struts-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Lukasz Lenart <lukaszlen...@apache.org>
Subject Re: [ANN] Struts 2.3.16.1 GA release available - security fix
Date Thu, 06 Mar 2014 17:08:24 GMT
So who's the reporter?

2014-03-06 16:54 GMT+01:00 Mark Thomas <markt@apache.org>:
> On 06/03/2014 09:04, Lukasz Lenart wrote:
>> This release includes important security fixes:
>> - S2-020 - ClassLoader manipulation via request parameters
>> - upgraded Commons FileUpload library to prevent DoS attacks
>>
>> * http://struts.apache.org/release/2.3.x/docs/s2-020.html
>
> Please remove my name from the reporters. I just forwarded the e-mail
> that the security team received. I do not deserve any of the credit for
> discovering this issue.
>
> Mark
>

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org


Mime
View raw message