struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Eric Chatellier <>
Subject About S2-019, is it safe to re-enable DMI ?
Date Wed, 25 Sep 2013 09:42:16 GMT

Just after updating struts to, all of ours applications stop working.
Some of ours applications uses struts-convention-plugin, so only
url can be used to acces action's methods.

We are using a lot of url with "!input" methods, especially to manage
form input and form validation.

"S2-019 - Dynamic Method Invocation disabled by default", seems to be a big
security issue.

So, is it safe to re-enable back DMI to true ?
If not, how is it possible to not use DMI ?


√Čric Chatellier - Code Lutin
Tel: -

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message