Agreed. How should we put it better? Don Brown schrieb: > Good point. This pales in comparison to, say, the OGNL remote code > exploit. XSS exploits, while important, just aren't anywhere near as > big of deal. > > Don > > On Tue, Mar 4, 2008 at 12:43 PM, Jeromy Evans > <[EMAIL PROTECTED]> wrote: >> My opinion is that the criticality is overstated. >> However it is useful to draw attention to the vulnerability. >> >> >> >> Don Brown wrote: >> > Looks good. Thanks for creating a security bulletin as well. >> > >> > Don >> > >> > On 3/4/08, Rene Gielen <[EMAIL PROTECTED]> wrote: >> > >> >> The release has been submitted for mirroring. Here's a draft >> >> announcement that we could post tomorrow morning, including a link to a >> >> corresponding security bulletin announcement in the wiki. Comments and >> >> corrections to both texts are highly appreciated. >> >> >> >> ---- >> >> >> >> Apache Struts 2.0.11.1 is now available from >> >> <http://struts.apache.org/download.cgi#struts20111>. >> >> >> >> This release is a fast track security fix release, including important >> >> security fixes regarding possible cross site scripting exploits. For >> >> more information about the exploits, visit our security bulletins page >> at >> >> <http://cwiki.apache.org/confluence/display/WW/S2-002>. >> >> >> >> * ALL DEVELOPERS ARE STRONGLY ADVISED TO UPDATE TO STRUTS 2.0.11.1 >> >> IMMEDIATELY! >> >> >> >> For the complete release notes for Struts 2.0.11.1, see >> >> <http://cwiki.apache.org/confluence/display/WW/Release+Notes+2.0.11.1>. >> >> >> >> --------------------------------------------------------------------- >> >> To unsubscribe, e-mail: [EMAIL PROTECTED] >> >> For additional commands, e-mail: [EMAIL PROTECTED] >> >> >> >> >> >> >> > >> > --------------------------------------------------------------------- >> > To unsubscribe, e-mail: [EMAIL PROTECTED] >> > For additional commands, e-mail: [EMAIL PROTECTED] >> > >> > >> > >> > >> > >> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: [EMAIL PROTECTED] >> For additional commands, e-mail: [EMAIL PROTECTED] >> >> > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] >
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
