I think you fixed the issue.
Using the 2.3.2-snapshot with strict-method-invocation="true" in the package
statement I now get a 404 - error with the message being
Invalid method: getPassword for action recoverpassword
and the description being
The requested resource (Invalid method
Could you check the latest stable build [1]? It'll be ready in 1 hour
[1] https://builds.apache.org//view/S-Z/view/Struts/job/Struts2/lastStableBuild/
Regards
--
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/
Warszawa JUG conference - Confitura http://confitura.pl/
-
-Original Message-
> From: Łukasz Lenart [mailto:lukasz.len...@googlemail.com]
> Sent: Friday, December 16, 2011 12:43 PM
> To: Struts Users Mailing List
> Subject: Re: Dynamic Method Invocation Changes In Struts 2.3.1 Release
>
> Thanks Bruce, I'm checking that right no
: Dynamic Method Invocation Changes In Struts 2.3.1 Release
Thanks Bruce, I'm checking that right now, give me some time
Kind regards
--
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/
Warszawa JUG conference - Confitura http://confitura.pl/
2011/12/15 bphill...@ku.edu :
> I'd prev
Thanks Bruce, I'm checking that right now, give me some time
Kind regards
--
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/
Warszawa JUG conference - Confitura http://confitura.pl/
2011/12/15 bphill...@ku.edu :
> I'd previously
> http://www.brucephillips.name/blog/index.cfm/2011/2/19/Struts
I'd previously
http://www.brucephillips.name/blog/index.cfm/2011/2/19/Struts-2-Security-Vulnerability--Dynamic-Method-Invocation
blogged about the security vulnerability that exists when Struts dynamic
method invocation is not disabled. I was happy to learn that this
vulnerability was addressed
6 matches
Mail list logo
