Hi all. >>> According to the Apache Struts 2 Documentation (see >>> [1]), Struts 2.3.x ships with Dojo 0.4.3, which is vulnerable to two >>> major security issues (CVE-2010-2276 and CVE-2010-2272, see [2]).
>> Probably it's a vulnerable version > I'd add that since the plugin has been deprecated since S2.1 it's unlikely > anything was ever done to deal with it. Given that the plugin has been deprecated already, does anyone know for which release the removal is planned? I was not able to find any documentation regarding a Dojo plugin roadmap. Cheers, Markus >> [1] http://struts.apache.org/release/2.3.x/docs/dojo-head.html >> >> [2] >> http://www.cvedetails.com/vulnerability-list/vendor_id-7641/product_id-12940/version_id-70187/Dojotoolkit-Dojo-0.4.3.html --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
