PrimeFaces LTS 7.0.31, 8.0.26, 10.0.23, 11.0.17, 12.0.10 and 13.0.12 Released
PrimeFaces team is pleased to announce a new update to 7.0.x, 8.0.x, 10.0.x, 11.0.x, 12.0.x and 13.0.x LTS branches. Security Fixes CVE-2023-5072 in org.json/json (7.0.31 and 8.0.26) CommandButton (and few others). XSS attack via title attribute. (11.0.17 and 12.0.10) CSP: primefaces.nonce from request not validated (11.0.17, 12.0.10 and 13.0.12) Performance TabView: Memory leak on Tab close (13.0.12) Defect Fixes ColorPicker: Required validation sets color back to previous value (11.0.17, 12.0.10 and 13.0.12) Spinner: Not respecting @Min or @DecimalMin correctly...