You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@struts.apache.org by "Richard Taylor (JIRA)" <ji...@apache.org> on 2018/02/11 16:53:00 UTC

[jira] [Comment Edited] (WW-4917) Clarification on security status and support for Struts 2.3

    [ https://issues.apache.org/jira/browse/WW-4917?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16359992#comment-16359992 ] 

Richard Taylor edited comment on WW-4917 at 2/11/18 4:52 PM:
-------------------------------------------------------------

Clear, thanks! Would politely ask to consider changing some of the statements on the site to make it easier for all to understand. The implication that 2.3.34 has security issues by virtue of appearing in that list is incorrect based on your response.

 

 


was (Author: richardwhtaylor):
Clear, thanks!

 

> Clarification on security status and support for Struts 2.3
> -----------------------------------------------------------
>
>                 Key: WW-4917
>                 URL: https://issues.apache.org/jira/browse/WW-4917
>             Project: Struts 2
>          Issue Type: Task
>          Components: Documentation
>    Affects Versions: 2.3.34
>            Reporter: Richard Taylor
>            Priority: Minor
>              Labels: security
>             Fix For: 2.3.x
>
>
> Hi
>  
> Can you kindly provide clarity as to the exact status of the 2.3 series in terms of ongoing support and security status.
>  
>  
> On the Struts web page [https://struts.apache.org/]
>  
> I found the statement:
>  
> "It's the latest release of Struts 2.3.x which contains the latest security fixes, read more in [Announcement|https://struts.apache.org/announce.html#a20170907] or in [Version notes|https://struts.apache.org/docs/version-notes-2334.html]"
>  
> Yet, on the page at [https://struts.apache.org/releases.html] it is stated that :
>  
> h2. "Prior Releases
> As a courtesy, we retain archival copies of the website for releases that initially were considered "General Availability" but which has been reclassified as "Not recommended" since they contain security issues
> "
> And version 2.3.34 is listed here.
>  
>  
> Lastly - I find no EOL announcement for 2.3.x
>  
> So in summary the question is:
>  
> *1 Is the 2.3 series EOL?*
> *2 Does 2.3.34 contain any known security bugs?*
>  
>  
> Thanking you in advance 
>  
> Richard



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)