>> Do you have any idea when the a release fixing the issue can be >> available? And is there any chance to get more information about the >> specifics of the vulnerability behind S2-018? > > It should be soon, patch is under review. I cannot share any details > now about the vulnerability.
Many thanks, Lukasz. >> We are currently considering to filter out "action:” elements via URL >> rewriting, but without knowing any further details we cannot be sure >> that that will prevent the potential exploit. > > I'm not sure what you mean by "filter out by url rewriting" but maybe > you could share your solution here? And it looks like the right > direction. I'll check if that is feasible and post here if I think it can be useful for someone else. Best regards, Markus --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
