[jira] [Created] (WW-4582) adds 'class' to exclude params in ParametersInterceptor (avoid ClassLoader manipulation)

victorsosa (JIRA) Tue, 05 Jan 2016 05:14:33 -0800

victorsosa created WW-4582:
------------------------------

             Summary: adds 'class' to exclude params in ParametersInterceptor 
(avoid ClassLoader manipulation)
                 Key: WW-4582
                 URL: https://issues.apache.org/jira/browse/WW-4582
             Project: Struts 2
          Issue Type: Bug
          Components: Core Interceptors
    Affects Versions: 2.3.24
            Reporter: victorsosa
            Priority: Critical
             Fix For: 2.3.25, 2.5



Hi, 

This is a permanent patch for security issue CVE-2014-0094; this adds 'class' 
to exclude params in ParametersInterceptor (avoid ClassLoader manipulation)





--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Created] (WW-4582) adds 'class' to exclude params in ParametersInterceptor (avoid ClassLoader manipulation)

Reply via email to