struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Lukasz Lenart <lukaszlen...@apache.org>
Subject Re: Is Struts 2.3.15.2 affected by the security vulnerability S2-018?
Date Tue, 17 Dec 2013 10:40:26 GMT
2013/12/17 Miguel Almeida <miguel@almeida.at>:
> Lukasz,
>
> Just to be sure, does that mean that if you use 2.3.15.3 and you set the
> flag to enable the action: prefix it means you'll get the old behaviour
> (and vulnerability) back?

As I cannot answer your question directly on public forum, I will say
that there is one more option you should keep false when you enabled
support for action: prefix.

Anyway, right now I'm working on two most important things: better DMI
and action: support :-)


Regards
-- 
Ɓukasz
+ 48 606 323 122 http://www.lenart.org.pl/

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org


Mime
View raw message