Re: [VOTE][FASTTRACK] Struts 2.3.16.3

2014-05-04 Thread Lukasz Lenart
Vote passed with results: +1 GA (binding) x3 +1 GA (non-binding) x1 Thanks! -- Ɓukasz + 48 606 323 122 http://www.lenart.org.pl/ 2014-05-03 12:22 GMT+02:00 Greg Huber gregh3...@gmail.com: If I add s:param name=class value=pager.pageNumber / to a link as a parameter and then click the link

Re: [VOTE][FASTTRACK] Struts 2.3.16.3

2014-05-04 Thread Greg Huber
.explains it more here http://www.kb.cert.org/vuls/id/719225 it does exclude Class.getClassLoader(). s:param name=Class.getClassLoader() value=pager.pageNumber / On 4 May 2014 10:09, Lukasz Lenart lukaszlen...@apache.org wrote: Vote passed with results: +1 GA (binding) x3 +1 GA

Re: [VOTE][FASTTRACK] Struts 2.3.16.3

2014-05-03 Thread i...@flyingfischer.ch
+1 Markus Am 03.05.2014 05:41, schrieb Paul Benedict: +1 Cheers, Paul On Fri, May 2, 2014 at 4:16 PM, Don Brown mr...@apache.org wrote: +1 On Fri, May 2, 2014 at 1:58 PM, Dave Newton davelnew...@gmail.com wrote: +1 On May 2, 2014 3:52 PM, Lukasz Lenart lukaszlen...@apache.org wrote:

Re: [VOTE][FASTTRACK] Struts 2.3.16.3

2014-05-03 Thread Greg Huber
If I add s:param name=class value=pager.pageNumber / to a link as a parameter and then click the link I do not get a notifyDeveloper from ParametersInterceptor if (!this.excludeParams.isEmpty()) { for (Pattern pattern : excludeParams) { System.out.println(pattern);

[VOTE][FASTTRACK] Struts 2.3.16.3

2014-05-02 Thread Lukasz Lenart
The Struts 2.3.16.3 test build is now available. It includes the latest security patch which fixes one possible vulnerabilities: - Extends excluded params in CookieInterceptor to avoid manipulation of Struts' internals For details and the rationale behind these changes, please consult the

Re: [VOTE][FASTTRACK] Struts 2.3.16.3

2014-05-02 Thread Dave Newton
+1 On May 2, 2014 3:52 PM, Lukasz Lenart lukaszlen...@apache.org wrote: The Struts 2.3.16.3 test build is now available. It includes the latest security patch which fixes one possible vulnerabilities: - Extends excluded params in CookieInterceptor to avoid manipulation of Struts' internals

Re: [VOTE][FASTTRACK] Struts 2.3.16.3

2014-05-02 Thread Don Brown
+1 On Fri, May 2, 2014 at 1:58 PM, Dave Newton davelnew...@gmail.com wrote: +1 On May 2, 2014 3:52 PM, Lukasz Lenart lukaszlen...@apache.org wrote: The Struts 2.3.16.3 test build is now available. It includes the latest security patch which fixes one possible vulnerabilities: - Extends

Re: [VOTE][FASTTRACK] Struts 2.3.16.3

2014-05-02 Thread Paul Benedict
+1 Cheers, Paul On Fri, May 2, 2014 at 4:16 PM, Don Brown mr...@apache.org wrote: +1 On Fri, May 2, 2014 at 1:58 PM, Dave Newton davelnew...@gmail.com wrote: +1 On May 2, 2014 3:52 PM, Lukasz Lenart lukaszlen...@apache.org wrote: The Struts 2.3.16.3 test build is now available.