[Entando] :: Struts2 Security Improvement
20 views
Skip to first unread message
Eugenio Santoboni
Jul 25, 2013, 9:11:39 AM7/25/13
to ent...@googlegroups.com
Ciao A Tutti,
The Struts2 Group has discovered a security problem on Strus2 Core and
corrected it in the current version 2.3.15.1 (that we'll using for the
next version of Entando)
http://struts.apache.org/release/2.3.x/docs/s2-016.html
To fix the problem on Entando-based projects version 3.2.0 (the latest
stable version, which uses struts2 version 2.3.4.1), copy the classes
in attachment (inside the folder below) on your project in order to
override the class of Struts2's Core affected by the bug.
<entando_project_folder>/src/main/java/org/apache/struts2/dispatcher/mapper/DefaultActionMapper.java
<entando_project_folder>/src/main/java/org/apache/struts2/StrutsConstants.java
Eu
The Struts2 Group has discovered a security problem on Strus2 Core and
corrected it in the current version 2.3.15.1 (that we'll using for the
next version of Entando)
http://struts.apache.org/release/2.3.x/docs/s2-016.html
To fix the problem on Entando-based projects version 3.2.0 (the latest
stable version, which uses struts2 version 2.3.4.1), copy the classes
in attachment (inside the folder below) on your project in order to
override the class of Struts2's Core affected by the bug.
<entando_project_folder>/src/main/java/org/apache/struts2/dispatcher/mapper/DefaultActionMapper.java
<entando_project_folder>/src/main/java/org/apache/struts2/StrutsConstants.java
Eu
Reply all
Reply to author
Forward
0 new messages