You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@struts.apache.org by "James Holmes (JIRA)" <ji...@apache.org> on 2007/08/28 20:35:34 UTC
[jira] Updated: (WW-2134) Upgrade Dojo from 0.4.2 to 0.4.3 to
address possible XSS Issues
[ https://issues.apache.org/struts/browse/WW-2134?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
James Holmes updated WW-2134:
-----------------------------
Fix Version/s: 2.0.10
> Upgrade Dojo from 0.4.2 to 0.4.3 to address possible XSS Issues
> ---------------------------------------------------------------
>
> Key: WW-2134
> URL: https://issues.apache.org/struts/browse/WW-2134
> Project: Struts 2
> Issue Type: Bug
> Components: Integration
> Affects Versions: 2.0.9
> Reporter: Ian Roughley
> Assignee: Musachy Barroso
> Priority: Blocker
> Fix For: 2.0.10
>
>
> From the Dojo Toolkit website: "Dojo* 0.4.3 is now available to download. This is a security release. *Dojo* 0.4.1 and 0.4.2 users are strongly recommended to upgrade as soon as possible. 0.4.1 and 0.4.2 have a flaw in two files that could allow cross site scripting (*XSS*) attacks against your site if you do not upgrade."
> As 2.0.9 runs 0.4.2, we should upgrade to 0.4.3 before releasing Struts 2.0.10.
> Even if the upgrade is not technically needed, from a publicity standpoint (in addressing all possible security concerns) I think it is a good idea.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.