Tags
People
Badges
Help-
CORE FRAMEWORK
FEATURED COMPONENTS
-
RESOURCES
-
LEARN ZK
RESOURCES
I am trying to resolve the vulnerability described here --> nvd.nist.gov/vuln/detail/CVE-2022-36537
The fix is tracked here --> tracker.zkoss.org/browse/ZK-5150
It says that the vulnerability is fixed in version 8.6.4.2.
However, this version is not available in maven central. The only version available in maven central with the fix appears to be 9.6.0.2, but that introduces some breaking changes so I am trying to stay within the 8.6.x releases.
Where can I get the 8.6.4.2 version of zk? Can that be published to Maven central?
Thanks.
Bumped your karma for links.
8.6.4.2 is in the EE repository (premium releases).
If you can't upgrade to the next fixed CE release (9.6.0.2), you can secure older versions the paches files in the tracker ticket: For ZK 8.6.0.1 to 9.6.1: use zk8601-to-zk961-patch.zip For ZK 8.0.2 to 8.6.0: use zk802-to-zk8600-patch.zip
download the relevant patch and apply to your current 8.6 release. (requires configuration in zk.xml, details in tracker ticket).
Asked: 2023-09-20 23:47:05 +0800
Seen: 7 times
Last updated: Sep 21
