Steven, I believe it's the other way around. The advisory affects XWork, but Atlassian has patched their private version of XWork to remove the vulnerability.
Paul On Mon, Aug 5, 2013 at 9:35 PM, Steven Benitez <steven.beni...@gmail.com>wrote: > The advisory indicates this affects Atlassian's build of xwork. Does this > also affect the official build of xwork? I'm guessing not. > > > On Mon, Aug 5, 2013 at 5:23 PM, Martin Gainty <mgai...@hotmail.com> wrote: > > > so..to mitigate > > > > struts-2.0.9 + > > > > ? > > Martin > > > > > > > > > > > Date: Mon, 5 Aug 2013 14:37:24 -0400 > > > Subject: FYI > > > From: davelnew...@gmail.com > > > To: dev@struts.apache.org > > > > > > I expect most of you already saw (or assumed) this, but just in case: > > > > > > > > > https://confluence.atlassian.com/display/DOC/Confluence+Security+Advisory+2013-08-05 > > > > > > Oh OGNL. > > > > > > Dave > > > > > -- Cheers, Paul
