[ANNOUNCE] MyFaces Tomahawk v1.1.6 Security Update Release

[Manfred Geiler <ma...@apache.org>]

The Apache MyFaces team is pleased to announce the release of "MyFaces
Tomahawk 1.1.6".

Please note: This release is a security update that fixes a severe
cross-site scripting vulnerability when using the "autoscroll" feature
(CVE-2007-3101).

MyFaces Tomahawk provides a series of JavaServer Faces components that
go beyond the JSF specification. These components are compatible with
the Sun JSF 1.1 Reference Implementation (RI) or any other JSF 1.1
compatible implementation. Of course the custom components can also be
used with the Apache JSF implementation "MyFaces Core 1.1.5".

MyFaces Tomahawk 1.1.6 is available in both binary and source distributions.

   * http://myfaces.apache.org/download.html

MyFaces Tomahawk is also available in the central Maven repository
under Group ID "org.apache.myfaces.tomahawk".

Enjoy!
Manfred



Release Notes - MyFaces Tomahawk - Version 1.1.6

** Bug
    * [TOMAHAWK-983] - Cross-site scripting in autoscroll parameter
    * [TOMAHAWK-1021] - CVE-2007-3101

Re: [ANNOUNCE] MyFaces Tomahawk v1.1.6 Security Update Release

[Manfred Geiler <ma...@gmail.com>]

Thanks.
--> TOMAHAWK-1025


On 6/16/07, Matthias Wessendorf <ma...@apache.org> wrote:
> Manfred,
>
> I noticed, that the Javadoc JAR doesn't contain notice and license.
>
> Thanks,
> Matthias
>
> On 6/13/07, Manfred Geiler <ma...@apache.org> wrote:
> > The Apache MyFaces team is pleased to announce the release of "MyFaces
> > Tomahawk 1.1.6".
> >
> > Please note: This release is a security update that fixes a severe
> > cross-site scripting vulnerability when using the "autoscroll" feature
> > (CVE-2007-3101).
> >
> > MyFaces Tomahawk provides a series of JavaServer Faces components that
> > go beyond the JSF specification. These components are compatible with
> > the Sun JSF 1.1 Reference Implementation (RI) or any other JSF 1.1
> > compatible implementation. Of course the custom components can also be
> > used with the Apache JSF implementation "MyFaces Core 1.1.5".
> >
> > MyFaces Tomahawk 1.1.6 is available in both binary and source distributions.
> >
> >    * http://myfaces.apache.org/download.html
> >
> > MyFaces Tomahawk is also available in the central Maven repository
> > under Group ID "org.apache.myfaces.tomahawk".
> >
> > Enjoy!
> > Manfred
> >
> >
> >
> > Release Notes - MyFaces Tomahawk - Version 1.1.6
> >
> > ** Bug
> >     * [TOMAHAWK-983] - Cross-site scripting in autoscroll parameter
> >     * [TOMAHAWK-1021] - CVE-2007-3101
> >
>
>
> --
> Matthias Wessendorf
>
> further stuff:
> blog: http://matthiaswessendorf.wordpress.com/
> mail: matzew-at-apache-dot-org
>


-- 
http://www.irian.at
Your JSF powerhouse - JSF Consulting,
Development and Courses in English and
German

Professional Support for Apache MyFaces

Re: [ANNOUNCE] MyFaces Tomahawk v1.1.6 Security Update Release

[Matthias Wessendorf <ma...@apache.org>]

Manfred,

I noticed, that the Javadoc JAR doesn't contain notice and license.

Thanks,
Matthias

On 6/13/07, Manfred Geiler <ma...@apache.org> wrote:
> The Apache MyFaces team is pleased to announce the release of "MyFaces
> Tomahawk 1.1.6".
>
> Please note: This release is a security update that fixes a severe
> cross-site scripting vulnerability when using the "autoscroll" feature
> (CVE-2007-3101).
>
> MyFaces Tomahawk provides a series of JavaServer Faces components that
> go beyond the JSF specification. These components are compatible with
> the Sun JSF 1.1 Reference Implementation (RI) or any other JSF 1.1
> compatible implementation. Of course the custom components can also be
> used with the Apache JSF implementation "MyFaces Core 1.1.5".
>
> MyFaces Tomahawk 1.1.6 is available in both binary and source distributions.
>
>    * http://myfaces.apache.org/download.html
>
> MyFaces Tomahawk is also available in the central Maven repository
> under Group ID "org.apache.myfaces.tomahawk".
>
> Enjoy!
> Manfred
>
>
>
> Release Notes - MyFaces Tomahawk - Version 1.1.6
>
> ** Bug
>     * [TOMAHAWK-983] - Cross-site scripting in autoscroll parameter
>     * [TOMAHAWK-1021] - CVE-2007-3101
>


-- 
Matthias Wessendorf

further stuff:
blog: http://matthiaswessendorf.wordpress.com/
mail: matzew-at-apache-dot-org

Re: Modal popup dialogs for form submission in JSF

[Mikael Andersson <ma...@gmail.com>]

You may want to have a look at the modal panel component in the richfaces
component library from jboss (these days), works quite well (make sure you
read the docs for it though).


On 26/06/07, Werner Punz <we...@gmail.com> wrote:
>
> SOSELLA@austin.rr.com schrieb:
> > Could anyone recommend the best way to have modal popup dialogs for form
> > submission in JSF?  I need to popup a dialog that has a form that the
> > user can fill out and submit and then return to the page from which the
> > popup dialog was initiated.  I need a modal dialog to that page.
> >
> Well... the best way is following
>
> dont embed the dialog into a form
> embed a form into the dialog..
> to keep the values across the form push the bean into a saveState tag...
> on submit the page gets submitted with the dialogs entries then you can
> process it and do whatever you want.
>
>

Re: Modal popup dialogs for form submission in JSF

[Werner Punz <we...@gmail.com>]

SOSELLA@austin.rr.com schrieb:
> Could anyone recommend the best way to have modal popup dialogs for form
> submission in JSF?  I need to popup a dialog that has a form that the
> user can fill out and submit and then return to the page from which the
> popup dialog was initiated.  I need a modal dialog to that page.
> 
Well... the best way is following

dont embed the dialog into a form
embed a form into the dialog..
to keep the values across the form push the bean into a saveState tag...
on submit the page gets submitted with the dialogs entries then you can
process it and do whatever you want.

Modal popup dialogs for form submission in JSF

[SO...@austin.rr.com]

Could anyone recommend the best way to have modal popup dialogs for form
submission in JSF?  I need to popup a dialog that has a form that the
user can fill out and submit and then return to the page from which the
popup dialog was initiated.  I need a modal dialog to that page.

Re: Did the tomahawk sandbox get included completely in tomahawk JAR?

[Matthias Wessendorf <ma...@apache.org>]

should be usable w/ 116
and no, it's the case that the sanbox is part of tomhawk JAR

On 6/13/07, SOSELLA@austin.rr.com <SO...@austin.rr.com> wrote:
> Sorry if this sounds like a stupid question; however, did the
> tomahawk-sandbox get completely included into the tomahawk 1.1.6 JAR?
> If not, which tomahawk sandbox JAR can be used with the 1.1.6 JAR?
>


-- 
Matthias Wessendorf

further stuff:
blog: http://matthiaswessendorf.wordpress.com/
mail: matzew-at-apache-dot-org

Did the tomahawk sandbox get included completely in tomahawk JAR?

[SO...@austin.rr.com]

Sorry if this sounds like a stupid question; however, did the
tomahawk-sandbox get completely included into the tomahawk 1.1.6 JAR? 
If not, which tomahawk sandbox JAR can be used with the 1.1.6 JAR?