seems to be fixed in 1.3.11 or later, but no release date yet Walter
From: Ruchika Mahajan <[email protected]> To: Struts Users Mailing List <[email protected]>, Date: 10/07/2014 07:24 Subject: Re: Fix security vulnerability Hi, CVE-2014-0114 was present till 1.3.10 version. In https://issues.apache.org/jira/browse/STR/?selectedTab=com.atlassian.jira.jira-projects-plugin:roadmap-panel link there are releases for 1.x after 1.3.10. So just wanted to confirm, is CVE-2014-0114 fixed in any of the later releases of 1.3.10 or it is yet to be fixed. BR, Ruchika On Thu, Jul 10, 2014 at 2:40 AM, Paul Benedict <[email protected]> wrote: > Yes, we have releases planned: > > https://issues.apache.org/jira/browse/STR/?selectedTab=com.atlassian.jira.jira-projects-plugin:roadmap-panel > > > Cheers, > Paul > > > On Wed, Jul 9, 2014 at 4:08 PM, Dave Newton <[email protected]> wrote: > > > I'm not sure. > > > > In the meantime: > > > > > > > http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Protect-your-Struts1-applications/ba-p/6463188#.U72vCa1VRF9 > > > > Dave > > > > > > > > On Wed, Jul 9, 2014 at 5:01 PM, <[email protected]> > > wrote: > > > > > Hi, > > > > > > http://www.cvedetails.com/cve/CVE-2014-0114/ > > > > > > Is there a planned fix for version 1.x? > > > > > > Regards > > > Walter > > > > > > > > > > > > > > > This e-mail may contain confidential information. > > > If you are not an addressee or otherwise authorised to receive this > > > message, you should not use, copy, disclose or take any action based on > > > this e-mail. > > > If you have received this e-mail in error, please inform the sender > > > promptly and delete this message and any attachments immediately. > > > > > > > > > > -- > > e: [email protected] > > m: 908-380-8699 > > s: davelnewton_skype > > t: @dave_newton <https://twitter.com/dave_newton> > > b: Bucky Bits <http://buckybits.blogspot.com/> > > g: davelnewton <https://github.com/davelnewton> > > so: Dave Newton <http://stackoverflow.com/users/438992/dave-newton> > > > This e-mail may contain confidential information. If you are not an addressee or otherwise authorised to receive this message, you should not use, copy, disclose or take any action based on this e-mail. If you have received this e-mail in error, please inform the sender promptly and delete this message and any attachments immediately.
