2016-04-28 3:59 GMT+02:00 mailinglist rs <rsmailinglis...@gmail.com>: > Besides using upgrade or disable Dynamic method invocation, can I use > Filter or ParameterInteceptors to block request parameters which start with > "method:" prefix to prevent S2-032? > Reference: https://struts.apache.org/docs/s2-032.html
Yes, you can but bear in mind that this vulnerability affects only 2.3.20, 2.3.24 and 2.3.28 Regards -- Ćukasz + 48 606 323 122 http://www.lenart.org.pl/ --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org