struts-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ted Husted" <hus...@apache.org>
Subject Badly worded security alert ( FrSIRT/ADV-2007-3042)
Date Wed, 05 Sep 2007 20:01:54 GMT
The recent alert posted at

 * http://www.frsirt.com/english/advisories/2007/3042

says that all versions of Apache Struts prior to 2.0.9 are affected by
the "Apache Struts XWork Form Object-Graph Navigation Language Code
Execution" issue.

Of course, this is not the case. No version of  Struts 1.x is affected
by this issue, which is specific only to XWork based frameworks.

I've sent a feedback comment to the site on behalf of the group, and
updated our own website to clarify. I also posted a quick note to
user@ a few minutes ago.

-Ted.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org


Mime
View raw message