You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@struts.apache.org by "Ian Roughley (JIRA)" <ji...@apache.org> on 2007/08/24 16:02:35 UTC
[jira] Created: (WW-2134) Upgrade Dojo from 0.4.2 to 0.4.3 to
address possible XSS Issues
Upgrade Dojo from 0.4.2 to 0.4.3 to address possible XSS Issues
---------------------------------------------------------------
Key: WW-2134
URL: https://issues.apache.org/struts/browse/WW-2134
Project: Struts 2
Issue Type: Bug
Components: Integration
Affects Versions: 2.0.9
Reporter: Ian Roughley
Assignee: Musachy Barroso
Priority: Blocker
>From the Dojo Toolkit website: "Dojo* 0.4.3 is now available to download. This is a security release. *Dojo* 0.4.1 and 0.4.2 users are strongly recommended to upgrade as soon as possible. 0.4.1 and 0.4.2 have a flaw in two files that could allow cross site scripting (*XSS*) attacks against your site if you do not upgrade."
As 2.0.9 runs 0.4.2, we should upgrade to 0.4.3 before releasing Struts 2.0.10.
Even if the upgrade is not technically needed, from a publicity standpoint (in addressing all possible security concerns) I think it is a good idea.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (WW-2134) Upgrade Dojo from 0.4.2 to 0.4.3 to
address possible XSS Issues
Posted by "James Holmes (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/struts/browse/WW-2134?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
James Holmes updated WW-2134:
-----------------------------
Fix Version/s: 2.0.10
> Upgrade Dojo from 0.4.2 to 0.4.3 to address possible XSS Issues
> ---------------------------------------------------------------
>
> Key: WW-2134
> URL: https://issues.apache.org/struts/browse/WW-2134
> Project: Struts 2
> Issue Type: Bug
> Components: Integration
> Affects Versions: 2.0.9
> Reporter: Ian Roughley
> Assignee: Musachy Barroso
> Priority: Blocker
> Fix For: 2.0.10
>
>
> From the Dojo Toolkit website: "Dojo* 0.4.3 is now available to download. This is a security release. *Dojo* 0.4.1 and 0.4.2 users are strongly recommended to upgrade as soon as possible. 0.4.1 and 0.4.2 have a flaw in two files that could allow cross site scripting (*XSS*) attacks against your site if you do not upgrade."
> As 2.0.9 runs 0.4.2, we should upgrade to 0.4.3 before releasing Struts 2.0.10.
> Even if the upgrade is not technically needed, from a publicity standpoint (in addressing all possible security concerns) I think it is a good idea.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
RE: [jira] Resolved: (WW-2134) Upgrade Dojo from 0.4.2 to 0.4.3 to address possible XSS Issues
Posted by James Holmes <ja...@jamesholmes.com>.
Didn't you commit fixes for this on Struts_2_0_X branch? When you closed the
ticket the fix version changed. Wasn't sure if that was on accident or not.
James
-----Original Message-----
From: Musachy Barroso (JIRA) [mailto:jira@apache.org]
Sent: Thursday, August 30, 2007 1:50 PM
To: issues@struts.apache.org
Subject: [jira] Resolved: (WW-2134) Upgrade Dojo from 0.4.2 to 0.4.3 to
address possible XSS Issues
[
https://issues.apache.org/struts/browse/WW-2134?page=com.atlassian.jira.plug
in.system.issuetabpanels:all-tabpanel ]
Musachy Barroso resolved WW-2134.
---------------------------------
Resolution: Fixed
Fix Version/s: (was: 2.0.10)
2.1.0
> Upgrade Dojo from 0.4.2 to 0.4.3 to address possible XSS Issues
> ---------------------------------------------------------------
>
> Key: WW-2134
> URL: https://issues.apache.org/struts/browse/WW-2134
> Project: Struts 2
> Issue Type: Bug
> Components: Integration
> Affects Versions: 2.0.9
> Reporter: Ian Roughley
> Assignee: Musachy Barroso
> Priority: Blocker
> Fix For: 2.1.0
>
>
> From the Dojo Toolkit website: "Dojo* 0.4.3 is now available to download.
This is a security release. *Dojo* 0.4.1 and 0.4.2 users are strongly
recommended to upgrade as soon as possible. 0.4.1 and 0.4.2 have a flaw in
two files that could allow cross site scripting (*XSS*) attacks against your
site if you do not upgrade."
> As 2.0.9 runs 0.4.2, we should upgrade to 0.4.3 before releasing Struts
2.0.10.
> Even if the upgrade is not technically needed, from a publicity standpoint
(in addressing all possible security concerns) I think it is a good idea.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org
[jira] Resolved: (WW-2134) Upgrade Dojo from 0.4.2 to 0.4.3 to
address possible XSS Issues
Posted by "Musachy Barroso (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/struts/browse/WW-2134?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Musachy Barroso resolved WW-2134.
---------------------------------
Resolution: Fixed
Fix Version/s: (was: 2.0.10)
2.1.0
> Upgrade Dojo from 0.4.2 to 0.4.3 to address possible XSS Issues
> ---------------------------------------------------------------
>
> Key: WW-2134
> URL: https://issues.apache.org/struts/browse/WW-2134
> Project: Struts 2
> Issue Type: Bug
> Components: Integration
> Affects Versions: 2.0.9
> Reporter: Ian Roughley
> Assignee: Musachy Barroso
> Priority: Blocker
> Fix For: 2.1.0
>
>
> From the Dojo Toolkit website: "Dojo* 0.4.3 is now available to download. This is a security release. *Dojo* 0.4.1 and 0.4.2 users are strongly recommended to upgrade as soon as possible. 0.4.1 and 0.4.2 have a flaw in two files that could allow cross site scripting (*XSS*) attacks against your site if you do not upgrade."
> As 2.0.9 runs 0.4.2, we should upgrade to 0.4.3 before releasing Struts 2.0.10.
> Even if the upgrade is not technically needed, from a publicity standpoint (in addressing all possible security concerns) I think it is a good idea.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.