Someone asked me privately whether there were any test cases for the three security/vulnerability bugs fixed in Struts 1.2.9:
* Bug 38374 - Validation always skipped with Globals.CANCEL_KEY * Bug 38534 - DOS attack, application hack * Bug 38749 - XSS vulnerability in DispatchAction I have updated the "Upgrade Notes" on the wiki for Struts 1.2.9 to add a "Test Cases" section for each of the bugs: http://wiki.apache.org/struts/StrutsUpgradeNotes128to129 Niall --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
