Didn't you commit fixes for this on Struts_2_0_X branch? When you closed the ticket the fix version changed. Wasn't sure if that was on accident or not.
James -----Original Message----- From: Musachy Barroso (JIRA) [mailto:[EMAIL PROTECTED] Sent: Thursday, August 30, 2007 1:50 PM To: [EMAIL PROTECTED] Subject: [jira] Resolved: (WW-2134) Upgrade Dojo from 0.4.2 to 0.4.3 to address possible XSS Issues [ https://issues.apache.org/struts/browse/WW-2134?page=com.atlassian.jira.plug in.system.issuetabpanels:all-tabpanel ] Musachy Barroso resolved WW-2134. --------------------------------- Resolution: Fixed Fix Version/s: (was: 2.0.10) 2.1.0 > Upgrade Dojo from 0.4.2 to 0.4.3 to address possible XSS Issues > --------------------------------------------------------------- > > Key: WW-2134 > URL: https://issues.apache.org/struts/browse/WW-2134 > Project: Struts 2 > Issue Type: Bug > Components: Integration > Affects Versions: 2.0.9 > Reporter: Ian Roughley > Assignee: Musachy Barroso > Priority: Blocker > Fix For: 2.1.0 > > > From the Dojo Toolkit website: "Dojo* 0.4.3 is now available to download. This is a security release. *Dojo* 0.4.1 and 0.4.2 users are strongly recommended to upgrade as soon as possible. 0.4.1 and 0.4.2 have a flaw in two files that could allow cross site scripting (*XSS*) attacks against your site if you do not upgrade." > As 2.0.9 runs 0.4.2, we should upgrade to 0.4.3 before releasing Struts 2.0.10. > Even if the upgrade is not technically needed, from a publicity standpoint (in addressing all possible security concerns) I think it is a good idea. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
