Google Git
Sign in
apache / wicket-site / 31521db976dbfd4a1229a46318e49638a3da816e / . / content / news / 2014 / 09 / index.html
blob: 51adafa176bdaee88707fc5e567c1083f482d849 [file] [log] [blame]
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
<meta charset="utf-8">
<title>Monthly archive for September 2014 | Apache Wicket</title>
<meta name="viewport" content="width=device-width, initial-scale=1" />
<link rel="shortcut icon" href="/favicon.ico" type="image/vnd.microsoft.icon" />
<link rel="stylesheet" href="/css/style.css" type="text/css" media="screen" />
<link href="//maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css" rel="stylesheet" />
<script src="//code.jquery.com/jquery-1.11.3.min.js"></script>
</head>
<body class="">
<div class="header default">
<div class="l-container">
<nav class="mainmenu">
<div class="nav-logo">
<a href="/"><img src="/img/logo-apachewicket.svg" alt="Apache Wicket"></a>
</div>
<div class="nav-container">
<!-- /start/quickstart.html || /news/2014/09 -->
<a href="/start/quickstart.html" class=" nav-items">Quick Start</a>
<!-- /start/download.html || /news/2014/09 -->
<a href="/start/download.html" class=" nav-items">Download</a>
<!-- /learn || /news/2014/09 -->
<a href="/learn" class=" nav-items">Documentation</a>
<!-- /help || /news/2014/09 -->
<a href="/help" class=" nav-items">Support</a>
<!-- /contribute || /news/2014/09 -->
<a href="/contribute" class=" nav-items">Contribute</a>
<!-- /community || /news/2014/09 -->
<a href="/community" class=" nav-items">Community</a>
<!-- /apache || /news/2014/09 -->
<a href="/apache" class=" nav-items">Apache</a>
</div>
<div class="nav-container ">
<a href="https://github.com/apache/wicket" target="_blank"><i class="fa fa-github nav-items"></i></a>
<a href="https://twitter.com/apache_wicket" target="_blank"><i class="fa fa-twitter nav-items"></i></a>
<a href="https://builtwithwicket.tumblr.com" target="_blank"><i class="fa fa-tumblr nav-items"></i></a>
</div>
</nav>
</div>
</div>
<main>
<div class="l-container">
<header class="l-full preamble">
<h1>Monthly archive for September 2014</h1>
</header>
<div class="l-flex">
<div class="l-two-third">
<div class="news">
<h3>Wicket 1.5.12 released</h3>
<p><small>15 Sep 2014</small></p>
<p>This is the twelfth maintenance release of the Wicket 1.5.x series. This release brings over 5 bug fixes and improvements.</p>
<ul>
<li><a href="https://git-wip-us.apache.org/repos/asf/wicket/repo?p=wicket.git;a=shortlog;h=refs/tags/wicket-1.5.12">Git tag</a></li>
<li><a href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310561&amp;version=12326154">Changelog</a></li>
<li>To use in Maven:</li>
</ul>
<figure class="highlight"><pre><code class="language-xml" data-lang="xml"><span class="nt">&lt;dependency&gt;</span>
<span class="nt">&lt;groupId&gt;</span>org.apache.wi...</code></pre></figure>
<a href="/news/2014/09/15/wicket-1.5.12-released.html">more</a></li>
</div>
<div class="news">
<h3>CVE-2014-3526 - Apache Wicket Information disclosure vulnerability</h3>
<p><small>22 Sep 2014</small></p>
<p>Severity: Important</p>
<p>Vendor:
The Apache Software Foundation</p>
<p>Versions Affected:
Apache Wicket 1.5.11, 6.16.0 and 7.0.0-M2</p>
<p>Description:</p>
<p>When rendering a web page Wicket checks the request url against the one at the render time. It is possible the application to change the page parameters (this includes both the query parameters and parameters encoded into the request path). When the requested url differs with the one at the rendering time Wicket stores the response (i.e. the page markup) at the server side and issues an HTTP redirect to the new url. When the second request comes Wicket just flushes the stored response from the first request into the http output stream. This way the browser address bar shows the updated page parameters.
