You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@wicket.apache.org by cm...@apache.org on 2012/09/06 15:33:00 UTC
svn commit: r1381594 - in /wicket/common/site/trunk: _posts/ _site/
_site/2011/03/25/ _site/2011/05/17/ _site/2012/09/06/ _site/learn/books/
_site/start/
Author: cmenzel
Date: Thu Sep 6 13:32:59 2012
New Revision: 1381594
URL: http://svn.apache.org/viewvc?rev=1381594&view=rev
Log:
CVE-2012-3373
Added:
wicket/common/site/trunk/_posts/2012-09-06-cve-2012-3373.md
wicket/common/site/trunk/_site/2012/09/06/
wicket/common/site/trunk/_site/2012/09/06/cve-2012-3373.html
Modified:
wicket/common/site/trunk/_site/2011/03/25/wicket-cookbook-published.html
wicket/common/site/trunk/_site/2011/05/17/wicket-cookbook-contest.html
wicket/common/site/trunk/_site/atom.xml
wicket/common/site/trunk/_site/index.html
wicket/common/site/trunk/_site/learn/books/index.html
wicket/common/site/trunk/_site/start/index.html
wicket/common/site/trunk/_site/start/quickstart.html
Added: wicket/common/site/trunk/_posts/2012-09-06-cve-2012-3373.md
URL: http://svn.apache.org/viewvc/wicket/common/site/trunk/_posts/2012-09-06-cve-2012-3373.md?rev=1381594&view=auto
==============================================================================
--- wicket/common/site/trunk/_posts/2012-09-06-cve-2012-3373.md (added)
+++ wicket/common/site/trunk/_posts/2012-09-06-cve-2012-3373.md Thu Sep 6 13:32:59 2012
@@ -0,0 +1,27 @@
+---
+layout: post
+title: CVE-2012-3373 - Apache Wicket XSS vulnerability
+---
+
+Severity: Important
+
+Vendor:
+The Apache Software Foundation
+
+Versions Affected:
+Apache Wicket 1.4.x and 1.5.x
+
+Description:
+It is possible to inject JavaScript statements into an ajax link by adding an
+encoded null byte to a URL pointing to a Wicket app. This could be done by sending a
+legitimate user a manipulated URL and tricking the user into clicking on it.
+
+This vulnerability is fixed in
+[Apache Wicket 1.4.21](https://wicket.apache.org/2012/09/05/wicket-1.4.21-released.html) and
+[Apache Wicket 1.5.8](https://wicket.apache.org/2012/08/24/wicket-1.5.8-released.html).
+
+[Apache Wicket 6.0.0](https://wicket.apache.org/2012/09/05/wicket-6.0.0-released.html) is not affected.
+
+
+Credit:
+This issue was reported by Thomas Heigl.
Modified: wicket/common/site/trunk/_site/2011/03/25/wicket-cookbook-published.html
URL: http://svn.apache.org/viewvc/wicket/common/site/trunk/_site/2011/03/25/wicket-cookbook-published.html?rev=1381594&r1=1381593&r2=1381594&view=diff
==============================================================================
--- wicket/common/site/trunk/_site/2011/03/25/wicket-cookbook-published.html (original)
+++ wicket/common/site/trunk/_site/2011/03/25/wicket-cookbook-published.html Thu Sep 6 13:32:59 2012
@@ -161,7 +161,7 @@
<div id="contentbody">
<h1>Apache Wicket Cookbook Published!</h1>
- <img alt='' height='222' src='http://wicket.apache.org/learn/books/awc.png' style='float: left; margin-left: 10px; margin-right: 10px;' title='Apache Wicket Cookbook' width='180' />
+ <img alt='' style='float: left; margin-left: 10px; margin-right: 10px;' src='http://wicket.apache.org/learn/books/awc.png' title='Apache Wicket Cookbook' height='222' width='180' />
<p>For the past nine months I have been quietly working on a book about Wicket. Unlike other books on the market this one does not attempt to teach you Wicket from the ground up. Instead, it is for developers who already know the basics and want to learn how to implement some of the more advanced use cases. Essentially, it contains recipes that show the reader how to implement solutions to some of, what I think are, the most commonly asked questions and stumbling blocks.</p>
<p>This morning I was informed that the book has been published! You can read more about it and pick up a copy on <a href='https://www.packtpub.com/apache-wicket-cookbook/book'>PACKT's Site</a>.</p>
Modified: wicket/common/site/trunk/_site/2011/05/17/wicket-cookbook-contest.html
URL: http://svn.apache.org/viewvc/wicket/common/site/trunk/_site/2011/05/17/wicket-cookbook-contest.html?rev=1381594&r1=1381593&r2=1381594&view=diff
