Uploaded image for project: 'JBoss Enterprise Application Platform 4 and 5'
  1. JBoss Enterprise Application Platform 4 and 5
  2. JBPAPP-7139

Upgrade openid4java in seam dependencies

XMLWordPrintable

    • Icon: Task Task
    • Resolution: Done
    • Icon: Blocker Blocker
    • EAP_EWP 5.1.2 ER1
    • EAP_EWP 5.1.1
    • Seam
    • None
    • Documentation (Ref Guide, User Guide, etc.), Release Notes
    • Hide
      A security vulnerability was identified in OpenID4Java which affected version 0.9.5 and all prior versions. For details of the issue, refer to <ulink url="http://openid.net/2011/05/05/attribute-exchange-security-alert/">http://openid.net/2011/05/05/attribute-exchange-security-alert/&lt;/ulink>. To resolve this issue OpenID4Java has been upgraded to version 0.9.6 in the Seam distribution.As a result of the upgrade, the following jars must be available for any application which uses OpenID integration:

      <itemizedlist>
        <listitem>
          <para>openid4jav-nodeps.jar</para>
        </listitem>
        <listitem>
          <para>httpclient.jar</para>
        </listitem>
        <listitem>
          <para>httpcore.jar</para>
        </listitem>
        <listitem>
          <para>nekohtml.jar</para>
        </listitem>
        <listitem>
          <para>jcip-annotations.jar</para>
        </listitem>
        <listitem>
          <para>guice.jar</para>
        </listitem>
        <listitem>
          <para>commons-codec.jar</para>
        </listitem>
      </itemizedlist>
      Show
      A security vulnerability was identified in OpenID4Java which affected version 0.9.5 and all prior versions. For details of the issue, refer to <ulink url=" http://openid.net/2011/05/05/attribute-exchange-security-alert/ "> http://openid.net/2011/05/05/attribute-exchange-security-alert/&lt;/ulink >. To resolve this issue OpenID4Java has been upgraded to version 0.9.6 in the Seam distribution.As a result of the upgrade, the following jars must be available for any application which uses OpenID integration: <itemizedlist>   <listitem>     <para>openid4jav-nodeps.jar</para>   </listitem>   <listitem>     <para>httpclient.jar</para>   </listitem>   <listitem>     <para>httpcore.jar</para>   </listitem>   <listitem>     <para>nekohtml.jar</para>   </listitem>   <listitem>     <para>jcip-annotations.jar</para>   </listitem>   <listitem>     <para>guice.jar</para>   </listitem>   <listitem>     <para>commons-codec.jar</para>   </listitem> </itemizedlist>
    • Documented as Resolved Issue
    • NEW

      Upgrade openid4java dependency in OpenId integration. The version is affected by security vulnerability reported at http://openid.net/2011/05/05/attribute-exchange-security-alert/

              mnovotny@redhat.com Marek Novotny
              mnovotny@redhat.com Marek Novotny
              Russell Dickenson Russell Dickenson (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: