Repository: wicket-site Updated Branches: refs/heads/asf-site c202a1f61 -> 178bb54b2
http://git-wip-us.apache.org/repos/asf/wicket-site/blob/178bb54b/content/news/2012/01/index.html ---------------------------------------------------------------------- diff --git a/content/news/2012/01/index.html b/content/news/2012/01/index.html index 80e03ea..ff5bd3c 100644 --- a/content/news/2012/01/index.html +++ b/content/news/2012/01/index.html @@ -64,6 +64,7 @@ <h2>2016</h2> <ul> <li><a href="/news/2016">All of 2016</a></li> + <li><a href="/news/2016/12">December</a></li> <li><a href="/news/2016/11">November</a></li> <li><a href="/news/2016/10">October</a></li> <li><a href="/news/2016/08">August</a></li> http://git-wip-us.apache.org/repos/asf/wicket-site/blob/178bb54b/content/news/2012/03/index.html ---------------------------------------------------------------------- diff --git a/content/news/2012/03/index.html b/content/news/2012/03/index.html index d752483..aad12da 100644 --- a/content/news/2012/03/index.html +++ b/content/news/2012/03/index.html @@ -112,6 +112,7 @@ This release brings over many improvements over the 1.5.x series.</p> <h2>2016</h2> <ul> <li><a href="/news/2016">All of 2016</a></li> + <li><a href="/news/2016/12">December</a></li> <li><a href="/news/2016/11">November</a></li> <li><a href="/news/2016/10">October</a></li> <li><a href="/news/2016/08">August</a></li> http://git-wip-us.apache.org/repos/asf/wicket-site/blob/178bb54b/content/news/2012/05/index.html ---------------------------------------------------------------------- diff --git a/content/news/2012/05/index.html b/content/news/2012/05/index.html index e213aa0..ebeb8c9 100644 --- a/content/news/2012/05/index.html +++ b/content/news/2012/05/index.html @@ -74,6 +74,7 @@ This release brings over many improvements over the 1.5.x series.</p> <h2>2016</h2> <ul> <li><a href="/news/2016">All of 2016</a></li> + <li><a href="/news/2016/12">December</a></li> <li><a href="/news/2016/11">November</a></li> <li><a href="/news/2016/10">October</a></li> <li><a href="/news/2016/08">August</a></li> http://git-wip-us.apache.org/repos/asf/wicket-site/blob/178bb54b/content/news/2012/06/index.html ---------------------------------------------------------------------- diff --git a/content/news/2012/06/index.html b/content/news/2012/06/index.html index 49a0f1f..dbc9199 100644 --- a/content/news/2012/06/index.html +++ b/content/news/2012/06/index.html @@ -70,6 +70,7 @@ <h2>2016</h2> <ul> <li><a href="/news/2016">All of 2016</a></li> + <li><a href="/news/2016/12">December</a></li> <li><a href="/news/2016/11">November</a></li> <li><a href="/news/2016/10">October</a></li> <li><a href="/news/2016/08">August</a></li> http://git-wip-us.apache.org/repos/asf/wicket-site/blob/178bb54b/content/news/2012/07/index.html ---------------------------------------------------------------------- diff --git a/content/news/2012/07/index.html b/content/news/2012/07/index.html index 78bd4f5..11fa7d8 100644 --- a/content/news/2012/07/index.html +++ b/content/news/2012/07/index.html @@ -63,6 +63,7 @@ be silenced (or learn to li...</p> <h2>2016</h2> <ul> <li><a href="/news/2016">All of 2016</a></li> + <li><a href="/news/2016/12">December</a></li> <li><a href="/news/2016/11">November</a></li> <li><a href="/news/2016/10">October</a></li> <li><a href="/news/2016/08">August</a></li> http://git-wip-us.apache.org/repos/asf/wicket-site/blob/178bb54b/content/news/2012/08/index.html ---------------------------------------------------------------------- diff --git a/content/news/2012/08/index.html b/content/news/2012/08/index.html index bae3841..41633e0 100644 --- a/content/news/2012/08/index.html +++ b/content/news/2012/08/index.html @@ -64,6 +64,7 @@ <h2>2016</h2> <ul> <li><a href="/news/2016">All of 2016</a></li> + <li><a href="/news/2016/12">December</a></li> <li><a href="/news/2016/11">November</a></li> <li><a href="/news/2016/10">October</a></li> <li><a href="/news/2016/08">August</a></li> http://git-wip-us.apache.org/repos/asf/wicket-site/blob/178bb54b/content/news/2012/09/index.html ---------------------------------------------------------------------- diff --git a/content/news/2012/09/index.html b/content/news/2012/09/index.html index 7a9184b..01f39e3 100644 --- a/content/news/2012/09/index.html +++ b/content/news/2012/09/index.html @@ -86,6 +86,7 @@ encoded null byte to a URL pointing to a Wicket app. This could be done by...</p <h2>2016</h2> <ul> <li><a href="/news/2016">All of 2016</a></li> + <li><a href="/news/2016/12">December</a></li> <li><a href="/news/2016/11">November</a></li> <li><a href="/news/2016/10">October</a></li> <li><a href="/news/2016/08">August</a></li> http://git-wip-us.apache.org/repos/asf/wicket-site/blob/178bb54b/content/news/2012/10/index.html ---------------------------------------------------------------------- diff --git a/content/news/2012/10/index.html b/content/news/2012/10/index.html index e0a57f4..e6ede23 100644 --- a/content/news/2012/10/index.html +++ b/content/news/2012/10/index.html @@ -74,6 +74,7 @@ with Wicket 6 we u...</p> <h2>2016</h2> <ul> <li><a href="/news/2016">All of 2016</a></li> + <li><a href="/news/2016/12">December</a></li> <li><a href="/news/2016/11">November</a></li> <li><a href="/news/2016/10">October</a></li> <li><a href="/news/2016/08">August</a></li> http://git-wip-us.apache.org/repos/asf/wicket-site/blob/178bb54b/content/news/2012/11/index.html ---------------------------------------------------------------------- diff --git a/content/news/2012/11/index.html b/content/news/2012/11/index.html index 87750dc..6ba2c53 100644 --- a/content/news/2012/11/index.html +++ b/content/news/2012/11/index.html @@ -72,6 +72,7 @@ with Wicket 6 we u...</p> <h2>2016</h2> <ul> <li><a href="/news/2016">All of 2016</a></li> + <li><a href="/news/2016/12">December</a></li> <li><a href="/news/2016/11">November</a></li> <li><a href="/news/2016/10">October</a></li> <li><a href="/news/2016/08">August</a></li> http://git-wip-us.apache.org/repos/asf/wicket-site/blob/178bb54b/content/news/2012/12/index.html ---------------------------------------------------------------------- diff --git a/content/news/2012/12/index.html b/content/news/2012/12/index.html index 197e15b..356a47a 100644 --- a/content/news/2012/12/index.html +++ b/content/news/2012/12/index.html @@ -59,6 +59,7 @@ with Wicket 6 we u...</p> <h2>2016</h2> <ul> <li><a href="/news/2016">All of 2016</a></li> + <li><a href="/news/2016/12">December</a></li> <li><a href="/news/2016/11">November</a></li> <li><a href="/news/2016/10">October</a></li> <li><a href="/news/2016/08">August</a></li> http://git-wip-us.apache.org/repos/asf/wicket-site/blob/178bb54b/content/news/2012/index.html ---------------------------------------------------------------------- diff --git a/content/news/2012/index.html b/content/news/2012/index.html index 9374350..eeea978 100644 --- a/content/news/2012/index.html +++ b/content/news/2012/index.html @@ -239,6 +239,7 @@ <h2>2016</h2> <ul> <li><a href="/news/2016">All of 2016</a></li> + <li><a href="/news/2016/12">December</a></li> <li><a href="/news/2016/11">November</a></li> <li><a href="/news/2016/10">October</a></li> <li><a href="/news/2016/08">August</a></li> http://git-wip-us.apache.org/repos/asf/wicket-site/blob/178bb54b/content/news/2013/01/index.html ---------------------------------------------------------------------- diff --git a/content/news/2013/01/index.html b/content/news/2013/01/index.html index d50f5e9..234ba67 100644 --- a/content/news/2013/01/index.html +++ b/content/news/2013/01/index.html @@ -59,6 +59,7 @@ with Wicket 6 we u...