==============================================================================
--- wicket/common/site/trunk/_site/2011/05/17/wicket-cookbook-contest.html (original)
+++ wicket/common/site/trunk/_site/2011/05/17/wicket-cookbook-contest.html Thu Sep 6 13:32:59 2012
@@ -161,7 +161,7 @@
<div id="contentbody">
<h1>Apache Wicket Cookbook Giveaway Contest</h1>
- <img alt='' height='111' src='http://wicket.apache.org/learn/books/awc.png' style='float: left; margin-left: 10px; margin-right: 10px;' title='Apache Wicket Cookbook' width='90' />
+ <img alt='' style='float: left; margin-left: 10px; margin-right: 10px;' src='http://wicket.apache.org/learn/books/awc.png' title='Apache Wicket Cookbook' height='111' width='90' />
<p>Packt Publishing has generously allowed me to give away a free copy of the ebook version of <a href='http://link.packtpub.com/AzN8N9'><strong>Apache Wicket Cookbook</strong></a> (http://link.packtpub.com/AzN8N9), and a <strong>free one year subscription</strong> to PacktLib. For details see the <a href='http://wicketinaction.com/2011/05/apache_wicket_cookbook_giveaway_contest'>contest announcement</a>.</p>
<p>Cheers,<br /> -Igor <br /><br /><br /><br /><br /><br /></p>
Added: wicket/common/site/trunk/_site/2012/09/06/cve-2012-3373.html
URL: http://svn.apache.org/viewvc/wicket/common/site/trunk/_site/2012/09/06/cve-2012-3373.html?rev=1381594&view=auto
==============================================================================
--- wicket/common/site/trunk/_site/2012/09/06/cve-2012-3373.html (added)
+++ wicket/common/site/trunk/_site/2012/09/06/cve-2012-3373.html Thu Sep 6 13:32:59 2012
@@ -0,0 +1,187 @@
+<!DOCTYPE html>
+<html>
+<head>
+ <title>Apache Wicket - CVE-2012-3373 - Apache Wicket XSS vulnerability</title>
+
+ <link rel="stylesheet" href="/css/screen.css" type="text/css" media="screen" />
+
+ <!--[if lt ie 7]>
+ <link rel="stylesheet" href="/css/ie.css" type="text/css" media="screen" />
+ <![endif]-->
+ <link rel="shortcut icon" href="/favicon.ico" type="image/vnd.microsoft.icon" />
+ <link rel="alternate" type="application/atom+xml" href="/atom.xml" />
+ <meta http-equiv="content-type" content="text/html;charset=utf-8" />
+</head>
+<body>
+<div id="container">
+ <div id="content">
+ <div id="header"><a href="/"><h1 id="logo"><span>Apache Wicket</span></h1></a></div>
+ <div id="navigation">
+ <h5><a name="Navigation-Wicket"></a>Meet Wicket</h5>
+ <ul>
+ <li>
+ <a href="/" title="Index">Home</a>
+ </li>
+ <li>
+ <a href="/meet/introduction.html" title="Introduction">Introduction</a>
+ </li>
+ <li>
+ <a href="/meet/features.html" title="Features">Features</a>
+ </li>
+ <li>
+ <a href="/meet/buzz.html" title="Buzz">Buzz</a>
+ </li>
+ <li>
+ <a href="/meet/vision.html" title="Vision">Vision</a>
+ </li>
+ <li>
+ <a href="/meet/blogs.html" title="Blogs">Blogs</a>
+ </li>
+ </ul>
+ <h5>
+ <a name="Navigation-GettingStarted" id="Navigation-GettingStarted"></a>Get Started
+ </h5>
+ <ul>
+ <li>
+ <a href="/start/download.html" title="Download Wicket">Download Wicket</a>
+ </li>
+ <li>
+ <a href="/start/quickstart.html" title="Getting started via a Maven Archetype">Quickstart</a>
+ </li>
+ <li>
+ <a href="http://www.jweekend.com/dev/LegUp" rel="nofollow">More archetypes</a>
+ </li>
+ <li>
+ <a href="/help" title="Get help">Get help</a>
+ </li>
+ <li>
+ <a href="/help/email.html" title="Wicket Mailing Lists">Mailing Lists</a>
+ </li>
+ </ul>
+ <h5>
+ <a name="Navigation-Documentation" id="Navigation-Documentation"></a>Learn
+ </h5>
+ <ul>
+ <li>
+ <a href="/learn/examples" title="Examples">Examples</a>
+ </li>
+ <li>
+ <a href="http://www.wicket-library.com/wicket-examples/compref/">Components</a>
+ </li>
+ <li>
+ <a href="/learn/projects/" title="Projects extending basic Wicket">Projects</a>
+ </li>
+ <li>
+ <a href="http://cwiki.apache.org/WICKET">Wiki</a>
+ </li>
+ <li>
+ <a href="http://cwiki.apache.org/WICKET/reference-library.html">Reference guide</a>
+ </li>
+ <li>
+ <a href="/learn/books" title="Books">Books</a>
