[
https://issues.apache.org/jira/browse/WW-5371?focusedWorklogId=895796&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-895796
]
ASF GitHub Bot logged work on WW-5371:
--------------------------------------
Author: ASF GitHub Bot
Created on: 15/Dec/23 08:44
Start Date: 15/Dec/23 08:44
Worklog Time Spent: 10m
Work Description: sonarcloud[bot] commented on PR #808:
URL: https://github.com/apache/struts/pull/808#issuecomment-1857496376
## [](https://sonarcloud.io/dashboard?id=apache_struts&pullRequest=808)
**Quality Gate failed**
Failed conditions
[72.8% Coverage on New
Code](https://sonarcloud.io/component_measures?id=apache_struts&pullRequest=808&metric=new_coverage&view=list)
(required ≥ 80%)
[See analysis details on
SonarCloud](https://sonarcloud.io/dashboard?id=apache_struts&pullRequest=808)
Issue Time Tracking
-------------------
Worklog Id: (was: 895796)
Time Spent: 50m (was: 40m)
> Use action based callback to transfer information about uploaded files
> ----------------------------------------------------------------------
>
> Key: WW-5371
> URL: https://issues.apache.org/jira/browse/WW-5371
> Project: Struts 2
> Issue Type: Improvement
> Components: Core Interceptors
> Reporter: Lukasz Lenart
> Assignee: Lukasz Lenart
> Priority: Major
> Fix For: 6.4.0
>
> Time Spent: 50m
> Remaining Estimate: 0h
>
> Based on experience of the latest security vulnerability (CVE-2023-50164) it
> would be better to keep uploaded files out of scope of passed parameters.
> The idea is to have a dedicated interceptor and *Aware interface instead of
> using parameter injection as it happens currently.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
