wt., 2 sty 2024 o 13:34 Sebastian Götz <s.go...@inform-technology.de> napisał(a): > Hello to anybody and an happy new year!
Happy New Year! > Our dependency check startet to fail last year already marking > struts2-tiles-plugin as the source of a security issue. As the plugin > uses Apache Tiles 3.0.8 underneath it is affected by CVE-2023-49735. > Now as we use the struts-tiles-plugin to build our web pages and the > Tiles project is already retired, can somebody of the team explain how > to mitigate the security issue (besides moving away from Tiles completely)? The Tiles codebase has been copied into the Struts Tiles plugin [1] and it's a part of the Struts 6.3.0 right now. Migrating to this version should solve the problem. And we (Struts) are going to maintain the Tiles codebase under the plugin, so no worries :) [1] https://issues.apache.org/jira/browse/WW-5233 Cheers Łukasz --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
