struts-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "victorsosa (JIRA)" <j...@apache.org>
Subject [jira] [Created] (WW-4582) adds 'class' to exclude params in ParametersInterceptor (avoid ClassLoader manipulation)
Date Tue, 05 Jan 2016 13:13:39 GMT
victorsosa created WW-4582:
------------------------------

             Summary: adds 'class' to exclude params in ParametersInterceptor (avoid ClassLoader
manipulation)
                 Key: WW-4582
                 URL: https://issues.apache.org/jira/browse/WW-4582
             Project: Struts 2
          Issue Type: Bug
          Components: Core Interceptors
    Affects Versions: 2.3.24
            Reporter: victorsosa
            Priority: Critical
             Fix For: 2.3.25, 2.5


Hi, 

This is a permanent patch for security issue CVE-2014-0094; this adds 'class' to exclude params
in ParametersInterceptor (avoid ClassLoader manipulation)





--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message