Hi Chris This issue came up on another apache users list I believe there was open access issue to Remote Context Object by OGNL (but i think Lukasz or Dave addressed the issue)..emi..did you see this in Struts Jira? Bon chance, Martin ______________________________________________ Note de déni et de confidentialitéCe message est confidentiel et peut être privilégié. Si vous n'êtes pas le destinataire prévu, nous te demandons avec bonté que pour satisfaire informez l'expéditeur. N'importe quelle diffusion non autorisée ou la copie de ceci est interdite. Ce message sert à l'information seulement et n'aura pas n'importe quel effet légalement obligatoire. Étant donné que les email peuvent facilement être sujets à la manipulation, nous ne pouvons accepter aucune responsabilité pour le contenu fourni.
> Date: Wed, 16 Jan 2013 17:12:13 -0500 > From: [email protected] > To: [email protected] > CC: [email protected] > Subject: Re: Java security issue vs. struts? > > On 01/16/2013 05:02 PM, Chris Pratt wrote: > > I believe the description says it all. > > > > This Security Alert addresses security issues CVE-2013-0422 (US-CERT > > Alert TA13-010A - Oracle Java 7 Security Manager Bypass Vulnerability) > > and another vulnerability affecting Java running in web browsers. *These > > vulnerabilities are not applicable to Java running on servers,* > > standalone Java desktop applications or embedded Java applications. They > > also do not affect Oracle server-based software. > > > Thank you Chris. Moreover, if I call jfreechart to generate reports > through web applications, it will not be affected, I believe? > > Emi > > > > > On Wed, Jan 16, 2013 at 1:54 PM, Emi Lu <[email protected] > > <mailto:[email protected]>> wrote: > > > > Hello, > > > > Does someone know how this java security issue related to struts > > framework? > > > > > > http://www.oracle.com/__technetwork/topics/security/__alert-cve-2013-0422-1896849.__html > > > > <http://www.oracle.com/technetwork/topics/security/alert-cve-2013-0422-1896849.html> > > > > Thanks a lot! > > Emi > > > > > > ------------------------------__------------------------------__--------- > > To unsubscribe, e-mail: user-unsubscribe@struts.__apache.org > > <mailto:[email protected]> > > For additional commands, e-mail: [email protected] > > <mailto:[email protected]> > > > > > > > -- > Emi Lu, ENCS, Concordia University, Montreal H3G 1M8 > [email protected] +1 514 848-2424 x5884 > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] >
