wt., 31 sie 2021 o 17:36 Gopal, Siva Prakash
napisaĆ(a):
>
> Hi Team,
>
> We are using below version of struts. Is there any security issue to upgrade
> it to next version.
>
> struts2-core-2.3.35
As far I know no, you can always check this page
https://struts.apache.org/
Hi Team,
We are using below version of struts. Is there any security issue to upgrade it
to next version.
struts2-core-2.3.35
Thanks,
Siva
This message (including any attachments) contains confidential information
intended for a specific individual and purpose, and is protected by law. If
Yup ;) and thanks.
--
Thanks & Regards
Srikanth
Software Developer
eGovernments Foundations
www.egovernments.org
Mob : 9980078913
On Fri, Aug 2, 2013 at 1:19 PM, Lukasz Lenart wrote:
> 2013/8/2 Sreekanth S. Nair :
> > Any idea?
2013/8/2 Sreekanth S. Nair :
> Any idea?
There be no problem with that - CEI is used to display conversion
errors, there is no logic inside used by some vital parts of
framework. But I would rather find the origins of the problem you have
- as I understand your application was working fine with pr
Any idea?
--
Thanks & Regards
Srikanth
On Thu, Aug 1, 2013 at 4:49 PM, Sreekanth S. Nairwrote:
> Hi,
> Is there any security issue or any side effect if we don't use
> conversionError interceptor apart from it wont report the conversion errors?
>
> --
> Thanks & Regards
> Srikanth
>
Hi,
Is there any security issue or any side effect if we don't use
conversionError interceptor apart from it wont report the conversion errors?
--
Thanks & Regards
Srikanth
org
> CC: mgai...@hotmail.com; thechrispr...@gmail.com
> Subject: Re: Java security issue vs. struts?
>
> Hello Martin,
>
> I did not find bug report under struts JIRA related to jfreechart.
>
> More details about how I use jfreechart:
> (1) jsp
> (2) JAVA Action class, gen
l Message ----
Subject: Re: Java security issue vs. struts?
Date: Fri, 18 Jan 2013 12:00:31 -0500
From: Emi Lu
Reply-To: em...@encs.concordia.ca
To: Christian Grobmeier
CC: Struts Users Mailing List , Chris Pratt
Thank you Chris. Moreover, if I call jfreechart to generate reports through
we
Thank you Chris. Moreover, if I call jfreechart to generate reports through
web applications, it will not be affected, I believe?
As long as you do not use Applets to output JFreechart data you should
be fine (saying: if you generate images with JFreechart)
(1) My jsp:
(2) struts.xml
> Emi
>
>
>
>> On Wed, Jan 16, 2013 at 1:54 PM, Emi Lu > <mailto:em...@encs.concordia.ca>> wrote:
>>
>> Hello,
>>
>> Does someone know how this java security issue related to struts
>> framework?
>>
>>
>> http://
...
Where does Struts 2 run? In the browser, or on a server?
Dave
On Wed, Jan 16, 2013 at 5:06 PM, Emi Lu wrote:
> On 01/16/2013 04:54 PM, Emi Lu wrote:
>
>> Hello,
>>
>> Does someone know how this java security issue related to struts
>> framework?
>>
&g
; From: em...@encs.concordia.ca
> To: thechrispr...@gmail.com
> CC: user@struts.apache.org
> Subject: Re: Java security issue vs. struts?
>
> On 01/16/2013 05:02 PM, Chris Pratt wrote:
> > I believe the description says it all.
> >
> > This Security Alert addresse
affected, I believe?
Emi
On Wed, Jan 16, 2013 at 1:54 PM, Emi Lu mailto:em...@encs.concordia.ca>> wrote:
Hello,
Does someone know how this java security issue related to struts
framework?
http://www.oracle.com/__technetwork/topics/security/__alert-cve-2013-0422-1896849.
On 01/16/2013 04:54 PM, Emi Lu wrote:
Hello,
Does someone know how this java security issue related to struts framework?
http://www.oracle.com/technetwork/topics/security/alert-cve-2013-0422-1896849.html
One more link:
http://nakedsecurity.sophos.com/2013/01/15/disable-java-browsers-homeland
running on servers,* standalone
Java desktop applications or embedded Java applications. They also do not
affect Oracle server-based software.
