struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Miguel Almeida <mig...@almeida.at>
Subject Re: Is Struts 2.3.15.2 affected by the security vulnerability S2-018?
Date Tue, 17 Dec 2013 09:29:44 GMT
Lukasz,

Just to be sure, does that mean that if you use 2.3.15.3 and you set the
flag to enable the action: prefix it means you'll get the old behaviour
(and vulnerability) back?


Miguel

On Mon, 2013-12-16 at 08:27 +0100, Lukasz Lenart wrote:

> 2.3.15.2 and 2.3.15.3 address the same issue, but 2.3.15.2 breaks
> support for action: prefix, that's why we released 2.3.15.3 as well -
> even if you don't use action: prefix functionality it will be better
> upgrade to 2.3.15.3 and use the new flag to disable action: prefix
> which is safer option.
> 
> 
> Regards



Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message