You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@struts.apache.org by lu...@apache.org on 2017/03/20 14:58:36 UTC
[1/3] struts-site git commit: Adds information about latest release
of Apache Extras
Repository: struts-site
Updated Branches:
refs/heads/master f685a9238 -> 521832ef0
Adds information about latest release of Apache Extras
Project: http://git-wip-us.apache.org/repos/asf/struts-site/repo
Commit: http://git-wip-us.apache.org/repos/asf/struts-site/commit/b9c63151
Tree: http://git-wip-us.apache.org/repos/asf/struts-site/tree/b9c63151
Diff: http://git-wip-us.apache.org/repos/asf/struts-site/diff/b9c63151
Branch: refs/heads/master
Commit: b9c631510501fb6317fbc6f2359180b33c73ba0e
Parents: f685a92
Author: Lukasz Lenart <lu...@gmail.com>
Authored: Mon Mar 20 14:32:15 2017 +0100
Committer: Lukasz Lenart <lu...@gmail.com>
Committed: Mon Mar 20 14:32:15 2017 +0100
----------------------------------------------------------------------
source/announce.md | 25 +++++++++++++++++++
source/download.html | 62 +++++++++++++++++++++++++++++++++++++++++++++++
source/index.html | 7 ++++++
3 files changed, 94 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/struts-site/blob/b9c63151/source/announce.md
----------------------------------------------------------------------
diff --git a/source/announce.md b/source/announce.md
index d7a5c81..6a571d3 100644
--- a/source/announce.md
+++ b/source/announce.md
@@ -8,6 +8,31 @@ title: Announcements
Skip to: <a href="announce-2016.html">Announcements - 2016</a>
</p>
+#### 20 march 2017 - Struts Extras secure Multipart plugins General Availability {#a20170320}
+
+The Apache Struts group is pleased to announce that the Apache Struts 2 Secure Jakarta Multipart parser plugin
+and Apache Struts 2 Secure Jakarta Stream Multipart parser plugin are available as a "General Availability"
+release. The GA designation is our highest quality grade.
+
+These releases address one critical security vulnerability:
+
+- Possible Remote Code Execution when performing file upload based on Jakarta Multipart parser
+ [S2-045](/docs/s2-045.html), [S2-046](/docs/s2-046.html)
+
+Those plugins were released to allow users running older versions of the Apache Struts secure their applications in easy way.
+You don't have to migrate to the latest version (which is still preferable) but by applying one of those plugins,
+your application won't be vulnerable anymore.
+
+It is a drop-in installation, just select a proper jar gile and copy it to `WEB-INF/lib` folder.
+Please read the [README](https://github.com/apache/struts-extras) for more details and supported Apache Struts versions.
+
+**All developers are strongly advised to perform this action.**
+
+Should any issues arise with your use of any version of the Struts framework, please post your comments
+to the user list, and, if appropriate, file a tracking ticket.
+
+You can download those plugins from our [download](download.cgi#struts-extras) page.
+
#### 7 march 2017 - Struts 2.5.10.1 General Availability {#a20170307}
The Apache Struts group is pleased to announce that Struts 2.5.10.1 is available as a "General Availability"
http://git-wip-us.apache.org/repos/asf/struts-site/blob/b9c63151/source/download.html
----------------------------------------------------------------------
diff --git a/source/download.html b/source/download.html
index 2f2ef77..720a3b4 100644
--- a/source/download.html
+++ b/source/download.html
@@ -209,6 +209,68 @@ title: Download a Release
</ul>
+<a class="anchor" name="struts-extras"></a>
+<h2>Struts Extras</h2>
+
+<ul>
+ <li>
+ <a href="https://github.com/apache/struts-extras">README</a>
+ </li>
+
+ <li>Apache Struts 2 Secure Jakarta Multipart parser plugin:
+ <ul>
+ <li>
+ <a href="[preferred]struts/struts-extras/struts2-secure-jakarta-multipart-parser-plugin/1.0/struts2-secure-jakarta-multipart-parser-plugin-1.0.jar">
+ struts2-secure-jakarta-multipart-parser-plugin-1.0.jar
+ </a>
+ [<a href="http://www.apache.org/dist/struts/struts-extras/struts2-secure-jakarta-multipart-parser-plugin/1.0/struts2-secure-jakarta-multipart-parser-plugin-1.0.jar.asc">PGP</a>]
