Description of problem: Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info:
https://github.com/jbossas/jboss-eap/pull/1247
Mojarra 1.2 slot upgrade seems to have reintroduced a regression described in https://issues.jboss.org/browse/JBPAPP6-121 which breaks Seam 2.2 applications on EAP6. It seems this security patch was applied to a wrong version of Mojarra 1.2, as decompiling and diffing Mojarra 1.2_15-b01-redhat-10 vs redhat-8 shows more changes than the fix for https://bugzilla.redhat.com/show_bug.cgi?id=1087188.
I believe the 6.2.0 version was this one: http://git.app.eng.bos.redhat.com/git/jboss/mojarra.git/tag/?id=1.2_15-b01-redhat-8
David, please take a look at comment 4. The only difference between the redhat-8 version and the redhat-10 version should be a change to HtmlResponseWriter.java, as shown in the 1.2_15-b01-jbossorg-1 source: https://github.com/jboss/mojarra/commit/ba87ef1708e562ecb2d76fdcb2587865a67c1e87#diff-4 Any ideas on why additional changes were introduced in the redhat-10 version?
In redhat-10, the fix for JBPAPP-6414 was not present. The next build will come from the 1.2_15-redhat branch in the same way that redhat-8 did so that it will contain all previous fixes in addition to the fix to jsf-ri/src/com/sun/faces/renderkit/html_basic/HtmlResponseWriter.java.
David's PR to upgrade javax.faces to 1.2_15-b01-redhat-11 https://github.com/jbossas/jboss-eap/pull/1304
Verified on EAP 6.2.3.CP.CR3