If you still running Struts2 < 2.3.15.1 you should immediately upgrade!
http://blog.trendmicro.com/trendlabs-security-intelligence/chinese-underground-creates-tool-exploiting-apache-struts-vulnerability/
Regards
--
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/
-
docs updated
https://cwiki.apache.org/confluence/display/WW/Interceptors#Interceptors-InterceptorParameterOverriding
2013/9/17 Lukasz Lenart :
> 2013/9/16 rgm :
>> If this is a duplicate message I apologize -- had some trouble subscribing.
>> I'd like to provide some excludeParams to the Paramet
2013/9/16 rgm :
> If this is a duplicate message I apologize -- had some trouble subscribing.
> I'd like to provide some excludeParams to the ParametersInterceptor. I
> have two questions about this:
>
> 1) If I provide my own "excludeParams" element like this:
>
>
> token
>
>
> Does this g
It will be updated with next release - soon
Regards
--
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/
2013/9/16 Ken McWilliams :
> Still you can't have users going to improper content, how would they know
> it works elsewhere?
> The content missing on the page (code) is a significant issue.
If this is a duplicate message I apologize -- had some trouble subscribing.
I'd like to provide some excludeParams to the ParametersInterceptor. I
have two questions about this:
1) If I provide my own "excludeParams" element like this:
token
Does this get added to the default list of par
Still you can't have users going to improper content, how would they know
it works elsewhere?
The content missing on the page (code) is a significant issue.
On Sun, Sep 15, 2013 at 11:16 PM, Lukasz Lenart wrote:
> Thanks, but it is already solved with Draft docs
>
> http://struts.apache.org/deve
There is a bug in DelegatingValidatorContext#makeTextProvider method -
it should first try to use parent before creating new instance of
TextProvider (base on TextProviderFactory but without injecting
dependencies :\)
Regards
--
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/
2013/9/16 Christ
Done, thanks for reporting!
https://cwiki.apache.org/confluence/display/WW/Form+Validation+Using+XML
2013/9/16 Chris :
> Hi Lukasz,
>
> Good example of regex in
> http://struts.apache.org/development/2.x/docs/form-validation-using-xml.html ,
> and choose between JavaScript validator or Java val
Hi Lukasz,
Good example of regex in
http://struts.apache.org/development/2.x/docs/form-validation-using-xml.html ,
and choose between JavaScript validator or Java validator will be another
story .;-)
but the file EditAction-validation.xml seems contain a wrong value.
.
I found it in testi
> > when an application uses a custom TextProvider it seems not to be used
for
> > validation errors. And if an Action is ModelDriven it behaves
different
> > again.
> >
> > Here is a sample app for that:
> > https://github.com/wolpi/struts2-samples/tree/master/modeldriven-
> and-textprovider
> >
10 matches
Mail list logo
