Quick question on the patch for CVE-2018-11776

Hi Team, Version 2.3.35 is the official patch for this vulnerability. However v2.3.35 has a bunch of other fixes too. So if we want the patch for only "CVE-2018-11776", what are the options available? Is the fix for "CVE-2018-11776" contained completely in DefaultActionMapper.java? Given tha

Re: Apache Struts 2.3.35 Upgrade - backward incompatibility in s:if

czw., 30 sie 2018 o 11:23 Miguel Almeida napisał(a): > I mean being able to provide some more information in the release notes > that allows to spot backward incompatibilities more easily. I know this is > a lot easier said than done, but the end goal is to improve accuracy of the > backward compa

Re: Apache Struts 2.3.35 Upgrade - backward incompatibility in s:if

Thanks Lukasz, On Thu, Aug 30, 2018 at 10:03 AM Lukasz Lenart wrote: > czw., 30 sie 2018 o 10:40 Miguel Almeida > napisał(a): > > Out of curiosity, is the problem the conversion from List to XWorkList > > mentioned > > by Yasser > > < > https://issues.apache.org/jira/browse/WW-4954?focusedComm

Re: Apache Struts 2.3.35 Upgrade - backward incompatibility in s:if

czw., 30 sie 2018 o 10:40 Miguel Almeida napisał(a): > Out of curiosity, is the problem the conversion from List to XWorkList > mentioned > by Yasser >

Re: Apache Struts 2.3.35 Upgrade - backward incompatibility in s:if

Hi Lukasz, Thanks for your answer. Yes, it seems related, adding this constant works around the issue. Out of curiosity, is the problem the conversion from List to XWorkList mentioned by Yasser