Hello Emi, According to [1] and [2], yes. It's code is S2-052 and resolved in 2.3.34 and 2.5.13.
[1] http://mail-archives.apache.org/mod_mbox/www-announce/201709.mbox/%3CCAMopvkNPG--EVqRtg4rO0G1bYrJ0cgYiBh=P=o2poezq8kv...@mail.gmail.com%3E [2] http://mail-archives.us.apache.org/mod_mbox/www-announce/201709.mbox/%3CCAMopvkOyO1_KUpjHXO0EjVDDrs6tYRW=x9b8lpekg1ykvov...@mail.gmail.com%3E On 9/25/2017 6:01 PM, Emi wrote: > Hello, > > Just want to double check, for struts2.5.13 and 2.3.34, the following > issue has been covered and resolved, right? > > http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html > > > > Thanks a lot. > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: user-unsubscr...@struts.apache.org > For additional commands, e-mail: user-h...@struts.apache.org >