One correction: I missed the word "onwards" which means Tiles 3 is also
affected, yet I assume the report itself is invalid.
This is a good idea. I will post to the security group.
Am 10.01.2024 um 12:22 schrieb Lukasz Lenart:
Hi Sebastian,
To be honest I have no idea why this triggers any alert. The
vulnerability targets Tiles 2.0 [1] while Struts (even before merging
the codebase) is using Tiles 3 which
Hi Sebastian,
To be honest I have no idea why this triggers any alert. The
vulnerability targets Tiles 2.0 [1] while Struts (even before merging the
codebase) is using Tiles 3 which shouldn't be affected. This could be an
issue of false positive alert in OWASP. Also the vulnerability report looks
Hi Lukasz,
happy new year to you and everyone as well!
Unfortunately I had some trouble with the mailing list and thus did not
receive your reply. I have found it browsing the group by browser and so
I post your reply here for reference:
Happy New Year!
The Tiles codebase has been copied
wt., 2 sty 2024 o 13:34 Sebastian Götz
napisał(a):
> Hello to anybody and an happy new year!
Happy New Year!
> Our dependency check startet to fail last year already marking
> struts2-tiles-plugin as the source of a security issue. As the plugin
> uses Apache Tiles 3.0.8 underneath it is
Hello to anybody and an happy new year!
Our dependency check startet to fail last year already marking
struts2-tiles-plugin as the source of a security issue. As the plugin
uses Apache Tiles 3.0.8 underneath it is affected by CVE-2023-49735.
Now as we use the struts-tiles-plugin to build our
6 matches
Mail list logo