struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Lukasz Lenart <lukaszlen...@apache.org>
Subject Re: Struts 2.3 fix for s2-052?
Date Wed, 06 Sep 2017 05:35:44 GMT
2017-09-06 6:22 GMT+02:00 William Stranathan <will@thestranathans.com>:
> Struts 2.3 is also vulnerable to the s2-052 RCE. However, there's no 2.3
> patch available yet. I've tried with the latest snapshots, and those are
> also vulnerable.
>
> Is there a fix for this vulnerability on the 2.3 stream forthcoming?

I have called for a vote just now, 2.3.34 contains all the backports
from 2.5.13 related to the security vulnerabilities. Please test and
report back.


Regards
-- 
Ɓukasz
+ 48 606 323 122 http://www.lenart.org.pl/

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org


Mime
View raw message