> On Mar 14, 2017, at 12:17 PM, Lukasz Lenart wrote:
>
> 2017-03-14 15:57 GMT+01:00 Doug Erickson :
>> What is the proper server setup to prevent this?
>
> Upgrade to the latest Struts version ... and run server on a dedicated
> account, block access to the world (seve
What is the proper server setup to prevent this?
> On Mar 14, 2017, at 7:08 AM, Louis Smith wrote:
>
> Sad, but what should have been the story is how rapidly the fixes were made
> available, and how a properly setup server would not be vulnerable
>
> Louis
>
>
>> On Tue, Mar 14, 2017 at 8:09
A lot of my feelings about OGNL are summed up in a StackOverflow answer
of mine:
> http://stackoverflow.com/a/341597/3474
A couple of points from there I'd like to stress:
JSTL and OGNL are not comparable. A few people have mentioned JSTL
today, but hopefully they were talking about EL. More
