Hi Martin, the page https://wicket.apache.org/2014/02/06/cve-2014-0043.html returns NotFound. Is the 1.4 branch affected too?
Thx, H. On 21 Feb 2014, at 13:49, Martin Grigorov <[email protected]<mailto:[email protected]>> wrote: Severity: Important Vendor: The Apache Software Foundation Affected versions: Apache Wicket 1.5.10 and 6.13.0 Description CVE-2014-0043<https://wicket.apache.org/2014/02/06/cve-2014-0043.html> : By issuing requests to special urls handled by Wicket it is possible to check for the existence of particular classes in the classpath and thus check whether a third party library with a known security vulnerability is in use. The application developers are recommended to upgrade to: - Apache Wicket 1.5.11<https://wicket.apache.org/2014/02/06/wicket-1.5.11-released.html> - Apache Wicket 6.14.0<https://wicket.apache.org/2013/05/17/wicket-6.14.0-released.html> Credit: This issue was reported by Christian Schneider! Apache Wicket Team
