The Dojo plugin hasn't been updated since... a long time. It still uses an old version of Dojo.
On Mon, Oct 20, 2014 at 2:27 PM, Pedro Gonzales <p.gonzales.13...@gmail.com> wrote: > Does anyone know if Struts 2.2.x is vulnerable or is this limited to 2.3.x? > > On 10/20/2014 9:49 AM, Markus Fischer wrote: >> >> Hi all. >> >>>>> According to the Apache Struts 2 Documentation (see >>>>> [1]), Struts 2.3.x ships with Dojo 0.4.3, which is vulnerable to two >>>>> major security issues (CVE-2010-2276 and CVE-2010-2272, see [2]). >>>> >>>> Probably it's a vulnerable version >>> >>> I'd add that since the plugin has been deprecated since S2.1 it's >>> unlikely >>> anything was ever done to deal with it. >> >> Given that the plugin has been deprecated already, does anyone know for >> which release the removal is planned? I was not able to find any >> documentation regarding a Dojo plugin roadmap. >> >> Cheers, >> Markus >> >>>> [1] http://struts.apache.org/release/2.3.x/docs/dojo-head.html >>>> >>>> [2] >>>> >>>> http://www.cvedetails.com/vulnerability-list/vendor_id-7641/product_id-12940/version_id-70187/Dojotoolkit-Dojo-0.4.3.html >> >> >> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: user-unsubscr...@struts.apache.org >> For additional commands, e-mail: user-h...@struts.apache.org >> > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: user-unsubscr...@struts.apache.org > For additional commands, e-mail: user-h...@struts.apache.org > -- e: davelnew...@gmail.com m: 908-380-8699 s: davelnewton_skype t: @dave_newton b: Bucky Bits g: davelnewton so: Dave Newton --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
