Re: [ANNOUNCE] CVE-2016-6793 Apache Wicket deserialization vulnerability

2017-01-04 Thread Martin Grigorov
The site has been updated to use 1.5.17. Thanks for letting us know! Martin Grigorov Wicket Training and Consulting https://twitter.com/mtgrigorov On Tue, Jan 3, 2017 at 10:24 PM, durairaj t wrote: > Thank you! > > On Tue, Jan 3, 2017 at 4:11 PM, Tobias Soloschenko < >

Re: [ANNOUNCE] CVE-2016-6793 Apache Wicket deserialization vulnerability

2017-01-03 Thread durairaj t
Thank you! On Tue, Jan 3, 2017 at 4:11 PM, Tobias Soloschenko < tobiassolosche...@googlemail.com> wrote: > Hi, > > but it is released. See here: https://mvnrepository.com/arti > fact/org.apache.wicket/wicket-core/1.5.17 > > kind regards > > Tobias > > Am 03.01.17 um 21:25 schrieb durairaj t: >

Re: [ANNOUNCE] CVE-2016-6793 Apache Wicket deserialization vulnerability

2017-01-03 Thread Tobias Soloschenko
Hi, but it is released. See here: https://mvnrepository.com/artifact/org.apache.wicket/wicket-core/1.5.17 kind regards Tobias Am 03.01.17 um 21:25 schrieb durairaj t: I can see the Wicket 1.5.16 but not 1.5.17 in " https://wicket.apache.org/start/wicket-1.5.x.html#download;. On Sat, Dec

Re: [ANNOUNCE] CVE-2016-6793 Apache Wicket deserialization vulnerability

2017-01-03 Thread durairaj t
I can see the Wicket 1.5.16 but not 1.5.17 in " https://wicket.apache.org/start/wicket-1.5.x.html#download;. On Sat, Dec 31, 2016 at 2:21 AM, Pedro Santos wrote: > CVE-2016-6793: Apache Wicket deserialization vulnerability > > Severity: Low > > Vendor: The Apache Software

[ANNOUNCE] CVE-2016-6793 Apache Wicket deserialization vulnerability

2016-12-30 Thread Pedro Santos
CVE-2016-6793: Apache Wicket deserialization vulnerability Severity: Low Vendor: The Apache Software Foundation Versions Affected: Apache Wicket 6.x and 1.5.x Description: Depending on the ISerializer set in the Wicket application, it's possible that a Wicket's object deserialized from an