struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Niall Pemberton" <niall.pember...@gmail.com>
Subject Tests for bugs fixed in Struts 1.2.9
Date Mon, 29 May 2006 15:07:16 GMT
Someone asked me privately whether there were any test cases for the
three security/vulnerability bugs fixed in Struts 1.2.9:

 * Bug 38374 - Validation always skipped with Globals.CANCEL_KEY
 * Bug 38534 - DOS attack, application hack
 * Bug 38749 - XSS vulnerability in DispatchAction

I have updated the "Upgrade Notes" on the wiki for Struts 1.2.9 to add
a "Test Cases" section for each of the bugs:

http://wiki.apache.org/struts/StrutsUpgradeNotes128to129

Niall

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org


Mime
View raw message