http://struts.apache.org/struts1eol-announcement.html
-- Thanks & Regards Sreekanth S Nair Java Developer ------------------------------------------- eGovernments Foundation <http://www.egovernments.org> : 9980078913 ------------------------------------------- <http://in.linkedin.com/pub/sreekanth-s-nair/b/946/5a0/> <https://github.com/sreekanthsnair> <sreekanthsn...@hotmail.co.uk> <sreekanths...@gmail.com> ------------------------------------------- On Thu, Jul 10, 2014 at 6:25 PM, <walter.heesterm...@toyota-europe.com> wrote: > seems to be fixed in 1.3.11 or later, but no release date yet > > Walter > > > > > From: Ruchika Mahajan <ruchika.mahaja...@gmail.com> > To: Struts Users Mailing List <user@struts.apache.org>, > Date: 10/07/2014 07:24 > Subject: Re: Fix security vulnerability > > > > Hi, > > CVE-2014-0114 was present till 1.3.10 version. In > > https://issues.apache.org/jira/browse/STR/?selectedTab=com.atlassian.jira.jira-projects-plugin:roadmap-panel > > link > there are releases for 1.x after 1.3.10. So just wanted to confirm, is > CVE-2014-0114 fixed in any of the later releases of 1.3.10 or it is yet to > be fixed. > > BR, > Ruchika > > > On Thu, Jul 10, 2014 at 2:40 AM, Paul Benedict <pbened...@apache.org> > wrote: > > > Yes, we have releases planned: > > > > > > https://issues.apache.org/jira/browse/STR/?selectedTab=com.atlassian.jira.jira-projects-plugin:roadmap-panel > > > > > > > Cheers, > > Paul > > > > > > On Wed, Jul 9, 2014 at 4:08 PM, Dave Newton <davelnew...@gmail.com> > wrote: > > > > > I'm not sure. > > > > > > In the meantime: > > > > > > > > > > > > > http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Protect-your-Struts1-applications/ba-p/6463188#.U72vCa1VRF9 > > > > > > > Dave > > > > > > > > > > > > On Wed, Jul 9, 2014 at 5:01 PM, <walter.heesterm...@toyota-europe.com> > > > wrote: > > > > > > > Hi, > > > > > > > > http://www.cvedetails.com/cve/CVE-2014-0114/ > > > > > > > > Is there a planned fix for version 1.x? > > > > > > > > Regards > > > > Walter > > > > > > > > > > > > > > > > > > > > This e-mail may contain confidential information. > > > > If you are not an addressee or otherwise authorised to receive this > > > > message, you should not use, copy, disclose or take any action based > on > > > > this e-mail. > > > > If you have received this e-mail in error, please inform the sender > > > > promptly and delete this message and any attachments immediately. > > > > > > > > > > > > > > > -- > > > e: davelnew...@gmail.com > > > m: 908-380-8699 > > > s: davelnewton_skype > > > t: @dave_newton <https://twitter.com/dave_newton> > > > b: Bucky Bits <http://buckybits.blogspot.com/> > > > g: davelnewton <https://github.com/davelnewton> > > > so: Dave Newton <http://stackoverflow.com/users/438992/dave-newton> > > > > > > > > > > > This e-mail may contain confidential information. > If you are not an addressee or otherwise authorised to receive this > message, you should not use, copy, disclose or take any action based on > this e-mail. > If you have received this e-mail in error, please inform the sender > promptly and delete this message and any attachments immediately. >
