Return-Path: Delivered-To: apmail-struts-dev-archive@www.apache.org Received: (qmail 73589 invoked from network); 16 Feb 2006 15:38:54 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur.apache.org with SMTP; 16 Feb 2006 15:38:54 -0000 Received: (qmail 18450 invoked by uid 500); 16 Feb 2006 15:38:49 -0000 Delivered-To: apmail-struts-dev-archive@struts.apache.org Received: (qmail 18417 invoked by uid 500); 16 Feb 2006 15:38:49 -0000 Mailing-List: contact dev-help@struts.apache.org; run by ezmlm Precedence: bulk List-Unsubscribe: List-Help: List-Post: List-Id: "Struts Developers List" Reply-To: "Struts Developers List" Delivered-To: mailing list dev@struts.apache.org Received: (qmail 18406 invoked by uid 99); 16 Feb 2006 15:38:49 -0000 Received: from asf.osuosl.org (HELO asf.osuosl.org) (140.211.166.49) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 16 Feb 2006 07:38:49 -0800 X-ASF-Spam-Status: No, hits=-0.0 required=10.0 tests=SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (asf.osuosl.org: domain of niall.pemberton@gmail.com designates 66.249.92.195 as permitted sender) Received: from [66.249.92.195] (HELO uproxy.gmail.com) (66.249.92.195) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 16 Feb 2006 07:38:48 -0800 Received: by uproxy.gmail.com with SMTP id q2so139283uge for ; Thu, 16 Feb 2006 07:38:27 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=i/gmF/h57Fi/JH5wRtg0QEUlxZSOpDACxgTYGLQkfgqEB2Syu1g0gXOY1A1pEbnd+chaVJ6wk1LLZ2hJhKYzfC2uWio0o1/yZvcZl/lAGrbl3eTlkh+Z3jKZih5GJKRNBuMk7wCNf21TaF4hkwSo2QfkS1k8JIbGOm5YC/Tp02Q= Received: by 10.66.222.15 with SMTP id u15mr20781ugg; Thu, 16 Feb 2006 07:38:22 -0800 (PST) Received: by 10.66.232.5 with HTTP; Thu, 16 Feb 2006 07:38:21 -0800 (PST) Message-ID: <55afdc850602160738s224bb68dp717013e23203f62c@mail.gmail.com> Date: Thu, 16 Feb 2006 15:38:21 +0000 From: Niall Pemberton To: Struts Developers List Subject: Re: [VOTE] Confirm the Struts Action Library 1.3.0 release plan In-Reply-To: <24743.170.201.180.136.1140102367.squirrel@webmail.chiron.lunarpages.com> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline References: <8b3ce3790511211818p7143385aw5f6cd417ed13daf7@mail.gmail.com> <1c661f2f0602131024y530bfe7aubcfe98e54415e3b4@mail.gmail.com> <8b3ce3790602131842v7cdd8ab2s8e7f44e3cabe7a2@mail.gmail.com> <8b3ce3790602160615w27b2750dvc646df73886d6d43@mail.gmail.com> <55afdc850602160645g22e26b16p28f309cd06ecb90e@mail.gmail.com> <24743.170.201.180.136.1140102367.squirrel@webmail.chiron.lunarpages.com> X-Virus-Checked: Checked by ClamAV on apache.org X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N On 2/16/06, Frank W. Zammetti wrote: > By the way, I didn't catch the DOS hole... can someone point me at the > appropriate ticket? http://issues.apache.org/bugzilla/show_bug.cgi?id=3D38534 If you drop the 1.2 Branch version of upload.jsp into the Struts 1.2.8 version of the examples webapp - you can see it in action: http://svn.apache.org/viewcvs.cgi/struts/action/branches/STRUTS_1_2_BRANCH/= web/examples/upload/ I've patched the 1.2.x branch for this bug, but held off fixing it in 1.3 at Ted's request. Niall > > Frank --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org For additional commands, e-mail: dev-help@struts.apache.org