I asked the core team last week and they said DHIS2 does not use the REST plugin that CVE-2017-9805 addresses. If this is not correct, I am sure one of them will correct me in a couple hours.
Greg Wilson On Thu, Sep 14, 2017 at 9:23 PM, Stephen Macauley < stephen.macau...@inductivehealth.com> wrote: > DHIS2 Developers and Community: > > > > I wanted to check if DHIS2 (specifically Version: 2.25 that includes the > March 2017 patch for CVE-2017-5638) is vulnerable to the newly identified > Struts exploit - CVE-2017-9805? > > > > More information available via these links: https://nakedsecurity.sophos. > com/2017/09/06/apache-struts-serialisation-vulnerability- > what-you-need-to-know/ and https://struts.apache.org/docs/s2-052.html > > > > As always, thanks for your prompt response and support of DHIS2! > > > > -Stephen > > > > _______________________________________________ > Mailing list: https://launchpad.net/~dhis2-devs > Post to : dhis2-devs@lists.launchpad.net > Unsubscribe : https://launchpad.net/~dhis2-devs > More help : https://help.launchpad.net/ListHelp > > -- Greg Wilson BAO Systems gwil...@baosystems.com
_______________________________________________ Mailing list: https://launchpad.net/~dhis2-devs Post to : dhis2-devs@lists.launchpad.net Unsubscribe : https://launchpad.net/~dhis2-devs More help : https://help.launchpad.net/ListHelp