Are the 2.2.x versions of struts 2 vulnerable?
On 10/20/2014 9:49 AM, Markus Fischer wrote:
Hi all.
According to the Apache Struts 2 Documentation (see
[1]), Struts 2.3.x ships with Dojo 0.4.3, which is vulnerable to two
major security issues (CVE-2010-2276 and CVE-2010-2272, see [2]).
Probably it's a vulnerable version
I'd add that since the plugin has been deprecated since S2.1 it's unlikely
anything was ever done to deal with it.
Given that the plugin has been deprecated already, does anyone know for
which release the removal is planned? I was not able to find any
documentation regarding a Dojo plugin roadmap.
Cheers,
Markus
[1] http://struts.apache.org/release/2.3.x/docs/dojo-head.html
[2]
http://www.cvedetails.com/vulnerability-list/vendor_id-7641/product_id-12940/version_id-70187/Dojotoolkit-Dojo-0.4.3.html
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org
