Lukasz - I agree with you, but until a new version of Struts 2 is released that includes a fix for this vulnerability, I'd like to tell Struts 2 developers what to do when implementing the SessionAware interface to mitigate the vulnerability.
If you could look over what I wrote in the initial post and provide any feedback on that I'd certainly appreciate your comments. -- View this message in context: http://struts.1045723.n5.nabble.com/Security-Vulnerability-When-Using-SessionAware-and-Best-Practice-For-Mitigating-It-tp5502292p5523338.html Sent from the Struts - User mailing list archive at Nabble.com. --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
