ul> + <li><a href="/news/2013">All of 2013</a></li> + <li><a href="/news/2013/11">November</a></li> + <li><a href="/news/2013/09">September</a></li> + <li><a href="/news/2013/08">August</a></li> + <li><a href="/news/2013/07">July</a></li> + <li><a href="/news/2013/06">June</a></li> + <li><a href="/news/2013/05">May</a></li> + <li><a href="/news/2013/04">April</a></li> + <li><a href="/news/2013/03">March</a></li> + <li><a href="/news/2013/02">February</a></li> + <li><a href="/news/2013/01">January</a></li> + </ul> + <h2>2012</h2> + <ul> + <li><a href="/news/2012">All of 2012</a></li> + <li><a href="/news/2012/12">December</a></li> + <li><a href="/news/2012/11">November</a></li> + <li><a href="/news/2012/10">October</a></li> + <li><a href="/news/2012/09">September</a></li> + <li><a href="/news/2012/08">August</a></li> + <li><a href="/news/2012/07">July</a></li> + <li><a href="/news/2012/06">June</a></li> + <li><a href="/news/2012/05">May</a></li> + <li><a href="/news/2012/03">March</a></li> + <li><a href="/news/2012/01">January</a></li> + </ul> + <h2>2011</h2> + <ul> + <li><a href="/news/2011">All of 2011</a></li> + <li><a href="/news/2011/11">November</a></li> + <li><a href="/news/2011/10">October</a></li> + <li><a href="/news/2011/09">September</a></li> + <li><a href="/news/2011/08">August</a></li> + <li><a href="/news/2011/06">June</a></li> + <li><a href="/news/2011/05">May</a></li> + <li><a href="/news/2011/04">April</a></li> + <li><a href="/news/2011/03">March</a></li> + <li><a href="/news/2011/02">February</a></li> + <li><a href="/news/2011/01">January</a></li> + </ul> + <h2>2010</h2> + <ul> + <li><a href="/news/2010">All of 2010</a></li> + <li><a href="/news/2010/12">December</a></li> + <li><a href="/news/2010/11">November</a></li> + <li><a href="/news/2010/09">September</a></li> + <li><a href="/news/2010/08">August</a></li> + <li><a href="/news/2010/05">May</a></li> + <li><a href="/news/2010/03">March</a></li> + <li><a href="/news/2010/02">February</a></li> + </ul> + <h2>2009</h2> + <ul> + <li><a href="/news/2009">All of 2009</a></li> + <li><a href="/news/2009/12">December</a></li> + <li><a href="/news/2009/10">October</a></li> + <li><a href="/news/2009/08">August</a></li> + <li><a href="/news/2009/07">July</a></li> + </ul> + </div> + </div> +</main> + <footer class="l-container"> + <div class="l-full"> + <img src="/img/asf_logo_url.svg" style="height:90px; float:left; margin-right:10px;"> + <div style="margin-top:12px;">Copyright © 2016 â The Apache Software Foundation. Apache Wicket, Wicket, Apache, the Apache feather logo, and the Apache Wicket project logo are trademarks of The Apache Software Foundation. All other marks mentioned may be trademarks or registered trademarks of their respective owners.</div> +</div> + </footer> + </body> + +</html> http://git-wip-us.apache.org/repos/asf/wicket-site/blob/808021f1/content/news/2016/index.html ---------------------------------------------------------------------- diff --git a/content/news/2016/index.html b/content/news/2016/index.html index b29a415..8360545 100644 --- a/content/news/2016/index.html +++ b/content/news/2016/index.html @@ -48,6 +48,18 @@ <div class="l-two-third"> <div class="l-first"> <div class="l-full"> + <h1>All News for November 2016</h1> + <p>This section contains all news items published in <a href="/news/2016/11">November 2016</a>.