[ https://issues.apache.org/jira/browse/WW-5371?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Lukasz Lenart updated WW-5371: ------------------------------ Summary: Use action based callback to transfer information about uploaded files (was: Use a dedicated store to transfer information about uploaded files) > Use action based callback to transfer information about uploaded files > ---------------------------------------------------------------------- > > Key: WW-5371 > URL: https://issues.apache.org/jira/browse/WW-5371 > Project: Struts 2 > Issue Type: Improvement > Components: Core Interceptors > Reporter: Lukasz Lenart > Assignee: Lukasz Lenart > Priority: Major > Fix For: 6.4.0 > > > Based on experience of the latest security vulnerability (CVE-2023-50164) it > would be better to keep uploaded files out of scope of passed parameters. > The idea is to have a dedicated interceptor and *Aware interface instead of > using parameter injection as it happens currently. -- This message was sent by Atlassian Jira (v8.20.10#820010)