struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Kiran Ananthpur Bacche (kbacche)" <>
Subject Quick question on the patch for CVE-2018-11776
Date Fri, 31 Aug 2018 02:57:23 GMT
Hi Team,

Version 2.3.35 is the official patch for this vulnerability. However v2.3.35 has a bunch of
other fixes too.

So if we want the patch for only "CVE-2018-11776", what are the options available?

Is the fix for "CVE-2018-11776" contained completely in

Given that there was a backward compatibility issue seen with upgrade from 2.3.34 to 2.3.35
(ref:, we are checking
to see if there is a way to have a patch that fixes only "CVE-2018-11776".


  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message