Marketplace

Nuxeo Security HotFix 1

This package fixes the RichFaces CVE-2013-2165 flaw. JBoss RichFaces has a known flaw related to deserialization: * https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2165 Details of the patch are here: * http://www.bleathem.ca/blog/2013/07/richfaces-CVE-2013-2165.html Note that Nuxeo 5.6.0-HF27 and 5.8.0-HF-01 automatically include this security fix. It is strongly recommended to install this package. Alternatively, you can manually update Nuxeo's RichFaces jars. Please refer to the following documentation to do so: * http://doc.nuxeo.com/x/bIAPAQ Credit to Arun Neelicattu and David Jorm of Red Hat for reporting this issue.

Version1.0.0
For Nuxeo Platformscap-5.8, cap-5.8.0-HF*, cap-5.7.*, cap-5.6, cap-5.6.0-HF*, cap-5.5, cap-5.5.0-HF*
  • Install 1.0.0
  • NO SUBSCRIPTION REQUIRED SUPPORTED
  • How to install nuxeo-security-HF01 1.0.0

    Please ensure you've already downloaded and installed the Nuxeo Platform.

    For a Nuxeo Online Services registered instance with internet access:

    For an unregistered instance, or an offline instance:

    First Download nuxeo-security-HF01-1.0.0.zip, then

About this Package