+ </li>
+ <li>
+ <a href="/learn/ides.html" title="IDEs">IDE plugins</a>
+ </li>
+ </ul>
+ <h5>
+ <a name="Navigation-Releases" id="Navigation-Releases"></a>Releases
+ </h5>
+ <ul>
+ <li>
+ <a href="http://www.apache.org/dyn/closer.cgi/wicket/6.0.0">Wicket 6.0</a>
+ (<a href="http://ci.apache.org/projects/wicket/apidocs/6.0.x/" title="JavaDocs of the latest stable release - 6.0.x">docs</a>)
+ </li>
+ <li>
+ <a href="http://www.apache.org/dyn/closer.cgi/wicket/1.5.8">Wicket 1.5</a>
+ (<a href="http://ci.apache.org/projects/wicket/apidocs/1.5.x/" title="JavaDocs of the latest stable release - 1.5.x">docs</a>)
+ </li>
+ <li>
+ <a href="http://www.apache.org/dyn/closer.cgi/wicket/1.4.21">Wicket 1.4</a>
+ (<a href="http://ci.apache.org/projects/wicket/apidocs/1.4.x" title="JavaDocs of Apache Wicket 1.4.x">docs</a>)
+ </li>
+ <li>
+ <a href="http://www.apache.org/dyn/closer.cgi/wicket/1.3.7">Wicket 1.3</a>
+ (<a href="http://ci.apache.org/projects/wicket/apidocs/1.3.x" title="JavaDocs of Apache Wicket 1.3.x">docs</a>)
+ </li>
+ <li>
+ <a href="http://wicket.sf.net/wicket-1.2" class="external-link" rel="nofollow">Wicket 1.2</a>
+ </li>
+ <li>
+ <a href="http://wicket.sf.net/wicket-1.1" class="external-link" rel="nofollow">Wicket 1.1</a>
+ </li>
+ <li>
+ <a href="http://wicket.sf.net/wicket-1.0" class="external-link" rel="nofollow">Wicket 1.0</a>
+ </li>
+ </ul>
+ <h5>
+ <a name="Navigation-Developers" id="Navigation-Developers"></a>Contribute
+ </h5>
+ <ul>
+ <li>
+ <a href="http://www.apache.org/dyn/closer.cgi/wicket/6.0.0-beta3">Wicket 6.x BETA</a>
+ </li>
+ <li>
+ <a href="http://ci.apache.org/projects/wicket/apidocs/6.0.x/" title="JavaDocs of the latest beta release - 6.0.x">Wicket 6.x docs</a>
+ </li>
+ <li>
+ <a href="/contribute/write.html" title="Writing documentation">Writing docs</a>
+ </li>
+ <li>
+ <a href="/contribute/build.html" title="Building from SVN">Build Wicket</a>
+ </li>
+ <li>
+ <a href="/contribute/patch.html" title="Provide a patch">Provide a patch</a>
+ </li>
+ <li>
+ <a href="/contribute/release.html" title="Release Wicket">Release Wicket</a>
+ </li>
+ <li>
+ <a href="http://fisheye6.atlassian.com/browse/wicket" title="SVN Overview" class="external-link" rel="nofollow">Fisheye</a>
+ </li>
+ </ul>
+ <h5>
+ <a name="Navigation-Apache" id="Navigation-Apache"></a>Apache
+ </h5>
+ <ul>
+ <li>
+ <a href="http://www.apache.org/" class="external-link" rel="nofollow">Apache</a>
+ </li>
+ <li>
+ <a href="http://www.apache.org/licenses/" class="external-link" rel="nofollow">License</a>
+ </li>
+ <li>
+ <a href="http://www.apache.org/foundation/sponsorship.html" class="external-link" rel="nofollow">Sponsorship</a>
+ </li>
+ <li>
+ <a href="http://apache.org/foundation/thanks.html" class="external-link" rel="nofollow">Thanks</a>
+ </li>
+ </ul>
+</div>
+
+ <div id="contentbody">
+ <h1>CVE-2012-3373 - Apache Wicket XSS vulnerability</h1>
+ <p>Vendor: The Apache Software Foundation</p>
+
+<p>Versions Affected: Apache Wicket 1.4.x and 1.5.x</p>
+
+<p>Description: It is possible to inject JavaScript statements into an ajax link by adding an encoded null byte to a URL pointing to a Wicket app. This could be done by sending a legitimate user a manipulated URL and tricking the user into clicking on it.</p>
+
+<p>This vulnerability is fixed in <a href='https://wicket.apache.org/2012/09/05/wicket-1.4.21-released.html'>Apache Wicket 1.4.21</a> and <a href='https://wicket.apache.org/2012/08/24/wicket-1.5.8-released.html'>Apache Wicket 1.5.8</a>.</p>
+
+<p><a href='https://wicket.apache.org/2012/09/05/wicket-6.0.0-released.html'>Apache Wicket 6.0.0</a> is not affected.</p>
+
+<p>Credit: This issue was reported by Thomas Heigl.</p>
+ </div>
+ <div id="clearer"></div>
+ <div id="footer"><span>
+Copyright © 2012 — The Apache Software Foundation. Apache Wicket,
+Wicket, Apache, the Apache feather logo, and the Apache Wicket project logo
+are trademarks of The Apache Software Foundation. All other marks mentioned
+may be trademarks or registered trademarks of their respective owners.
