Re: Struts2 Roadmap w.r.t. Dojo plugin (was Re: Is the Dojo plugin version shipped with Struts 2.3.x vulnerable?)
2014-10-20 17:14 GMT+02:00 Markus Fischer : > Am 20.10.2014 um 16:55 schrieb Lukasz Lenart: >> 2014-10-20 16:49 GMT+02:00 Markus Fischer : >>> Given that the plugin has been deprecated already, does anyone know for >>> which release the removal is planned? I was not able to find any >>> documentation regarding a Dojo plugin roadmap. >> >> As from version 2.5 >> https://cwiki.apache.org/confluence/display/WW/Struts+Next#StrutsNext-PlanforStruts2.5 > > Thank you, Łukasz. That is the information I was looking for (although I > was hoping for a 2.3.X or 2.4 answer ;-). After releasing 2.3.18 I'm going to work on 2.5 - there be no 2.4 version as an indicator of large changes in 2.5 ;-) In some circumstances we can release one more 2.3.x version Regards -- Łukasz + 48 606 323 122 http://www.lenart.org.pl/ - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: Struts2 Roadmap w.r.t. Dojo plugin (was Re: Is the Dojo plugin version shipped with Struts 2.3.x vulnerable?)
The Dojo plugin hasn't been updated since... a long time. It still uses an old version of Dojo. On Mon, Oct 20, 2014 at 2:27 PM, Pedro Gonzales wrote: > Does anyone know if Struts 2.2.x is vulnerable or is this limited to 2.3.x? > > On 10/20/2014 9:49 AM, Markus Fischer wrote: >> >> Hi all. >> > According to the Apache Struts 2 Documentation (see > [1]), Struts 2.3.x ships with Dojo 0.4.3, which is vulnerable to two > major security issues (CVE-2010-2276 and CVE-2010-2272, see [2]). Probably it's a vulnerable version >>> >>> I'd add that since the plugin has been deprecated since S2.1 it's >>> unlikely >>> anything was ever done to deal with it. >> >> Given that the plugin has been deprecated already, does anyone know for >> which release the removal is planned? I was not able to find any >> documentation regarding a Dojo plugin roadmap. >> >> Cheers, >> Markus >> [1] http://struts.apache.org/release/2.3.x/docs/dojo-head.html [2] http://www.cvedetails.com/vulnerability-list/vendor_id-7641/product_id-12940/version_id-70187/Dojotoolkit-Dojo-0.4.3.html >> >> >> >> >> - >> To unsubscribe, e-mail: user-unsubscr...@struts.apache.org >> For additional commands, e-mail: user-h...@struts.apache.org >> > > > - > To unsubscribe, e-mail: user-unsubscr...@struts.apache.org > For additional commands, e-mail: user-h...@struts.apache.org > -- e: davelnew...@gmail.com m: 908-380-8699 s: davelnewton_skype t: @dave_newton b: Bucky Bits g: davelnewton so: Dave Newton - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: Struts2 Roadmap w.r.t. Dojo plugin (was Re: Is the Dojo plugin version shipped with Struts 2.3.x vulnerable?)
Does anyone know if Struts 2.2.x is vulnerable or is this limited to 2.3.x? On 10/20/2014 9:49 AM, Markus Fischer wrote: Hi all. According to the Apache Struts 2 Documentation (see [1]), Struts 2.3.x ships with Dojo 0.4.3, which is vulnerable to two major security issues (CVE-2010-2276 and CVE-2010-2272, see [2]). Probably it's a vulnerable version I'd add that since the plugin has been deprecated since S2.1 it's unlikely anything was ever done to deal with it. Given that the plugin has been deprecated already, does anyone know for which release the removal is planned? I was not able to find any documentation regarding a Dojo plugin roadmap. Cheers, Markus [1] http://struts.apache.org/release/2.3.x/docs/dojo-head.html [2] http://www.cvedetails.com/vulnerability-list/vendor_id-7641/product_id-12940/version_id-70187/Dojotoolkit-Dojo-0.4.3.html - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: Struts2 Roadmap w.r.t. Dojo plugin (was Re: Is the Dojo plugin version shipped with Struts 2.3.x vulnerable?)
Are the 2.2.x versions of struts 2 vulnerable? On 10/20/2014 9:49 AM, Markus Fischer wrote: Hi all. According to the Apache Struts 2 Documentation (see [1]), Struts 2.3.x ships with Dojo 0.4.3, which is vulnerable to two major security issues (CVE-2010-2276 and CVE-2010-2272, see [2]). Probably it's a vulnerable version I'd add that since the plugin has been deprecated since S2.1 it's unlikely anything was ever done to deal with it. Given that the plugin has been deprecated already, does anyone know for which release the removal is planned? I was not able to find any documentation regarding a Dojo plugin roadmap. Cheers, Markus [1] http://struts.apache.org/release/2.3.x/docs/dojo-head.html [2] http://www.cvedetails.com/vulnerability-list/vendor_id-7641/product_id-12940/version_id-70187/Dojotoolkit-Dojo-0.4.3.html - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: Struts2 Roadmap w.r.t. Dojo plugin (was Re: Is the Dojo plugin version shipped with Struts 2.3.x vulnerable?)
