Struts2与WebWork分别发布了包含重要安全修复的新版本。这些修复主要针对OGNL表达式处理中的漏洞,该漏洞允许用户执行任意OGNL表达式。所有用户被强烈建议尽快升级。
struts 2和webwork因安全问题双双发布更新版
一、WebWork
July 21, 2007
WebWork 2.2.6 released (Security Fix)
Opensymphony and the WebWork team are proud to announce the release of
WebWork version 2.2.6.
This release, approximately 3 months after WebWork 2.2.5, is a
maintainance release, due to a critical security issue found in XWork,
allowing users to execute arbituary any OGNL expression. See here for more details
* Release Notes
* Changelog
* Download here
This release is backwords compatible with WebWork 2.2.5 and is a drop
in replacement.
We would like to thank both users and contributors of WebWork for
helping out, submiting patches, testing, providing feedback and
participating in various discussion.
The WebWork Development Team
二、struts2
Apache Struts 2.0.9 includes an important security fix regarding OGNL expression handling. ALL USERS ARE STRONGLY ADVISED TO UPDATE TO STRUTS 2.0.9 AS SOON AS POSSIBLE!
扫一扫
9366
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
