Seam 2.2.1.CR2 was released
security fixes and also bug fixes found in previous CR1. It is recommended to upgrade although it is not final release of 2.2.1.
This release is IMPORTANT, because it fixes the security issue in parametrized JBoss
Expression Language (EL) expressions - CVE-2010-1871. Seam team
thanks Meder Kydyraliev of the Google Security Team for responsibly
reporting this issue to JBoss.
Next security fix is in upgrade of Spring dependency from 2.5.6.SEC01 to
As addition to these security issue, we fixed 39 issues including some
performance ones and also bugs with JBoss AS 6 M3/4 or documentation
fixes. More in Release notes.
Seam downloads are available here
Documentation for 2.2.1.CR2 is available at http://www.seamframework.org/Seam2/Documentation (e.g