Dear Struts2 mailing list, i have the following question(s)/ i need the following advice: by default the "action:" prefix is set to false in Struts2 v2.3.15.3 as to: http://struts.apache.org/release/2.3.x/docs/s2-018 for security reasons, but i need to set it back to true(i.e. the struts.mapper.action.prefix.enabled) because my actions do not work after the library update and if i decide to go another way to solve this issue, i need to do a lot of refactoring on my code; So my question is: if i enable the "action:" prefix, does it mean that, i automatically compromise/expose my application to the security issues discussed in s2-16, s2-17 and s2-18? Is there a workaround for my scenario, that i can enable the prefix, but still maintain the security level of my application considering the enumerated above issues?(can i achieve better results if i tweak properly the struts.mapper.action.prefix.crossNamespaces)
many thanks for your opinions and support! Best, krassen -- Krassen Deltchev M.Sc. Applied Computer Science, Ruhr-University of Bochum LPIC I http://www.xing.com/profile/Krassen_Deltchev http://de.linkedin.com/pub/krassen-deltchev/22/632/12 http://www.slideshare.net/test2v https://twitter.com/#!/test2v --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org