tiles-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Antonio Petrelli <antonio.petre...@gmail.com>
Subject Re: Any Cross Site Scripting(XSS) Vulnerabilities with Tiles 2.0.6?
Date Tue, 09 Aug 2011 13:58:14 GMT
2011/8/9 Sridhar Vanukuri <srvanukuri@gmail.com>

> Hello,
>
> We are using struts2 and tiles 2.0.6 and we want to verify and see if we
> need to update the tiles version if there are any cross site scripting(xss)
> or remotes code execution issues identified with tiles 2.0.6. Early
> response
> is appreciated.
>
>
Not that I am aware of, we had only one security problem with versions 2.1.0
and 2.1.1 (fixed in newer versions):
http://tiles.apache.org/framework/security/security-bulletin-1.html
However Tiles 2.0.x is no longer maintained, bugs won't be fixed, they will
be fixed only in the 2.2.x branch.

Antonio

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message