-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Remi and Ben, Additionally, Struts provided a "mitigation" in the interim of a general release (http://struts.apache.org/announce.html#a20140424). Prior to a general release such a mitigation would be advisable if available. I'll be leading an effort to patch or upgrade our installations next week. Regards, Tim On 4/26/14, 5:20 AM, VANKEISBELCK Remi wrote: > Hi folks, > > I haven't seen any communication about this fix : > https://github.com/StripesFramework/stripes/commit/b4c043ce50f3f032abc47878cf70019db0675c7a > > It seems to be a quite ugly security issue actually, same as : > http://struts.apache.org/announce.html ClassLoader manipulation ? > Holy sh*t ! Running arbitrary code now ? wtf ? > > Do we plan to release a hot fix for 1.5.7 ? Or release 1.5.8 ? > > I guess we might also wanna drop an email on the users list. This > is something all stripes should be aware of. Good opportunity to > recall about @Validate and @StrictBinding, for those who don't use > it... > > Cheers > > RĂ©mi > > > > > ------------------------------------------------------------------------------ > > Start Your Social Network Today - Download eXo Platform > Build your Enterprise Intranet with eXo Platform Software Java > Based Open Source Intranet - Social, Extensible, Cloud Ready Get > Started Now And Turn Your Intranet Into A Collaboration Platform > http://p.sf.net/sfu/ExoPlatform > > > > _______________________________________________ Stripes-development > mailing list [email protected] > https://lists.sourceforge.net/lists/listinfo/stripes-development > -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: Seeking grim and perilous adventure! Comment: Get my public key at http://bit.ly/9UQHQv Comment: GPGTools - http://gpgtools.org iQIcBAEBCgAGBQJTXWQpAAoJEHJJ3jMipSyC6hAQAKZdT4NQ12AGGrjwUIkcQJSv njPm3bwdExMBjqaI48426rtRT5AsF5H8AYlZNf5z2fTGerkq3vS7VR6frOsjzJzv PmCxU1ETFSJasI7wH/2fdE0uFvSQxuMraBW3aGW2W5ZpqIlJfKW8hnLim1033o8A spjlQNC044/ONZGAgCCVWgngjS/0kbuIGPEMwcHfM7pH2XUq3ikeoGU1MNQytBi7 Ejp4OQhFZa7FQbY7VwDaTVzEZUm+5WMEZqiXcN4Pm+PXS1oRXRjlZzGRF7RC7CfJ DDuaOUhR2q/G98tntJWMB0cDYg1Rwkw7yQ9SM69X0icOtcqmQ1TKzZniPSuoV2VW kWpj7+OvaRsu+rJcPnZoL204a0p3XspiDyt9OwPil4wdIPdDhlfR0I3+lf5fIm2Q oaELov7fylKkiE9+J1U+8ed08z7C/OwWL3zZUK1mcdcsc2WqsIGZwVseLkZ49re8 JQqZzTHrO/eNw8gPp1UEyHcnqB72M/NbwfOMQNVUG4NxikJOFEB2lcvQ5LRZXZEm 9AzImuYd+cDF0BQx4A5FggXcBHWlWeFn2YdQifmmBX3yyaVxSFkYrwVwqNHnpqiJ PAYBCFh/HnezY3XJFtRvuVHaywSYibvAfFvFw/5iRlhUut0CvwXdLU18wDURT2dl m4XZbZ66BM9fRNpXXDCX =Wk5D -----END PGP SIGNATURE----- ------------------------------------------------------------------------------ Start Your Social Network Today - Download eXo Platform Build your Enterprise Intranet with eXo Platform Software Java Based Open Source Intranet - Social, Extensible, Cloud Ready Get Started Now And Turn Your Intranet Into A Collaboration Platform http://p.sf.net/sfu/ExoPlatform _______________________________________________ Stripes-development mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/stripes-development
