Hello, I was just looking to see if there are plans to address this in Wicket 8.x since it's still in security fixes only status. Any information would be greatly appreciated and thank you again.
Thank you, Jonathan Babie Information Technology Specialist IV Java Applications Unit | CIO | OSC Work: (838) 910-4274 Personal: (518) 331-8758 ________________________________ From: Pedro Santos <pe...@apache.org> Sent: Thursday, January 23, 2025 10:21 AM To: us...@wicket.apache.org <us...@wicket.apache.org>; dev@wicket.apache.org <dev@wicket.apache.org> Subject: CVE-2024-53299: Apache Wicket: An attacker can intentionally trigger a memory leak Severity: critical Affected versions: - Apache Wicket 7.0.0 through 7.18.* - Apache Wicket 8.0.0-M1 through 8.16.* - Apache Wicket 9.0.0-M1 through 9.18.* - Apache Wicket 10.0.0-M1 through 10.2.* Description: The request handling in the core in Apache Wicket 7.0.0 on any platform allows an attacker to create a DOS via multiple requests to server resources. Users are recommended to upgrade to versions 9.19.0 or 10.3.0, which fixes this issue. Credit: (finder) References: https://lists.apache.org/thread/gyp2ht00c62827y0379lxh5dbx3hhho5 https://wicket.apache.org/ https://www.cve.org/CVERecord?id=CVE-2024-53299 Notice: This communication, including any attachments, is intended solely for the use of the individual or entity to which it is addressed. This communication may contain information that is protected from disclosure under State and/or Federal law. Please notify the sender immediately if you have received this communication in error and delete this email from your system. If you are not the intended recipient, you are requested not to disclose, copy, distribute or take any action in reliance on the contents of this information.
