Nuxeo Marketplace

Find Nuxeo packages for your application

Nuxeo Security HotFix 1
Install 1.0.0

How to install nuxeo-security-HF01 1.0.0

Please ensure you've already downloaded and installed the Nuxeo Platform.

For a Nuxeo Online Services registered instance with internet access:

$NUXEO_HOME/bin/nuxeoctl mp-install nuxeo-security-HF01-1.0.0

For an unregistered instance, or an offline instance:

First Download nuxeo-security-HF01-1.0.0.zip, then

$NUXEO_HOME/bin/nuxeoctl mp-install /path/to/nuxeo-security-HF01-1.0.0.zip
NO SUBSCRIPTION REQUIRED NUXEO SUPPORTED
About this Package
Production State
Production Ready
Latest Update
Jan 13, 2020, 9:54:45 AM
Type
Hotfix
Package Dependencies
None
Optional Dependencies
None
License
LGPL
Marketplace Nuxeo Security HotFix 1

Nuxeo Security HotFix 1

By Nuxeo

This package fixes the RichFaces CVE-2013-2165 flaw. JBoss RichFaces has a known flaw related to deserialization: * https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2165 Details of the patch are here: * http://www.bleathem.ca/blog/2013/07/richfaces-CVE-2013-2165.html Note that Nuxeo 5.6.0-HF27 and 5.8.0-HF-01 automatically include this security fix. It is strongly recommended to install this package. Alternatively, you can manually update Nuxeo's RichFaces jars. Please refer to the following documentation to do so: * http://doc.nuxeo.com/x/bIAPAQ Credit to Arun Neelicattu and David Jorm of Red Hat for reporting this issue.