</p> <h2>2016</h2> <ul> <li><a href="/news/2016">All of 2016</a></li> + <li><a href="/news/2016/12">December</a></li> <li><a href="/news/2016/11">November</a></li> <li><a href="/news/2016/10">October</a></li> <li><a href="/news/2016/08">August</a></li> http://git-wip-us.apache.org/repos/asf/wicket-site/blob/178bb54b/content/news/2013/02/index.html ---------------------------------------------------------------------- diff --git a/content/news/2013/02/index.html b/content/news/2013/02/index.html index 42e6252..e1a525e 100644 --- a/content/news/2013/02/index.html +++ b/content/news/2013/02/index.html @@ -72,6 +72,7 @@ with Wicket 6 we u...</p> <h2>2016</h2> <ul> <li><a href="/news/2016">All of 2016</a></li> + <li><a href="/news/2016/12">December</a></li> <li><a href="/news/2016/11">November</a></li> <li><a href="/news/2016/10">October</a></li> <li><a href="/news/2016/08">August</a></li> http://git-wip-us.apache.org/repos/asf/wicket-site/blob/178bb54b/content/news/2013/03/index.html ---------------------------------------------------------------------- diff --git a/content/news/2013/03/index.html b/content/news/2013/03/index.html index 9b84d3b..a71698c 100644 --- a/content/news/2013/03/index.html +++ b/content/news/2013/03/index.html @@ -64,6 +64,7 @@ This mig...</p> <h2>2016</h2> <ul> <li><a href="/news/2016">All of 2016</a></li> + <li><a href="/news/2016/12">December</a></li> <li><a href="/news/2016/11">November</a></li> <li><a href="/news/2016/10">October</a></li> <li><a href="/news/2016/08">August</a></li> http://git-wip-us.apache.org/repos/asf/wicket-site/blob/178bb54b/content/news/2013/04/index.html ---------------------------------------------------------------------- diff --git a/content/news/2013/04/index.html b/content/news/2013/04/index.html index 5199001..a5986b0 100644 --- a/content/news/2013/04/index.html +++ b/content/news/2013/04/index.html @@ -59,6 +59,7 @@ with Wicket 6 we u...</p> <h2>2016</h2> <ul> <li><a href="/news/2016">All of 2016</a></li> + <li><a href="/news/2016/12">December</a></li> <li><a href="/news/2016/11">November</a></li> <li><a href="/news/2016/10">October</a></li> <li><a href="/news/2016/08">August</a></li> http://git-wip-us.apache.org/repos/asf/wicket-site/blob/178bb54b/content/news/2013/05/index.html ---------------------------------------------------------------------- diff --git a/content/news/2013/05/index.html b/content/news/2013/05/index.html index 47c5e9b..2b88f39 100644 --- a/content/news/2013/05/index.html +++ b/content/news/2013/05/index.html @@ -59,6 +59,7 @@ with Wicket 6 we u...</p> <h2>2016</h2> <ul> <li><a href="/news/2016">All of 2016</a></li> + <li><a href="/news/2016/12">December</a></li> <li><a href="/news/2016/11">November</a></li> <li><a href="/news/2016/10">October</a></li> <li><a href="/news/2016/08">August</a></li> http://git-wip-us.apache.org/repos/asf/wicket-site/blob/178bb54b/content/news/2013/06/index.html ---------------------------------------------------------------------- diff --git a/content/news/2013/06/index.html b/content/news/2013/06/index.html index e4387a7..6cb453d 100644 --- a/content/news/2013/06/index.html +++ b/content/news/2013/06/index.html @@ -59,6 +59,7 @@ Wicket 6 we u...</p> <h2>2016</h2> <ul> <li><a href="/news/2016">All of 2016</a></li> + <li><a href="/news/2016/12">December</a></li> <li><a href="/news/2016/11">November</a></li> <li><a href="/news/2016/10">October</a></li> <li><a href="/news/2016/08">August</a></li> http://git-wip-us.apache.org/repos/asf/wicket-site/blob/178bb54b/content/news/2013/07/index.html ---------------------------------------------------------------------- diff --git a/content/news/2013/07/index.html b/content/news/2013/07/index.html index a6fcf1c..b7b272d 100644 --- a/content/news/2013/07/index.html +++ b/content/news/2013/07/index.html @@ -58,6 +58,7 @@ <h2>2016</h2> <ul> <li><a href="/news/2016">All of 2016</a></li> + <li><a href="/news/2016/12">December</a></li> <li><a href="/news/2016/11">November</a></li> <li><a href="/news/2016/10">October</a></li> <li><a href="/news/2016/08">August</a></li> http://git-wip-us.apache.org/repos/asf/wicket-site/blob/178bb54b/content/news/2013/08/index.html ---------------------------------------------------------------------- diff --git a/content/news/2013/08/index.html b/content/news/2013/08/index.html index dc17a65..471b91f 100644 --- a/content/news/2013/08/index.html +++ b/content/news/2013/08/index.html @@ -59,6 +59,7 @@ Wicket 6 we us...</p> <h2>2016</h2> <ul> <li><a href="/news/2016">All of 2016</a></li> + <li><a href="/news/2016/12">December</a></li> <li><a href="/news/2016/11">November</a></li> <li><a href="/news/2016/10">October</a></li> <li><a href="/news/2016/08">August</a></li> http://git-wip-us.apache.org/repos/asf/wicket-site/blob/178bb54b/content/news/2013/09/index.html ---------------------------------------------------------------------- diff --git a/content/news/2013/09/index.html b/content/news/2013/09/index.html index 1dd7fee..9a4bbef 100644 --- a/content/news/2013/09/index.html +++ b/content/news/2013/09/index.html @@ -59,6 +59,7 @@ with Wicket 6 we us...</p> <h2>2016</h2> <ul> <li><a href="/news/2016">All of 2016</a></li> + <li><a href="/news/2016/12">December</a></li> <li><a href="/news/2016/11">November</a></li> <li><a href="/news/2016/10">October</a></li> <li><a href="/news/2016/08">August</a></li> http://git-wip-us.apache.org/repos/asf/wicket-site/blob/178bb54b/content/news/2013/11/index.html ---------------------------------------------------------------------- diff --git a/content/news/2013/11/index.html b/content/news/2013/11/index.html index 2f2ab13..37a1989 100644 --- a/content/news/2013/11/index.html +++ b/content/news/2013/11/index.html @@ -59,6 +59,7 @@ with Wicket 6 we us...</p> <h2>2016</h2> <ul> <li><a href="/news/2016">All of 2016</a></li> + <li><a href="/news/2016/12">December</a></li> <li><a href="/news/2016/11">November</a></li> <li><a href="/news/2016/10">October</a></li> <li><a href="/news/2016/08">August</a></li> http://git-wip-us.apache.org/repos/asf/wicket-site/blob/178bb54b/content/news/2013/index.html ---------------------------------------------------------------------- diff --git a/content/news/2013/index.html b/content/news/2013/index.html index 9a738ff..983f243 100644 --- a/content/news/2013/index.html +++ b/content/news/2013/index.html @@ -179,6 +179,7 @@ <h2>2016</h2> <ul> <li><a href="/news/2016">All of 2016</a></li> + <li><a href="/news/2016/12">December</a></li> <li><a href="/news/2016/11">November</a></li> <li><a href="/news/2016/10">October</a></li> <li><a href="/news/2016/08">August</a></li> http://git-wip-us.apache.org/repos/asf/wicket-site/blob/178bb54b/content/news/2014/01/index.html ---------------------------------------------------------------------- diff --git a/content/news/2014/01/index.html b/content/news/2014/01/index.html index 6fb2d63..cbbb013 100644 --- a/content/news/2014/01/index.html +++ b/content/news/2014/01/index.html @@ -59,6 +59,7 @@ with Wicket 6 we us...</p> <h2>2016</h2> <ul> <li><a href="/news/2016">All of 2016</a></li> + <li><a href="/news/2016/12">December</a></li> <li><a href="/news/2016/11">November</a></li> <li><a href="/news/2016/10">October</a></li> <li><a href="/news/2016/08">August</a></li> http://git-wip-us.apache.org/repos/asf/wicket-site/blob/178bb54b/content/news/2014/02/06/cve-2013-2055.html ---------------------------------------------------------------------- diff --git a/content/news/2014/02/06/cve-2013-2055.html b/content/news/2014/02/06/cve-2013-2055.html index 4358ce3..db76b2f 100644 --- a/content/news/2014/02/06/cve-2013-2055.html +++ b/content/news/2014/02/06/cve-2013-2055.html @@ -65,10 +65,12 @@ For example if there is sensitive information before or after the Wicket Panel/B <span class="nt"></wicket:panel></span> something sensitive here 2</code></pre></figure> <p>Usually Wicket will render only the âreal application codeâ part but by exploiting this vulnerability an attacker can see also the code with the sensitive information.