2014-10-06 15:42 GMT+02:00 Markus Fischer <markus.fisc...@knipp.de>: > Hi all, > > I have a question regarding the patch level of the Dojo plugin shipped > with Struts 2.3.x. According to the Apache Struts 2 Documentation (see > [1]), Struts 2.3.x ships with Dojo 0.4.3, which is vulnerable to two > major security issues (CVE-2010-2276 and CVE-2010-2272, see [2]). > > Is a Struts 2.3.x system using the Dojo plugin vulnerable to these > security issues, or have they been fixed somehow? > > Any information or links to further reading greatly appreciated.
Probably it's a vulnerable version - I don't know if the plugin's author did something special to build initial Dojo JS lib Regards -- Ćukasz + 48 606 323 122 http://www.lenart.org.pl/ --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
