Hi Lukasz, Thank you for your reply.
In the event that Tiles 3.0.8 in the current versions of Struts has CVE, will the Struts team be providing the fixes for the CVE. Thank you. Regards, Yew Hwa On Tue, Nov 22, 2022 at 4:37 PM Lukasz Lenart <lukaszlen...@apache.org> wrote: > wt., 22 lis 2022 o 08:30 Yew Hwa Ho <hoyew...@gmail.com> napisał(a): > > I understand that the Apache Tiles has already retired ( > > https://tiles.apache.org/). However Tiles is still being used in Struts > > framework (both in version 2 and 6). Can I check if Tiles is currently > > being maintained by Struts if CVE is found? > > We are porting Tiles directly into the Struts Tiles plugin, which > means we won't be using the Tiles project but our own copy. And if > CVEs are reported regarding our copy, we will try to address them. > Yet, this is still work-in-progress and probably will be added in > Struts 6.2.0 or even in Struts 7.0.0 > https://github.com/apache/struts/pull/608 > > > Regards > -- > Łukasz > + 48 606 323 122 http://www.lenart.org.pl/ > > --------------------------------------------------------------------- > To unsubscribe, e-mail: user-unsubscr...@struts.apache.org > For additional commands, e-mail: user-h...@struts.apache.org > >