Am 20.10.2014 um 16:55 schrieb Lukasz Lenart: > 2014-10-20 16:49 GMT+02:00 Markus Fischer : >> Given that the plugin has been deprecated already, does anyone know for >> which release the removal is planned? I was not able to find any >> documentation regarding a Dojo plugin roadmap. > > As from version 2.5 > https://cwiki.apache.org/confluence/display/WW/Struts+Next#StrutsNext-PlanforStruts2.5 Thank you, Łukasz. That is the information I was looking for (although I was hoping for a 2.3.X or 2.4 answer ;-). So, I second Dave's vote for a soon removal. Thanks, Markus - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: Struts2 Roadmap w.r.t. Dojo plugin (was Re: Is the Dojo plugin version shipped with Struts 2.3.x vulnerable?)
2014-10-20 16:49 GMT+02:00 Markus Fischer : > Given that the plugin has been deprecated already, does anyone know for > which release the removal is planned? I was not able to find any > documentation regarding a Dojo plugin roadmap. As from version 2.5 https://cwiki.apache.org/confluence/display/WW/Struts+Next#StrutsNext-PlanforStruts2.5 Regards -- Łukasz + 48 606 323 122 http://www.lenart.org.pl/ - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: Struts2 Roadmap w.r.t. Dojo plugin (was Re: Is the Dojo plugin version shipped with Struts 2.3.x vulnerable?)
I've been an advocate of not shipping it for some time now. The fact that it's been deprecated and uses such an old version of Dojo should be enough to dissuade usage, IMO, especially now that there's a jQuery-based replacement. I'd like to see it not ship at all. Dave On Mon, Oct 20, 2014 at 10:49 AM, Markus Fischer wrote: > Hi all. > According to the Apache Struts 2 Documentation (see [1]), Struts 2.3.x ships with Dojo 0.4.3, which is vulnerable to two major security issues (CVE-2010-2276 and CVE-2010-2272, see [2]). > >>> Probably it's a vulnerable version > >> I'd add that since the plugin has been deprecated since S2.1 it's unlikely >> anything was ever done to deal with it. > > Given that the plugin has been deprecated already, does anyone know for > which release the removal is planned? I was not able to find any > documentation regarding a Dojo plugin roadmap. > > Cheers, > Markus > >>> [1] http://struts.apache.org/release/2.3.x/docs/dojo-head.html >>> >>> [2] >>> http://www.cvedetails.com/vulnerability-list/vendor_id-7641/product_id-12940/version_id-70187/Dojotoolkit-Dojo-0.4.3.html > > > > > - > To unsubscribe, e-mail: user-unsubscr...@struts.apache.org > For additional commands, e-mail: user-h...@struts.apache.org > -- e: davelnew...@gmail.com m: 908-380-8699 s: davelnewton_skype t: @dave_newton b: Bucky Bits g: davelnewton so: Dave Newton - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Struts2 Roadmap w.r.t. Dojo plugin (was Re: Is the Dojo plugin version shipped with Struts 2.3.x vulnerable?)
Hi all. >>> According to the Apache Struts 2 Documentation (see >>> [1]), Struts 2.3.x ships with Dojo 0.4.3, which is vulnerable to two >>> major security issues (CVE-2010-2276 and CVE-2010-2272, see [2]). >> Probably it's a vulnerable version > I'd add that since the plugin has been deprecated since S2.1 it's unlikely > anything was ever done to deal with it. Given that the plugin has been deprecated already, does anyone know for which release the removal is planned? I was not able to find any documentation regarding a Dojo plugin roadmap. Cheers, Markus >> [1] http://struts.apache.org/release/2.3.x/docs/dojo-head.html >> >> [2] >> http://www.cvedetails.com/vulnerability-list/vendor_id-7641/product_id-12940/version_id-70187/Dojotoolkit-Dojo-0.4.3.html - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Any example integrate struts2 ( CRUD without Hibernate, nor EJB, nor Glassfish)
Hello, I would like to integrate struts2 in an CRUD application , JDBC, Apache Tomcat, Netbeans ( or eclipse ) but without Hibernate , nor EJB, nor GlassFish. Hibernate is more complex than the problem it tries to solveCould you have any integration example please ? Thanks, Regards, Chris