Badly worded security alert ( FrSIRT/ADV-2007-3042)

[Ted Husted <hu...@apache.org>]

The recent alert posted at

 * http://www.frsirt.com/english/advisories/2007/3042

says that all versions of Apache Struts prior to 2.0.9 are affected by
the "Apache Struts XWork Form Object-Graph Navigation Language Code
Execution" issue.

Of course, this is not the case. No version of  Struts 1.x is affected
by this issue, which is specific only to XWork based frameworks.

I've sent a feedback comment to the site on behalf of the group, and
updated our own website to clarify. I also posted a quick note to
user@ a few minutes ago.

-Ted.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org