+</span></div>
+
+ </div>
+</div>
+</body>
+</html>
Modified: wicket/common/site/trunk/_site/atom.xml
URL: http://svn.apache.org/viewvc/wicket/common/site/trunk/_site/atom.xml?rev=1381594&r1=1381593&r2=1381594&view=diff
==============================================================================
--- wicket/common/site/trunk/_site/atom.xml (original)
+++ wicket/common/site/trunk/_site/atom.xml Thu Sep 6 13:32:59 2012
@@ -4,7 +4,7 @@
<title>Apache Wicket</title>
<link href="http://wicket.apache.org/atom.xml" rel="self"/>
<link href="http://wicket.apache.org/"/>
- <updated>2012-09-05T18:20:37+02:00</updated>
+ <updated>2012-09-06T13:26:24+02:00</updated>
<id>http://wicket.apache.org/</id>
<author>
<name>Apache Wicket</name>
@@ -13,6 +13,24 @@
<entry>
+ <title>CVE-2012-3373 - Apache Wicket XSS vulnerability</title>
+ <link href="http://wicket.apache.org/2012/09/06/cve-2012-3373.html"/>
+ <updated>2012-09-06T00:00:00+02:00</updated>
+ <id>http://wicket.apache.org/2012/09/06/cve-2012-3373</id>
+ <content type="html"><p>Vendor: The Apache Software Foundation</p>
+
+<p>Versions Affected: Apache Wicket 1.4.x and 1.5.x</p>
+
+<p>Description: It is possible to inject JavaScript statements into an ajax link by adding an encoded null byte to a URL pointing to a Wicket app. This could be done by sending a legitimate user a manipulated URL and tricking the user into clicking on it.</p>
+
+<p>This vulnerability is fixed in <a href='https://wicket.apache.org/2012/09/05/wicket-1.4.21-released.html'>Apache Wicket 1.4.21</a> and <a href='https://wicket.apache.org/2012/08/24/wicket-1.5.8-released.html'>Apache Wicket 1.5.8</a>.</p>
+
+<p><a href='https://wicket.apache.org/2012/09/05/wicket-6.0.0-released.html'>Apache Wicket 6.0.0</a> is not affected.</p>
+
+<p>Credit: This issue was reported by Thomas Heigl.</p></content>
+ </entry>
+
+ <entry>
<title>Apache Wicket v6.0.0 released</title>
<link href="http://wicket.apache.org/2012/09/05/wicket-6.0.0-released.html"/>
<updated>2012-09-05T00:00:00+02:00</updated>
@@ -381,32 +399,4 @@ public void renderHead(IHeaderResponse r
<p>The Wicket team!</p></content>
</entry>
- <entry>
- <title>CVE-2012-1089 - Apache Wicket serving of hidden files vulnerability</title>
- <link href="http://wicket.apache.org/2012/03/22/wicket-cve-2012-1089.html"/>
- <updated>2012-03-22T00:00:00+01:00</updated>
- <id>http://wicket.apache.org/2012/03/22/wicket-cve-2012-1089</id>
- <content type="html"><p>Vendor: The Apache Software Foundation</p>
-
-<p>Versions Affected: Apache Wicket 1.4.x and 1.5.x</p>
-
-<p>Description: It is possible to view the content of any file of a web application by using an Url to a Wicket resource which resolves to a &#8216;null&#8217; package. With such a Url the attacker can request the content of any file by specifying its relative path, i.e. the attacker must know the file name to be able to request it.</p>
-
-<p>Mitigation: Setup a custom org.apache.wicket.markup.html.IPackageResourceGuard that provides a whitelist of allowed resources. Since versions 1.4.20 and 1.5.5 Apache Wicket uses by default org.apache.wicket.markup.html.SecurePackageResourceGuard with a preconfigured list of allowed file extensions. Either setup SecurePackageResourceGuard with code like:</p>
-<div class='highlight'><pre><code class='java'><span class='kd'>public</span> <span class='kd'>class</span> <span class='nc'>MyApp</span> <span class='kd'>extends</span> <span class='n'>WebApplication</span> <span class='o'>{</span>
- <span class='kd'>public</span> <span class='kt'>void</span> <span class='nf'>init</span><span class='o'>()</span> <span class='o'>{</span>
- <span class='kd'>super</span><span class='o'>.</span><span class='na'>init</span><span class='o'>();</span>
- <span class='n'>SecurePackageResourceGuard</span> <span class='n'>guard</span> <span class='o'>=</span> <span class='k'>new</span> <span class='n'>SecurePackageResourceGuard</span><span class='o'>();</span>
- <span class='n'>guard</span><span class='o'>.</span><span class='na'>addPattern</span><span class='o'>(...);</span>
- <span class='n'>guard</span><span class='o'>.</span><span class='na'>addPattern</span><span class='o'>(...);</span>
- <span class='n'>getResourceSettings</span><span class='o'>().</span><span class='na'>setPackageResourceGuard</span><span class='o'>(</span><span class='n'>guard</span><span class='o'>);</span>
- <span class='o'>}</span>
-<span class='o'>}</span>
-</code></pre>
-</div>
-<p>or upgrade <a href='http://wicket.apache.org/2012/03/12/wicket-1.4.20-released.html'>Apache Wicket 1.4.20</a> or <a href='http://wicket.apache.org/2012/03/12/wicket-1.5.5-released.html'>Apache Wicket 1.5.5</a></p>
-
-<p>Credit: This issue was discovered by Sebastian van Erk.</p></content>
- </entry>
-
</feed>
Modified: wicket/common/site/trunk/_site/index.html
URL: http://svn.apache.org/viewvc/wicket/common/site/trunk/_site/index.html?rev=1381594&r1=1381593&r2=1381594&view=diff
==============================================================================
--- wicket/common/site/trunk/_site/index.html (original)
+++ wicket/common/site/trunk/_site/index.html Thu Sep 6 13:32:59 2012
@@ -181,6 +181,8 @@
<p>Wicket is released under the <a href='http://www.apache.org/licenses/LICENSE-2.0.html'>Apache License, Version 2.0</a>.</p>
+<h1 id='cve20123373__apache_wicket_xss_vulnerability'><a href='/2012/09/06/cve-2012-3373.html'>CVE-2012-3373 - Apache Wicket XSS vulnerability</a></h1>
