One more doubt, does this security vulnerability is able to bring down the server :-) ? If we authorize ourselves to apache, is it possible for struts team to give us test case to check the vulnerability?
-- Thanks & Regards Srikanth Software Developer -------------------------------- eGovernments Foundations www.egovernments.org Mob : 9980078913 -------------------------------- On Wed, Oct 16, 2013 at 3:34 PM, Sreekanth S. Nair < sreekanth.n...@egovernments.org> wrote: > Hi, > Thanks Lukazs, but that's too much of task to compare rather i can > migrate ;-). Thanks Antonios, i will refer those links. > > > > -- > Thanks & Regards > sreekanth > -------------------------------- > > > On Wed, Oct 16, 2013 at 3:25 PM, Antonios Gkogkakis <gkogk...@tcd.ie>wrote: > >> Hi Sreekanth, >> >> Lukasz beat me! >> >> If you don't want to upgrade you should at least check the security >> bulletins >> http://struts.apache.org/release/2.2.x/docs/security-bulletins.html >> http://struts.apache.org/release/2.3.x/docs/security-bulletins.html >> >> see which vulnerabilities affect you and follow the instructions to >> resolve >> them. >> >> >> >> On 16 October 2013 10:48, Sreekanth S. Nair < >> sreekanth.n...@egovernments.org >> > wrote: >> >> > Hi, >> > Due to time and other internal constraints, we are unable to upgrade >> > strust2 to the latest version. So i would like to know if we use old >> > strust2 distro (in my case : struts2-core-2.1.2), what are the counter >> > measurement need to taken care? >> > >> > Regards >> > >> > >
