File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Struts and the fly likes Struts 2 Security Issue: Upgrade to 2.3.16.2 ASAP! Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Spring in Action this week in the Spring forum!
JavaRanch » Java Forums » Frameworks » Struts
Bookmark "Struts 2 Security Issue: Upgrade to 2.3.16.2 ASAP!" Watch "Struts 2 Security Issue: Upgrade to 2.3.16.2 ASAP!" New topic
Author

Struts 2 Security Issue: Upgrade to 2.3.16.2 ASAP!

Joe Ess
Bartender

Joined: Oct 29, 2001
Posts: 8927
    
    9

On April 24, 2014, the Struts developers announced that all versions of Struts prior to 2.3.16.2 are vulnerable to a serious security issue.
There is also a serious issue with the version of Apache FileUpload included with previous versions of Struts.
Upgrade to Struts 2.3.16.2 as soon as possible.
S2-021 Improves excluded params to avoid ClassLoader manipulation via ParametersInterceptor
S2-021 Adds excluded params to CookieInterceptor to avoid ClassLoader manipulation when the interceptors is configured to accept all cookie names (wildcard matching via "*")


"blabbing like a narcissistic fool with a superiority complex" ~ N.A.
[How To Ask Questions On JavaRanch]
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Struts 2 Security Issue: Upgrade to 2.3.16.2 ASAP!