Skip to content
/ richfaces-impl-patched Public

The original richfaces-impl.3.3.4.Final, but with all the whitelisted classes removed from resource-serialization.properties

License

LGPL-2.1 license
0 stars 2 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

adnovum/richfaces-impl-patched

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
src
src
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

richfaces-impl-patched

The original richfaces-impl.3.3.4.Final, but with all the whitelisted classes removed from resource-serialization.properties

Several vulnerabilities (such as CVE-2018-12533 and CVE-2018-14667) are based on the fact that under certain circumstances RichFaces deserializes classes based on a whitelist, which is defined in a file called resource-serialization.properties .

If you don't need the functionality where this is involved, then you can defend against these attacks by emptying the whitelist --> which is exactly what is done here.

About

The original richfaces-impl.3.3.4.Final, but with all the whitelisted classes removed from resource-serialization.properties

Resources

Readme

License

LGPL-2.1 license
Activity
Custom properties

Stars

0 stars

Watchers

4 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages