You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tiles.apache.org by Sridhar Vanukuri <sr...@gmail.com> on 2011/08/09 01:22:18 UTC
Any Cross Site Scripting(XSS) Vulnerabilities with Tiles 2.0.6?
Hello,
We are using struts2 and tiles 2.0.6 and we want to verify and see if we
need to update the tiles version if there are any cross site scripting(xss)
or remotes code execution issues identified with tiles 2.0.6. Early response
is appreciated.
Thanks,
Sridhar
Re: Any Cross Site Scripting(XSS) Vulnerabilities with Tiles 2.0.6?
Posted by Antonio Petrelli <an...@gmail.com>.
2011/8/9 Sridhar Vanukuri <sr...@gmail.com>
> Hello,
>
> We are using struts2 and tiles 2.0.6 and we want to verify and see if we
> need to update the tiles version if there are any cross site scripting(xss)
> or remotes code execution issues identified with tiles 2.0.6. Early
> response
> is appreciated.
>
>
Not that I am aware of, we had only one security problem with versions 2.1.0
and 2.1.1 (fixed in newer versions):
http://tiles.apache.org/framework/security/security-bulletin-1.html
However Tiles 2.0.x is no longer maintained, bugs won't be fixed, they will
be fixed only in the 2.2.x branch.
Antonio