I'd add that since the plugin has been deprecated since S2.1 it's unlikely anything was ever done to deal with it.
On Mon, Oct 6, 2014 at 10:00 AM, Lukasz Lenart <lukaszlen...@apache.org> wrote: > 2014-10-06 15:42 GMT+02:00 Markus Fischer <markus.fisc...@knipp.de>: > > Hi all, > > > > I have a question regarding the patch level of the Dojo plugin shipped > > with Struts 2.3.x. According to the Apache Struts 2 Documentation (see > > [1]), Struts 2.3.x ships with Dojo 0.4.3, which is vulnerable to two > > major security issues (CVE-2010-2276 and CVE-2010-2272, see [2]). > > > > Is a Struts 2.3.x system using the Dojo plugin vulnerable to these > > security issues, or have they been fixed somehow? > > > > Any information or links to further reading greatly appreciated. > > Probably it's a vulnerable version - I don't know if the plugin's > author did something special to build initial Dojo JS lib > > > Regards > -- > Ćukasz > + 48 606 323 122 http://www.lenart.org.pl/ > > --------------------------------------------------------------------- > To unsubscribe, e-mail: user-unsubscr...@struts.apache.org > For additional commands, e-mail: user-h...@struts.apache.org > > -- e: davelnew...@gmail.com m: 908-380-8699 s: davelnewton_skype t: @dave_newton <https://twitter.com/dave_newton> b: Bucky Bits <http://buckybits.blogspot.com/> g: davelnewton <https://github.com/davelnewton> so: Dave Newton <http://stackoverflow.com/users/438992/dave-newton>
