struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Miguel Almeida <>
Subject Re: Is Struts affected by the security vulnerability S2-018?
Date Tue, 17 Dec 2013 09:29:44 GMT

Just to be sure, does that mean that if you use and you set the
flag to enable the action: prefix it means you'll get the old behaviour
(and vulnerability) back?


On Mon, 2013-12-16 at 08:27 +0100, Lukasz Lenart wrote:

> and address the same issue, but breaks
> support for action: prefix, that's why we released as well -
> even if you don't use action: prefix functionality it will be better
> upgrade to and use the new flag to disable action: prefix
> which is safer option.
> Regards

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message