search

albfernandez / richfaces

RichFaces - JSF component framework
GNU Lesser General Public License v2.1
16 stars 8 forks source link

Fix CVE-2018-12532 #20

Closed albfernandez closed 6 years ago

albfernandez commented 6 years ago

https://nvd.nist.gov/vuln/detail/CVE-2018-12532

albfernandez commented 6 years ago

Fully remove mediaOutput to fix the issue.

https://github.com/albfernandez/richfaces/commit/dff8da74933e3610a6cdb8cf9c41b3ce9efe42d7

https://github.com/albfernandez/richfaces/commit/411592b1f6edc053d87a9249f6132ca36618bac2