date:20150903

Re: Is the vulnerability documented in CVE-2015-5169 also applicable to Struts 1?

2015-09-03 Thread Dave Newton

There's no such thing as `devMode` in Struts 1.

Struts 1 vulnerabilities would be in Struts 1 announcements, although with
the EOL, announcements and fixes may never happen.

Struts 1 and Struts 2 have essentially zero in common.

Dave


On Thu, Sep 3, 2015 at 4:41 PM, David Gawron  wrote:

> The security bulletin for CVE-2015-5169 (
> https://struts.apache.org/docs/s2-025.html) only mentions Struts 2. Anyone
> know if the vulnerability also exists in Struts 1 in some form?  I realize
> Struts 1.x are no longer supported and that is why the bulletin doesn't
> cover those releases.  I grabbed the 1.3.10 code and searched for the
> devMode property (that property appears to be involved in the
> vulnerability) and did not find any refs.  Searching for that property in
> 2.x yields lots of references and leads me to believe the devMode
> functionality was added in Struts 2.  If so, then that is good but not
> conclusive evidence the vulnerability is not in Struts 1.  I'd appreciate
> hearing  any info others have on CVE-2015-5169 and Struts 1.
>
> -Dave-
>
>


-- 
e: davelnew...@gmail.com
m: 908-380-8699
s: davelnewton_skype
t: @dave_newton 
b: Bucky Bits 
g: davelnewton 
so: Dave Newton

Is the vulnerability documented in CVE-2015-5169 also applicable to Struts 1?

2015-09-03 Thread David Gawron

The security bulletin for CVE-2015-5169 (
https://struts.apache.org/docs/s2-025.html) only mentions Struts 2. Anyone 
know if the vulnerability also exists in Struts 1 in some form?  I realize 
Struts 1.x are no longer supported and that is why the bulletin doesn't 
cover those releases.  I grabbed the 1.3.10 code and searched for the 
devMode property (that property appears to be involved in the 
vulnerability) and did not find any refs.  Searching for that property in 
2.x yields lots of references and leads me to believe the devMode 
functionality was added in Struts 2.  If so, then that is good but not 
conclusive evidence the vulnerability is not in Struts 1.  I'd appreciate 
hearing  any info others have on CVE-2015-5169 and Struts 1.

-Dave-

Sjg:grid refresh of parent window from modal window

2015-09-03 Thread fea jabi

1. I have a web page which is having a  
 
2. From this webpage I open a modal window which has a link to update the 
parent window grid information. 
 
3. Once the modal window is done with it's work and closes. how to trigger the 
refresh the parent window grid ?
 
Need help with this please.

Re: about struts-examples apache/struts-examples -> bean-validation example

2015-09-03 Thread Christoph Nenning

> So the java jar file influence the 
> validation and the message errors directly on html page. 


When you don't specifiy own messages/text-keys in validation annotations 
the bean-validation framework uses default messages. In your case these 
messages should come from hibernate-validation.jar.


Here is an example from struts docs how you can use an own text-key:

@NotNull(message="your.text.key.here") 


http://struts.apache.org/docs/bean-validation-plugin.html



Regards,
Christoph




> From: Chris 
> To: Lukasz Lenart , 
> "user@struts.apache.org" , Struts Users 
> Mailing List , 
> Date: 03.09.2015 11:38
> Subject: Re: about struts-examples apache/struts-examples -> bean-
> validation example
> 
> Hello, 
> 
> The bean-validation example works now, after adding 
jboss-logging-3.1.1.GA.jar
> 
> I didn't know I could use a jboss file jar with only Netbeans 7.3 
> and Apache Tomcat 7.0.34.So the java jar file influence the 
> validation and the message errors directly on html page. 
> 
> 
> PS : with the exclude_parameters example, the errors messages are 
> not in the same files
> ===
> exclude_parameters :
> EditAction.properties
> personBean.firstName=First name
> 
> EditAction-validation.xml
> 
>  
>  personBean.firstName
>  First name is required.
>  
> 
> ===
> 
> bean-validation ( All is in EditAction.properties ) 
> 
> EditAction.properties
> personBean.firstName=First name
> firstName.required=You must enter the first 
> name===
> 
> Regards,
> 
> Chris
> 
> 

This Email was scanned by Sophos Anti Virus

Re: about struts-examples apache/struts-examples -> bean-validation example

2015-09-03 Thread Chris

Hello, 

The bean-validation example works now, after adding jboss-logging-3.1.1.GA.jar

I didn't know I could use a jboss file jar with only Netbeans 7.3 and Apache 
Tomcat 7.0.34.So the java jar file influence the validation and the message 
errors directly on html page. 


PS : with the exclude_parameters example, the errors messages are not in the 
same files
===
exclude_parameters :
EditAction.properties
personBean.firstName=First name

EditAction-validation.xml

 
 personBean.firstName
 First name is required.
 

===

bean-validation ( All is in EditAction.properties ) 

EditAction.properties
personBean.firstName=First name
firstName.required=You must enter the first 
name===

Regards,

Chris

Re: Is the vulnerability documented in CVE-2015-5169 also applicable to Struts 1?

Is the vulnerability documented in CVE-2015-5169 also applicable to Struts 1?

Sjg:grid refresh of parent window from modal window

Re: about struts-examples apache/struts-examples -> bean-validation example

Re: about struts-examples apache/struts-examples -> bean-validation example

5 matches

Site Navigation

Mail list logo

Footer information