angler-fishThe Vulnerability History Project

Allows define allowed classes per action
by Randy the Sloth 2017-08-21 11:17:31 UTC
commit 6dd6e5cfb7b5e020abffe7e8091bd63fe97c10af
Struts Fix RESTless CVE-2017-9793 Fix overtrusting xml handler CVE-2017-9805
plugins/rest/src/main/java/org/apache/struts2/rest/handler/AllowedClassNames.java
-26
plugins/rest/src/main/java/org/apache/struts2/rest/handler/AllowedClasses.java
-26
plugins/rest/src/main/java/org/apache/struts2/rest/handler/XStreamHandler.java
+3 -78
plugins/rest/src/main/java/org/apache/struts2/rest/handler/XStreamPermissionProvider.java
-28
expand_less