On Wed, Jan 16, 2013 at 1:54 PM, Emi Lu wrote:
> Hello,
>
> Does someone know how this java security issue related to struts framework?
Hello,
Does someone know how this java security issue related to struts framework?
http://www.oracle.com/technetwork/topics/security/alert-cve-2013-0422-1896849.html
Thanks a lot!
Emi
-
To unsubscribe, e-mail: user-unsubscr
hat thread
for other lost souls :)
Again, thanks greatly for your response; i feel hopeful again about the
matter!
j.
*From:* Alberto A. Flores [mailto:[EMAIL PROTECTED]
*Sent:* Monday, October 27, 2008 4:51 PM
*To:* Mad
You cant control what the client browser sends to the server (as hackers
can spoof almost anything thats sent) so you need to treat all data from
the client as suspiscious until proven otherwise! This means validating
any data that is submitted to your application before your application
makes
Hello All,
In my application, I have a scenario in which user is allowed to update the
information pertaining to his/her account. The pages are localised and on
the basis of this localisation, some fields are updateable in one scenario,
while others are not.
The problem is that a "smart enoug
Sent: Wednesday, June 09, 2004 5:22 AM
Subject: RE: design security issue
> Well, you could do something as simple as setting a session attribute
every
> time an Action is called that stores what page was accessed, but before
> doing that you check what value is there already and if i
MAIL PROTECTED]>
To: "Struts Users Mailing List" <[EMAIL PROTECTED]>
Subject: Fw: design security issue
Date: Wed, 9 Jun 2004 19:02:22 +0530
To implement a similar behaviour struts provides with the saveToken
functionlaity.
Look at it here
http://www.scioworks.net
lt;[EMAIL PROTECTED]>
> Sent: Wednesday, June 09, 2004 5:22 AM
> Subject: RE: design security issue
>
>
> > Well, you could do something as simple as setting a session attribute
> every
> > time an Action is called that stores what page was accessed, but before
> >
JSP?
Cai Peng
-Original Message-
From: Zhang, Larry (L.) [mailto:[EMAIL PROTECTED]
Sent: Wednesday, June 09, 2004 6:15 AM
To: Struts Users Mailing List
Subject: RE: design security issue
Thank you Frank and Yuanbo, for the points. Our application is set up in
SSL and password
nd bypass
that little check in the Actions.
Frank
From: "Zhang, Larry (L.)" <[EMAIL PROTECTED]>
Reply-To: "Struts Users Mailing List" <[EMAIL PROTECTED]>
To: "Struts Users Mailing List" <[EMAIL PROTECTED]>
Subject: RE: design security issue
Date: Tue
one manage has a lot of
employees so I want to make sure the data is not somehow messed up.
Thanks.
-Original Message-
From: Frank Zammetti [mailto:[EMAIL PROTECTED]
Sent: Tuesday, June 08, 2004 5:41 PM
To: [EMAIL PROTECTED]
Subject: RE: design security issue
Excellent point, thanks for
Excellent point, thanks for adding it!
Frank
From: "Wang, Yuanbo" <[EMAIL PROTECTED]>
Reply-To: "Struts Users Mailing List" <[EMAIL PROTECTED]>
To: "Struts Users Mailing List" <[EMAIL PROTECTED]>
Subject: RE: design security issue
Date: Tue, 8 Jun
ight
be plenty.
Frank
>From: "Zhang, Larry (L.)" <[EMAIL PROTECTED]>
>Reply-To: "Struts Users Mailing List" <[EMAIL PROTECTED]>
>To: <[EMAIL PROTECTED]>
>Subject: design security issue
>Date: Tue, 8 Jun 2004 15:14:36 -0400
>
>I have an web
be plenty.
Frank
From: "Zhang, Larry (L.)" <[EMAIL PROTECTED]>
Reply-To: "Struts Users Mailing List" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Subject: design security issue
Date: Tue, 8 Jun 2004 15:14:36 -0400
I have an web application on which the manager can
I have an web application on which the manager can view his manage tree and select his
employee for transactions (such as Perfromance Rating, putting on Leave of absence).
Definitely it is very vital in this case to keep the security or make sure one data
for one employee is submitted not for an
29 matches
Mail list logo