+<p>Vendor: The Apache Software Foundation</p><p>Versions Affected: Apache Wicket 1.4.x and 1.5.x</p><p>Description: It is possible to inject JavaScript statements into an ajax link by adding an encoded null byte to a URL pointing to a Wicket app. This could be done by sending a legitimate user a manipulated URL and tricking the user into clicking on it.</p><p>This vulnerability is fixed in <a href='https://wicket.apache.org/2012/09/05/wicket-1.4.21-released.html'>Apache Wicket 1.4.21</a> and <a href='https://wicket.apache.org/2012/08/24/wicket-1.5.8-released.html'>Apache Wicket 1.5.8</a>.</p><p><a href='https://wicket.apache.org/2012/09/05/wicket-6.0.0-released.html'>Apache Wicket 6.0.0</a> is not affected.</p><p>Credit: This issue was reported by Thomas Heigl.</p>
<h1 id='apache_wicket_v600_released'><a href='/2012/09/05/wicket-6.0.0-released.html'>Apache Wicket v6.0.0 released</a></h1>
<blockquote>
<p>“With great pleasure we announce the availability of Apache Wicket 6.0.0”</p>
@@ -198,23 +200,13 @@
<li>Dependency management for client side javascript libraries</li>
<li>Experimental support for websockets</li>
-</ul><p>This release is available from the <a href='http://www.apache.org/dyn/closer.cgi/wicket/6.0.0'>usual download location (wicket-6.0.0)</a>, or available through the Maven Central repository.</p><p>Additional features include a customizable client-side API, improved feedback messages, correct packaging for OSGi compatibility and improved initialization of plugins. Highlights include:</p><p>Java 6 required - This release moves the minimum required Java version to Java 6. This means that Wicket applications running on earlier Java versions meaning to upgrade, also need to upgrade their Java runtime.</p><p>Revamped Wicket AJAX now leverages JQuery - Wicket’s custom AJAX JavaScript library has been re-implemented using JQuery. This makes it easier to integrate JQuery plugins into Wicket applications. With the new AJAX implementation it is possible to provide your own version of JQuery should the need arise, or even to replace the whole Wicket client side AJAX impleme
ntation.</p><p>AJAX Attributes - With the new and improved AJAX implementation, you can alter any aspect of an AJAX request through AjaxRequestAttributes. For example you can specify that the request should be executed using POST instead of GET, or that the AJAX request should be multi-part, etc. See the migration guide or the JavaDoc of AjaxRequestAttributes for all possible options.</p><p>Browser event registration replaces inline events - Wicket now uses JavaScript event registration instead of inline attributes for AJAX components. This enables multiple event listeners to be attached to a markup tag, cleans up the rendered markup considerably and reduces the amount of generated markup.</p><p>IDataProvider now uses long instead of int - The <code>IDataProvider<T></code> interface and implementations now use long instead of int for index and size parameters to better line up with the Java Persistence API and other persistency frameworks. Big data is now possible with
Wicket!</p><p><code>${label}</code> replaces <code>${input}</code> in feedback messages - Previous Wicket versions used the input that was provided by users in error messages when validations failed. This led to error messages like “1234a is not a valid number”. In Wicket 6 the feedback messages use the label of the invalid form component instead. You can set the label by calling setLabel() on the form component. If no label is provided, Wicket defaults to displaying the component identifier. This changes the error message to “Phonenumber is not a valid number”.</p><p>Resources can declare dependencies - It is now much easier to create resource contributions with dependencies, for example a JQuery plugin can declare a dependency on JQuery and other resources such as embedded style sheets. Users of such resources donât have to provide these dependencies themselves, and the dependencies are linked in the appropriate order.</p><p>Packaged resources
will use minimized version automatically - When a minimized JavaScript resource is available (filename.min.js â add the .min part to the filename before the extension), Wicket will automatically use the minimized version when running in deployment mode, while using the non-minimized version for development mode.</p><p>OSGi compatible packaging - Wicket’s packaging has been made compatible with OSGi bundles by moving some classes to different packages. The full list can be found in our migration guide. This makes it much easier to deploy Wicket applications in an OSGi environment.</p><p>Experimental websocket implementations - This release also includes two experimental websocket implementations: one using Atmosphere as a bridge for browsers and containers that don’t support websockets natively and one for containers and browsers that have native websocket support.</p><p>The complete set of changes is available in the migration guide at <a href='http://s.apa
che.org/wicket-6.0-migration'>http://s.apache.org/wicket-6.0-migration</a></p><h3 id='availability_and_oversight'>Availability and Oversight</h3><p>As with all Apache products, Apache Wicket v6.0.0 is released under the Apache License v2.0, and is overseen by a self-selected team of active contributors to the project. A Project Management Committee (PMC) guides the Project’s day-to-day operations, including community development and product releases. Apache Wicket source code, documentation, and related resources are available at http://wicket.apache.org/</p><p>“Apache”, “Wicket”, “Apache Wicket”, and “ApacheCon” are trademarks of The Apache Software Foundation. All other brands and trademarks are the property of their respective owners.</p>
-<h1 id='wicket_1421_released'><a href='/2012/09/05/wicket-1.4.21-released.html'>Wicket 1.4.21 released</a></h1>
-<p>This is 21st release of the Wicket 1.4.x series. This is also the last release of the 1.4.x series, rounding up the remaining bugfixes. No further releases will happen in this branch.</p><ul>
