URGENT: Mining-script in Primfaces-Page? Where does it come from??

[kukeltje]

You can upgrade... Always good to keep up-to-date with small steps... And you can also check the differences in code and create a patch yourself... The code IS open and freely accessible... So saying you are 'ransomed' is too bold of a statement. (and no, I won't get rich of this, I do all support in my free time)

[eodom]

It is just my point of view.
We have an app created with maven and primefaces from a third party. Anybody left from this period in the team.
No skills left.
Since a couple of days, this app is compromised with a security issue, as a thousand of websites (Google search).
I am looking for help, and the only choice I got is To pay or To fix it by myself. Well... Not really a good start.
I am not looking for addon, extras. Just fix this issue.
I am ok with subscription. But why there is a communitary version without security fixes ?
Do I ask to maven team to get the fix ?

[kukeltje]

We have an app created with maven and primefaces from a third party. Anybody left from this period in the team.
No skills left.

I understand, but that does not mean you are ransomed by PrimeFaces... You could state the same for your organization.

I am looking for help, and the only choice I got is To pay or To fix it by myself. Well... Not really a good start.

No, you could also upgrade to 6.1 (the fact that upgrades were not done is also something that was decided by your organisation and cannot be blamed on PrimeFaces

I am not looking for addon, extras. Just fix this issue.

I understand, that is why I stated you yould 'backport' the fix from the 6.1 code to the 5.3 code.

I am ok with subscription. But why there is a communitary version without security fixes ?

There is also a community version WITH the fix... 6.1

Do I ask to maven team to get the fix ?

The 'maven team'???

[prancius]

Any solutions?

[tandraschko]

Solutions are listed here... https://www.primefaces.org/primefaces-e ... on-update/