</p> -<p>The application developers are recommended to upgrade to: -- <a href="/news/2014/02/06/wicket-1.4.23-released.html">Apache Wicket 1.4.23</a> -- <a href="/news/2014/02/06/wicket-1.5.11-released.html">Apache Wicket 1.5.11</a> -- <a href="/news/2013/05/17/wicket-6.8.0-released.html">Apache Wicket 6.8.0</a></p> +<p>The application developers are recommended to upgrade to:</p> +<ul> + <li><a href="/news/2014/02/06/wicket-1.4.23-released.html">Apache Wicket 1.4.23</a></li> + <li><a href="/news/2014/02/06/wicket-1.5.11-released.html">Apache Wicket 1.5.11</a></li> + <li><a href="/news/2013/05/17/wicket-6.8.0-released.html">Apache Wicket 6.8.0</a></li> +</ul> <p>and/or to remove any sensitive information in the HTML templates.</p> <p>Apache Wicket Team</p> </div> http://git-wip-us.apache.org/repos/asf/wicket-site/blob/178bb54b/content/news/2014/02/21/cve-2014-0043.html ---------------------------------------------------------------------- diff --git a/content/news/2014/02/21/cve-2014-0043.html b/content/news/2014/02/21/cve-2014-0043.html index 853ae93..f748d0b 100644 --- a/content/news/2014/02/21/cve-2014-0043.html +++ b/content/news/2014/02/21/cve-2014-0043.html @@ -57,9 +57,11 @@ The Apache Software Foundation</p> Apache Wicket 1.5.10 and 6.13.0</p> <p>Description:</p> <p>By issuing requests to special urls handled by Wicket it is possible to check for the existence of particular classes in the classpath and thus check whether a third party library with a known security vulnerability is in use.</p> -<p>The application developers are recommended to upgrade to: -- <a href="/news/2014/02/06/wicket-1.5.11-released.html">Apache Wicket 1.5.11</a> -- <a href="/news/2014/02/20/wicket-6.14.0-released.html">Apache Wicket 6.14.0</a></p> +<p>The application developers are recommended to upgrade to:</p> +<ul> + <li><a href="/news/2014/02/06/wicket-1.5.11-released.html">Apache Wicket 1.5.11</a></li> + <li><a href="/news/2014/02/20/wicket-6.14.0-released.html">Apache Wicket 6.14.0</a></li> +</ul> <p>Credit: This issue was reported by Christian Schneider!</p> <p>Apache Wicket Team</p> http://git-wip-us.apache.org/repos/asf/wicket-site/blob/178bb54b/content/news/2014/02/index.html ---------------------------------------------------------------------- diff --git a/content/news/2014/02/index.html b/content/news/2014/02/index.html index 7be7fc2..c9cc1e5 100644 --- a/content/news/2014/02/index.html +++ b/content/news/2014/02/index.html @@ -111,6 +111,7 @@ Apache Wicket 1.5.10 and 6.13.0</p> <h2>2016</h2> <ul> <li><a href="/news/2016">All of 2016</a></li> + <li><a href="/news/2016/12">December</a></li> <li><a href="/news/2016/11">November</a></li> <li><a href="/news/2016/10">October</a></li> <li><a href="/news/2016/08">August</a></li> http://git-wip-us.apache.org/repos/asf/wicket-site/blob/178bb54b/content/news/2014/04/index.html ---------------------------------------------------------------------- diff --git a/content/news/2014/04/index.html b/content/news/2014/04/index.html index 63fa263..a72d7eb 100644 --- a/content/news/2014/04/index.html +++ b/content/news/2014/04/index.html @@ -70,6 +70,7 @@ the course of the coming milestone releases....</p> <h2>2016</h2> <ul> <li><a href="/news/2016">All of 2016</a></li> + <li><a href="/news/2016/12">December</a></li> <li><a href="/news/2016/11">November</a></li> <li><a href="/news/2016/10">October</a></li> <li><a href="/news/2016/08">August</a></li> http://git-wip-us.apache.org/repos/asf/wicket-site/blob/178bb54b/content/news/2014/06/index.html ---------------------------------------------------------------------- diff --git a/content/news/2014/06/index.html b/content/news/2014/06/index.html index e8dd7bc..9837c45 100644 --- a/content/news/2014/06/index.html +++ b/content/news/2014/06/index.html @@ -70,6 +70,7 @@ with Wicket 6 we us...</p> <h2>2016</h2> <ul> <li><a href="/news/2016">All of 2016</a></li> + <li><a href="/news/2016/12">December</a></li> <li><a href="/news/2016/11">November</a></li> <li><a href="/news/2016/10">October</a></li> <li><a href="/news/2016/08">August</a></li> http://git-wip-us.apache.org/repos/asf/wicket-site/blob/178bb54b/content/news/2014/08/index.html ---------------------------------------------------------------------- diff --git a/content/news/2014/08/index.html b/content/news/2014/08/index.html index b50fd9a..8e8c85a 100644 --- a/content/news/2014/08/index.html +++ b/content/news/2014/08/index.html @@ -70,6 +70,7 @@ with Wicket 6 we us...</p> <h2>2016</h2> <ul> <li><a href="/news/2016">All of 2016</a></li> + <li><a href="/news/2016/12">December</a></li> <li><a href="/news/2016/11">November</a></li> <li><a href="/news/2016/10">October</a></li> <li><a href="/news/2016/08">August</a></li> http://git-wip-us.apache.org/repos/asf/wicket-site/blob/178bb54b/content/news/2014/09/22/cve-2014-3526.html ---------------------------------------------------------------------- diff --git a/content/news/2014/09/22/cve-2014-3526.html b/content/news/2014/09/22/cve-2014-3526.html index d387ae5..ab2935e 100644 --- a/content/news/2014/09/22/cve-2014-3526.html +++ b/content/news/2014/09/22/cve-2014-3526.html @@ -59,10 +59,12 @@ Apache Wicket 1.5.11, 6.16.0 and 7.0.0-M2</p> <p>When rendering a web page Wicket checks the request url against the one at the render time. It is possible the application to change the page parameters (this includes both the query parameters and parameters encoded into the request path). When the requested url differs with the one at the rendering time Wicket stores the response (i.e. the page markup) at the server side and issues an HTTP redirect to the new url. When the second request comes Wicket just flushes the stored response from the first request into the http output stream. This way the browser address bar shows the updated page parameters. When storing the page markup at the server side Wicket uses as an identifier a pair of the current session id plus the new url. However, Wicket does not check if user session is temporary (i.e. sessionId is null). This could lead to a security issue if two or more users with a temporary session are redirected to the same url at the same time. Then user1 might see the markup for user2 which has overridden the markup for user1 while user1 was following the HTTP redirect. In this way user-sensitive informations can be seen by other users.</p> -<p>The application developers are recommended to upgrade to: -- <a href="/news/2014/09/15/wicket-1.5.12-released.html">Apache Wicket 1.5.12</a> -- <a href="/news/2014/08/24/wicket-6.17.0-released.html">Apache Wicket 6.17.0</a> -- <a href="/news/2014/08/23/wicket-7.0.0-M3-released.html">Apache Wicket 7.0.0-M3</a></p> +<p>The application developers are recommended to upgrade to:</p> +<ul> + <li><a href="/news/2014/09/15/wicket-1.5.12-released.html">Apache Wicket 1.5.12</a></li> + <li><a href="/news/2014/08/24/wicket-6.17.0-released.html">Apache Wicket 6.17.0</a></li> + <li><a href="/news/2014/08/23/wicket-7.0.0-M3-released.html">Apache Wicket 7.0.0-M3</a></li> +</ul> <p>Credit: This issue was reported by Andrea Del Bene and Martin Grigorov!</p> <p>Apache Wicket Team</p> http://git-wip-us.apache.org/repos/asf/wicket-site/blob/178bb54b/content/news/2014/09/index.html ---------------------------------------------------------------------- diff --git a/content/news/2014/09/index.html b/content/news/2014/09/index.html index 05e9fa1..1294026 100644 --- a/content/news/2014/09/index.html +++ b/content/news/2014/09/index.html @@ -78,6 +78,7 @@ This could lead to a security issue if two or more users with a temporary sessio <h2>2016</h2> <ul> <li><a href="/news/2016">All of 2016</a></li> + <li><a href="/news/2016/12">December</a></li> <li><a href="/news/2016/11">November</a></li> <li><a href="/news/2016/10">October</a></li> <li><a href="/news/2016/08">August</a></li> http://git-wip-us.apache.org/repos/asf/wicket-site/blob/178bb54b/content/news/2014/11/index.html ---------------------------------------------------------------------- diff --git a/content/news/2014/11/index.html b/content/news/2014/11/index.html index 643c88a..662739f 100644 --- a/content/news/2014/11/index.html +++ b/content/news/2014/11/index.html @@ -66,6 +66,7 @@ with Wicket 6 we us...