-
FEATURED COMPONENTS
First time here? Check out the FAQ!
I am trying to resolve the vulnerability described here --> nvd.nist.gov/vuln/detail/CVE-2022-36537
The fix is tracked here --> tracker.zkoss.org/browse/ZK-5150
It says that the vulnerability is fixed in version 8.6.4.2.
However, this version is not available in maven central. The only version available in maven central with the fix appears to be 9.6.0.2, but that introduces some breaking changes so I am trying to stay within the 8.6.x releases.
Where can I get the 8.6.4.2 version of zk? Can that be published to Maven central?
Thanks.
Bumped your karma for links.
8.6.4.2 is in the EE repository (premium releases).
If you can't upgrade to the next fixed CE release (9.6.0.2), you can secure older versions the paches files in the tracker ticket: For ZK 8.6.0.1 to 9.6.1: use zk8601-to-zk961-patch.zip For ZK 8.0.2 to 8.6.0: use zk802-to-zk8600-patch.zip
download the relevant patch and apply to your current 8.6 release. (requires configuration in zk.xml, details in tracker ticket).
Asked: 2023-09-20 23:47:05 +0800
Seen: 6 times
Last updated: Sep 21
[ZK8.6 Preview] New media components coming soon!
Bug in Datebox with lenient=false and value 01.04.1981?
javascript cannot catch id of zul component. Please help.
failed to utilize getTop(), getLeft() on div(component). Please help.
Serving zul files from a directory outside web application