...
Dynamic Method Invocation is a know vulnerable mechanismmechanism known to impose possible security vulnerabilities, but till until now it was enabled by default with warning that users should switch it off if possible.
...
Note | ||
---|---|---|
| ||
Disabling Dynamic Method Invocation can break your application if it uses DMI heavily. Nevertheless, please consider to refactor your application to avoid DMI. |
Warning |
---|
It is strongly recommended to upgrade to Struts 2.3.15.2, which contains the corrected Struts2-Core library. |