</p> <h2>2016</h2> <ul> <li><a href="/news/2016">All of 2016</a></li> + <li><a href="/news/2016/12">December</a></li> <li><a href="/news/2016/11">November</a></li> <li><a href="/news/2016/10">October</a></li> <li><a href="/news/2016/08">August</a></li> http://git-wip-us.apache.org/repos/asf/wicket-site/blob/178bb54b/content/news/2014/index.html ---------------------------------------------------------------------- diff --git a/content/news/2014/index.html b/content/news/2014/index.html index 42464ae..d342e97 100644 --- a/content/news/2014/index.html +++ b/content/news/2014/index.html @@ -191,6 +191,7 @@ <h2>2016</h2> <ul> <li><a href="/news/2016">All of 2016</a></li> + <li><a href="/news/2016/12">December</a></li> <li><a href="/news/2016/11">November</a></li> <li><a href="/news/2016/10">October</a></li> <li><a href="/news/2016/08">August</a></li> http://git-wip-us.apache.org/repos/asf/wicket-site/blob/178bb54b/content/news/2015/02/index.html ---------------------------------------------------------------------- diff --git a/content/news/2015/02/index.html b/content/news/2015/02/index.html index e685093..5c355a3 100644 --- a/content/news/2015/02/index.html +++ b/content/news/2015/02/index.html @@ -88,6 +88,7 @@ to announce that he has accepted.</p> <h2>2016</h2> <ul> <li><a href="/news/2016">All of 2016</a></li> + <li><a href="/news/2016/12">December</a></li> <li><a href="/news/2016/11">November</a></li> <li><a href="/news/2016/10">October</a></li> <li><a href="/news/2016/08">August</a></li> http://git-wip-us.apache.org/repos/asf/wicket-site/blob/178bb54b/content/news/2015/06/index.html ---------------------------------------------------------------------- diff --git a/content/news/2015/06/index.html b/content/news/2015/06/index.html index 40ec247..e8145df 100644 --- a/content/news/2015/06/index.html +++ b/content/news/2015/06/index.html @@ -66,6 +66,7 @@ with Wicket 6 we us...</p> <h2>2016</h2> <ul> <li><a href="/news/2016">All of 2016</a></li> + <li><a href="/news/2016/12">December</a></li> <li><a href="/news/2016/11">November</a></li> <li><a href="/news/2016/10">October</a></li> <li><a href="/news/2016/08">August</a></li> http://git-wip-us.apache.org/repos/asf/wicket-site/blob/178bb54b/content/news/2015/07/index.html ---------------------------------------------------------------------- diff --git a/content/news/2015/07/index.html b/content/news/2015/07/index.html index 6ab6128..e0233c0 100644 --- a/content/news/2015/07/index.html +++ b/content/news/2015/07/index.html @@ -57,6 +57,7 @@ <h2>2016</h2> <ul> <li><a href="/news/2016">All of 2016</a></li> + <li><a href="/news/2016/12">December</a></li> <li><a href="/news/2016/11">November</a></li> <li><a href="/news/2016/10">October</a></li> <li><a href="/news/2016/08">August</a></li> http://git-wip-us.apache.org/repos/asf/wicket-site/blob/178bb54b/content/news/2015/10/index.html ---------------------------------------------------------------------- diff --git a/content/news/2015/10/index.html b/content/news/2015/10/index.html index 93aa30f..ddfa0c8 100644 --- a/content/news/2015/10/index.html +++ b/content/news/2015/10/index.html @@ -74,6 +74,7 @@ use semantic ...</p> <h2>2016</h2> <ul> <li><a href="/news/2016">All of 2016</a></li> + <li><a href="/news/2016/12">December</a></li> <li><a href="/news/2016/11">November</a></li> <li><a href="/news/2016/10">October</a></li> <li><a href="/news/2016/08">August</a></li> http://git-wip-us.apache.org/repos/asf/wicket-site/blob/178bb54b/content/news/2015/11/15/wicket-1.4.x-eol.html ---------------------------------------------------------------------- diff --git a/content/news/2015/11/15/wicket-1.4.x-eol.html b/content/news/2015/11/15/wicket-1.4.x-eol.html index 3be665d..15594d6 100644 --- a/content/news/2015/11/15/wicket-1.4.x-eol.html +++ b/content/news/2015/11/15/wicket-1.4.x-eol.html @@ -52,12 +52,14 @@ <p class="meta">15 Nov 2015</p> <p>The Apache Wicket team announces that support for Apache Wicket 1.4.x ends on 16 November 2015. On the same day Wicket 1.5.x enters âsecurity fixesâ maintenance mode.</p> -<p>This means that after 16 October 2015: -- no more releases from the 1.4.x branch -- bugs affecting only the 1.4.x branch will not be addressed -- security vulnerability reports will not be checked against the 1.4.x branch -- releases from the 1.5.x branch are highly unlikely -- only security patches will be applied to the 1.5.x branch</p> +<p>This means that after 16 October 2015:</p> +<ul> + <li>no more releases from the 1.4.x branch</li> + <li>bugs affecting only the 1.4.x branch will not be addressed</li> + <li>security vulnerability reports will not be checked against the 1.4.x branch</li> + <li>releases from the 1.5.x branch are highly unlikely</li> + <li>only security patches will be applied to the 1.5.x branch</li> +</ul> <p>The Wicket Team</p> </div> </section> http://git-wip-us.apache.org/repos/asf/wicket-site/blob/178bb54b/content/news/2015/11/index.html ---------------------------------------------------------------------- diff --git a/content/news/2015/11/index.html b/content/news/2015/11/index.html index 3b13292..a0a62d4 100644 --- a/content/news/2015/11/index.html +++ b/content/news/2015/11/index.html @@ -51,12 +51,7 @@ <p><small>15 Nov 2015</small></p> <p>The Apache Wicket team announces that support for Apache Wicket 1.4.x ends on 16 November 2015. On the same day Wicket 1.5.x enters âsecurity fixesâ maintenance mode.</p> -<p>This means that after 16 October 2015: -- no more releases from the 1.4.x branch -- bugs affecting only the 1.4.x branch will not be addressed -- security vulnerability reports will not be checked against the 1.4.x branch -- releases from the 1.5.x branch are highly unlikely -- only security patches will ...</p> +<p>This mea...</p> <a href="/news/2015/11/15/wicket-1.4.x-eol.html">more</a></li> </div> <div class="news"> @@ -72,6 +67,7 @@ use semantic v...</p> <h2>2016</h2> <ul> <li><a href="/news/2016">All of 2016</a></li> + <li><a href="/news/2016/12">December</a></li> <li><a href="/news/2016/11">November</a></li> <li><a href="/news/2016/10">October</a></li> <li><a href="/news/2016/08">August</a></li> http://git-wip-us.apache.org/repos/asf/wicket-site/blob/178bb54b/content/news/2015/index.html ---------------------------------------------------------------------- diff --git a/content/news/2015/index.html b/content/news/2015/index.html index e8815b6..cd6c514 100644 --- a/content/news/2015/index.html +++ b/content/news/2015/index.html @@ -149,6 +149,7 @@ <h2>2016</h2> <ul> <li><a href="/news/2016">All of 2016</a></li> + <li><a href="/news/2016/12">December</a></li> <li><a href="/news/2016/11">November</a></li> <li><a href="/news/2016/10">October</a></li> <li><a href="/news/2016/08">August</a></li> http://git-wip-us.apache.org/repos/asf/wicket-site/blob/178bb54b/content/news/2016/01/index.html ---------------------------------------------------------------------- diff --git a/content/news/2016/01/index.html b/content/news/2016/01/index.html index 0d01c2d..4e49497 100644 --- a/content/news/2016/01/index.html +++ b/content/news/2016/01/index.html @@ -59,6 +59,7 @@ use semantic ...