Hello, Please read the following links [1][2] as your public sites can be used to attack users' computers. The simplest solution is to be sure that all your download links define header "Content-disposition: attachment; filename=myfile.ext", you will find more details at the end of the pdf
[1] http://blog.spiderlabs.com/2014/10/reflected-file-download-the-white-paper.html [2] https://www.blackhat.com/docs/eu-14/materials/eu-14-Hafif-Reflected-File-Download-A-New-Web-Attack-Vector.pdf Regards -- Ćukasz + 48 606 323 122 http://www.lenart.org.pl/ --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
