THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
A regular expression Denial of Service when using URLValidator (similar to S2-044 & S2-047), see S2-050- A remote attacker may create a DoS attack by sending crafted xml request when using the Struts REST plugin, see S2-051
- Possible Remote Code Execution attack when using the Struts REST plugin with XStream handler to handle XML payloads, see S2-052
- A possible Remote Code Execution attack when using an unintentional expression in Freemarker tag instead of string literals, see S2-053
Bug
- [WW-4176] - Struts2 JSON Plugin: Send Map with Strings as Key to JSON Action is ignored, Numeric Keys will work and mapped
- [WW-4817] - Threads get blocked due to unnecessary synchronization in OgnlRuntime
...
| Note |
|---|
This release contains fixes related to S2-050, S2-051, S2-048052 and S2-053 -049, please read them carefully! |
Issue Detail
Issue List
Other resources
...