Two potential security vulnerabilities were reported which were already addressed in the latest Apache Struts 2 versions. Those reports just added other vectors of attack. http://struts.apache.org/announce.html#a20160601
- S2-033 Remote Code Execution can be performed when using REST Plugin with ! operator when Dynamic Method Invocation is enabled - http://struts.apache.org/docs/s2-033.html - S2-034 OGNL cache poisoning can lead to DoS vulnerability - http://struts.apache.org/docs/s2-034.html Please read carefully the Security Bulletins and take suggested actions. The simplest way to avoid those vulnerabilities in your application is to upgrade the Apache Struts to latest available version in 2.3.x series or to the Apache Struts 2.5. You can download those versions from our download page. http://struts.apache.org/download.html#struts-ga Kinds regards -- Ćukasz + 48 606 323 122 http://www.lenart.org.pl/ --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
