struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Eric Chatellier <chatell...@codelutin.com>
Subject About S2-019, is it safe to re-enable DMI ?
Date Wed, 25 Sep 2013 09:42:16 GMT
Hi

Just after updating struts to 2.3.15.2, all of ours applications stop working.
Some of ours applications uses struts-convention-plugin, so only
url can be used to acces action's methods.

We are using a lot of url with "!input" methods, especially to manage
form input and form validation.

"S2-019 - Dynamic Method Invocation disabled by default", seems to be a big
security issue.

So, is it safe to re-enable back DMI to true ?
If not, how is it possible to not use DMI ?

Redards.
Eric.

-- 
√Čric Chatellier - Code Lutin
Tel: 02.40.50.29.28 - http://www.codelutin.com


---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org


Mime
View raw message