Jan 25th, 2013, 06:13 PM
Spring Expression Language security issue caused by remote code injection
I read the following article that talks about the EL risk.
We currently use Spring 3.0.4.
Can anyone share knowledge about whether this issue has been fixed so we can still use it without disabling the feature? If so, which version? thanks.
Jan 28th, 2013, 02:18 PM
Despite being a new article, this is a very old bug report. Please read the comments of the article you linked to which specifies more details about the bug including the details about the fix.