Thank you very much, Łukasz! Your quick answer was very helpful and a real relief =)
Have a great weekend! Georgi On Sat, 6 Dec 2025, 10:59 Lukasz Lenart, <[email protected]> wrote: > pt., 5 gru 2025 o 18:25 Ggg Nnn <[email protected]> napisał(a): > > Are Struts 6.x client applications vulnerable in case they do not rely > > on file uploads feature and they have explicitly disabled file upload > > support via struts.multipart.enabled config property (as explained in > > > https://struts.apache.org/core-developers/action-file-upload#disabling-file-upload-support > )? > > No, if file upload support is disabled, your application is not > vulnerable. I updated the bulletin. > > Cheers > Łukasz > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > >
