Results 1 to 2 of 2

Thread: Spring Expression Language security issue caused by remote code injection

Hybrid View

  1. Jan 25th, 2013, 06:13 PM #1
    kdingspring
    kdingspring is offline Junior Member
    Join Date
    Jan 2013
    Posts
    1

    Default Spring Expression Language security issue caused by remote code injection

    I read the following article that talks about the EL risk.

    http://www.networkworld.com/news/201...rk-265923.html

    We currently use Spring 3.0.4.

    Can anyone share knowledge about whether this issue has been fixed so we can still use it without disabling the feature? If so, which version? thanks.
    Reply With Quote Reply With Quote
  2. Jan 28th, 2013, 02:18 PM #2
    Rob Winch
    Rob Winch is offline Senior Member Spring Team
    Join Date
    Jan 2008
    Posts
    1,826

    Default

    Despite being a new article, this is a very old bug report. Please read the comments of the article you linked to which specifies more details about the bug including the details about the fix.
    Rob Winch - @rob_winch
    Spring Security Lead
    Pivotal
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules