We have fixed a security vulnerability in RichFaces 3, 4 and 5. Details of the vulnerability can be found in this Red Hat Errata document released for our WFK product. We have released community micro releases addressing this vulnerability, so please update your applications ASAP. Read below for a summary of the problem and an explanation of how to use the fix in your applications. Download RichFaces 3.
For those of you still developing against RichFaces 3 (you should strongly consider “migrating to RichFaces 4”:https://community.jboss.org/wiki/RichFacesMigrationGuide33x-4xMigration!) we have deployed the “RichFaces 3 showcase”:http://showcase-rf3.richfaces.org (also referred to as the RichFaces 3 “demo”) to “OpenShift”:http://openshift.com, Red Hat’s PaaS offering. This is the same cloud environment we use to host the “RichFaces 4 showcase”:http://showcase.richfaces.org. div=. “!/images/blog/2012-06-06-richfaces3-showcase/rf3-showcase_400x.png!”:http://showcase-rf3.richfaces.org This deployment of the RichFaces 3 showcase not only ensures that this useful and valuable resource will continue to be available to you, the developer community, but also serves to demonstrate how you can take advantage of OpenShift and the latest JBoss AS 7 releases to host your Richfaces 3⁄4 applications!
