Good point. This pales in comparison to, say, the OGNL remote code exploit. XSS exploits, while important, just aren't anywhere near as big of deal.
Don On Tue, Mar 4, 2008 at 12:43 PM, Jeromy Evans <[EMAIL PROTECTED]> wrote: > My opinion is that the criticality is overstated. > However it is useful to draw attention to the vulnerability. > > > > Don Brown wrote: > > Looks good. Thanks for creating a security bulletin as well. > > > > Don > > > > On 3/4/08, Rene Gielen <[EMAIL PROTECTED]> wrote: > > > >> The release has been submitted for mirroring. Here's a draft > >> announcement that we could post tomorrow morning, including a link to a > >> corresponding security bulletin announcement in the wiki. Comments and > >> corrections to both texts are highly appreciated. > >> > >> ---- > >> > >> Apache Struts 2.0.11.1 is now available from > >> <http://struts.apache.org/download.cgi#struts20111>. > >> > >> This release is a fast track security fix release, including important > >> security fixes regarding possible cross site scripting exploits. For > >> more information about the exploits, visit our security bulletins page at > >> <http://cwiki.apache.org/confluence/display/WW/S2-002>. > >> > >> * ALL DEVELOPERS ARE STRONGLY ADVISED TO UPDATE TO STRUTS 2.0.11.1 > >> IMMEDIATELY! > >> > >> For the complete release notes for Struts 2.0.11.1, see > >> <http://cwiki.apache.org/confluence/display/WW/Release+Notes+2.0.11.1>. > >> > >> --------------------------------------------------------------------- > >> To unsubscribe, e-mail: [EMAIL PROTECTED] > >> For additional commands, e-mail: [EMAIL PROTECTED] > >> > >> > >> > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
