Bug 1089113

Summary: [SRT] (6.2.x) Upgrade to Mojarra 1.2_15-b01-jbossorg-1 (from 1.2_15-b01)
Product: [JBoss] JBoss Enterprise Application Platform 6 Reporter: Chao Wang <chaowan>
Component: JSFAssignee: Vaclav Tunka <vtunka>
Status: CLOSED CURRENTRELEASE QA Contact: Marek Schmidt <maschmid>
Severity: unspecified Docs Contact:
Priority: high    
Version: 6.2.2CC: cdewolf, dwalluck, fjuma, nsriniva, ssilvert
Target Milestone: CR3   
Target Release: EAP 6.2.3   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 1088043 Environment:
Last Closed: 2014-06-09 12:47:52 UTC Type: Component Upgrade
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1087186, 1088043    
Bug Blocks: 1067532    

Description Chao Wang 2014-04-18 02:12:36 UTC 
Description of problem:


Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:
Comment 1 Vaclav Tunka 2014-04-22 15:52:12 UTC 
https://github.com/jbossas/jboss-eap/pull/1247
Comment 4 Marek Schmidt 2014-05-06 11:24:25 UTC 
Mojarra 1.2 slot upgrade seems to have reintroduced a regression described in

https://issues.jboss.org/browse/JBPAPP6-121

which breaks Seam 2.2 applications on EAP6.

It seems this security patch was applied to a wrong version of Mojarra 1.2, as decompiling and diffing Mojarra 1.2_15-b01-redhat-10 vs redhat-8 shows more changes than the fix for https://bugzilla.redhat.com/show_bug.cgi?id=1087188.
Comment 6 Marek Schmidt 2014-05-06 12:28:40 UTC 
I believe the 6.2.0 version was this one:

http://git.app.eng.bos.redhat.com/git/jboss/mojarra.git/tag/?id=1.2_15-b01-redhat-8
Comment 7 Farah Juma 2014-05-06 13:55:14 UTC 
David, please take a look at comment 4. The only difference between the redhat-8 version and the redhat-10 version should be a change to HtmlResponseWriter.java, as shown in the 1.2_15-b01-jbossorg-1 source:

https://github.com/jboss/mojarra/commit/ba87ef1708e562ecb2d76fdcb2587865a67c1e87#diff-4

Any ideas on why additional changes were introduced in the redhat-10 version?
Comment 8 David Walluck 2014-05-06 15:13:39 UTC 
In redhat-10, the fix for JBPAPP-6414 was not present. The next build will come from the 1.2_15-redhat branch in the same way that redhat-8 did so that it will contain all previous fixes in addition to the fix to jsf-ri/src/com/sun/faces/renderkit/html_basic/HtmlResponseWriter.java.
Comment 9 Chao Wang 2014-05-07 01:45:53 UTC 
David's PR to upgrade javax.faces to 1.2_15-b01-redhat-11
https://github.com/jbossas/jboss-eap/pull/1304
Comment 10 Marek Schmidt 2014-05-19 10:19:26 UTC 
Verified on EAP 6.2.3.CP.CR3