[seam-commits] Seam SVN: r13530 - tags/JBoss_Seam_2_2_1_CR2.
seam-commits at lists.jboss.org
seam-commits at lists.jboss.org
Fri Jul 30 07:08:29 EDT 2010
Author: manaRH
Date: 2010-07-30 07:08:28 -0400 (Fri, 30 Jul 2010)
New Revision: 13530
Modified:
tags/JBoss_Seam_2_2_1_CR2/changelog.txt
Log:
added additional comment to issue JBSEAM-4676
Modified: tags/JBoss_Seam_2_2_1_CR2/changelog.txt
===================================================================
--- tags/JBoss_Seam_2_2_1_CR2/changelog.txt 2010-07-30 08:30:04 UTC (rev 13529)
+++ tags/JBoss_Seam_2_2_1_CR2/changelog.txt 2010-07-30 11:08:28 UTC (rev 13530)
@@ -31,7 +31,7 @@
* [JBSEAM-4666] - QueueConnection.stop() can not be called from an EJB containrer as stated in JEE5 spec section EE 6.6
* [JBSEAM-4669] - Major java deadlock between BijectionInterceptor and Component since the getInstanceFromFactory method is synchronized
* [JBSEAM-4671] - XML texts in the chapter for WebSphere do not render correctly in HTML + light refresh of the chapter
- * [JBSEAM-4676] - Seam param - disabling EL expression evaluation
+ * [JBSEAM-4676] - Seam param - disabling EL expression evaluation - this fixes CVE-2010-1871 and JBoss would like to thank Meder Kydyraliev of the Google Security Team for responsibly reporting this issue
* [JBSEAM-4677] - Transaction Interceptor leaks transactions
** Patch
More information about the seam-commits
mailing list