Details
-
Bug
-
Status: Closed
-
Blocker
-
Resolution: Fixed
-
2.0.9
-
None
-
Important
Description
From the Dojo Toolkit website: "Dojo* 0.4.3 is now available to download. This is a security release. Dojo 0.4.1 and 0.4.2 users are strongly recommended to upgrade as soon as possible. 0.4.1 and 0.4.2 have a flaw in two files that could allow cross site scripting (XSS) attacks against your site if you do not upgrade."
As 2.0.9 runs 0.4.2, we should upgrade to 0.4.3 before releasing Struts 2.0.10.
Even if the upgrade is not technically needed, from a publicity standpoint (in addressing all possible security concerns) I think it is a good idea.