Le 15/06/2014 06:43, Hideki Yamane a écrit : > Then, question: commons-beanutils version in Debian is > both seems to be still vulunerable version. Can you provide security- > backport patch for them? If not, patch to struts1 is still usefull to > prevent attack, so push fix to libstruts1.2-java stable/oldstable, right?
I got confirmation from the Struts developers that a new release using commons-beanutils 1.9.2 is planned soon. So I'm going to prepare the backport of commons-beanutils 1.9.2 in stable and wait for the new release of Struts 1.x. Emmanuel Bourg __ This is the maintainer address of Debian's Java team <http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use debian-j...@lists.debian.org for discussions and questions.