2012/9/10 Garry S Ditzler <gditz...@csc.com>: > There is a security vulnerability report, CVE-2012-1007, that was released > on 02/07/2012 for Struts v1.3.10. There doesn't appear to be a response > or available patch from the Apache Struts organization on this issue. > > Since v1.3.10 general availability date of 04 December 2008, there has not > been any notable activity for this release. > > Is Struts v1.3.10 actively assessed for security vulnerabilities and > security fixes?
Yes, it is, but the problem is just with the example applications bundled with S1 - they aren't the best examples in case of security. Struts 2 was released with sanitised examples, and probably we must do the same with S1. Regards -- Ćukasz + 48 606 323 122 http://www.lenart.org.pl/ --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org