I did a quick test and it appeared to work correctly. -Nate
-----Original Message----- From: Maurizio Cucchiara [mailto:[email protected]] Sent: Wednesday, May 11, 2011 12:37 PM To: Struts Users Mailing List Subject: Re: XSS Vulnerability in Struts 2 before 2.2.3 I did not checked before, but I bet it works (Please Let us know if it doesn't). On 11 May 2011 16:47, Sarr, Nathan <[email protected]> wrote: > Hello, > > > > I noticed the solution mentions turning off DMI support in > struts.xml. Would the same result be achieved by setting it in the > struts.properties file: > > > > # don't allow dynamic method invocation > > struts.enable.DynamicMethodInvocation = false > > > > Thanks, > > -Nate > > > > -- Maurizio Cucchiara --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