+ [<a href="http://www.apache.org/dist/struts/struts-extras/struts2-secure-jakarta-multipart-parser-plugin/1.0/struts2-secure-jakarta-multipart-parser-plugin-1.0.jar.md5">MD5</a>]
+ [<a href="http://www.apache.org/dist/struts/struts-extras/struts2-secure-jakarta-multipart-parser-plugin/1.0/struts2-secure-jakarta-multipart-parser-plugin-1.0.jar.sha1">SHA1</a>]
+ </li>
+ </ul>
+ </li>
+
+ <li>Source:
+ <ul>
+ <li>
+ <a href="[preferred]struts/struts-extras/struts2-secure-jakarta-multipart-parser-plugin/1.0/struts2-secure-jakarta-multipart-parser-plugin-1.0-source-release.zip">
+ struts2-secure-jakarta-multipart-parser-plugin-1.0-source-release.zip
+ </a>
+ [<a href="http://www.apache.org/dist/struts/struts-extras/struts2-secure-jakarta-multipart-parser-plugin/1.0/struts2-secure-jakarta-multipart-parser-plugin-1.0-source-release.zip.md5">PGP</a>]
+ [<a href="http://www.apache.org/dist/struts/struts-extras/struts2-secure-jakarta-multipart-parser-plugin/1.0/struts2-secure-jakarta-multipart-parser-plugin-1.0-source-release.zip.asc">MD5</a>]
+ [<a href="http://www.apache.org/dist/struts/struts-extras/struts2-secure-jakarta-multipart-parser-plugin/1.0/struts2-secure-jakarta-multipart-parser-plugin-1.0-source-release.zip.sha1">SHA1</a>]
+ </li>
+ </ul>
+ </li>
+
+ <li>Apache Struts 2 Secure Jakarta Stream Multipart parser plugin:
+ <ul>
+ <li>
+ <a href="[preferred]struts/struts-extras/struts2-secure-jakarta-stream-multipart-parser-plugin/1.0/struts2-secure-jakarta-stream-multipart-parser-plugin-1.0.jar">
+ struts2-secure-jakarta-multipart-parser-plugin-1.0.jar
+ </a>
+ [<a href="http://www.apache.org/dist/struts/struts-extras/struts2-secure-jakarta-stream-multipart-parser-plugin/1.0/struts2-secure-jakarta-stream-multipart-parser-plugin-1.0.jar.asc">PGP</a>]
+ [<a href="http://www.apache.org/dist/struts/struts-extras/struts2-secure-jakarta-stream-multipart-parser-plugin/1.0/struts2-secure-jakarta-stream-multipart-parser-plugin-1.0.jar.md5">MD5</a>]
+ [<a href="http://www.apache.org/dist/struts/struts-extras/struts2-secure-jakarta-stream-multipart-parser-plugin/1.0/struts2-secure-jakarta-stream-multipart-parser-plugin-1.0.jar.sha1">SHA1</a>]
+ </li>
+ </ul>
+ </li>
+
+ <li>Source:
+ <ul>
+ <li>
+ <a href="[preferred]struts/struts-extras/struts2-secure-jakarta-stream-multipart-parser-plugin/1.0/struts2-secure-jakarta-stream-multipart-parser-plugin-1.0-source-release.zip">
+ struts2-secure-jakarta-multipart-parser-plugin-1.0-source-release.zip
+ </a>
+ [<a href="http://www.apache.org/dist/struts/struts-extras/struts2-secure-jakarta-stream-multipart-parser-plugin/1.0/struts2-secure-jakarta-stream-multipart-parser-plugin-1.0-source-release.zip.md5">PGP</a>]
+ [<a href="http://www.apache.org/dist/struts/struts-extras/struts2-secure-jakarta-stream-multipart-parser-plugin/1.0/struts2-secure-jakarta-stream-multipart-parser-plugin-1.0-source-release.zip.asc">MD5</a>]
+ [<a href="http://www.apache.org/dist/struts/struts-extras/struts2-secure-jakarta-stream-multipart-parser-plugin/1.0/struts2-secure-jakarta-stream-multipart-parser-plugin-1.0-source-release.zip.sha1">SHA1</a>]
+ </li>
+ </ul>
+ </li>
+
+</ul>
+
<a class="anchor" name="prior-releases"></a>
<h2>Prior releases</h2>
<p>
http://git-wip-us.apache.org/repos/asf/struts-site/blob/b9c63151/source/index.html
----------------------------------------------------------------------
diff --git a/source/index.html b/source/index.html
index 1b6b2b6..3b868f2 100644
--- a/source/index.html
+++ b/source/index.html
@@ -51,6 +51,13 @@ title: Welcome to the Apache Struts project
<div class="column col-md-4">
</div>
<div class="column col-md-4">
+ <h2>Apache Struts Extras GA</h2>
+ <p>
+ The Struts Extras secure Multipart plugins General Availability, use them to secure your application against critical security
+ vulnerability reported in <a href="/docs/s2-045.html">S2-045</a>, <a href="/docs/s2-046.html">S2-046</a>,
+ read more in <a href="announce.html#a20170320">Announcement</a> or in
+ <a href="https://github.com/apache/struts-extras">README</a>
+ </p>
</div>
<div class="column col-md-4">
</div>
[2/3] struts-site git commit: Fixes typo
Posted by lu...@apache.org.
