struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Lukasz Lenart <>
Subject Re: Is there a future 2.3.x release for CVE-2018-7489 recently
Date Fri, 30 Mar 2018 07:50:43 GMT
2018-03-30 5:14 GMT+02:00 <>:
> My team need to fix CVE-2018-7489 in few days and there's lots code changes if we migrate
to 2.5.x.
> Where I can find the release schedule plans for struts2?

Not sure what do you mean by that? This vulnerability is only possible
to happen when you are using @JsonTypeInfo on Object (which means you
are using a very broad pattern) or if enabled "default typing" in
Jackson. Please read this [1] article for a full story


+ 48 606 323 122

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message