Details
-
Type:
Improvement
-
Status: Open
-
Priority:
Major
-
Resolution: Unresolved
-
Affects Version/s: EE-4.3.0.GA_P07
-
Fix Version/s: EE-4.3.0.GA_P08
-
Component/s: Framework
-
Labels:None
-
Environment:Any
Description
We currently ship ICEfaces 4.3.0 (P07) with version 2.3.6 of MyFaces. The vulnerability CVE-2021-26296 has been reported for this version of MyFaces. While this vulnerability can be mitigated by certain configuration parameters in the web.xml file, it would be safer to eliminate that vulnerability without needing special configuration. Likewise, the commons-beanutils-1.9.4.jar dependency of our current version of MyFaces is vulnerable to CVE-2025-48734. Therefore, this JIRA is to update to the latest version of MyFaces that we can possibly support as well as to update all its dependencies to the safest possible versions. Thorough testing will be required to ensure that all ICEfaces features continue to work normally with this newer version of MyFaces.
Activity
- All
- Comments
- History
- Activity
- Remote Attachments
- Subversion