Announcement

Collapse
No announcement yet.
X
  • Filter
  • Time
Clear All
new posts

    Does Isomorphic Struts in SmartGWT Enterprise have vulnerabilities related to Apache Struts (Equifax breach)

    I'm using smartgwt-enterprise-5.1-p20161211.jar.
    Please comment whether the included Isomorphic Struts has vulnerabilities related to Apache Struts so I can determine whether customers that install my product are at risk.

    Thanks!
    Bill

    #2
    Hello Bill,

    The (very old) Struts functionality we provide would only be active if you actually set up Struts bindings.

    If you didn't explicitly set up all of these things, Struts is not being used at all.

    Note also that the Equifax exploit was for Struts2, whereas our functionality targeted original Struts.

    Comment

    Working...
    X