-<li><a href='http://git-wip-us.apache.org/repos/asf/wicket/repo?p=wicket.git;a=shortlog;h=refs/tags/release/wicket-1.4.21'>Git tag</a></li>
-
-<li><a href='https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310561&version=12320171'>Changelog</a></li>
-
-<li>To use in Maven:</li>
-</ul><div class='highlight'><pre><code class='xml'><span class='nt'><dependency></span>
- <span class='nt'><groupId></span>org.apache.wicket<span class='nt'></groupId></span>
- <span class='nt'><artifactId></span>wicket<span class='nt'></artifactId></span>
- <span class='nt'><version></span>1.4.21<span class='nt'></version></span>
-<span class='nt'></dependency></span>
-</code></pre>
-</div><ul>
-<li>Download the <a href='http://www.apache.org/dyn/closer.cgi/wicket/1.4.21'>full distribution</a> (including source)</li>
-</ul><h1>Older news items</h1><ul>
+</ul><p>This release is available from the <a href='http://www.apache.org/dyn/closer.cgi/wicket/6.0.0'>usual download location (wicket-6.0.0)</a>, or available through the Maven Central repository.</p><p>Additional features include a customizable client-side API, improved feedback messages, correct packaging for OSGi compatibility and improved initialization of plugins. Highlights include:</p><p>Java 6 required - This release moves the minimum required Java version to Java 6. This means that Wicket applications running on earlier Java versions meaning to upgrade, also need to upgrade their Java runtime.</p><p>Revamped Wicket AJAX now leverages JQuery - Wicket’s custom AJAX JavaScript library has been re-implemented using JQuery. This makes it easier to integrate JQuery plugins into Wicket applications. With the new AJAX implementation it is possible to provide your own version of JQuery should the need arise, or even to replace the whole Wicket client side AJAX impleme
ntation.</p><p>AJAX Attributes - With the new and improved AJAX implementation, you can alter any aspect of an AJAX request through AjaxRequestAttributes. For example you can specify that the request should be executed using POST instead of GET, or that the AJAX request should be multi-part, etc. See the migration guide or the JavaDoc of AjaxRequestAttributes for all possible options.</p><p>Browser event registration replaces inline events - Wicket now uses JavaScript event registration instead of inline attributes for AJAX components. This enables multiple event listeners to be attached to a markup tag, cleans up the rendered markup considerably and reduces the amount of generated markup.</p><p>IDataProvider now uses long instead of int - The <code>IDataProvider<T></code> interface and implementations now use long instead of int for index and size parameters to better line up with the Java Persistence API and other persistency frameworks. Big data is now possible with
Wicket!</p><p><code>${label}</code> replaces <code>${input}</code> in feedback messages - Previous Wicket versions used the input that was provided by users in error messages when validations failed. This led to error messages like “1234a is not a valid number”. In Wicket 6 the feedback messages use the label of the invalid form component instead. You can set the label by calling setLabel() on the form component. If no label is provided, Wicket defaults to displaying the component identifier. This changes the error message to “Phonenumber is not a valid number”.</p><p>Resources can declare dependencies - It is now much easier to create resource contributions with dependencies, for example a JQuery plugin can declare a dependency on JQuery and other resources such as embedded style sheets. Users of such resources donât have to provide these dependencies themselves, and the dependencies are linked in the appropriate order.</p><p>Packaged resources
will use minimized version automatically - When a minimized JavaScript resource is available (filename.min.js â add the .min part to the filename before the extension), Wicket will automatically use the minimized version when running in deployment mode, while using the non-minimized version for development mode.</p><p>OSGi compatible packaging - Wicket’s packaging has been made compatible with OSGi bundles by moving some classes to different packages. The full list can be found in our migration guide. This makes it much easier to deploy Wicket applications in an OSGi environment.</p><p>Experimental websocket implementations - This release also includes two experimental websocket implementations: one using Atmosphere as a bridge for browsers and containers that don’t support websockets natively and one for containers and browsers that have native websocket support.</p><p>The complete set of changes is available in the migration guide at <a href='http://s.apa
che.org/wicket-6.0-migration'>http://s.apache.org/wicket-6.0-migration</a></p><h3 id='availability_and_oversight'>Availability and Oversight</h3><p>As with all Apache products, Apache Wicket v6.0.0 is released under the Apache License v2.0, and is overseen by a self-selected team of active contributors to the project. A Project Management Committee (PMC) guides the Project’s day-to-day operations, including community development and product releases. Apache Wicket source code, documentation, and related resources are available at http://wicket.apache.org/</p><p>“Apache”, “Wicket”, “Apache Wicket”, and “ApacheCon” are trademarks of The Apache Software Foundation. All other brands and trademarks are the property of their respective owners.</p><h1>Older news items</h1><ul>
+
+
+<li>
+ <a href='/2012/09/05/wicket-1.4.21-released.html'>Wicket 1.4.21 released</a> - <span>05 Sep 2012</span><br />
+ This is 21st release of the Wicket 1.4.x series. This is also the last release of the 1.4.x series, rounding up the remaining bugfixes. No...
