You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@struts.apache.org by lu...@apache.org on 2016/06/01 10:20:38 UTC
svn commit: r989708 - in /websites/production/struts/content: announce.html
index.html
Author: lukaszlenart
Date: Wed Jun 1 10:20:38 2016
New Revision: 989708
Log:
Updates production
Modified:
websites/production/struts/content/announce.html
websites/production/struts/content/index.html
Modified: websites/production/struts/content/announce.html
==============================================================================
--- websites/production/struts/content/announce.html (original)
+++ websites/production/struts/content/announce.html Wed Jun 1 10:20:38 2016
@@ -124,6 +124,27 @@
Skip to: <a href="announce-2015.html">Announcements - 2015</a>
</p>
+<h4 id="a20160601">1 June 2016 - Two security vulnerabilities reported</h4>
+
+<p>Two potential security vulnerabilities were reported which were already addressed in the latest Apache Struts 2 versions.
+Those reports just added other vectors of attack.</p>
+
+<ul>
+ <li>
+ <p><a href="/docs/s2-033.html">S2-033</a>
+Remote Code Execution can be performed when using REST Plugin with ! operator when Dynamic Method Invocation is enabled</p>
+ </li>
+ <li>
+ <p><a href="/docs/s2-034.html">S2-034</a>
+OGNL cache poisoning can lead to DoS vulnerability</p>
+ </li>
+</ul>
+
+<p>Please read carefully the Security Bulletins and take suggested actions. The simplest way to avoid those vulnerabilities
+in your application is to upgrade the Apache Struts to latest available version in 2.3.x series or to the Apache Struts 2.5.</p>
+
+<p>You can download those versions from our <a href="download.html#struts-ga">download</a> page.</p>
+
<h4 id="a20160509">9 May 2016 - Struts 2.5 General Availability</h4>
<p>The Apache Struts group is pleased to announce that Struts 2.5 is available as a “General Availability”
Modified: websites/production/struts/content/index.html
==============================================================================
--- websites/production/struts/content/index.html (original)
+++ websites/production/struts/content/index.html Wed Jun 1 10:20:38 2016
@@ -172,17 +172,17 @@
</p>
</div>
<div class="column col-md-4">
- <h2>Security Bulletin S2-031</h2>
+ <h2>Security Bulletin S2-033 & S2-034</h2>
<p>
- A new security bulletin was published, please carefully read the
- <a href="/docs/s2-031.html">Announcement</a>
+ Two new Security Bulletins were published, please read more in the
+ <a href="announce.html#a20160601">Announcement</a>.
</p>
</div>
<div class="column col-md-4">
<h2>Security Bulletin S2-032</h2>
<p>
A new security bulletin was published, please carefully read the
- <a href="/docs/s2-032.html">Announcement</a>
+ <a href="/docs/s2-032.html">S2-032</a> bulletin.
</p>
</div>
</div>