</p> + </div> + <div class="l-full"> + <h3 id="/news/2016/11/08/cve-2016-6806.html">CVE-2016-6806 Apache Wicket CSRF detection vulnerability</h3> + <small>08 Nov 2016</small> + <p>Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache Wicket 6.20.0, 6.21.0, 6.22.0, 6.23.0, 6.24.0, 7.0.0, 7.1.0, 7.2.0, 7.3.0, 7.4.0 and 8.0.0-M1 Description: Affected... + <a href="/news/2016/11/08/cve-2016-6806.html">more</a></li></p> + </div> + <hr> + <div class="l-first"></div> + <div class="l-full"> <h1>All News for October 2016</h1> <p>This section contains all news items published in <a href="/news/2016/10">October 2016</a>.</p> </div> @@ -185,6 +197,7 @@ <h2>2016</h2> <ul> <li><a href="/news/2016">All of 2016</a></li> + <li><a href="/news/2016/11">November</a></li> <li><a href="/news/2016/10">October</a></li> <li><a href="/news/2016/08">August</a></li> <li><a href="/news/2016/07">July</a></li> http://git-wip-us.apache.org/repos/asf/wicket-site/blob/808021f1/content/news/index.html ---------------------------------------------------------------------- diff --git a/content/news/index.html b/content/news/index.html index 461a531..901c978 100644 --- a/content/news/index.html +++ b/content/news/index.html @@ -52,6 +52,12 @@ <h1 id="all-news-for-2016">All News for 2016</h1> <p>This section contains all news items published in <a href="/news/2016">2016</a>.</p> <article> + <h3 id="/news/2016/11/08/cve-2016-6806.html">CVE-2016-6806 Apache Wicket CSRF detection vulnerability</h3> + <small>08 Nov 2016</small> + <p>Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache Wicket 6.20.0, 6.21.0, 6.22.0, 6.23.0, 6.24.0, 7.0.0, 7.1.0, 7.2.0, 7.3.0, 7.4.0 and 8.0.0-M1 Description: Affected versions of Apache Wicket provide a CSRF prevention measure that fails to discover some cross origin requests. The mitigation is to not only check the... + <a href="/news/2016/11/08/cve-2016-6806.html">more</a></p> +</article> + <article> <h3 id="/news/2016/10/26/wicket-8.0.0-M2-released.html">Apache Wicket 8.0.0-M2 released</h3> <small>26 Oct 2016</small> <p>The Apache Wicket PMC is proud to announce Apache Wicket 8.0.0-M2! Apache Wicket is an open source Java component oriented web application framework that powers thousands of web applications and web sites for governments, stores, universities, cities, banks, email providers, and more. You can find more about Apache Wicket at... @@ -155,7 +161,7 @@ <article> <h3 id="/news/2015/11/15/wicket-1.4.x-eol.html">Apache Wicket 1.4.x end of life</h3> <small>15 Nov 2015</small> - <p>The Apache Wicket team announces that support for Apache Wicket 1.4.x ends on 16 November 2015. On the same day Wicket 1.5.x enters âsecurity fixesâ maintenance mode. This means that after 16 October 2015: - no more releases from the 1.4.x branch - bugs affecting only the 1.4.x branch will... + <p>The Apache Wicket team announces that support for Apache Wicket 1.4.x ends on 16 November 2015. On the same day Wicket 1.5.x enters âsecurity fixesâ maintenance mode. This means that after 16 October 2015: no more releases from the 1.4.x branch bugs affecting only the 1.4.x branch will not be... <a href="/news/2015/11/15/wicket-1.4.x-eol.html">more</a></p> </article> <article> @@ -697,7 +703,7 @@ Read CVE-2013-2055 for more information. <article> <h3 id="/news/2011/08/28/1.5-RC7-released.html">Wicket 1.5-RC7 released</h3> <small>28 Aug 2011</small> - <p>The Wicket Team is proud to introduce the seventh Release Candidate in Wicket 1.5 series. See the changelog for the list of bug fixes and improvements done between 1.5-RC5.1 and 1.5-RC7 More detailed migration notes are available on our Migrate to 1.5 Wiki Page Release Artifacts: * Subversion tag *... + <p>The Wicket Team is proud to introduce the seventh Release Candidate in Wicket 1.5 