I upgraded struts2 to 2.3.32 with no problem, but I also depend on struts2-tiles-plugin-2.3.15.3.jar which I can't upgrade as easily. Is this a problem or is upgrading struts2-core enough to fix the issue?
Asked
Active
Viewed 132 times
1 Answers
1
No I think. At S2-046's workaround section I read:
Another option is to remove the File Upload Interceptor from the stack
Which means that vulnerability was inside core. However, struts2-tiles-plugin does not have dependency to core!
Yasser Zamani
- 2,380
- 21
- 18