Hi folks,
I haven't seen any communication about this fix :
https://github.com/StripesFramework/stripes/commit/b4c043ce50f3f032abc47878cf70019db0675c7a
It seems to be a quite ugly security issue actually, same as :
http://struts.apache.org/announce.html
ClassLoader manipulation ? Holy sh*t ! Running arbitrary code now ? wtf ?
Do we plan to release a hot fix for 1.5.7 ? Or release 1.5.8 ?
I guess we might also wanna drop an email on the users list. This is
something all stripes should be aware of. Good opportunity to recall about
@Validate and @StrictBinding, for those who don't use it...
Cheers
RĂ©mi
------------------------------------------------------------------------------
Start Your Social Network Today - Download eXo Platform
Build your Enterprise Intranet with eXo Platform Software
Java Based Open Source Intranet - Social, Extensible, Cloud Ready
Get Started Now And Turn Your Intranet Into A Collaboration Platform
http://p.sf.net/sfu/ExoPlatform
_______________________________________________
Stripes-development mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/stripes-development
