Hi, CVE-2014-0114 was present till 1.3.10 version. In https://issues.apache.org/jira/browse/STR/?selectedTab=com.atlassian.jira.jira-projects-plugin:roadmap-panel link there are releases for 1.x after 1.3.10. So just wanted to confirm, is CVE-2014-0114 fixed in any of the later releases of 1.3.10 or it is yet to be fixed.
BR, Ruchika On Thu, Jul 10, 2014 at 2:40 AM, Paul Benedict <pbened...@apache.org> wrote: > Yes, we have releases planned: > > https://issues.apache.org/jira/browse/STR/?selectedTab=com.atlassian.jira.jira-projects-plugin:roadmap-panel > > > Cheers, > Paul > > > On Wed, Jul 9, 2014 at 4:08 PM, Dave Newton <davelnew...@gmail.com> wrote: > > > I'm not sure. > > > > In the meantime: > > > > > > > http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Protect-your-Struts1-applications/ba-p/6463188#.U72vCa1VRF9 > > > > Dave > > > > > > > > On Wed, Jul 9, 2014 at 5:01 PM, <walter.heesterm...@toyota-europe.com> > > wrote: > > > > > Hi, > > > > > > http://www.cvedetails.com/cve/CVE-2014-0114/ > > > > > > Is there a planned fix for version 1.x? > > > > > > Regards > > > Walter > > > > > > > > > > > > > > > This e-mail may contain confidential information. > > > If you are not an addressee or otherwise authorised to receive this > > > message, you should not use, copy, disclose or take any action based on > > > this e-mail. > > > If you have received this e-mail in error, please inform the sender > > > promptly and delete this message and any attachments immediately. > > > > > > > > > > -- > > e: davelnew...@gmail.com > > m: 908-380-8699 > > s: davelnewton_skype > > t: @dave_newton <https://twitter.com/dave_newton> > > b: Bucky Bits <http://buckybits.blogspot.com/> > > g: davelnewton <https://github.com/davelnewton> > > so: Dave Newton <http://stackoverflow.com/users/438992/dave-newton> > > >
