niedz., 4 lis 2018 o 18:40 David Dillard <david.dill...@veritas.com> napisał(a): > 1. Per the Maven repository, Struts 2.3.36 recommends Fileupload 1.3.2 be > used<https://mvnrepository.com/artifact/org.apache.struts/struts2-core/2.3.36>, > not 1.3.3, so I'm confused about what's stated in the email. What's > recommended doesn't seem to accomplish what the email states it will.
We have overlooked that when we were preparing Struts 2.3.36, this is an easy drop-in dependency. > 2. The recommendation for Fileupload 1.3.2 can be found in the Maven > repository since Struts 2.3.30, which was released back in July 2016. > 3. This makes sense since the last documented DoS vulnerability in > Fileupload was fixed in 1.3.2. Here is the original announcement https://struts.apache.org/announce.html#a20180323 Regards -- Łukasz + 48 606 323 122 http://www.lenart.org.pl/ --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
