Uploaded image for project: 'JBoss Enterprise Application Platform 4 and 5'
  1. JBoss Enterprise Application Platform 4 and 5
  2. JBPAPP-7139

Upgrade openid4java in seam dependencies

    XMLWordPrintable

Details

    • Task
    • Resolution: Done
    • Blocker
    • EAP_EWP 5.1.2 ER1
    • EAP_EWP 5.1.1
    • Seam
    • None
    • Documentation (Ref Guide, User Guide, etc.), Release Notes
    • Hide
      A security vulnerability was identified in OpenID4Java which affected version 0.9.5 and all prior versions. For details of the issue, refer to <ulink url="http://openid.net/2011/05/05/attribute-exchange-security-alert/">http://openid.net/2011/05/05/attribute-exchange-security-alert/&lt;/ulink>. To resolve this issue OpenID4Java has been upgraded to version 0.9.6 in the Seam distribution.As a result of the upgrade, the following jars must be available for any application which uses OpenID integration:

      <itemizedlist>
        <listitem>
          <para>openid4jav-nodeps.jar</para>
        </listitem>
        <listitem>
          <para>httpclient.jar</para>
        </listitem>
        <listitem>
          <para>httpcore.jar</para>
        </listitem>
        <listitem>
          <para>nekohtml.jar</para>
        </listitem>
        <listitem>
          <para>jcip-annotations.jar</para>
        </listitem>
        <listitem>
          <para>guice.jar</para>
        </listitem>
        <listitem>
          <para>commons-codec.jar</para>
        </listitem>
      </itemizedlist>
      Show
      A security vulnerability was identified in OpenID4Java which affected version 0.9.5 and all prior versions. For details of the issue, refer to <ulink url=" http://openid.net/2011/05/05/attribute-exchange-security-alert/ "> http://openid.net/2011/05/05/attribute-exchange-security-alert/&lt;/ulink >. To resolve this issue OpenID4Java has been upgraded to version 0.9.6 in the Seam distribution.As a result of the upgrade, the following jars must be available for any application which uses OpenID integration: <itemizedlist>   <listitem>     <para>openid4jav-nodeps.jar</para>   </listitem>   <listitem>     <para>httpclient.jar</para>   </listitem>   <listitem>     <para>httpcore.jar</para>   </listitem>   <listitem>     <para>nekohtml.jar</para>   </listitem>   <listitem>     <para>jcip-annotations.jar</para>   </listitem>   <listitem>     <para>guice.jar</para>   </listitem>   <listitem>     <para>commons-codec.jar</para>   </listitem> </itemizedlist>
    • Documented as Resolved Issue
    • NEW

    Description

      Upgrade openid4java dependency in OpenId integration. The version is affected by security vulnerability reported at http://openid.net/2011/05/05/attribute-exchange-security-alert/

      Attachments

        Issue Links

          is related to

          Bug - A problem that impairs or prevents the functions of the product. JBPAPP-8041 openid upgrade breaks ant target eclipseclasspath

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed

          Activity

            People

              mnovotny@redhat.com Marek Novotny
              mnovotny@redhat.com Marek Novotny
              Russell Dickenson Russell Dickenson (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: