Versions Compared

Old Version 2

changes.mady.by.user Lukasz Lenart

Saved on

compared with

New Version 3

changes.mady.by.user Lukasz Lenart

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
xml
xml
titleStaging Repository
<repositories>
  <repository>
    <id>apache.nexus</id>
    <name>ASF Nexus Staging</name>
    <url>https://repository.apache.org/content/groups/staging/</url>
  </repository>
</repositories>

Internal Changes

  • (warning) Possible XSS vulnerability in pages not using UTF-8 was fixed, read more details in S2-028 Action name clean up is error prone S2-035
  • (warning) Forced double OGNL evaluation, when evaluated on raw (warning) Prevents possible RCE when reusing user input in tag 's attributes, see more details in S2-029may lead to remote code execution (similar to S2-029) S2-036
  • (warning) Remote Code Execution can be performed when using REST Plugin S2-037
  • (warning) It is possible to bypass token validation and perform a CSRF attack S2-038
  • (warning) Getter as action method leads to security bypass S2-039
  • (warning) Input validation bypass using existing default action method S2-040
  • (warning) Possible DoS attack when using URLValidator S2-041
  • Fixed all reported issues related to new version of the Apache Tiles, see WW-4622WW-4623WW-4624
  • MessageStoreInterceptor was extended to support 3rd-party RedirectResult subclasses, see WW-4618
  • EmailValidator supports .cat domain, see WW-4626
  • and few other small improvements, please see the release notes

...