I did a quick test and it appeared to work correctly. -Nate
-----Original Message----- From: Maurizio Cucchiara [mailto:maurizio.cucchi...@gmail.com] Sent: Wednesday, May 11, 2011 12:37 PM To: Struts Users Mailing List Subject: Re: XSS Vulnerability in Struts 2 before 2.2.3 I did not checked before, but I bet it works (Please Let us know if it doesn't). On 11 May 2011 16:47, Sarr, Nathan <ns...@library.rochester.edu> wrote: > Hello, > > > > I noticed the solution mentions turning off DMI support in > struts.xml. Would the same result be achieved by setting it in the > struts.properties file: > > > > # don't allow dynamic method invocation > > struts.enable.DynamicMethodInvocation = false > > > > Thanks, > > -Nate > > > > -- Maurizio Cucchiara --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org