struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From William Stranathan <w...@thestranathans.com>
Subject Re: Struts 2.3 fix for s2-052?
Date Wed, 06 Sep 2017 10:31:08 GMT
Odd - when I tested the snapshots, they were still vulnerable. I'm not able
to get it to build from source (now some odd javac access exception).

Where do I get the bits for testing 2.3.34, if not the snapshots?

On Wed, Sep 6, 2017 at 1:36 AM Lukasz Lenart <lukaszlenart@apache.org>
wrote:

> 2017-09-06 6:22 GMT+02:00 William Stranathan <will@thestranathans.com>:
> > Struts 2.3 is also vulnerable to the s2-052 RCE. However, there's no 2.3
> > patch available yet. I've tried with the latest snapshots, and those are
> > also vulnerable.
> >
> > Is there a fix for this vulnerability on the 2.3 stream forthcoming?
>
> I have called for a vote just now, 2.3.34 contains all the backports
> from 2.5.13 related to the security vulnerabilities. Please test and
> report back.
>
>
> Regards
> --
> Ɓukasz
> + 48 606 323 122 <+48%20606%20323%20122> http://www.lenart.org.pl/
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> For additional commands, e-mail: user-help@struts.apache.org
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message