If you are a Webwork/XWork user, you may have heard of the critical security issue found in XWork. Well, no fear the WebWork team has a backwards compatible with WebWork 2.2.5 release. Pick it up.
-
Archives
- October 2017
- December 2016
- July 2016
- June 2016
- October 2015
- March 2015
- February 2015
- June 2013
- April 2012
- June 2011
- May 2011
- January 2011
- December 2010
- October 2010
- September 2010
- August 2010
- July 2010
- May 2010
- April 2010
- March 2010
- February 2010
- January 2010
- December 2009
- November 2009
- October 2009
- September 2009
- July 2009
- April 2009
- March 2009
- February 2009
- December 2008
- November 2008
- October 2008
- September 2008
- August 2008
- July 2008
- June 2008
- May 2008
- April 2008
- March 2008
- February 2008
- January 2008
- December 2007
- November 2007
- October 2007
- September 2007
- August 2007
- July 2007
- June 2007
- April 2007
- March 2007
- January 2007
- December 2006
- November 2006
- August 2006
- July 2006
- June 2006
- May 2006
- February 2006
- December 2005
- October 2005
- September 2005
- August 2005
- July 2005
- June 2005
-
Meta
Evaluating user input as an OGNL expression !!!
Craziest thing i ever heard/seen (ok maybe not, just like a mini-mall video ranks about the same).
Why is it an XWork problem? Wouldn’t it be WW2 that parses the HTML form and requests XWork to evaluate?
You might be right.
I don’t know if it’s necessarily the responsibility of the MVC to decide what is safe or unsafe. I guess the same goes for SQL injection: should the MVC parse out safe or unsafe SQL calls in the URL?