Ah Thanks!
I looked into the log, but didn't find anything I could fix.
Martijn
On Tue, Nov 8, 2016 at 10:58 PM, Martin Grigorov wrote:
> https://issues.apache.org/jira/browse/INFRA-12875
>
> Martin Grigorov
> Wicket Training and Consulting
>
You may use Wicket 7.5.0 + Wicket Native WebSocket 7.4.0
They are binary compatible.
Martin Grigorov
Wicket Training and Consulting
https://twitter.com/mtgrigorov
On Tue, Nov 8, 2016 at 1:12 PM, Maxim Solodovnik
wrote:
> Maybe it worth to release 7.5.1?
> It seems to be
Maybe it worth to release 7.5.1?
It seems to be not good idea to stay on 7.4.0 due to CVE-2016-6806,
but broken websockets is also not an option :(
I would better have 7.5.1 rather than to add workaround, then remove
it as soon 7.6.0 will be released .
On Wed, Nov 2, 2016 at 10:16 AM, Maxim
CVE-2016-6806: Apache Wicket CSRF detection vulnerability
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected: Apache Wicket 6.20.0, 6.21.0, 6.22.0, 6.23.0, 6.24.0, 7.0.0,
7.1.0, 7.2.0, 7.3.0, 7.4.0 and 8.0.0-M1
Description: Affected versions of Apache Wicket provide a
Github user martin-g commented on the issue:
https://github.com/apache/wicket/pull/187
+1!
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the
Github user martin-g commented on the issue:
https://github.com/apache/wicket/pull/188
1. A ticket in JIRA should be created for any PR, so that it appears in the
CHANGELOG and users can see it.
2. Quick search for calls to `Locale.getDefault()` shows 40 occurrences in
Wicket.
Github user martin-g commented on the issue:
https://github.com/apache/wicket/pull/189
+1
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the