Thanks Lukazs, the problem i'm facing now is our product is so huge to do a migration and running mainly on DMI. I'm unable to convince my top management about how bad strust2 vulnerability is (since i dont know how to replicate the vulnerability). So I have no choice other than option 2.
-- Thanks & Regards Srikanth Software Developer -------------------------------- eGovernments Foundations www.egovernments.org Mob : 9980078913 -------------------------------- On Wed, Oct 16, 2013 at 4:22 PM, Umesh Awasthi <umeshawas...@gmail.com>wrote: > I do not think that is possible. > You have 2 options > > 1. Upgrade you struts2 version. > 2. Go through security vulnerability and see what was there and create test > cases to see what exactly is happening and fix them by checking patches. > > But IMO, upgrading to latest version is much more flexible and less time > consuming than going through each and every vulnerability and applying > fixes for them. > > > On Wed, Oct 16, 2013 at 4:17 PM, Sreekanth S. Nair < > sreekanth.n...@egovernments.org> wrote: > > > Test Case to test the security vulnerability (major ones) in > > struts2-core-2.1.2. > > > > -- > > Thanks & Regards > > Srikanth > > Software Developer > > -------------------------------- > > eGovernments Foundations > > www.egovernments.org > > Mob : 9980078913 > > -------------------------------- > > > > > > On Wed, Oct 16, 2013 at 4:15 PM, Lukasz Lenart <lukaszlen...@apache.org > > >wrote: > > > > > 2013/10/16 Sreekanth S. Nair <sreekanth.n...@egovernments.org>: > > > > One more doubt, does this security vulnerability is able to bring > down > > > the > > > > server :-) ? If we authorize ourselves to apache, is it possible for > > > struts > > > > team to give us test case to check the vulnerability? > > > > > > What you mean by that? What test case you refer to? > > > > > > > > > Regards > > > -- > > > Ćukasz > > > + 48 606 323 122 http://www.lenart.org.pl/ > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: user-unsubscr...@struts.apache.org > > > For additional commands, e-mail: user-h...@struts.apache.org > > > > > > > > > > > > -- > With Regards > Umesh Awasthi > http://www.travellingrants.com/ >
