Hi Ouch, I'm already running the TCK (artifacts already on nexus).
I don't thing that one affects JSF, because the viewState is encrypted/tampered by default. No need to do it right now, but good to know that for further releases (or if we do a rollback of the current one). regards, Leonardo Uribe 2015-11-23 16:37 GMT-05:00 Mike Kienenberger <[email protected]>: > Before we do another release, let's upgrade our commons-collections > dependency to 3.2.2 as certain JSF configurations likely present > attack vectors. > > https://issues.apache.org/jira/browse/COLLECTIONS-580 >