+ <a href='/2012/09/05/wicket-1.4.21-released.html'>more</a></li>
<li>
@@ -270,17 +262,11 @@
Vendor: The Apache Software Foundation Versions Affected: Apache Wicket 1.4.x Apache Wicket 1.3.x and 1.5.x are not affected Description: A Cross Site Scripting (XSS) attack...
<a href='/2012/03/22/wicket-cve-2012-0047.html'>more</a></li>
-
-<li>
- <a href='/2012/03/12/wicket-1.5.5-released.html'>Wicket 1.5.5 released</a> - <span>12 Mar 2012</span><br />
- This is the fifth maintenance release of the Wicket 1.5.x series. This release brings over 50 bug fixes and improvements. Git tag Changelog To use...
- <a href='/2012/03/12/wicket-1.5.5-released.html'>more</a></li>
-
</ul>
<h1 id='books_about_wicket'>Books about Wicket</h1>
<p>The following books are published regarding Apache Wicket (click a cover to learn more about the book):</p>
-<a href='/learn/books/awc.html'><img height='200px' src='/learn/books/awc.png' /></a><a href='/learn/books/wia.html'><img height='200px' src='/learn/books/wia.png' /></a><a href='/learn/books/ewdww.html'><img height='200px' src='/learn/books/ewdww.png' /></a><a href='/learn/books/prowicket.html'><img height='200px' src='/learn/books/prowicket.png' /></a><a href='/learn/books/kwij.html'><img height='200px' src='/learn/books/kwij.png' /></a><a href='/learn/books/praxisbuchwicket.html'><img height='200px' src='/learn/books/praxisbuchwicket.png' /></a><a href='/learn/books/wicket-jp.html'><img height='200px' src='/learn/books/wicket-jp.png' /></a><a href='/learn/books/koda.html'><img height='200px' src='/learn/books/koda.jpg' /></a>
+<a href='/learn/books/awc.html'><img src='/learn/books/awc.png' height='200px' /></a><a href='/learn/books/wia.html'><img src='/learn/books/wia.png' height='200px' /></a><a href='/learn/books/ewdww.html'><img src='/learn/books/ewdww.png' height='200px' /></a><a href='/learn/books/prowicket.html'><img src='/learn/books/prowicket.png' height='200px' /></a><a href='/learn/books/kwij.html'><img src='/learn/books/kwij.png' height='200px' /></a><a href='/learn/books/praxisbuchwicket.html'><img src='/learn/books/praxisbuchwicket.png' height='200px' /></a><a href='/learn/books/wicket-jp.html'><img src='/learn/books/wicket-jp.png' height='200px' /></a><a href='/learn/books/koda.html'><img src='/learn/books/koda.jpg' height='200px' /></a>
</div>
<div id="clearer"></div>
<div id="footer"><span>
Modified: wicket/common/site/trunk/_site/learn/books/index.html
URL: http://svn.apache.org/viewvc/wicket/common/site/trunk/_site/learn/books/index.html?rev=1381594&r1=1381593&r2=1381594&view=diff
==============================================================================
--- wicket/common/site/trunk/_site/learn/books/index.html (original)
+++ wicket/common/site/trunk/_site/learn/books/index.html Thu Sep 6 13:32:59 2012
@@ -162,7 +162,7 @@
<div id="contentbody">
<h1>Books about Wicket</h1>
<p>Several books have been written about Apache Wicket, 4 in English, 2 in German and 1 in Japanese. Click on a cover to learn more about each book.</p>
-<a href='awc.html'><img alt='Apache Wicket Cookbook cover' height='300px' src='awc.png' title='Apache Wicket Cookbook' /></a><a href='wia.html'><img alt='Wicket in Action cover' height='300px' src='wia.png' title='Wicket in Action' /></a><a href='koda.html'><img alt=' Komponentenbasiert und objektorientiert - das alternative Java-Webframework cover' height='300px' src='koda.jpg' title=' Komponentenbasiert und objektorientiert- das alternative Java-Webframework' /></a><a href='ewdww.html'><img alt='Enjoying Web Development with Wicket cover' height='300px' src='ewdww.png' title='Enjoying Web Development with Wicket' /></a><a href='prowicket.html'><img alt='Pro Wicket cover' height='300px' src='prowicket.png' title='Pro Wicket' /></a><a href='paxisbuchwicket.html'><img alt='Praxisbuch Wicket cover' height='300px' src='praxisbuchwicket.png' title='Praxisbuch Wicket' /></a><a href='kwij.html'><img alt='Wicket: Komponentenbasierte Webanwendungen in Java cover' height='300px' src=
