I read that. I don't think we should do anything. The blog post is speculative. Nobody from Apple did tell us if it was really a Struts problem or not. If it is, then well, we can't do anything. This doesn't make Struts a dangerous framework at all, it just highlights you should update when your framework provider recommends it. It also highlights we are taking security issues serious.
Also it should be mentioned that no company (to my knowledge) is in any way supporting the development of Struts. Apple got a lot of money, they could fund the development of the framework of their choice. At least they should be able to roll out new security patches. Maybe others think different, but except with continuing to improve struts, we cannot do anything bout it. On Wed, Jul 31, 2013 at 2:13 PM, Frans Thamura <fr...@meruvian.org> wrote: > Anyone read this? > > http://java.dzone.com/articles/was-struts-responsible-apples > > How we handle this? > > F -- http://www.grobmeier.de https://www.timeandbill.de --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org