Le 15/06/2014 06:43, Hideki Yamane a écrit : > Then, question: commons-beanutils version in Debian is > both seems to be still vulunerable version. Can you provide security- > backport patch for them? If not, patch to struts1 is still usefull to > prevent attack, so push fix to libstruts1.2-java stable/oldstable, right?
I got confirmation from the Struts developers that a new release using commons-beanutils 1.9.2 is planned soon. So I'm going to prepare the backport of commons-beanutils 1.9.2 in stable and wait for the new release of Struts 1.x. Emmanuel Bourg -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
