struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Yasser Zamani <yasserzam...@apache.org>
Subject RE: Quick question on the patch for CVE-2018-11776
Date Mon, 03 Sep 2018 09:00:44 GMT
>From: Kiran Ananthpur Bacche (kbacche) <kbacche@cisco.com.INVALID>
>Sent: Friday, August 31, 2018 7:27 AM
>To: user@struts.apache.org
>Subject: Quick question on the patch for CVE-2018-11776
>
>Hi Team,
>
>Version 2.3.35 is the official patch for this vulnerability. However v2.3.35 has a
>bunch of other fixes too.
>
>So if we want the patch for only "CVE-2018-11776", what are the options
>available?
>
>Is the fix for "CVE-2018-11776" contained completely in
>DefaultActionMapper.java?
>
>Given that there was a backward compatibility issue seen with upgrade from
>2.3.34 to 2.3.35 (ref: https://www.mail-
>archive.com/users@maven.apache.org/msg140838.html), we are checking to
>see if there is a way to have a patch that fixes only "CVE-2018-11776".


Hi, 
We are so sorry for inconvenience :( 
We have fixed it and a new small release will be available soon. 
Regards.

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org


Mime
View raw message