struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Markus Fischer <>
Subject Is the Dojo plugin version shipped with Struts 2.3.x vulnerable?
Date Mon, 06 Oct 2014 13:42:37 GMT
Hi all,

I have a question regarding the patch level of the Dojo plugin shipped
with Struts 2.3.x. According to the Apache Struts 2 Documentation (see
[1]), Struts 2.3.x ships with Dojo 0.4.3, which is vulnerable to two
major security issues (CVE-2010-2276 and CVE-2010-2272, see [2]).

Is a Struts 2.3.x system using the Dojo plugin vulnerable to these
security issues, or have they been fixed somehow?

Any information or links to further reading greatly appreciated.




To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message