struts-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ted Husted" <>
Subject Badly worded security alert ( FrSIRT/ADV-2007-3042)
Date Wed, 05 Sep 2007 20:01:54 GMT
The recent alert posted at


says that all versions of Apache Struts prior to 2.0.9 are affected by
the "Apache Struts XWork Form Object-Graph Navigation Language Code
Execution" issue.

Of course, this is not the case. No version of  Struts 1.x is affected
by this issue, which is specific only to XWork based frameworks.

I've sent a feedback comment to the site on behalf of the group, and
updated our own website to clarify. I also posted a quick note to
user@ a few minutes ago.


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message