2017-09-06 6:22 GMT+02:00 William Stranathan <w...@thestranathans.com>: > Struts 2.3 is also vulnerable to the s2-052 RCE. However, there's no 2.3 > patch available yet. I've tried with the latest snapshots, and those are > also vulnerable. > > Is there a fix for this vulnerability on the 2.3 stream forthcoming?
I have called for a vote just now, 2.3.34 contains all the backports from 2.5.13 related to the security vulnerabilities. Please test and report back. Regards -- Ćukasz + 48 606 323 122 http://www.lenart.org.pl/ --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