series. See the changelog for the list of bug fixes and improvements done between 1.5-RC5.1 and 1.5-RC7 More detailed migration notes are available on our Migrate to 1.5 Wiki Page Release Artifacts: Subversion tag Changelog RC6... <a href="/news/2011/08/28/1.5-RC7-released.html">more</a></p> </article> <article> @@ -724,7 +730,7 @@ Read CVE-2013-2055 for more information. <article> <h3 id="/news/2011/06/25/wicket-1.5-RC5.1-released.html">Wicket 1.5-RC5.1 released</h3> <small>25 Jun 2011</small> - <p>The Wicket Team is proud to introduce the fourth Release Candidate in Wicket 1.5 series. See the changelog for the list of bug fixes and improvements done between 1.5-RC4.2 and 1.5-RC5.1 More detailed migration notes are available on our Migrate to 1.5 Wiki Page Release Artifacts: * Subversion tag *... + <p>The Wicket Team is proud to introduce the fourth Release Candidate in Wicket 1.5 series. See the changelog for the list of bug fixes and improvements done between 1.5-RC4.2 and 1.5-RC5.1 More detailed migration notes are available on our Migrate to 1.5 Wiki Page Release Artifacts: Subversion tag Changelog To... <a href="/news/2011/06/25/wicket-1.5-RC5.1-released.html">more</a></p> </article> <article> @@ -740,13 +746,13 @@ Cheers, <article> <h3 id="/news/2011/05/11/wicket-1.5-RC4.2-released.html">Wicket 1.5-RC4.2 released</h3> <small>11 May 2011</small> - <p>The Wicket Team is proud to introduce the fourth Release Candidate in Wicket 1.5 series. See the changelog for the list of bug fixes and improvements done between 1.5-RC3 and 1.5-RC4.2 More detailed migration notes are available on our Migrate to 1.5 Wiki Page Release Artifacts: * Subversion tag *... + <p>The Wicket Team is proud to introduce the fourth Release Candidate in Wicket 1.5 series. See the changelog for the list of bug fixes and improvements done between 1.5-RC3 and 1.5-RC4.2 More detailed migration notes are available on our Migrate to 1.5 Wiki Page Release Artifacts: Subversion tag Changelog To... <a href="/news/2011/05/11/wicket-1.5-RC4.2-released.html">more</a></p> </article> <article> <h3 id="/news/2011/04/02/wicket-1.5-RC3-released.html">Wicket 1.5-RC3 released</h3> <small>02 Apr 2011</small> - <p>The Wicket Team is proud to introduce the third Release Candidate in Wicket 1.5 series. See the changelog for the list of bug fixes and improvements done between 1.5-rc2 and 1.5-RC3 More detailed migration notes are available on our Migrate to 1.5 Wiki Page Release Artifacts: * Subversion tag *... + <p>The Wicket Team is proud to introduce the third Release Candidate in Wicket 1.5 series. See the changelog for the list of bug fixes and improvements done between 1.5-rc2 and 1.5-RC3 More detailed migration notes are available on our Migrate to 1.5 Wiki Page Release Artifacts: Subversion tag Changelog To... <a href="/news/2011/04/02/wicket-1.5-RC3-released.html">more</a></p> </article> <article> @@ -773,7 +779,7 @@ Cheers, <article> <h3 id="/news/2011/02/25/wicket-1.5-rc2-released.html">Wicket 1.5-rc2 released</h3> <small>25 Feb 2011</small> - <p>The Wicket Team is proud to introduce the second Release Candidate in Wicket 1.5 series. See the changelog for the list of bug fixes and improvements done between 1.5-RC1 and 1.5-rc2 More detailed migration notes are available on our Migrate to 1.5 Wiki Page Release Artifacts: * Subversion tag *... + <p>The Wicket Team is proud to introduce the second Release Candidate in Wicket 1.5 series. See the changelog for the list of bug fixes and improvements done between 1.5-RC1 and 1.5-rc2 More detailed migration notes