layout: post title: Wicket 1.5.16 released
This is the sixteenth maintenance release of the Wicket 1.5.x series. This release brings over 2 bug fixes.
CHANGELOG for 1.5.16:
Bug
- CVE-2013-2186: Disable (de)serialization of Commons FileUpload items.
- CVE-2016-3092: Apache Commons Fileupload information disclosure vulnerability
To use in Maven:
{% highlight xml %} org.apache.wicket wicket-core 1.5.16 {% endhighlight %}