</p> <h2>2016</h2> <ul> <li><a href="/news/2016">All of 2016</a></li> + <li><a href="/news/2016/12">December</a></li> <li><a href="/news/2016/11">November</a></li> <li><a href="/news/2016/10">October</a></li> <li><a href="/news/2016/08">August</a></li> http://git-wip-us.apache.org/repos/asf/wicket-site/blob/178bb54b/content/news/2016/02/19/wicket-1.5.15-released.html ---------------------------------------------------------------------- diff --git a/content/news/2016/02/19/wicket-1.5.15-released.html b/content/news/2016/02/19/wicket-1.5.15-released.html index 3ad6d8e..2d1f374 100644 --- a/content/news/2016/02/19/wicket-1.5.15-released.html +++ b/content/news/2016/02/19/wicket-1.5.15-released.html @@ -65,7 +65,7 @@ <span class="nt"><artifactId></span>wicket-core<span class="nt"></artifactId></span> <span class="nt"><version></span>1.5.15<span class="nt"></version></span> <span class="nt"></dependency></span></code></pre></figure> -<h4 id="download-the-full-distributionhttpwwwapacheorgdynclosercgiwicket1515-including-sources">Download the <a href="http://www.apache.org/dyn/closer.cgi/wicket/1.5.15";>full distribution</a> (including sources)</h4> +<h4 id="download-the-full-distribution-including-sources">Download the <a href="http://www.apache.org/dyn/closer.cgi/wicket/1.5.15";>full distribution</a> (including sources)</h4> </div> </section> </div> http://git-wip-us.apache.org/repos/asf/wicket-site/blob/178bb54b/content/news/2016/02/index.html ---------------------------------------------------------------------- diff --git a/content/news/2016/02/index.html b/content/news/2016/02/index.html index c2b1288..2b35df3 100644 --- a/content/news/2016/02/index.html +++ b/content/news/2016/02/index.html @@ -73,6 +73,7 @@ use semantic v...</p> <h2>2016</h2> <ul> <li><a href="/news/2016">All of 2016</a></li> + <li><a href="/news/2016/12">December</a></li> <li><a href="/news/2016/11">November</a></li> <li><a href="/news/2016/10">October</a></li> <li><a href="/news/2016/08">August</a></li> http://git-wip-us.apache.org/repos/asf/wicket-site/blob/178bb54b/content/news/2016/03/index.html ---------------------------------------------------------------------- diff --git a/content/news/2016/03/index.html b/content/news/2016/03/index.html index e49891c..667b891 100644 --- a/content/news/2016/03/index.html +++ b/content/news/2016/03/index.html @@ -76,6 +76,7 @@ Apache Wicket 1.5.x, 6.x and 7.x</p> <h2>2016</h2> <ul> <li><a href="/news/2016">All of 2016</a></li> + <li><a href="/news/2016/12">December</a></li> <li><a href="/news/2016/11">November</a></li> <li><a href="/news/2016/10">October</a></li> <li><a href="/news/2016/08">August</a></li> http://git-wip-us.apache.org/repos/asf/wicket-site/blob/178bb54b/content/news/2016/05/index.html ---------------------------------------------------------------------- diff --git a/content/news/2016/05/index.html b/content/news/2016/05/index.html index ed9f4be..b6c0ec9 100644 --- a/content/news/2016/05/index.html +++ b/content/news/2016/05/index.html @@ -69,6 +69,7 @@ government...</p> <h2>2016</h2> <ul> <li><a href="/news/2016">All of 2016</a></li> + <li><a href="/news/2016/12">December</a></li> <li><a href="/news/2016/11">November</a></li> <li><a href="/news/2016/10">October</a></li> <li><a href="/news/2016/08">August</a></li> http://git-wip-us.apache.org/repos/asf/wicket-site/blob/178bb54b/content/news/2016/07/index.html ---------------------------------------------------------------------- diff --git a/content/news/2016/07/index.html b/content/news/2016/07/index.html index 0a4fa89..f761a8a 100644 --- a/content/news/2016/07/index.html +++ b/content/news/2016/07/index.html @@ -78,6 +78,7 @@ governments, ...</p> <h2>2016</h2> <ul> <li><a href="/news/2016">All of 2016</a></li> + <li><a href="/news/2016/12">December</a></li> <li><a href="/news/2016/11">November</a></li> <li><a href="/news/2016/10">October</a></li> <li><a href="/news/2016/08">August</a></li> http://git-wip-us.apache.org/repos/asf/wicket-site/blob/178bb54b/content/news/2016/08/05/wicket-1.5.16-released.html ---------------------------------------------------------------------- diff --git a/content/news/2016/08/05/wicket-1.5.16-released.html b/content/news/2016/08/05/wicket-1.5.16-released.html index 41da711..1099853 100644 --- a/content/news/2016/08/05/wicket-1.5.16-released.html +++ b/content/news/2016/08/05/wicket-1.5.16-released.html @@ -65,7 +65,7 @@ <span class="nt"><artifactId></span>wicket-core<span class="nt"></artifactId></span> <span class="nt"><version></span>1.5.16<span class="nt"></version></span> <span class="nt"></dependency></span></code></pre></figure> -<h4 id="download-the-full-distributionhttpwwwapacheorgdynclosercgiwicket1516-including-sources">Download the <a href="http://www.apache.org/dyn/closer.cgi/wicket/1.5.16";>full distribution</a> (including sources)</h4> +<h4 id="download-the-full-distribution-including-sources">Download the <a href="http://www.apache.org/dyn/closer.cgi/wicket/1.5.16";>full distribution</a> (including sources)</h4> </div> </section> </div> http://git-wip-us.apache.org/repos/asf/wicket-site/blob/178bb54b/content/news/2016/08/index.html ---------------------------------------------------------------------- diff --git a/content/news/2016/08/index.html b/content/news/2016/08/index.html index a83dec1..532cf6c 100644 --- a/content/news/2016/08/index.html +++ b/content/news/2016/08/index.html @@ -78,6 +78,7 @@ using the Apache Commons Fileupload library to bec...</p> <h2>2016</h2> <ul> <li><a href="/news/2016">All of 2016</a></li> + <li><a href="/news/2016/12">December</a></li> <li><a href="/news/2016/11">November</a></li> <li><a href="/news/2016/10">October</a></li> <li><a href="/news/2016/08">August</a></li> http://git-wip-us.apache.org/repos/asf/wicket-site/blob/178bb54b/content/news/2016/10/index.html ---------------------------------------------------------------------- diff --git a/content/news/2016/10/index.html b/content/news/2016/10/index.html index f507efb..a8327b7 100644 --- a/content/news/2016/10/index.html +++ b/content/news/2016/10/index.html @@ -78,6 +78,7 @@ governments, ...</p> <h2>2016</h2> <ul> <li><a href="/news/2016">All of 2016</a></li> + <li><a href="/news/2016/12">December</a></li> <li><a href="/news/2016/11">November</a></li> <li><a href="/news/2016/10">October</a></li> <li><a href="/news/2016/08">August</a></li> http://git-wip-us.apache.org/repos/asf/wicket-site/blob/178bb54b/content/news/2016/11/index.html ---------------------------------------------------------------------- diff --git a/content/news/2016/11/index.html b/content/news/2016/11/index.html index 14ddcd0..83e17f4 100644 --- a/content/news/2016/11/index.html +++ b/content/news/2016/11/index.html @@ -65,6 +65,7 @@ side targets were subjected to the CSRF check. This was also f...</p> <h2>2016</h2> <ul> <li><a href="/news/2016">All of 2016</a></li> + <li><a href="/news/2016/12">December</a></li> <li><a href="/news/2016/11">November</a></li> <li><a href="/news/2016/10">October</a></li> <li><a href="/news/2016/08">August</a></li> http://git-wip-us.apache.org/repos/asf/wicket-site/blob/178bb54b/content/news/2016/12/31/cve-2016-6793.html ---------------------------------------------------------------------- diff --git a/content/news/2016/12/31/cve-2016-6793.html b/content/news/2016/12/31/cve-2016-6793.html new file mode 100644 index 0000000..e1ae5ff --- /dev/null +++ b/content/news/2016/12/31/cve-2016-6793.html @@ -0,0 +1,78 @@ +<!DOCTYPE html> +<html> + <head> + <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1"> + <meta charset="utf-8"> + <title>CVE-2016-6793 Apache Wicket deserialization vulnerability | Apache Wicket</title> + <meta name="viewport" content="width=device-width, initial-scale=1" /> + + <link rel="shortcut icon" href="/favicon.ico" type="image/vnd.microsoft.icon" /> + <link rel="stylesheet" href="/css/style.css" type="text/css" media="screen" /> + <link href="//maxcdn.bootstrapcdn.com/font-awesome/4.3.0/css/font-awesome.min.css" rel="stylesheet" /> + + <script src="//code.jquery.com/jquery-1.11.3.min.js"></script> + + </head> + + <body class=""> + <div class="header default"> + <div class="l-container"> +<nav class="mainmenu"> + <ul> + <!-- /start/quickstart.html || /news/2016/12/31/cve-2016-6793.html --> + <li class=""><a href="/start/quickstart.html">Quick Start</a></li> + <!