WebWork 2.2.6 released (Security Fix)

July 24, 2007 on 9:22 am | In Security |

If you are a Webwork/XWork user, you may have heard of the critical security issue found in XWork. Well, no fear the WebWork team has a backwards compatible with WebWork 2.2.5 release. Pick it up.

2 Comments »

RSS feed for comments on this post. TrackBack URI

  1. Evaluating user input as an OGNL expression !!!
    Craziest thing i ever heard/seen (ok maybe not, just like a mini-mall video ranks about the same).

    Why is it an XWork problem? Wouldn’t it be WW2 that parses the HTML form and requests XWork to evaluate?

    Comment by xrellix — July 25, 2007 #

  2. You might be right.

    I don’t know if it’s necessarily the responsibility of the MVC to decide what is safe or unsafe. I guess the same goes for SQL injection: should the MVC parse out safe or unsafe SQL calls in the URL?

    Comment by Jay — July 25, 2007 #

Leave a comment

XHTML: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <em> <i> <strike> <strong>

Powered by WordPress with Pool theme design by Borja Fernandez.
Entries and comments feeds. Valid XHTML and CSS. ^Top^