Hi Lukasz, > There is no other way - you must wait for new release (hope soon) or > write custom action mapper.
many thanks for your fast reply and your continuing efforts in supporting the Struts community. Do you have any idea when the a release fixing the issue can be available? And is there any chance to get more information about the specifics of the vulnerability behind S2-018? We are currently considering to filter out "action:” elements via URL rewriting, but without knowing any further details we cannot be sure that that will prevent the potential exploit. Thanks, Markus [1] S2-018: http://struts.apache.org/release/2.3.x/docs/s2-018.html --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
