[
https://issues.apache.org/struts/browse/WW-2134?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
James Holmes updated WW-2134:
-----------------------------
Fix Version/s: 2.0.10
> Upgrade Dojo from 0.4.2 to 0.4.3 to address possible XSS Issues
> ---------------------------------------------------------------
>
> Key: WW-2134
> URL: https://issues.apache.org/struts/browse/WW-2134
> Project: Struts 2
> Issue Type: Bug
> Components: Integration
> Affects Versions: 2.0.9
> Reporter: Ian Roughley
> Assignee: Musachy Barroso
> Priority: Blocker
> Fix For: 2.0.10
>
>
> From the Dojo Toolkit website: "Dojo* 0.4.3 is now available to download.
> This is a security release. *Dojo* 0.4.1 and 0.4.2 users are strongly
> recommended to upgrade as soon as possible. 0.4.1 and 0.4.2 have a flaw in
> two files that could allow cross site scripting (*XSS*) attacks against your
> site if you do not upgrade."
> As 2.0.9 runs 0.4.2, we should upgrade to 0.4.3 before releasing Struts
> 2.0.10.
> Even if the upgrade is not technically needed, from a publicity standpoint
> (in addressing all possible security concerns) I think it is a good idea.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
