You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@struts.apache.org by lu...@apache.org on 2016/06/01 10:20:38 UTC

svn commit: r989708 - in /websites/production/struts/content: announce.html index.html

Author: lukaszlenart
Date: Wed Jun  1 10:20:38 2016
New Revision: 989708

Log:
Updates production

Modified:
    websites/production/struts/content/announce.html
    websites/production/struts/content/index.html

Modified: websites/production/struts/content/announce.html
==============================================================================
--- websites/production/struts/content/announce.html (original)
+++ websites/production/struts/content/announce.html Wed Jun  1 10:20:38 2016
@@ -124,6 +124,27 @@
   Skip to: <a href="announce-2015.html">Announcements - 2015</a>
 </p>
 
+<h4 id="a20160601">1 June 2016 - Two security vulnerabilities reported</h4>
+
+<p>Two potential security vulnerabilities were reported which were already addressed in the latest Apache Struts 2 versions.
+Those reports just added other vectors of attack.</p>
+
+<ul>
+  <li>
+    <p><a href="/docs/s2-033.html">S2-033</a>
+Remote Code Execution can be performed when using REST Plugin with ! operator when Dynamic Method Invocation is enabled</p>
+  </li>
+  <li>
+    <p><a href="/docs/s2-034.html">S2-034</a>
+OGNL cache poisoning can lead to DoS vulnerability</p>
+  </li>
+</ul>
+
+<p>Please read carefully the Security Bulletins and take suggested actions. The simplest way to avoid those vulnerabilities
+in your application is to upgrade the Apache Struts to latest available version in 2.3.x series or to the Apache Struts 2.5.</p>
+
+<p>You can download those versions from our <a href="download.html#struts-ga">download</a> page.</p>
+
 <h4 id="a20160509">9 May 2016 - Struts 2.5 General Availability</h4>
 
 <p>The Apache Struts group is pleased to announce that Struts 2.5 is available as a “General Availability”

Modified: websites/production/struts/content/index.html
==============================================================================
--- websites/production/struts/content/index.html (original)
+++ websites/production/struts/content/index.html Wed Jun  1 10:20:38 2016
@@ -172,17 +172,17 @@
         </p>
       </div>
       <div class="column col-md-4">
-        <h2>Security Bulletin S2-031</h2>
+        <h2>Security Bulletin S2-033 & S2-034</h2>
         <p>
-          A new security bulletin was published, please carefully read the
-          <a href="/docs/s2-031.html">Announcement</a>
+          Two new Security Bulletins were published, please read more in the
+          <a href="announce.html#a20160601">Announcement</a>.
         </p>
       </div>
       <div class="column col-md-4">
         <h2>Security Bulletin S2-032</h2>
         <p>
           A new security bulletin was published, please carefully read the
-          <a href="/docs/s2-032.html">Announcement</a>
+          <a href="/docs/s2-032.html">S2-032</a> bulletin.
         </p>
       </div>
     </div>