You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tiles.apache.org by Sridhar Vanukuri <sr...@gmail.com> on 2011/08/09 01:22:18 UTC

Any Cross Site Scripting(XSS) Vulnerabilities with Tiles 2.0.6?

Hello,

We are using struts2 and tiles 2.0.6 and we want to verify and see if we
need to update the tiles version if there are any cross site scripting(xss)
or remotes code execution issues identified with tiles 2.0.6. Early response
is appreciated.



Thanks,
Sridhar

Re: Any Cross Site Scripting(XSS) Vulnerabilities with Tiles 2.0.6?

Posted by Antonio Petrelli <an...@gmail.com>.

2011/8/9 Sridhar Vanukuri <sr...@gmail.com>

> Hello,
>
> We are using struts2 and tiles 2.0.6 and we want to verify and see if we
> need to update the tiles version if there are any cross site scripting(xss)
> or remotes code execution issues identified with tiles 2.0.6. Early
> response
> is appreciated.
>
>
Not that I am aware of, we had only one security problem with versions 2.1.0
and 2.1.1 (fixed in newer versions):
http://tiles.apache.org/framework/security/security-bulletin-1.html
However Tiles 2.0.x is no longer maintained, bugs won't be fixed, they will
be fixed only in the 2.2.x branch.

Antonio