Apache Struts 2.3.15.2 launched to fix vulnerable Feature

Apache Software Foundation recently released the latest version of Apache Struts named Struts 2.3.15.2 to fix the security issues sue to which the developers were facing problems. Struts 2.3.15.2 fixes the issues related with Dynamic Method Invocation (DMI) and "action:" prefix for which the developers were complaining.


 

Ads

Tutorials   
Struts 2.5.10.1 General Availability - released Login form in Struts2 version 2.3.16 Struts 2 Login Application Struts 2 version 2.3.16.3 released Struts 2 version 2.3.15.3 released Struts 2 Hello World Annotation Example Struts Roseindia Struts 2 Tutorial: Easy steps to learn Struts 2 Difference between Struts and Spring Apache Struts 2.3.15.2 launched to fix vulnerable Feature Struts2 Application in Eclipse: Running the application in Eclipse IDE Struts 2 Hello World Application using Eclipse Interceptors in Struts 2 Struts 2 Action Tag Struts 2 in Agile Development Environment Struts 2 UI Tags Generic Tags Creating own Interceptor What are Interceptors in Struts 2 and how do they work? Results Value Stack / OGNL Action in Struts 2 Framework Struts 2 Interceptors Struts 2.3.15.1 Maven - How to use Maven dependency of Struts 2.3.15.1? Download Struts 2.3.15.1 How Struts 2 Framework works? Architecture of Struts 2 Framework Features and Enhancements in Struts 2.3.15.1 Struts 2 Tutorials - Struts version 2.3.15.1 Struts 1 Tutorial and example programs Struts Tutorial What is Struts Struts Flow Diagram Step By Step Struts Tutorial Struts 2 Login Form Example Struts Video Tutorials Struts 2 Hello World Example Introduction to Struts 2 Framework Downloading and Installing Struts 2.3.8 In Struts What is Model? What is Struts? Download Struts What is Struts Framework? Struts Framework Latest Version of Struts Framework Downloading Struts Official example Struts 2.3.8 released with new features Struts 2.3.8 Tutorials and Examples Hibernate4 Struts Integration Struts2 Tiles Example
Ads

Apache Struts 2.3.15.2 launched to fix vulnerable Feature

In a recent development to Apache framework, Apache Software Foundation recently released a new version of Apache Struts development framework to overcome two major problems faced by developers.

Apache Struts commonly referred as Apache is a popular open-source framework used to build, deploy and maintain web applications both on web as well as intranet. It is a powerful web server application developing Java-based Web applications and the recently launched version of Apache Struts called Struts 2.3.15.2 has been released in order to fix some issue for which the software developer's were facing difficulty.

A mechanism in Struts 2 known as Dynamic Method Invocation (DMI), which is considered to be a source of possible security vulnerabilities has been disabled in the new version Struts 2.3.15.2 by default.

Though, this feature was enabled in earlier versions of Struts but was recommended to switch it off if possible. To do this, user had to set the struts.enable.DynamicMethodInvocation option to false in struts.xml.

With the release of the latest version, developers relying more on DMI might need to refactor them if they upgrade to the new version of Struts .i.e. Struts 2.3.15.2.

Struts 2.3.15.2 also fixes one more problems related to "action:" prefix of the action mapping mechanism that can be used to attach navigation information to buttons within forms.

However, additional details about this has not been disclosed for now keeping in mind the security reasons and may be revealed later after a large number of users upgrade to the new version.

Following the critical security vulnerabilities of Struts default action mapping mechanism in the earlier versions, the latest version 2.3.15.2 of the framework ahs added additional codes to clean "action:"-prefixed information and has removed support for the "redirect:" and "redirectAction:" prefixes completely.

Moreover, one more alternative to this for the developers is to integrate their own action mapping implementation and stop using the "action:" prefix completely if they do not need need support for multiple submit buttons in their applications.

Advertisements

Ads
Share on Google+Share on Google+

Apache Struts 2.3.15.2 launched to fix vulnerable Feature

Posted on: September 30, 2013 If you enjoyed this post then why not add us on Google+? Add us to your Circles

Advertisements

 

Discuss: Apache Struts 2.3.15.2 launched to fix vulnerable Feature  

Post your Comment


Your Name (*) :
Your Email :
Subject (*):
Your Comment (*):
  Reload Image
 
 
Comments:0

Ads

 

Ads