[ https://issues.jboss.org/browse/JBSEAM-5102?page=com.atlassian.jira.plugi... ] Marek Novotny moved JBPAPP-10764 to JBSEAM-5102: ------------------------------------------------ Project: Seam 2 (was: JBoss Enterprise Application Platform 4 and 5) Key: JBSEAM-5102 (was: JBPAPP-10764) Workflow: GIT Pull Request workflow (was: jira) Affects Version/s: 2.3.0.Final (was: EAP_EWP 5.1.1) Release Notes Docs Status: (was: Documented as Resolved Issue) Writer: (was: ppenicka) Release Notes Text: (was: Previously, Seam examples stored in <filename>JBOSS_HOME/seam/examples</filename> used unencrypted client-side view state. This made the example applications vulnerable to cross-site scripting (XSS) attacks or execution of arbitrary Expression Language (EL) statements (CVE-2010-2087). With this update, the examples use server-side view state, which eliminates these vulnerabilities.) Component/s: Examples (was: Seam) Security: (was: JBoss Internal) Fix Version/s: 2.3.1.CR1 (was: EAP_EWP 5.2.0) Docs QE Status: (was: NEW) -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira