Spring Expression Language security issue caused by remote code injection

Printable View

Jan 25th, 2013, 06:13 PM
kdingspring

Spring Expression Language security issue caused by remote code injection

I read the following article that talks about the EL risk.

http://www.networkworld.com/news/201...rk-265923.html

We currently use Spring 3.0.4.

Can anyone share knowledge about whether this issue has been fixed so we can still use it without disabling the feature? If so, which version? thanks.
Jan 28th, 2013, 02:18 PM
Rob Winch

Despite being a new article, this is a very old bug report. Please read the comments of the article you linked to which specifies more details about the bug including the details about the fix.

All times are GMT -5. The time now is 03:17 AM.