-- /start/download.html || /news/2016/12/31/cve-2016-6793.html --> + <li class=""><a href="/start/download.html">Download</a></li> + <!-- /learn || /news/2016/12/31/cve-2016-6793.html --> + <li class=""><a href="/learn">Documentation</a></li> + <!-- /help || /news/2016/12/31/cve-2016-6793.html --> + <li class=""><a href="/help">Support</a></li> + <!-- /contribute || /news/2016/12/31/cve-2016-6793.html --> + <li class=""><a href="/contribute">Contribute</a></li> + <!-- /community || /news/2016/12/31/cve-2016-6793.html --> + <li class=""><a href="/community">Community</a></li> + <!-- /apache || /news/2016/12/31/cve-2016-6793.html --> + <li class=""><a href="/apache">Apache</a></li> + </ul> +</nav> + <div class="logo"> + <a href="/"><img src="/img/logo-apachewicket-white.svg" alt="Apache Wicket"></a> +</div> + </div> +</div> +<main> + <div class="l-container"> + <header class="l-full preamble"> + <h1>CVE-2016-6793 Apache Wicket deserialization vulnerability</h1> + </header> + <section class="l-one-third right"> + </section> + <section class="l-two-third left"> + <div class="l-full"> + <p class="meta">31 Dec 2016</p> + <p><em>Severity</em>: Low</p> +<p><em>Vendor</em>: The Apache Software Foundation</p> +<p><em>Versions Affected</em>: Apache Wicket 6.x and 1.5.x</p> +<p><em>Description</em>: Depending on the ISerializer set in the Wicket application, +itâs possible that a Wicketâs object deserialized from an untrusted source +and utilized by the application to causes the code to enter in an infinite +loop. Specifically, Wicketâs DiskFileItem class, serialized by Kryo, allows +an attacker to hack its serialized form to put a client on an infinite loop +if the client attempts to write on the DeferredFileOutputStream attribute.</p> +<p><em>Mitigation</em>: Upgrade to Apache Wicket 6.25.0 or 1.5.17</p> +<p><em>Credit</em>: This issue was discovered +by Jacob Baines, Tenable Network Security and Pedro Santos</p> +<p>References: https://wicket.apache.org/news</p> +</div> + </section> + </div> +</main> + <footer class="l-container"> + <div class="l-full"> + <img src="/img/asf_logo_url.svg" style="height:90px; float:left; margin-right:10px;"> + <div style="margin-top:12px;">Copyright © 2016 â The Apache Software Foundation. Apache Wicket, Wicket, Apache, the Apache feather logo, and the Apache Wicket project logo are trademarks of The Apache Software Foundation. All other marks mentioned may be trademarks or registered trademarks of their respective owners.</div> +</div> + </footer> + </body> + +</html> http://git-wip-us.apache.org/repos/asf/wicket-site/blob/178bb54b/content/news/2016/12/index.html ---------------------------------------------------------------------- diff --git a/content/news/2016/12/index.html b/content/news/2016/12/index.html new file mode 100644 index 0000000..29d8c0c --- /dev/null +++ b/content/news/2016/12/index.html @@ -0,0 +1,169 @@ +<!DOCTYPE html> +<html> + <head> + <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1"> + <meta charset="utf-8"> + <title>Monthly archive for December 2016 | Apache Wicket</title> + <meta name="viewport" content="width=device-width, initial-scale=1" /> + + <link rel="shortcut icon" href="/favicon.ico" type="image/vnd.microsoft.icon" /> + <link rel="stylesheet" href="/css/style.css" type="text/css" media="screen" /> + <link href="//maxcdn.bootstrapcdn.com/font-awesome/4.3.0/css/font-awesome.min.css" rel="stylesheet" /> + + <script src="//code.jquery.com/jquery-1.11.3.min.js"></script> + + </head> + + <body class=""> + <div class="header default"> + <div class="l-container"> +<nav class="mainmenu"> + <ul> + <!-- /start/quickstart.html || /news/2016/12 --> + <li class=""><a href="/start/quickstart.html">Quick Start</a></li> + <!-- /start/download.html || /news/2016/12 --> + <li class=""><a href="/start/download.html">Download</a></li> + <!-- /learn || /news/2016/12 --> + <li class=""><a href="/learn">Documentation</a></li> + <!-- /help || /news/2016/12 --> + <li class=""><a href="/help">Support</a></li> + <!-- /contribute || /news/2016/12 --> + <li class=""><a href="/contribute">Contribute</a></li> + <!-- /community || /news/2016/12 --> + <li class=""><a href="/community">Community</a></li> + <!-- /apache || /news/2016/12 --> + <li class=""><a href="/apache">Apache</a></li> + </ul> +</nav> + <div class="logo"> + <a href="/"><img src="/img/logo-apachewicket-white.svg" alt="Apache Wicket"></a> +</div> + </div> +</div> +<main> + <div class="l-container"> + <header class="l-full preamble"> + <h1>Monthly archive for December 2016</h1> + </header> + <div class="l-two-third"> +<div class="news"> + <h3>CVE-2016-6793 Apache Wicket deserialization vulnerability</h3> + <p><small>31 Dec 2016</small></p> + <p><em>Severity</em>: Low</p> +<p><em>Vendor</em>: The Apache Software Foundation</p> +<p><em>Versions Affected</em>: Apache Wicket 6.x and 1.5.x</p> +<p><em>Description</em>: Depending on the ISerializer set in the Wicket application, +itâs possible that a Wicketâs object deserialized from an untrusted source +and utilized by the application to causes the code to enter in an infinite +loop. Specifically, Wicketâs DiskFileItem class, serialized by Kryo, allows +an attacker to hack its serialized form to put a client on an infin...</p> + <a href="/news/2016/12/31/cve-2016-6793.html">more</a></li> +</div> + </div> + <div class="l-one-third"> + <h2>2016</h2> + <ul> + <li><a href="/news/2016">All of 2016</a></li> + <li><a href="/news/2016/12">December</a></li> + <li><a href="/news/2016/11">November</a></li> + <li><a href="/news/2016/10">October</a></li> + <li><a href="/news/2016/08">August</a></li> + <li><a href="/news/2016/07">July</a></li> + <li><a href="/news/2016/05">May</a></li> + <li><a href="/news/2016/03">March</a></li> + <li><a href="/news/2016/02">February</a></li> + <li><a href="/news/2016/01">January</a></li> + </ul> + <h2>2015</h2> + <ul> + <li><a href="/news/2015">All of 2015</a></li> + <li><a href="/news/2015/11">November</a></li> + <li><a href="/news/2015/10">October</a></li> + <li><a href="/news/2015/07">July</a></li> + <li><a href="/news/2015/06">June</a></li> + <li><a href="/news/2015/02">February</a></li> + </ul> + <h2>2014</h2> + <ul> + <li><a href="/news/2014">All of 2014</a></li> + <li><a href="/news/2014/11">November</a></li> + <li><a href="/news/2014/09">September</a></li> + <li><a href="/news/2014/08">August</a></li> + <li><a href="/news/2014/06">June</a></li> + <li><a href="/news/2014/04">April</a></li> + <li><a href="/news/2014/02">February</a></li> + <li><a href="/news/2014/01">January</a></li> + </ul> + <h2>2013</h2> + <ul> + <li><a href="/news/2013">All of 2013</a></li> + <li><a href="/news/2013/11">November</a></li> + <li><a href="/news/2013/09">September</a></li> + <li><a href="/news/2013/08">August</a></li> + <li><a href="/news/2013/07">July</a></li> + <li><a href="/news/2013/06">June</a></li> + <li><a href="/news/2013/05">May</a></li> + <li><a href="/news/2013/04">April</a></li> + <li><a href="/news/2013/03">March</a></li> + <li><a href="/news/2013/02">February</a></li> + <li><a href="/news/2013/01">January</a></li> + </ul> + <h2>2012</h2> + <ul> + <li><a href="/news/2012">All of 2012</a></li> + <li><a href="/news/2012/12">December</a></li> + <li><a href="/news/2012/11">November</a></li> + <li><a href="/news/2012/10">October</a></li> + <li><a href="/news/2012/09">September</a></li> + <li><a href="/news/2012/08">August</a></li> + <li><a href="/news/2012/07">July</a></li> + <li><a href="/news/2012/06">June</a></li> + <li><a href="/news/2012/05">May</a></li> + <li><a href="/news/2012/03">March</a></li> + <li><a href="/news/2012/01">January</a></li> + </ul> + <h2>2011</h2> + <ul> + <li><a href="/news/2011">All of 2011</a></li> + <li><a href="/news/2011/11">November</a></li> + <li><a href="/news/2011/10">October</a></li> + <li><a