I don't know. I can look at commits and see if they can simply be cherry picket to that branch. Anyways I think we should creat ISSUES for each CVE and make clear that has been fixed. IMHO
On Wed, May 6, 2026 at 1:35 PM Scott Fitzpatrick < [email protected]> wrote: > Hi - > > Do you know if these security fixes will be back ported to Wicket 8.x? > > I know here it states that security fixes will be applied when possible: > https://wicket.apache.org/start/wicket-8.x.html > > Thank you! > > Sent from my iPhone > > > On May 6, 2026, at 2:26 PM, Ernesto Reinaldo Barreiro < > [email protected]> wrote: > > > > Hi, > > > > In https://www.openwall.com/lists/oss-security/2026/05/06/2 it is stated > > that this was fixed for wicket 10.9.0... but I can't find the > corresponding > > ISSUE > > > > -- > > Regards - > > Ernesto Reinaldo Barreiro > > Apache Wicket Committer > -- Regards - Ernesto Reinaldo Barreiro Apache Wicket Committer
