DHIS2 is not vulnerable to this CVE. On 15 September 2017 at 03:52, Greg Wilson <gwil...@baosystems.com> wrote: > I asked the core team last week and they said DHIS2 does not use the REST > plugin that CVE-2017-9805 addresses. If this is not correct, I am sure one > of them will correct me in a couple hours. > > Greg Wilson > > > On Thu, Sep 14, 2017 at 9:23 PM, Stephen Macauley > <stephen.macau...@inductivehealth.com> wrote: >> >> DHIS2 Developers and Community: >> >> >> >> I wanted to check if DHIS2 (specifically Version: 2.25 that includes the >> March 2017 patch for CVE-2017-5638) is vulnerable to the newly identified >> Struts exploit - CVE-2017-9805? >> >> >> >> More information available via these links: >> https://nakedsecurity.sophos.com/2017/09/06/apache-struts-serialisation-vulnerability-what-you-need-to-know/ >> and https://struts.apache.org/docs/s2-052.html >> >> >> >> As always, thanks for your prompt response and support of DHIS2! >> >> >> >> -Stephen >> >> >> >> >> _______________________________________________ >> Mailing list: https://launchpad.net/~dhis2-devs >> Post to : dhis2-devs@lists.launchpad.net >> Unsubscribe : https://launchpad.net/~dhis2-devs >> More help : https://help.launchpad.net/ListHelp >> > > > > -- > Greg Wilson > BAO Systems > gwil...@baosystems.com > > _______________________________________________ > Mailing list: https://launchpad.net/~dhis2-devs > Post to : dhis2-devs@lists.launchpad.net > Unsubscribe : https://launchpad.net/~dhis2-devs > More help : https://help.launchpad.net/ListHelp >
_______________________________________________ Mailing list: https://launchpad.net/~dhis2-devs Post to : dhis2-devs@lists.launchpad.net Unsubscribe : https://launchpad.net/~dhis2-devs More help : https://help.launchpad.net/ListHelp