struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Lukasz Lenart <lukaszlen...@apache.org>
Subject Re: Is Struts v1.3.10 Actively Assessed for Security Vulnerabilities?
Date Mon, 10 Sep 2012 13:55:42 GMT
2012/9/10 Garry S Ditzler <gditzler@csc.com>:
> There is a security vulnerability report, CVE-2012-1007, that was released
> on 02/07/2012 for Struts v1.3.10.  There doesn't appear to be a response
> or available patch from the Apache Struts organization on this issue.
>
> Since v1.3.10 general availability date of 04 December 2008, there has not
> been any notable activity for this release.
>
> Is Struts v1.3.10 actively assessed for security vulnerabilities and
> security fixes?

Yes, it is, but the problem is just with the example applications
bundled with S1 - they aren't the best examples in case of security.
Struts 2 was released with sanitised examples, and probably we must do
the same with S1.


Regards
-- 
Ɓukasz
+ 48 606 323 122 http://www.lenart.org.pl/

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org


Mime
View raw message