href="/news/2011/09">September</a></li> + <li><a href="/news/2011/08">August</a></li> + <li><a href="/news/2011/06">June</a></li> + <li><a href="/news/2011/05">May</a></li> + <li><a href="/news/2011/04">April</a></li> + <li><a href="/news/2011/03">March</a></li> + <li><a href="/news/2011/02">February</a></li> + <li><a href="/news/2011/01">January</a></li> + </ul> + <h2>2010</h2> + <ul> + <li><a href="/news/2010">All of 2010</a></li> + <li><a href="/news/2010/12">December</a></li> + <li><a href="/news/2010/11">November</a></li> + <li><a href="/news/2010/09">September</a></li> + <li><a href="/news/2010/08">August</a></li> + <li><a href="/news/2010/05">May</a></li> + <li><a href="/news/2010/03">March</a></li> + <li><a href="/news/2010/02">February</a></li> + </ul> + <h2>2009</h2> + <ul> + <li><a href="/news/2009">All of 2009</a></li> + <li><a href="/news/2009/12">December</a></li> + <li><a href="/news/2009/10">October</a></li> + <li><a href="/news/2009/08">August</a></li> + <li><a href="/news/2009/07">July</a></li> + </ul> + </div> + </div> +</main> + <footer class="l-container"> + <div class="l-full"> + <img src="/img/asf_logo_url.svg" style="height:90px; float:left; margin-right:10px;"> + <div style="margin-top:12px;">Copyright © 2016 â The Apache Software Foundation. Apache Wicket, Wicket, Apache, the Apache feather logo, and the Apache Wicket project logo are trademarks of The Apache Software Foundation. All other marks mentioned may be trademarks or registered trademarks of their respective owners.</div> +</div> + </footer> + </body> + +</html> http://git-wip-us.apache.org/repos/asf/wicket-site/blob/178bb54b/content/news/2016/index.html ---------------------------------------------------------------------- diff --git a/content/news/2016/index.html b/content/news/2016/index.html index 4684794..572b36e 100644 --- a/content/news/2016/index.html +++ b/content/news/2016/index.html @@ -48,6 +48,18 @@ <div class="l-two-third"> <div class="l-first"> <div class="l-full"> + <h1>All News for December 2016</h1> + <p>This section contains all news items published in <a href="/news/2016/12">December 2016</a>.</p> + </div> + <div class="l-full"> + <h3 id="/news/2016/12/31/cve-2016-6793.html">CVE-2016-6793 Apache Wicket deserialization vulnerability</h3> + <small>31 Dec 2016</small> + <p>Severity: Low Vendor: The Apache Software Foundation Versions Affected: Apache Wicket 6.x and 1.5.x Description: Depending on the ISerializer set in the Wicket application, itâs... + <a href="/news/2016/12/31/cve-2016-6793.html">more</a></li></p> + </div> + <hr> + <div class="l-first"></div> + <div class="l-full"> <h1>All News for November 2016</h1> <p>This section contains all news items published in <a href="/news/2016/11">November 2016</a>.</p> </div> @@ -197,6 +209,7 @@ <h2>2016</h2> <ul> <li><a href="/news/2016">All of 2016</a></li> + <li><a href="/news/2016/12">December</a></li> <li><a href="/news/2016/11">November</a></li> <li><a href="/news/2016/10">October</a></li> <li><a href="/news/2016/08">August</a></li> http://git-wip-us.apache.org/repos/asf/wicket-site/blob/178bb54b/content/news/index.html ---------------------------------------------------------------------- diff --git a/content/news/index.html b/content/news/index.html index 03c515f..b631765 100644 --- a/content/news/index.html +++ b/content/news/index.html @@ -52,6 +52,12 @@ <h1 id="all-news-for-2016">All News for 2016</h1> <p>This section contains all news items published in <a href="/news/2016">2016</a>.</p> <article> + <h3 id="/news/2016/12/31/cve-2016-6793.html">CVE-2016-6793 Apache Wicket deserialization vulnerability</h3> + <small>31 Dec 2016</small> + <p>Severity: Low Vendor: The Apache Software Foundation Versions Affected: Apache Wicket 6.x and 1.5.x Description: Depending on the ISerializer set in the Wicket application, itâs possible that a Wicketâs object deserialized from an untrusted source and utilized by the application to causes the code to enter in an infinite loop.... + <a href="/news/2016/12/31/cve-2016-6793.html">more</a></p> +</article> + <article> <h3 id="/news/2016/11/08/cve-2016-6806.html">CVE-2016-6806 Apache Wicket CSRF detection vulnerability</h3> <small>08 Nov 2016</small> <p>Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache Wicket 6.20.0, 6.21.0, 6.22.0, 6.23.0, 6.24.0, 7.0.0, 7.1.0, 7.2.0, 7.3.0, 7.4.0 and 8.0.0-M1 Description: Affected versions of Apache Wicket provide a CSRF prevention measure that fails to discover some cross origin requests. The mitigation is to not only check the... @@ -161,7 +167,7 @@ <article> <h3 id="/news/2015/11/15/wicket-1.4.x-eol.html">Apache Wicket 1.4.x end of life</h3> <small>15 Nov 2015</small> - <p>The Apache Wicket team announces that support for Apache Wicket 1.4.x ends on 16 November 2015. On the same day Wicket 1.5.x enters âsecurity fixesâ maintenance mode. This means that after 16 October 2015: - no more releases from the 1.4.x branch - bugs affecting only the 1.4.x branch will... + <p>The Apache Wicket team announces that support for Apache Wicket 1.4.x ends on 16 November 2015. On the same day Wicket 1.5.x enters âsecurity fixesâ maintenance mode. This means that after 16 October 2015: no more releases from the 1.4.x branch bugs affecting only the 1.4.x branch will not be... <a href="/news/2015/11/15/wicket-1.4.x-eol.html">more</a></p> </article> <article> @@ -703,7 +709,7 @@ Read CVE-2013-2055 for more information. <article> <h3 id="/news/2011/08/28/1.5-RC7-released.html">Wicket 1.5-RC7 released</h3> <small>28 Aug 2011</small> - <p>The Wicket Team is proud to introduce the seventh Release Candidate in Wicket 1.5 series. See the changelog for the list of bug fixes and improvements done between 1.5-RC5.1 and 1.5-RC7 More detailed migration notes are available on our Migrate to 1.5 Wiki Page Release Artifacts: * Subversion tag *... + <p>The Wicket Team is proud to introduce the seventh Release Candidate in Wicket 1.5 series. See the changelog for the list of bug fixes and improvements done between 1.5-RC5.1 and 1.5-RC7 More detailed migration notes are available on our Migrate to 1.5 Wiki Page Release Artifacts: Subversion tag Changelog RC6... <a href="/news/2011/08/28/1.5-RC7-released.html">more</a></p> </article> <article> @@ -730,7 +736,7 @@ Read CVE-2013-2055 for more information. <article> <h3 id="/news/2011/06/25/wicket-1.5-RC5.1-released.html">Wicket 1.5-RC5.1 released</h3> <small>25 Jun 2011</small> - <p>The Wicket Team is proud to introduce the fourth Release Candidate in Wicket 1.5 series. See the changelog for the list of bug fixes and improvements done between 1.5-RC4.2 and 1.5-RC5.1 More detailed migration notes are available on our Migrate to 1.5 Wiki Page Release Artifacts: * Subversion tag *... + <p>The Wicket Team is proud to introduce the fourth Release Candidate in Wicket 1.5 series. See the changelog for the list of bug fixes and improvements done between 1.5-RC4.2 and 1.5-RC5.1 More detailed migration notes are available on our Migrate to 1.5 Wiki Page Release Artifacts: Subversion tag Changelog To... <a href="/news/2011/06/25/wicket-1.5-RC5.1-released.html">more</a></p> </article> <article> @@ -746,13 +752,13 @@ Cheers, <article> <h3 id="/news/2011/05/11/wicket-1.5-RC4.2-released.html">Wicket 1.5-RC4.2 released</h3> <small>11 May 2011</small> - <p>The Wicket Team is proud to introduce the fourth Release Candidate in Wicket 1.5 series. See the changelog for the list of bug fixes and improvements done between 1.5-RC3 and 1.5-RC4.2 More detailed migration notes are available on our Migrate to 1.5 Wiki Page Release Artifacts: * Subversion tag *... + <p>The Wicket Team is proud to introduce the fourth Release Candidate in Wicket 1.5 series. See the changelog for the list of bug fixes and improvements done between 1.5-RC3 and 1.5-RC4.2 More detailed migration notes are available on our Migrate