You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@struts.apache.org by chris snow <ch...@gmail.com> on 2010/12/23 09:33:04 UTC

which versions of struts 1.x are still being maintained?

I am working on various legacy software projects that have various versions
of struts 1.x. (mostly 1.1.x and 1.2.x)

I need to ensure I am only using versions that are still maintained for
security fixes.  Which 1.x versions are still being maintained for security
fixes?

It's not possible to move to struts 2.x at this stage.

How are struts security advisories and fixes announced?

Many thanks in advance,

Chris

Re: which versions of struts 1.x are still being maintained?

Posted by Dave Newton <da...@gmail.com>.

I haven't seen anything go into 1.1 or 1.2 for a pretty long time. Upgrading
from 1.1 to 1.2 was usually a pretty good idea, and usually easy.

I'm not sure how much effort we'd put into fixing something in 1.1. I'm a
little skeptical we'd put a lot of effort into 1.2, either, but it'd depend
on the nature of the issue.

Dave

On Dec 23, 2010 3:33 AM, "chris snow" <ch...@gmail.com> wrote:
>
> I am working on various legacy software projects that have various
versions
> of struts 1.x. (mostly 1.1.x and 1.2.x)
>
> I need to ensure I am only using versions that are still maintained for
> security fixes.  Which 1.x versions are still being maintained for
security
> fixes?
>
> It's not possible to move to struts 2.x at this stage.
>
> How are struts security advisories and fixes announced?
>
> Many thanks in advance,
>
> Chris