You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@struts.apache.org by bu...@apache.org on 2006/03/07 01:18:31 UTC
DO NOT REPLY [Bug 38749] - [extras] XSS vulnerability in LookupDispatchAction
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=38749>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=38749
niallp@apache.org changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |FIXED
------- Additional Comments From niallp@apache.org 2006-03-07 00:18 -------
Fixed in both the current trunk and 1.2.x branch, thanks for reporting this:
http://svn.apache.org/viewcvs.cgi?rev=383718&view=rev
http://svn.apache.org/viewcvs.cgi?rev=383720&view=rev
As well as LookupDispatchAction I also modified DispatchAction and
ActionDispatcher which could expose the same issue when the
NoSuchMethodException is thrown for an invalid method input through a parameter.
Closing as FIXED.
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org