struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Pedro Gonzales <p.gonzales.13...@gmail.com>
Subject Re: Struts2 Roadmap w.r.t. Dojo plugin (was Re: Is the Dojo plugin version shipped with Struts 2.3.x vulnerable?)
Date Mon, 20 Oct 2014 18:24:58 GMT

Are the 2.2.x versions of struts 2 vulnerable?

On 10/20/2014 9:49 AM, Markus Fischer wrote:
> Hi all.
>
>>>> According to the Apache Struts 2 Documentation (see
>>>> [1]), Struts 2.3.x ships with Dojo 0.4.3, which is vulnerable to two
>>>> major security issues (CVE-2010-2276 and CVE-2010-2272, see [2]).
>>> Probably it's a vulnerable version
>> I'd add that since the plugin has been deprecated since S2.1 it's unlikely
>> anything was ever done to deal with it.
> Given that the plugin has been deprecated already, does anyone know for
> which release the removal is planned? I was not able to find any
> documentation regarding a Dojo plugin roadmap.
>
> Cheers,
> Markus
>
>>> [1] http://struts.apache.org/release/2.3.x/docs/dojo-head.html
>>>
>>> [2]
>>> http://www.cvedetails.com/vulnerability-list/vendor_id-7641/product_id-12940/version_id-70187/Dojotoolkit-Dojo-0.4.3.html


---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org


Mime
View raw message