Hi,
a customer (operations/hosting department) is asking whether geoserver (running
on tomcat7) is effected by a security issue in Apache Struts[1][2].
I'm surprised because AFAIK geoserver does not use struts anymore for a long
time now, right? http://blog.geoserver.org/2008/08/11/a-new-ui-is-dawning/
OTOH, I still find several references to struts in the geoserver source code:
https://github.com/geoserver/geoserver/search?utf8=%E2%9C%93&q=struts&type=
So is struts still being used, and if so, is geoserver effected by the struts
security issues?
Kind regards,
Jens
[1] http://struts.apache.org/docs/s2-045.html
[2] https://www.exploit-db.com/exploits/41570/
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Geoserver-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/geoserver-users
