grouper-users - [grouper-users] Re: Struts exploit?
Subject: Grouper Users - Open Discussion List
List archive
- From: "Bryan E. Wooten" <>
- To: Chris Hyzer <>, "Bryan E. Wooten" <>, "" <>
- Subject: [grouper-users] Re: Struts exploit?
- Date: Mon, 28 Apr 2014 21:43:08 +0000
- Accept-language: en-US
|
Thanks Chris.
-Bryan
From: Chris Hyzer <>
Date: Monday, April 28, 2014 12:23 PM To: Bryan Wooten <>, "" <> Subject: RE: Struts exploit? We don’t use struts 2. In Grouper 2.3 hopefully we wont use struts anymore at all… From:
[]
On Behalf Of Bryan E. Wooten So we get an email from our CISO about this:
http://struts.apache.org/announce.html#a20140424 “24 April 2014 - Struts up to 2.3.16.1: Zero-Day Exploit Mitigation
In Struts 2.3.16.1, an issue with ClassLoader manipulation via request parameters was supposed to be resolved.
Unfortunately, the correction wasn't sufficient. A security fix release fully addressing this issue is in preparation and will be released as soon as possible. Once the release is available, all Struts 2 users are strongly recommended to update their installations.” I see that Grouper UI uses Struts. Is this an issue I need to worry about? -Bryan |
- [grouper-users] Struts exploit?, Bryan E. Wooten, 04/28/2014
- [grouper-users] RE: Struts exploit?, Chris Hyzer, 04/28/2014
- [grouper-users] Re: Struts exploit?, Bryan E. Wooten, 04/28/2014
- [grouper-users] RE: Struts exploit?, Chris Hyzer, 04/28/2014
Archive powered by MHonArc 2.6.16.