Lukasz Lenart created WW-5371: --------------------------------- Summary: Uses a dedicated store to transfer information about uploaded files Key: WW-5371 URL: https://issues.apache.org/jira/browse/WW-5371 Project: Struts 2 Issue Type: Improvement Components: Core Interceptors Reporter: Lukasz Lenart Fix For: 6.4.0
Based on experience of the latest security vulnerability (CVE-2023-50164) it would be better to keep uploaded files out of scope of passed parameters. The idea is to have a dedicated interceptor and *Aware interface instead of using parameter injection as it happens currently. -- This message was sent by Atlassian Jira (v8.20.10#820010)