Hi Jan, Yes, wrong url in the mail... The correct is https://wicket.apache.org/2014/02/21/cve-2014-0043.html
1.4.x is not affected. Martin Grigorov Wicket Training and Consulting On Fri, Feb 21, 2014 at 4:58 PM, Jan Loose <[email protected]>wrote: > Hi Martin, > > the page https://wicket.apache.org/2014/02/06/cve-2014-0043.html returns > NotFound. Is the 1.4 branch affected too? > > Thx, > H. > > > On 21 Feb 2014, at 13:49, Martin Grigorov <[email protected]<mailto: > [email protected]>> wrote: > > Severity: Important > > Vendor: > The Apache Software Foundation > > Affected versions: > Apache Wicket 1.5.10 and 6.13.0 > > Description CVE-2014-0043< > https://wicket.apache.org/2014/02/06/cve-2014-0043.html> > : > > By issuing requests to special urls handled by Wicket it is possible to > check for the existence of particular classes in the classpath and thus > check whether a third party library with a known security vulnerability is > in use. > > The application developers are recommended to upgrade to: > - Apache Wicket > 1.5.11<https://wicket.apache.org/2014/02/06/wicket-1.5.11-released.html> > - Apache Wicket > 6.14.0<https://wicket.apache.org/2013/05/17/wicket-6.14.0-released.html> > > Credit: > This issue was reported by Christian Schneider! > > Apache Wicket Team > >