to 1.5 Wiki Page Release Artifacts: Subversion tag Changelog To... <a href="/news/2011/05/11/wicket-1.5-RC4.2-released.html">more</a></p> </article> <article> <h3 id="/news/2011/04/02/wicket-1.5-RC3-released.html">Wicket 1.5-RC3 released</h3> <small>02 Apr 2011</small> - <p>The Wicket Team is proud to introduce the third Release Candidate in Wicket 1.5 series. See the changelog for the list of bug fixes and improvements done between 1.5-rc2 and 1.5-RC3 More detailed migration notes are available on our Migrate to 1.5 Wiki Page Release Artifacts: * Subversion tag *... + <p>The Wicket Team is proud to introduce the third Release Candidate in Wicket 1.5 series. See the changelog for the list of bug fixes and improvements done between 1.5-rc2 and 1.5-RC3 More detailed migration notes are available on our Migrate to 1.5 Wiki Page Release Artifacts: Subversion tag Changelog To... <a href="/news/2011/04/02/wicket-1.5-RC3-released.html">more</a></p> </article> <article> @@ -779,7 +785,7 @@ Cheers, <article> <h3 id="/news/2011/02/25/wicket-1.5-rc2-released.html">Wicket 1.5-rc2 released</h3> <small>25 Feb 2011</small> - <p>The Wicket Team is proud to introduce the second Release Candidate in Wicket 1.5 series. See the changelog for the list of bug fixes and improvements done between 1.5-RC1 and 1.5-rc2 More detailed migration notes are available on our Migrate to 1.5 Wiki Page Release Artifacts: * Subversion tag *... + <p>The Wicket Team is proud to introduce the second Release Candidate in Wicket 1.5 series. See the changelog for the list of bug fixes and improvements done between 1.5-RC1 and 1.5-rc2 More detailed migration notes are available on our Migrate to 1.5 Wiki Page Release Artifacts: Subversion tag Changelog To... <a href="/news/2011/02/25/wicket-1.5-rc2-released.html">more</a></p> </article> <article> @@ -800,7 +806,7 @@ Cheers, <article> <h3 id="/news/2011/01/22/wicket-1.5-RC1-released.html">Wicket 1.5-RC1 released</h3> <small>22 Jan 2011</small> - <p>The Wicket Team is proud to introduce the first Release Candidate in Wicket 1.5 series. The 1.5 series provides the following major improvements: * A more powerful and flexible request processing pipeline * Intercomponent event mechanism * Improved configuration * More flexible markup loading * Better proxy support (x-forwarded-for header)... + <p>The Wicket Team is proud to introduce the first Release Candidate in Wicket 1.5 series. The 1.5 series provides the following major improvements: A more powerful and flexible request processing pipeline Intercomponent event mechanism Improved configuration More flexible markup loading Better proxy support (x-forwarded-for header) More detailed migration notes are... <a href="/news/2011/01/22/wicket-1.5-RC1-released.html">more</a></p> </article> <div class="l-first"></div> @@ -926,7 +932,7 @@ fifty bug fixes and improvements. <article> <h3 id="/news/2010/08/11/wicket-1.4.10-released.html">Wicket 1.4.10 released</h3> <small>11 Aug 2010</small> - <p>This is the tenth maintenance release of the 1.4.x series and brings over thirty bug fixes and improvements. As well as bringing bug fixes and small improvements, 1.4.10 brings two major new features: * Delayed component initialization * Component configuration Delayed component initialization allows developers to initialize their components outside... + <p>This is the tenth maintenance release of the 1.4.x series and brings over thirty bug fixes and improvements. As well as bringing bug fixes and small improvements, 1.4.10 brings two major new features: Delayed component initialization Component configuration Delayed component initialization allows developers to initialize their components outside of a... <a href="/news/2010/08/11/wicket-1.4.10-released.html">more</a></p> </article> <article> @@ -1032,6 +1038,7 @@ This is the eighth maintenance release of 1.4.x series and brings over <h2>2016</h2> <ul> <li><a href="/news/2016">All of 2016</a></li> + <li><a href="/news/2016/12">December</a></li> <li><a href="/news/2016/11">November</a></li> <li><a href="/news/2016/10">October</a></li> <li><a href="/news/2016/08">August</a></li> http://git-wip-us.apache.org/repos/asf/wicket-site/blob/178bb54b/content/start/quickstart.html ---------------------------------------------------------------------- diff --git a/content/start/quickstart.html b/content/start/quickstart.html index 571de97..f1332c3 100644 --- a/content/start/quickstart.html +++ b/content/start/quickstart.html @@ -48,7 +48,7 @@ <p>Use the following wizard to generate a Quick Start Project using Maven. Paste the generated command line into a shell (DOS prompt or unix shell) and create a project with Wicket in a jiffy.</p> </header> <section class="l-one-third right"> - <div id="toc" class="toc"><div id="toc-title"><h2>Table of Contents</h2></div><ul><li class="toc--level-1 toc--section-1"><a href="#before-you-start"><span class="toc-number">1</span> <span class="toc-text">Before you start</span></a></li><li class="toc--level-1 toc--section-2"><a href="#small-steps-to-a-web-application"><span class="toc-number">2</span> <span class="toc-text">5 small steps to a web application</span></a></li><li class="toc--level-1 toc--section-3"><a href="#quick-start-wizard"><span class="toc-number">3</span> <span class="toc-text">Quick Start Wizard</span></a></li><li class="toc--level-1 toc--section-4"><a href="#import-the-quick-start-in-your-ide"><span class="toc-number">4</span> <span class="toc-text">Import the Quick Start in your IDE</span></a><ul><li class="toc--level-2 toc--section-5"><a href="#eclipse"><span class="toc-number">4.1</span> <span class="toc-text">Eclipse</span></a></li><li class="toc--level-2 toc--section-6"><a href="#intellij-id ea"><span class="toc-number">4.2</span> <span class="toc-text">IntelliJ IDEA</span></a></li><li class="toc--level-2 toc--section-7"><a href="#netbeans"><span class="toc-number">4.3</span> <span class="toc-text">Netbeans</span></a></li></ul></li></ul></div> + <div id="toc" class="toc"><div id="toc-title"><h2>Table of Contents</h2></div><ul><li class="toc--level-1 toc--section-1"><a href="#before-you-start"><span class="toc-number">1</span> <span class="toc-text">Before you start</span></a></li><li class="toc--level-1 toc--section-2"><a href="#5-small-steps-to-a-web-application"><span class="toc-number">2</span> <span class="toc-text">5 small steps to a web application</span></a></li><li class="toc--level-1 toc--section-3"><a href="#quick-start-wizard"><span class="toc-number">3</span> <span class="toc-text">Quick Start Wizard</span></a></li><li class="toc--level-1 toc--section-4"><a href="#import-the-quick-start-in-your-ide"><span class="toc-number">4</span> <span class="toc-text">Import the Quick Start in your IDE</span></a><ul><li class="toc--level-2 toc--section-5"><a href="#eclipse"><span class="toc-number">4.1</span> <span class="toc-text">Eclipse</span></a></li><li class="toc--level-2 toc--section-6"><a href="#intellij- idea"><span class="toc-number">4.2</span> <span class="toc-text">IntelliJ IDEA</span></a></li><li class="toc--level-2 toc--section-7"><a href="#netbeans"><span class="toc-number">4.3</span> <span class="toc-text">Netbeans</span></a></li></ul></li></ul></div> </section> <section class="l-two-third left"> <script type="text/javascript" charset="utf-8" src="/javascript/ZeroClipboard-1.1.7.min.js"></script> @@ -91,7 +91,7 @@ <p>The Quick Start Wizard uses <a href="http://maven.apache.org";>Apache Maven</a> to make it really fast to get started. You should have Maven installed and working before you can use the Quick Start wizard.</p> -<h2 id="small-steps-to-a-web-application">5 small steps to a web application</h2> +<h2 id="5-small-steps-to-a-web-application">5 small steps to a web application</h2> <p>Use the following steps to quickly generate a project to get you started:</p> <ol>