When storing the page markup at the server side Wicket uses as an identifier a pair of the current session id plus the new url. However, Wicket does not check if user session is temporary (i.e. sessionId is null).
This could lead to a security issue if two or more users with a temporary session are redirected to the same url at the same time. Then user1 might see the markup for user2 which has overridden the markup for user1 while user1 was following the HTTP redirect. In thi...</p>
<a href="/news/2014/09/22/cve-2014-3526.html">more</a></li>
</div>
</div>
<div class="l-one-third">
<h2>2022</h2>
<ul>
<li><a href="/news/2022">All of 2022</a></li>
<li><a href="/news/2022/04">April</a></li>
<li><a href="/news/2022/03">March</a></li>
<li><a href="/news/2022/02">February</a></li>
</ul>
<h2>2021</h2>
<ul>
<li><a href="/news/2021">All of 2021</a></li>
<li><a href="/news/2021/12">December</a></li>
<li><a href="/news/2021/11">November</a></li>
<li><a href="/news/2021/09">September</a></li>
<li><a href="/news/2021/07">July</a></li>
<li><a href="/news/2021/04">April</a></li>
<li><a href="/news/2021/03">March</a></li>
</ul>
<h2>2020</h2>
<ul>
<li><a href="/news/2020">All of 2020</a></li>
<li><a href="/news/2020/11">November</a></li>
<li><a href="/news/2020/10">October</a></li>
<li><a href="/news/2020/09">September</a></li>
<li><a href="/news/2020/07">July</a></li>
<li><a href="/news/2020/04">April</a></li>
<li><a href="/news/2020/01">January</a></li>
</ul>
<h2>2019</h2>
<ul>
<li><a href="/news/2019">All of 2019</a></li>
<li><a href="/news/2019/09">September</a></li>
<li><a href="/news/2019/06">June</a></li>
<li><a href="/news/2019/05">May</a></li>
<li><a href="/news/2019/04">April</a></li>
<li><a href="/news/2019/02">February</a></li>
<li><a href="/news/2019/01">January</a></li>
</ul>
<h2>2018</h2>
<ul>
<li><a href="/news/2018">All of 2018</a></li>
<li><a href="/news/2018/12">December</a></li>
<li><a href="/news/2018/11">November</a></li>
<li><a href="/news/2018/09">September</a></li>
<li><a href="/news/2018/05">May</a></li>
<li><a href="/news/2018/02">February</a></li>
</ul>
<h2>2017</h2>
<ul>
<li><a href="/news/2017">All of 2017</a></li>
<li><a href="/news/2017/10">October</a></li>
<li><a href="/news/2017/09">September</a></li>
<li><a href="/news/2017/08">August</a></li>
<li><a href="/news/2017/07">July</a></li>
<li><a href="/news/2017/05">May</a></li>
<li><a href="/news/2017/03">March</a></li>
<li><a href="/news/2017/02">February</a></li>
</ul>
<h2>2016</h2>
<ul>
<li><a href="/news/2016">All of 2016</a></li>
<li><a href="/news/2016/12">December</a></li>
<li><a href="/news/2016/11">November</a></li>
<li><a href="/news/2016/10">October</a></li>
<li><a href="/news/2016/08">August</a></li>
<li><a href="/news/2016/07">July</a></li>
<li><a href="/news/2016/05">May</a></li>
<li><a href="/news/2016/03">March</a></li>
<li><a href="/news/2016/02">February</a></li>
<li><a href="/news/2016/01">January</a></li>
</ul>
<h2>2015</h2>
<ul>
<li><a href="/news/2015">All of 2015</a></li>
<li><a href="/news/2015/11">November</a></li>
<li><a href="/news/2015/10">October</a></li>
<li><a href="/news/2015/07">July</a></li>
