Nuxeo Security HotFix 1

This package fixes the RichFaces CVE-2013-2165 flaw. JBoss RichFaces has a known flaw related to deserialization: * Details of the patch are here: * Note that Nuxeo 5.6.0-HF27 and 5.8.0-HF-01 automatically include this security fix. It is strongly recommended to install this package. Alternatively, you can manually update Nuxeo's RichFaces jars. Please refer to the following documentation to do so: * Credit to Arun Neelicattu and David Jorm of Red Hat for reporting this issue.

For Nuxeo Platformscap-5.8, cap-5.8.0-HF*, cap-5.7.*, cap-5.6, cap-5.6.0-HF*, cap-5.5, cap-5.5.0-HF*
  • Install 1.0.0
  • How to install nuxeo-security-HF01 1.0.0

    Please ensure you've already downloaded and installed the Nuxeo Platform.

    For a Nuxeo Online Services registered instance with internet access:

    For an unregistered instance, or an offline instance:

    First Download, then

About this Package