Fixes typo
Project: http://git-wip-us.apache.org/repos/asf/struts-site/repo
Commit: http://git-wip-us.apache.org/repos/asf/struts-site/commit/e1944701
Tree: http://git-wip-us.apache.org/repos/asf/struts-site/tree/e1944701
Diff: http://git-wip-us.apache.org/repos/asf/struts-site/diff/e1944701
Branch: refs/heads/master
Commit: e19447019a03184ddf53b7fd6d46757e1ae699ad
Parents: b9c6315
Author: Lukasz Lenart <lu...@gmail.com>
Authored: Mon Mar 20 14:38:16 2017 +0100
Committer: Lukasz Lenart <lu...@gmail.com>
Committed: Mon Mar 20 14:38:16 2017 +0100
----------------------------------------------------------------------
source/announce.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/struts-site/blob/e1944701/source/announce.md
----------------------------------------------------------------------
diff --git a/source/announce.md b/source/announce.md
index 6a571d3..789d122 100644
--- a/source/announce.md
+++ b/source/announce.md
@@ -23,7 +23,7 @@ Those plugins were released to allow users running older versions of the Apache
You don't have to migrate to the latest version (which is still preferable) but by applying one of those plugins,
your application won't be vulnerable anymore.
-It is a drop-in installation, just select a proper jar gile and copy it to `WEB-INF/lib` folder.
+It is a drop-in installation, just select a proper jar file and copy it to `WEB-INF/lib` folder.
Please read the [README](https://github.com/apache/struts-extras) for more details and supported Apache Struts versions.
**All developers are strongly advised to perform this action.**
[3/3] struts-site git commit: Cleans up information about available
versions
Posted by lu...@apache.org.
Cleans up information about available versions
Project: http://git-wip-us.apache.org/repos/asf/struts-site/repo
Commit: http://git-wip-us.apache.org/repos/asf/struts-site/commit/521832ef
Tree: http://git-wip-us.apache.org/repos/asf/struts-site/tree/521832ef
Diff: http://git-wip-us.apache.org/repos/asf/struts-site/diff/521832ef
Branch: refs/heads/master
Commit: 521832ef051d216d9c55bddcda7ee6ec3a12cb0b
Parents: e194470
Author: Lukasz Lenart <lu...@gmail.com>
Authored: Mon Mar 20 15:56:29 2017 +0100
Committer: Lukasz Lenart <lu...@gmail.com>
Committed: Mon Mar 20 15:56:29 2017 +0100
----------------------------------------------------------------------
source/download.html | 68 +---------------------------------------------
source/downloads.html | 8 +++---
2 files changed, 5 insertions(+), 71 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/struts-site/blob/521832ef/source/download.html
----------------------------------------------------------------------
diff --git a/source/download.html b/source/download.html
index 720a3b4..4fb6dd3 100644
--- a/source/download.html
+++ b/source/download.html
@@ -274,75 +274,9 @@ title: Download a Release
<a class="anchor" name="prior-releases"></a>
<h2>Prior releases</h2>
<p>
- If you are looking for other versions than above please check <a href="https://dist.apache.org/repos/dist/release/struts/">the Apache Release</a> site.
+ If you are looking for other versions than above please check <a href="http://archive.apache.org/dist/struts/">the Apache Archive</a> site.