'kwij.png' title='Wicket: Komponentenbasierte Webanwendungen in Java' /></a><a href='wicket-jp.html'><img alt='Wicket Japanese cover' height='300px' src='wicket-jp.png' title='Wicket Japanese' /></a>
+<a href='awc.html'><img alt='Apache Wicket Cookbook cover' src='awc.png' title='Apache Wicket Cookbook' height='300px' /></a><a href='wia.html'><img alt='Wicket in Action cover' src='wia.png' title='Wicket in Action' height='300px' /></a><a href='koda.html'><img alt=' Komponentenbasiert und objektorientiert - das alternative Java-Webframework cover' src='koda.jpg' title=' Komponentenbasiert und objektorientiert- das alternative Java-Webframework' height='300px' /></a><a href='ewdww.html'><img alt='Enjoying Web Development with Wicket cover' src='ewdww.png' title='Enjoying Web Development with Wicket' height='300px' /></a><a href='prowicket.html'><img alt='Pro Wicket cover' src='prowicket.png' title='Pro Wicket' height='300px' /></a><a href='paxisbuchwicket.html'><img alt='Praxisbuch Wicket cover' src='praxisbuchwicket.png' title='Praxisbuch Wicket' height='300px' /></a><a href='kwij.html'><img alt='Wicket: Komponentenbasierte Webanwendungen in Java cover' src='kwij.png' titl
e='Wicket: Komponentenbasierte Webanwendungen in Java' height='300px' /></a><a href='wicket-jp.html'><img alt='Wicket Japanese cover' src='wicket-jp.png' title='Wicket Japanese' height='300px' /></a>
</div>
<div id="clearer"></div>
<div id="footer"><span>
Modified: wicket/common/site/trunk/_site/start/index.html
URL: http://svn.apache.org/viewvc/wicket/common/site/trunk/_site/start/index.html?rev=1381594&r1=1381593&r2=1381594&view=diff
==============================================================================
--- wicket/common/site/trunk/_site/start/index.html (original)
+++ wicket/common/site/trunk/_site/start/index.html Thu Sep 6 13:32:59 2012
@@ -166,7 +166,7 @@
<li><a href='download.html'>Download</a> the latest and greatest Wicket release</li>
-<li>Or use one of the available third party <a href='http://www.jweekend.com/dev/LegUp' rel='nofollow'>Maven archetypes</a></li>
+<li>Or use one of the available third party <a rel='nofollow' href='http://www.jweekend.com/dev/LegUp'>Maven archetypes</a></li>
</ul>
</div>
<div id="clearer"></div>
Modified: wicket/common/site/trunk/_site/start/quickstart.html
URL: http://svn.apache.org/viewvc/wicket/common/site/trunk/_site/start/quickstart.html?rev=1381594&r1=1381593&r2=1381594&view=diff
==============================================================================
--- wicket/common/site/trunk/_site/start/quickstart.html (original)
+++ wicket/common/site/trunk/_site/start/quickstart.html Thu Sep 6 13:32:59 2012
@@ -204,9 +204,9 @@
</script><div id='mvncmd'>
<div>
<label for='groupId' title='Base Package'>GroupId:</label>
- <input id='groupId' onkeyup='changeIt();' type='text' value='com.mycompany' /><span title='Base Package'> (?)</span><br />
+ <input value='com.mycompany' type='text' id='groupId' onkeyup='changeIt();' /><span title='Base Package'> (?)</span><br />
<label for='artifactId' title='Project Name'>ArtifactId:</label>
- <input id='artifactId' onkeyup='changeIt();' type='text' value='myproject' /><span title='Project Name'> (?)</span><br />
+ <input value='myproject' type='text' id='artifactId' onkeyup='changeIt();' /><span title='Project Name'> (?)</span><br />
<label for='version' title='Wicket Version'>Version:</label>
<select id='version' onchange='changeIt();'>
@@ -231,13 +231,13 @@
- <option selected='selected' value='6.0.0'>6.0.0</option>
+ <option value='6.0.0' selected='selected'>6.0.0</option>
</select><span title='Wicket Version'> (?)</span>
</div>
<div>
- <label for='cmdLine' id='cmdLabel'>Command Line:</label>
+ <label id='cmdLabel' for='cmdLine'>Command Line:</label>
<textarea id='cmdLine' onfocus='this.select();'>
</textarea>
<script>changeIt();</script>