Ok, so the only option is got through each security bulletin and check provided Proof-of-Concept if it affects your application. And DMI isn't a problem if used wise.
https://cwiki.apache.org/confluence/display/WW/Security+Bulletins 2013/10/16 Sreekanth S. Nair <sreekanth.n...@egovernments.org>: > Thanks Lukazs, the problem i'm facing now is our product is so huge to do a > migration and running mainly on DMI. I'm unable to convince my top > management about how bad strust2 vulnerability is (since i dont know how to > replicate the vulnerability). So I have no choice other than option 2. > > -- > Thanks & Regards > Srikanth > Software Developer > -------------------------------- > eGovernments Foundations > www.egovernments.org > Mob : 9980078913 > -------------------------------- > > > On Wed, Oct 16, 2013 at 4:22 PM, Umesh Awasthi <umeshawas...@gmail.com>wrote: > >> I do not think that is possible. >> You have 2 options >> >> 1. Upgrade you struts2 version. >> 2. Go through security vulnerability and see what was there and create test >> cases to see what exactly is happening and fix them by checking patches. >> >> But IMO, upgrading to latest version is much more flexible and less time >> consuming than going through each and every vulnerability and applying >> fixes for them. >> >> >> On Wed, Oct 16, 2013 at 4:17 PM, Sreekanth S. Nair < >> sreekanth.n...@egovernments.org> wrote: >> >> > Test Case to test the security vulnerability (major ones) in >> > struts2-core-2.1.2. >> > >> > -- >> > Thanks & Regards >> > Srikanth >> > Software Developer >> > -------------------------------- >> > eGovernments Foundations >> > www.egovernments.org >> > Mob : 9980078913 >> > -------------------------------- >> > >> > >> > On Wed, Oct 16, 2013 at 4:15 PM, Lukasz Lenart <lukaszlen...@apache.org >> > >wrote: >> > >> > > 2013/10/16 Sreekanth S. Nair <sreekanth.n...@egovernments.org>: >> > > > One more doubt, does this security vulnerability is able to bring >> down >> > > the >> > > > server :-) ? If we authorize ourselves to apache, is it possible for >> > > struts >> > > > team to give us test case to check the vulnerability? >> > > >> > > What you mean by that? What test case you refer to? >> > > >> > > >> > > Regards >> > > -- >> > > Ćukasz >> > > + 48 606 323 122 http://www.lenart.org.pl/ >> > > >> > > --------------------------------------------------------------------- >> > > To unsubscribe, e-mail: user-unsubscr...@struts.apache.org >> > > For additional commands, e-mail: user-h...@struts.apache.org >> > > >> > > >> > >> >> >> >> -- >> With Regards >> Umesh Awasthi >> http://www.travellingrants.com/ >> --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