are available on our Migrate to 1.5 Wiki Page Release Artifacts: Subversion tag Changelog To... <a href="/news/2011/02/25/wicket-1.5-rc2-released.html">more</a></p> </article> <article> @@ -794,7 +800,7 @@ Cheers, <article> <h3 id="/news/2011/01/22/wicket-1.5-RC1-released.html">Wicket 1.5-RC1 released</h3> <small>22 Jan 2011</small> - <p>The Wicket Team is proud to introduce the first Release Candidate in Wicket 1.5 series. The 1.5 series provides the following major improvements: * A more powerful and flexible request processing pipeline * Intercomponent event mechanism * Improved configuration * More flexible markup loading * Better proxy support (x-forwarded-for header)... + <p>The Wicket Team is proud to introduce the first Release Candidate in Wicket 1.5 series. The 1.5 series provides the following major improvements: A more powerful and flexible request processing pipeline Intercomponent event mechanism Improved configuration More flexible markup loading Better proxy support (x-forwarded-for header) More detailed migration notes are... <a href="/news/2011/01/22/wicket-1.5-RC1-released.html">more</a></p> </article> <div class="l-first"></div> @@ -920,7 +926,7 @@ fifty bug fixes and improvements. <article> <h3 id="/news/2010/08/11/wicket-1.4.10-released.html">Wicket 1.4.10 released</h3> <small>11 Aug 2010</small> - <p>This is the tenth maintenance release of the 1.4.x series and brings over thirty bug fixes and improvements. As well as bringing bug fixes and small improvements, 1.4.10 brings two major new features: * Delayed component initialization * Component configuration Delayed component initialization allows developers to initialize their components outside... + <p>This is the tenth maintenance release of the 1.4.x series and brings over thirty bug fixes and improvements. As well as bringing bug fixes and small improvements, 1.4.10 brings two major new features: Delayed component initialization Component configuration Delayed component initialization allows developers to initialize their components outside of a... <a href="/news/2010/08/11/wicket-1.4.10-released.html">more</a></p> </article> <article> @@ -1026,6 +1032,7 @@ This is the eighth maintenance release of 1.4.x series and brings over <h2>2016</h2> <ul> <li><a href="/news/2016">All of 2016</a></li> + <li><a href="/news/2016/11">November</a></li> <li><a href="/news/2016/10">October</a></li> <li><a href="/news/2016/08">August</a></li> <li><a href="/news/2016/07">July</a></li> http://git-wip-us.apache.org/repos/asf/wicket-site/blob/808021f1/content/start/quickstart.html ---------------------------------------------------------------------- diff --git a/content/start/quickstart.html b/content/start/quickstart.html index 1d72b0a..571de97 100644 --- a/content/start/quickstart.html +++ b/content/start/quickstart.html @@ -153,9 +153,9 @@ generated (e.g. for Eclipse users this would be your workspace folder). Paste the command line into your terminal window and press «enter» to execute the command.</p> <p>You can create your quickstart interactively too with the following Maven command:</p> -<p><code class="highlighter-rouge">shell - mvn archetype:generate -DarchetypeCatalog=http://wicket.apache.org -</code></p> +<div class="language-shell highlighter-rouge"><pre class="highlight"><code> mvn archetype:generate -DarchetypeCatalog<span class="o">=</span>http://wicket.apache.org +</code></pre> +</div> <h4 id="result-of-the-maven-command">Result of the Maven command</h4> <p>Executing the Maven command line will result the following directory structure:</p>
