Hi Ćukasz and all.
Am 26.04.2014 06:24, schrieb Lukasz Lenart:
Let me finish 2.3.16.2 ;-)
First of all, many thanks to the whole team for getting out Struts
2.3.16.2 with the S2-021 fix that quick.
I am now in a situation - probably like many other users on this list -
that I have a number of
After long weekend probably, there are few issues I want to solve
before and maybe add a better security mechanism [1] - it will solve
problems with accessing Object's properties and maybe I will block
some other potential flaws ( eg. exclude Runtime class)
[1]
Hello List,
Installed 2.3.16.2 successfully. Just have two questions:
(a) For the new version, I can remove the manual fix that I did for
[1], right?
(b) if not, as you clarified, I will change coding to:
package name=top extends=tiles-default abstract=true
// since tiles-defaults and
Hello,
For users who have a functioning 2.3.16.1 site, is it sufficient to copy in
the struts-core and xwork-core jar files, in order to complete the upgrade
to 2.3.16.2? It seems that way from looking at the git logs.
Thanks,
Dave
On Sat, Apr 26, 2014 at 11:46 AM, Lukasz Lenart
Hello:
I'm upgrading from Struts 2.3.4.1 to Struts 2.3.16.2. I've found that some of
my actions no longer work due to the excludeParams restrictions.
For example, I get the following warning:
...ParametersInterceptor.warn:56 - Parameter [action:myExcludedAction] is on
the excludeParams list
Hi,
Can anyone confirm/deny if Struts 1 is vulnerable to this problem?
Thanks,
Andy.
2014-04-28 17:55 GMT+02:00 Dave Evans dsevan...@gmail.com:
Hello,
For users who have a functioning 2.3.16.1 site, is it sufficient to copy in
the struts-core and xwork-core jar files, in order to complete the upgrade
to 2.3.16.2? It seems that way from looking at the git logs.
Basically yes,
7 matches
Mail list logo
