I am not sure about the process of offering patches & workarounds, but anyway, according to http://jakarta.apache.org/site/news.html#0924.1 the latest patch is actually only a disabling of the Invoker servlet. However some people with old code that who are relying on the Invoker servlet and cannot disable it w/o breaking their site are still exposed.
I have posted my own custom hack to solve this problem, and it can be found here http://www.jguru.com/forums/view.jsp?EID=1004251 Someone please gently correct me with any mistakes I have made, I'm just trying to be helpful here. __________________________________________________ Do you Yahoo!? New DSL Internet Access from SBC & Yahoo! http://sbc.yahoo.com -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
