ICEfaces
  1. ICEfaces
  2. ICE-11573

Update MyFaces to version 2.3.11

          Details

          • Type: Improvement Improvement
          • Status: Open
          • Priority: Major Major
          • Resolution: Unresolved
          • Affects Version/s: EE-4.3.0.GA_P07
          • Fix Version/s: EE-4.3.0.GA_P08
          • Component/s: Framework
          • Labels:
            None
          • Environment:
            Any

            Description

            We currently ship ICEfaces 4.3.0 (P07) with version 2.3.6 of MyFaces. The vulnerability CVE-2021-26296 has been reported for this version of MyFaces. While this vulnerability can be mitigated by certain configuration parameters in the web.xml file, it would be safer to eliminate that vulnerability without needing special configuration. Likewise, the commons-beanutils-1.9.4.jar dependency of our current version of MyFaces is vulnerable to CVE-2025-48734. Therefore, this JIRA is to update to the latest version of MyFaces that we can possibly support as well as to update all its dependencies to the safest possible versions. Thorough testing will be required to ensure that all ICEfaces features continue to work normally with this newer version of MyFaces.

              Activity

              Ascending order - Click to sort in descending order
              Arturo Zambrano created issue -
              Arturo Zambrano made changes -
              Field Original Value New Value
              Fix Version/s EE-4.3.0.GA_P08 [ 14371 ]

                People

                • Assignee:
                  Arturo Zambrano
                  Reporter:
                  Arturo Zambrano
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  1 Start watching this issue

                  Dates

                  • Created:
                    Updated: