Martin Is this specific to 6.13 or does the problem exist in earlier Wicket versions on the 6.x branch?
Regards Nick On Fri, Feb 21, 2014 at 7:49 AM, Martin Grigorov <[email protected]>wrote: > Severity: Important > > Vendor: > The Apache Software Foundation > > Affected versions: > Apache Wicket 1.5.10 and 6.13.0 > > Description CVE-2014-0043< > https://wicket.apache.org/2014/02/06/cve-2014-0043.html> > : > > By issuing requests to special urls handled by Wicket it is possible to > check for the existence of particular classes in the classpath and thus > check whether a third party library with a known security vulnerability is > in use. > > The application developers are recommended to upgrade to: > - Apache Wicket > 1.5.11<https://wicket.apache.org/2014/02/06/wicket-1.5.11-released.html> > - Apache Wicket > 6.14.0<https://wicket.apache.org/2013/05/17/wicket-6.14.0-released.html> > > Credit: > This issue was reported by Christian Schneider! > > Apache Wicket Team >
