RE: About includeParams in S2-014

2013-06-04 Thread Shohji Mikami
m] On Behalf Of Maurizio Cucchiara Sent: Tuesday, June 04, 2013 5:56 PM To: Struts Users Mailing List Subject: Re: About includeParams in S2-014 Even if probably it's not the best way to go, If you are not using includeParams all or get, you would not have to concern about S2-013 and S2-01

Re: About includeParams in S2-014

2013-06-04 Thread Maurizio Cucchiara
Even if probably it's not the best way to go, If you are not using includeParams all or get, you would not have to concern about S2-013 and S2-014. Please, check your app against S2-015 [1]. [1] https://cwiki.apache.org/confluence/display/WW/S2-015 Maurizio Cucchiara On 4 June 2013 10:34, Shoh

About includeParams in S2-014

2013-06-04 Thread Shohji Mikami
Struts 2 security report S2-014 strongly recommends upgrading Struts to 2.3.14.2, but in our project current Struts 2.3.4.1 is difficult to upgrade. Our project member verified the problem of S2-014 and found -- when the includeParams="all" or "get" were not specified in s:url and s:a tag, no mal