PrimeFaces LTS 7.0.31, 8.0.26, 10.0.23, 11.0.17, 12.0.10 and 13.0.12 Released

PrimeFaces team is pleased to announce a new update to 7.0.x, 8.0.x, 10.0.x, 11.0.x, 12.0.x and 13.0.x LTS branches.

Security Fixes

• CVE-2023-5072 in org.json/json (7.0.31 and 8.0.26)
• CommandButton (and few others). XSS attack via title attribute. (11.0.17 and 12.0.10)
• CSP: primefaces.nonce from request not validated (11.0.17, 12.0.10 and 13.0.12)

Performance

• TabView: Memory leak on Tab close (13.0.12)

Defect Fixes

• ColorPicker: Required validation sets color back to previous value (11.0.17, 12.0.10 and 13.0.12)
• Spinner: Not respecting @Min or @DecimalMin correctly (13.0.12)
• DatePicker: LocalDateTime conversion error when used inside ui:repeat (13.0.12)

Detailed ChangeLog

Details are available at GitHub for 7.0.31-lts, 8.0.26-lts, 10.0.23-lts, 11.0.17-lts, 12.0.10-lts and 13.0.12-lts .

Usage

New releases are available for LTS and PRO subscribers at PrimeFaces Repository.

What is PrimeFaces LTS?

PrimeFaces LTS is a premium support service tailored for applications that prefer to remain on a stable version rather than upgrading to the latest release immediately.