Upgrade Dojo from 0.4.2 to 0.4.3 to address possible XSS Issues
---------------------------------------------------------------
Key: WW-2134
URL: https://issues.apache.org/struts/browse/WW-2134
Project: Struts 2
Issue Type: Bug
Components: Integration
Affects Versions: 2.0.9
Reporter: Ian Roughley
Assignee: Musachy Barroso
Priority: Blocker
>From the Dojo Toolkit website: "Dojo* 0.4.3 is now available to download. This
>is a security release. *Dojo* 0.4.1 and 0.4.2 users are strongly recommended
>to upgrade as soon as possible. 0.4.1 and 0.4.2 have a flaw in two files that
>could allow cross site scripting (*XSS*) attacks against your site if you do
>not upgrade."
As 2.0.9 runs 0.4.2, we should upgrade to 0.4.3 before releasing Struts 2.0.10.
Even if the upgrade is not technically needed, from a publicity standpoint (in
addressing all possible security concerns) I think it is a good idea.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
