Lukasz Lenart created WW-5371:
---------------------------------
Summary: Uses a dedicated store to transfer information about
uploaded files
Key: WW-5371
URL: https://issues.apache.org/jira/browse/WW-5371
Project: Struts 2
Issue Type: Improvement
Components: Core Interceptors
Reporter: Lukasz Lenart
Fix For: 6.4.0
Based on experience of the latest security vulnerability (CVE-2023-50164) it
would be better to keep uploaded files out of scope of passed parameters.
The idea is to have a dedicated interceptor and *Aware interface instead of
using parameter injection as it happens currently.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
