2013/9/18 rgm <str...@rgm.nu>: > Are S2-018 and S2-019 as serious as these issues that prompted 2.3.15.1? > Should I rush to upgrade clients in the field to 2.3.15.2 as soon as it's > available?
S2-018 can be critical, it depends on how your application is structured - but it isn't a Remote Code Execution flaw. I cannot share more details as thus can be used by hackers to attack vulnerable sites. S2-019 - if you don't use DMI, it will not affect you. Regards -- Ćukasz + 48 606 323 122 http://www.lenart.org.pl/ --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org