2014-04-28 17:55 GMT+02:00 Dave Evans :
> Hello,
>
> For users who have a functioning 2.3.16.1 site, is it sufficient to copy in
> the struts-core and xwork-core jar files, in order to complete the upgrade
> to 2.3.16.2? It seems that way from looking at the git logs.
Basically yes, other jars did
Hi,
Can anyone confirm/deny if Struts 1 is vulnerable to this problem?
Thanks,
Andy.
Hello:
I'm upgrading from Struts 2.3.4.1 to Struts 2.3.16.2. I've found that some of
my actions no longer work due to the excludeParams restrictions.
For example, I get the following warning:
...ParametersInterceptor.warn:56 - Parameter [action:myExcludedAction] is on
the excludeParams list of
Hello,
For users who have a functioning 2.3.16.1 site, is it sufficient to copy in
the struts-core and xwork-core jar files, in order to complete the upgrade
to 2.3.16.2? It seems that way from looking at the git logs.
Thanks,
Dave
On Sat, Apr 26, 2014 at 11:46 AM, Lukasz Lenart wrote:
> The
Hello List,
Installed 2.3.16.2 successfully. Just have two questions:
(a) For the new version, I can remove the manual fix that I did for
[1], right?
(b) if not, as you clarified, I will change coding to:
// since tiles-defaults and struts-defaults are the same. As
suggested, will only ex
After long weekend probably, there are few issues I want to solve
before and maybe add a better security mechanism [1] - it will solve
problems with accessing Object's properties and maybe I will block
some other potential flaws ( eg. exclude Runtime class)
[1] https://github.com/apache/struts/pul
Hi Ćukasz and all.
Am 26.04.2014 06:24, schrieb Lukasz Lenart:
> Let me finish 2.3.16.2 ;-)
First of all, many thanks to the whole team for getting out Struts
2.3.16.2 with the S2-021 fix that quick.
I am now in a situation - probably like many other users on this list -
that I have a number of
7 matches
Mail list logo