<li><a href="/news/2015/06">June</a></li>
<li><a href="/news/2015/02">February</a></li>
</ul>
<h2>2014</h2>
<ul>
<li><a href="/news/2014">All of 2014</a></li>
<li><a href="/news/2014/11">November</a></li>
<li><a href="/news/2014/09">September</a></li>
<li><a href="/news/2014/08">August</a></li>
<li><a href="/news/2014/06">June</a></li>
<li><a href="/news/2014/04">April</a></li>
<li><a href="/news/2014/02">February</a></li>
<li><a href="/news/2014/01">January</a></li>
</ul>
<h2>2013</h2>
<ul>
<li><a href="/news/2013">All of 2013</a></li>
<li><a href="/news/2013/11">November</a></li>
<li><a href="/news/2013/09">September</a></li>
<li><a href="/news/2013/08">August</a></li>
<li><a href="/news/2013/07">July</a></li>
<li><a href="/news/2013/06">June</a></li>
<li><a href="/news/2013/05">May</a></li>
<li><a href="/news/2013/04">April</a></li>
<li><a href="/news/2013/03">March</a></li>
<li><a href="/news/2013/02">February</a></li>
<li><a href="/news/2013/01">January</a></li>
</ul>
<h2>2012</h2>
<ul>
<li><a href="/news/2012">All of 2012</a></li>
<li><a href="/news/2012/12">December</a></li>
<li><a href="/news/2012/11">November</a></li>
<li><a href="/news/2012/10">October</a></li>
<li><a href="/news/2012/09">September</a></li>
<li><a href="/news/2012/08">August</a></li>
<li><a href="/news/2012/07">July</a></li>
<li><a href="/news/2012/06">June</a></li>
<li><a href="/news/2012/05">May</a></li>
<li><a href="/news/2012/03">March</a></li>
<li><a href="/news/2012/01">January</a></li>
</ul>
<h2>2011</h2>
<ul>
<li><a href="/news/2011">All of 2011</a></li>
<li><a href="/news/2011/11">November</a></li>
<li><a href="/news/2011/10">October</a></li>
<li><a href="/news/2011/09">September</a></li>
<li><a href="/news/2011/08">August</a></li>
<li><a href="/news/2011/06">June</a></li>
<li><a href="/news/2011/05">May</a></li>
<li><a href="/news/2011/04">April</a></li>
<li><a href="/news/2011/03">March</a></li>
<li><a href="/news/2011/02">February</a></li>
<li><a href="/news/2011/01">January</a></li>
</ul>
<h2>2010</h2>
<ul>
<li><a href="/news/2010">All of 2010</a></li>
<li><a href="/news/2010/12">December</a></li>
<li><a href="/news/2010/11">November</a></li>
<li><a href="/news/2010/09">September</a></li>
<li><a href="/news/2010/08">August</a></li>
<li><a href="/news/2010/05">May</a></li>
<li><a href="/news/2010/03">March</a></li>
<li><a href="/news/2010/02">February</a></li>
</ul>
<h2>2009</h2>
<ul>
<li><a href="/news/2009">All of 2009</a></li>
<li><a href="/news/2009/12">December</a></li>
<li><a href="/news/2009/10">October</a></li>
<li><a href="/news/2009/08">August</a></li>
<li><a href="/news/2009/07">July</a></li>
</ul>
</div>
</div>
</div>
</main>
<footer>
<div class="l-container">
<div class="left">
<img src="/img/asf_logo_url.svg" style="height:90px; float:left; margin-right:10px;">
<div style="margin-top:12px;">Copyright © 2022 — The Apache Software Foundation. Apache Wicket, Wicket, Apache, the Apache feather logo, and the Apache Wicket project logo are trademarks of The Apache Software Foundation. All other marks mentioned may be trademarks or registered trademarks of their respective owners.</div>
</div>
</div>
</footer>
</body>
</html>