struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Lukasz Lenart <lukaszlen...@apache.org>
Subject Re: Is the Dojo plugin version shipped with Struts 2.3.x vulnerable?
Date Mon, 06 Oct 2014 14:00:15 GMT
2014-10-06 15:42 GMT+02:00 Markus Fischer <Markus.Fischer@knipp.de>:
> Hi all,
>
> I have a question regarding the patch level of the Dojo plugin shipped
> with Struts 2.3.x. According to the Apache Struts 2 Documentation (see
> [1]), Struts 2.3.x ships with Dojo 0.4.3, which is vulnerable to two
> major security issues (CVE-2010-2276 and CVE-2010-2272, see [2]).
>
> Is a Struts 2.3.x system using the Dojo plugin vulnerable to these
> security issues, or have they been fixed somehow?
>
> Any information or links to further reading greatly appreciated.

Probably it's a vulnerable version - I don't know if the plugin's
author did something special to build initial Dojo JS lib


Regards
-- 
Ɓukasz
+ 48 606 323 122 http://www.lenart.org.pl/

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org


Mime
View raw message