Win a copy of The Way of the Web Tester: A Beginner's Guide to Automating Tests this week in the Testing forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Struts 2 Security Issue: Upgrade to ASAP!

Joe Ess
Posts: 9323
Linux Mac OS X Windows
  • Likes 2
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
On April 24, 2014, the Struts developers announced that all versions of Struts prior to are vulnerable to a serious security issue.
There is also a serious issue with the version of Apache FileUpload included with previous versions of Struts.
Upgrade to Struts as soon as possible.
S2-021 Improves excluded params to avoid ClassLoader manipulation via ParametersInterceptor
S2-021 Adds excluded params to CookieInterceptor to avoid ClassLoader manipulation when the interceptors is configured to accept all cookie names (wildcard matching via "*")
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic