mailing list archives
[ANN] Struts 2 up to 18.104.22.168: Zero-Day Exploit Mitigation (security | critical)
From: Rene Gielen <rgielen () apache org>
Date: Thu, 24 Apr 2014 17:37:13 +0200
In Struts 22.214.171.124, an issue with ClassLoader manipulation via request
parameters was supposed to be resolved. Unfortunately, the correction
A security fix release fully addressing this issue is in preparation and
will be released as soon as possible.
Once the release is available, all Struts 2 users are strongly
recommended to update their installations.
* Until the release is available, all Struts 2 users are strongly
recommended to apply the mitigation described in  *
Please follow the Apache Struts announcement channels  to
stay updated regarding the upcoming security release. Most likely the
release will be available within the next 72 hours. Please prepare for
upgrading all Struts 2 based production systems to the new release
version once available.
- The Apache Struts Team.
Sent through the Full Disclosure mailing list
Web Archives & RSS: http://seclists.org/fulldisclosure/
Re: [ANN] Struts 2 up to 126.96.36.199: Zero-Day Exploit Mitigation (security | critical) Tim (Apr 25)
- [ANN] Struts 2 up to 188.8.131.52: Zero-Day Exploit Mitigation (security | critical) Rene Gielen (Apr 24)