Subject: Grouper Users - Open Discussion List
- From: "Bryan E. Wooten" <>
- To: "" <>
- Subject: [grouper-users] Struts exploit?
- Date: Mon, 28 Apr 2014 18:21:19 +0000
- Accept-language: en-US
So we get an email from our CISO about this: http://struts.apache.org/announce.html#a20140424
“24 April 2014 - Struts up to 18.104.22.168: Zero-Day Exploit Mitigation
In Struts 22.214.171.124, an issue with ClassLoader manipulation via request parameters was supposed to be resolved. Unfortunately, the correction wasn't sufficient.
A security fix release fully addressing this issue is in preparation and will be released as soon as possible.
Once the release is available, all Struts 2 users are strongly recommended to update their installations.”
I see that Grouper UI uses Struts. Is this an issue I need to worry about?
- [grouper-users] Struts exploit?, Bryan E. Wooten, 04/28/2014
Archive powered by MHonArc 2.6.16.