Ok, thanks! 2014-03-06 18:23 GMT+01:00 Mark Thomas <ma...@apache.org>: > On 06/03/2014 17:08, Lukasz Lenart wrote: >> So who's the reporter? > > We (the ASF) know who discovered CVE-2014-0050 but they have not given > permission to be named. The only public credit information is that which > was published for CVE-2014-0050. > > Mark > >> >> 2014-03-06 16:54 GMT+01:00 Mark Thomas <ma...@apache.org>: >>> On 06/03/2014 09:04, Lukasz Lenart wrote: >>>> This release includes important security fixes: >>>> - S2-020 - ClassLoader manipulation via request parameters >>>> - upgraded Commons FileUpload library to prevent DoS attacks >>>> >>>> * http://struts.apache.org/release/2.3.x/docs/s2-020.html >>> >>> Please remove my name from the reporters. I just forwarded the e-mail >>> that the security team received. I do not deserve any of the credit for >>> discovering this issue. >>> >>> Mark >>> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: security-unsubscr...@apache.org >> For additional commands, e-mail: security-h...@apache.org >> >
--------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
