You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@struts.apache.org by lu...@apache.org on 2017/03/20 07:05:19 UTC

[04/13] struts-extras git commit: Adds readme with more detailed explanation how to use the plugin

Adds readme with more detailed explanation how to use the plugin


Project: http://git-wip-us.apache.org/repos/asf/struts-extras/repo
Commit: http://git-wip-us.apache.org/repos/asf/struts-extras/commit/bd18c11e
Tree: http://git-wip-us.apache.org/repos/asf/struts-extras/tree/bd18c11e
Diff: http://git-wip-us.apache.org/repos/asf/struts-extras/diff/bd18c11e

Branch: refs/heads/master
Commit: bd18c11e3082b2947abbb1583fd73d87589ae2f6
Parents: 1aa4a9c
Author: Lukasz Lenart <lu...@gmail.com>
Authored: Sat Mar 18 14:53:42 2017 +0100
Committer: Lukasz Lenart <lu...@gmail.com>
Committed: Sat Mar 18 14:53:42 2017 +0100

----------------------------------------------------------------------
 .../README.md                                   | 30 ++++++++++++++++++++
 1 file changed, 30 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/struts-extras/blob/bd18c11e/struts2-secure-jakarta-multipart-parser-plugin/README.md
----------------------------------------------------------------------
diff --git a/struts2-secure-jakarta-multipart-parser-plugin/README.md b/struts2-secure-jakarta-multipart-parser-plugin/README.md
new file mode 100644
index 0000000..acaeb80
--- /dev/null
+++ b/struts2-secure-jakarta-multipart-parser-plugin/README.md
@@ -0,0 +1,30 @@
+# Apache Struts 2 Extras - secure Jakarta Multipart parser plugin
+
+This plugin provides a safe implementation of the Jakarta Multipart parser from the Struts Core. It can be used
+to mitigate vulnerability described in the [S2-045](http://struts.apache.org/docs/s2-045.html) Security Bulletin.
+ 
+You should use this plugin in case you are not able to migrated to the latest Struts version.
+
+## Supported versions
+
+This plugins can be used with the Apache Struts versions 2.5.8 till 2.5.5, if you are running the Apache Struts 2.5.8+
+you must migrate to the latest version which is [Struts 2.5.10.1](http://struts.apache.org/announce.html#a20170307).
+
+## How to use it
+
+Just drop the jar into `WEB-INF/libs` folder and restart your application, you can use on of the existing PoCs
+to test if everything is ok.
+
+If you are using Maven to build your project, please add the following dependency into your pom:
+  
+```xml
+<dependency>
+    <groupId>org.apache.struts</groupId>
+    <artifactId>struts2-secure-jakarta-multipart-parser-plugin</artifactId>
+    <version>[VERSION]</version>            
+</dependency>
+```
+
+## Remarks
+
+Please be aware that this is just a temporary solution, you should consider migration to the latest version anyway.