struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Markus Fischer <>
Subject Struts2 Roadmap w.r.t. Dojo plugin (was Re: Is the Dojo plugin version shipped with Struts 2.3.x vulnerable?)
Date Mon, 20 Oct 2014 14:49:41 GMT
Hi all.

>>> According to the Apache Struts 2 Documentation (see
>>> [1]), Struts 2.3.x ships with Dojo 0.4.3, which is vulnerable to two
>>> major security issues (CVE-2010-2276 and CVE-2010-2272, see [2]).

>> Probably it's a vulnerable version

> I'd add that since the plugin has been deprecated since S2.1 it's unlikely
> anything was ever done to deal with it.

Given that the plugin has been deprecated already, does anyone know for
which release the removal is planned? I was not able to find any
documentation regarding a Dojo plugin roadmap.


>> [1]
>> [2]

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message