Hi Martin,
after migrating from Struts 2.3.24.1 to 2.3.28, I get several FreeMarker
template errors for missing/null elements for expressions that worked
fine before, like this:
==> iPhone (Method name: isIPhone)
Expr. | 2.3.24.1 | 2.3.28
iPhone | OK
Hi Łukasz,
>> after migrating from Struts 2.3.24.1 to 2.3.28, I get several FreeMarker
>> template errors for missing/null elements for expressions that worked
>> fine before, like this:
>>
>> ==> iPhone (Method name: isIPhone)
>>
>> Expr. | 2.3.24.1 | 2.3.28
>> iPhone | OK| er
Hi all,
after migrating from Struts 2.3.24.1 to 2.3.28, I get several FreeMarker
template errors for missing/null elements for expressions that worked
fine before, like this:
> FreeMarker template error
>
> The following has evaluated to null or missing:
> ==> iPhone [in template "..." at line
Am 20.10.2014 um 16:55 schrieb Lukasz Lenart:
> 2014-10-20 16:49 GMT+02:00 Markus Fischer :
>> Given that the plugin has been deprecated already, does anyone know for
>> which release the removal is planned? I was not able to find any
>> documentation regarding a Dojo plugin
Hi all.
>>> According to the Apache Struts 2 Documentation (see
>>> [1]), Struts 2.3.x ships with Dojo 0.4.3, which is vulnerable to two
>>> major security issues (CVE-2010-2276 and CVE-2010-2272, see [2]).
>> Probably it's a vulnerable version
> I'd add that since the plugin has been deprecated
Hi.
Am 06.10.2014 um 16:43 schrieb Christoph Nenning:
>> There's an S2-jQuery plugin, which for simple (and some complex) is a
> solid
>> replacement.
>>
>> I personally tend to do the JS stuff manually, YMMV.
> you can find it here:
> https://github.com/struts-community-plugins/struts2-jquery
Hi.
>> Is a Struts 2.3.x system using the Dojo plugin vulnerable to [...]
>> security issues, or have they been fixed somehow?
Am 06.10.2014 um 16:10 schrieb Dave Newton:
> I'd add that since the plugin has been deprecated since S2.1 it's unlikely
> anything was ever done to deal with it.
>
> Lu
Hi all,
I have a question regarding the patch level of the Dojo plugin shipped
with Struts 2.3.x. According to the Apache Struts 2 Documentation (see
[1]), Struts 2.3.x ships with Dojo 0.4.3, which is vulnerable to two
major security issues (CVE-2010-2276 and CVE-2010-2272, see [2]).
Is a Struts
Hi Satish,
> Thanks Lukas. Correct me If I'm wrong.. struts-2.3.16.2 is supposed to
> contain the previous fixes as well , is it not the case? If that's not
> the case how to get the jar's with the fixes.
Struts 2.3.16.2 does include previous fixes. That is most probably the
reason for the issu
227 Dortmund
Germany
Dipl.-Inform. Fon:+49 231 9703-0
Fax:+49 231 9703-200
Markus Fischer SIP:markus.fisc...@knipp.de
Software DevelopmentE-Mail: markus.fisc...@knipp
Dear group,
I hope that you can help to clear up my confusion about the current
status of Struts 2.3.15.2 with regards to the security vulnerability
S2-018 (see [1]).
So far, it was my understanding that S2-018 is fixed with the 2.3.15.2
release. And the release notes still suggest that this is t
Hi Łukasz,
> The latest version is here:
> http://people.apache.org/builds/struts/2.3.15.3
thanks for the update and the quick turnaround on this.
I can confirm that with Struts-2.3.15.3, my issues with "action:"
buttons are fixed. I. e., Backward Compatibility for applications using
the "action
Hi Greg.
> So the statement about Backwards Compatibility on
> http://struts.apache.org/release/2.3.x/docs/s2-018.html is incorrect?
>
> *Backward Compatibility*
> After upgrading to Struts >= 2.3.15.2, applications using the "action:"
> should still work as expected.
>
> This doesn't appear to
>> Do you have any idea when the a release fixing the issue can be
>> available? And is there any chance to get more information about the
>> specifics of the vulnerability behind S2-018?
>
> It should be soon, patch is under review. I cannot share any details
> now about the vulnerability.
Many
Hi Lukasz,
> There is no other way - you must wait for new release (hope soon) or
> write custom action mapper.
many thanks for your fast reply and your continuing efforts in
supporting the Struts community.
Do you have any idea when the a release fixing the issue can be
available? And is there
Hi everyone,
I have just upgraded a web application from Struts 2.3.15.1 to Struts
2.3.15.2 (running on Tomcat 7.0.27). Now, for any button using the
"action:" prefix as described in S2-018, the action mapping does not
working anymore. I.e., Backward Compatibility for the "action:" prefix
is not g
16 matches
Mail list logo