2013/10/9 Markus Fischer <markus.fisc...@knipp.de>: > Hi Lukasz, > >> There is no other way - you must wait for new release (hope soon) or >> write custom action mapper. > > many thanks for your fast reply and your continuing efforts in > supporting the Struts community. > > Do you have any idea when the a release fixing the issue can be > available? And is there any chance to get more information about the > specifics of the vulnerability behind S2-018?
It should be soon, patch is under review. I cannot share any details now about the vulnerability. > We are currently considering to filter out "action:” elements via URL > rewriting, but without knowing any further details we cannot be sure > that that will prevent the potential exploit. I'm not sure what you mean by "filter out by url rewriting" but maybe you could share your solution here? And it looks like the right direction. Regards -- Łukasz + 48 606 323 122 http://www.lenart.org.pl/ --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org