pt., 5 gru 2025 o 18:25 Ggg Nnn <[email protected]> napisał(a): > Are Struts 6.x client applications vulnerable in case they do not rely > on file uploads feature and they have explicitly disabled file upload > support via struts.multipart.enabled config property (as explained in > https://struts.apache.org/core-developers/action-file-upload#disabling-file-upload-support)?
No, if file upload support is disabled, your application is not vulnerable. I updated the bulletin. Cheers Łukasz --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
