struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Yasser Zamani <>
Subject RE: Quick question on the patch for CVE-2018-11776
Date Mon, 03 Sep 2018 09:00:44 GMT
>From: Kiran Ananthpur Bacche (kbacche) <>
>Sent: Friday, August 31, 2018 7:27 AM
>Subject: Quick question on the patch for CVE-2018-11776
>Hi Team,
>Version 2.3.35 is the official patch for this vulnerability. However v2.3.35 has a
>bunch of other fixes too.
>So if we want the patch for only "CVE-2018-11776", what are the options
>Is the fix for "CVE-2018-11776" contained completely in
>Given that there was a backward compatibility issue seen with upgrade from
>2.3.34 to 2.3.35 (ref: https://www.mail-
>, we are checking to
>see if there is a way to have a patch that fixes only "CVE-2018-11776".

We are so sorry for inconvenience :( 
We have fixed it and a new small release will be available soon. 

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message