You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@struts.apache.org by "Musachy Barroso (JIRA)" <ji...@apache.org> on 2007/08/30 19:49:34 UTC
[jira] Resolved: (WW-2134) Upgrade Dojo from 0.4.2 to 0.4.3 to
address possible XSS Issues
[ https://issues.apache.org/struts/browse/WW-2134?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Musachy Barroso resolved WW-2134.
---------------------------------
Resolution: Fixed
Fix Version/s: (was: 2.0.10)
2.1.0
> Upgrade Dojo from 0.4.2 to 0.4.3 to address possible XSS Issues
> ---------------------------------------------------------------
>
> Key: WW-2134
> URL: https://issues.apache.org/struts/browse/WW-2134
> Project: Struts 2
> Issue Type: Bug
> Components: Integration
> Affects Versions: 2.0.9
> Reporter: Ian Roughley
> Assignee: Musachy Barroso
> Priority: Blocker
> Fix For: 2.1.0
>
>
> From the Dojo Toolkit website: "Dojo* 0.4.3 is now available to download. This is a security release. *Dojo* 0.4.1 and 0.4.2 users are strongly recommended to upgrade as soon as possible. 0.4.1 and 0.4.2 have a flaw in two files that could allow cross site scripting (*XSS*) attacks against your site if you do not upgrade."
> As 2.0.9 runs 0.4.2, we should upgrade to 0.4.3 before releasing Struts 2.0.10.
> Even if the upgrade is not technically needed, from a publicity standpoint (in addressing all possible security concerns) I think it is a good idea.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
RE: [jira] Resolved: (WW-2134) Upgrade Dojo from 0.4.2 to 0.4.3 to address possible XSS Issues
Posted by James Holmes <ja...@jamesholmes.com>.
Didn't you commit fixes for this on Struts_2_0_X branch? When you closed the
ticket the fix version changed. Wasn't sure if that was on accident or not.
James
-----Original Message-----
From: Musachy Barroso (JIRA) [mailto:jira@apache.org]
Sent: Thursday, August 30, 2007 1:50 PM
To: issues@struts.apache.org
Subject: [jira] Resolved: (WW-2134) Upgrade Dojo from 0.4.2 to 0.4.3 to
address possible XSS Issues
[
https://issues.apache.org/struts/browse/WW-2134?page=com.atlassian.jira.plug
in.system.issuetabpanels:all-tabpanel ]
Musachy Barroso resolved WW-2134.
---------------------------------
Resolution: Fixed
Fix Version/s: (was: 2.0.10)
2.1.0
> Upgrade Dojo from 0.4.2 to 0.4.3 to address possible XSS Issues
> ---------------------------------------------------------------
>
> Key: WW-2134
> URL: https://issues.apache.org/struts/browse/WW-2134
> Project: Struts 2
> Issue Type: Bug
> Components: Integration
> Affects Versions: 2.0.9
> Reporter: Ian Roughley
> Assignee: Musachy Barroso
> Priority: Blocker
> Fix For: 2.1.0
>
>
> From the Dojo Toolkit website: "Dojo* 0.4.3 is now available to download.
This is a security release. *Dojo* 0.4.1 and 0.4.2 users are strongly
recommended to upgrade as soon as possible. 0.4.1 and 0.4.2 have a flaw in
two files that could allow cross site scripting (*XSS*) attacks against your
site if you do not upgrade."
> As 2.0.9 runs 0.4.2, we should upgrade to 0.4.3 before releasing Struts
2.0.10.
> Even if the upgrade is not technically needed, from a publicity standpoint
(in addressing all possible security concerns) I think it is a good idea.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org