Ah looks like all I need to do is upgrade. I missed the release note on this... Jim
On Wed, Mar 8, 2017 at 5:04 PM, Jim Spellman <jimspellma...@gmail.com> wrote: > Is there a way to turn off ognl, so to prevent this exploit? > https://github.com/rapid7/metasploit-framework/issues/8064 > > I found someone trying to break into my server and was able to issue > system level commands by injecting this ognl language into the content > header of a multipart form. > > I'm currently using: > > struts2-core-2.5.2.jar > ognl-3.1.10.jar > > Any help would be appreciated. > Thanks... > Jim --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org