</p>
-<h1>Beta Releases</h1>
-<a class="anchor" name="struts-beta"></a>
-
-<h2>Struts {{ current_beta_version }}</h2>
-
-<p>
- <a href="http://struts.apache.org/">Apache Struts {{ site.current_beta_version }}</a> is a second release of upcoming Struts 2.5.
- It's the first version which has a lot of backward compatibility breaking changes but it should be slightly
- easy to adjust your application to use this version. Please read version notes for more details.
-</p>
-
-<ul>
- <li>
- <a href="http://struts.apache.org/docs/version-notes-{{ site.current_beta_version_short }}.html">Version Notes</a>
- </li>
-
- <li>Full Distribution:
- <ul>
- <li>
- <a href="[preferred]struts/{{ site.current_beta_version }}/struts-{{ site.current_beta_version }}-all.zip">struts-{{ site.current_beta_version }}-all.zip</a> (65MB)
- [<a href="http://www.apache.org/dist/struts/{{ site.current_version }}/struts-{{ site.current_beta_version }}-all.zip.asc">PGP</a>]
- [<a href="http://www.apache.org/dist/struts/{{ site.current_version }}/struts-{{ site.current_beta_version }}-all.zip.md5">MD5</a>]
- </li>
- </ul>
- </li>
-
- <li>Example Applications:
- <ul>
- <li>
- <a href="[preferred]struts/{{ site.current_beta_version }}/struts-{{ site.current_beta_version }}-apps.zip">struts-{{ site.current_beta_version }}-apps.zip</a> (35MB)
- [<a href="http://www.apache.org/dist/struts/{{ site.current_beta_version }}/struts-{{ site.current_beta_version }}-apps.zip.asc">PGP</a>]
- [<a href="http://www.apache.org/dist/struts/{{ site.current_beta_version }}/struts-{{ site.current_beta_version }}-apps.zip.md5">MD5</a>]
- </li>
- </ul>
- </li>
- <li>Essential Dependencies Only:
- <ul>
- <li>
- <a href="[preferred]struts/{{ site.current_beta_version }}/struts-{{ site.current_beta_version }}-lib.zip">struts-{{ site.current_beta_version }}-lib.zip</a> (19MB)
- [<a href="http://www.apache.org/dist/struts/{{ site.current_beta_version }}/struts-{{ site.current_beta_version }}-lib.zip.asc">PGP</a>]
- [<a href="http://www.apache.org/dist/struts/{{ site.current_beta_version }}/struts-{{ site.current_beta_version }}-lib.zip.md5">MD5</a>]
- </li>
- </ul>
- </li>
-
- <li>Documentation:
- <ul>
- <li>
- <a href="[preferred]struts/{{ site.current_beta_version }}/struts-{{ site.current_beta_version }}-docs.zip">struts-{{ site.current_beta_version }}-docs.zip</a> (13MB)
- [<a href="http://www.apache.org/dist/struts/{{ site.current_beta_version }}/struts-{{ site.current_beta_version }}-docs.zip.asc">PGP</a>]
- [<a href="http://www.apache.org/dist/struts/{{ site.current_beta_version }}/struts-{{ site.current_beta_version }}-docs.zip.md5">MD5</a>]
- </li>
- </ul>
- </li>
- <li>Source:
- <ul>
- <li>
- <a href="[preferred]struts/{{ site.current_beta_version }}/struts-{{ site.current_beta_version }}-src.zip">struts-{{ site.current_beta_version }}-src.zip</a> (7MB)
- [<a href="http://www.apache.org/dist/struts/{{ site.current_beta_version }}/struts-{{ site.current_beta_version }}-src.zip.asc">PGP</a>]
- [<a href="http://www.apache.org/dist/struts/{{ site.current_beta_version }}/struts-{{ site.current_beta_version }}-src.zip.md5">MD5</a>]
- </li>
- </ul>
- </li>
-
-</ul>
-
<h2>Struts 1.3.10</h2>
<a class="anchor" name="struts1310"></a>
http://git-wip-us.apache.org/repos/asf/struts-site/blob/521832ef/source/downloads.html
----------------------------------------------------------------------
diff --git a/source/downloads.html b/source/downloads.html
index bbe803d..6536b92 100644
--- a/source/downloads.html
+++ b/source/downloads.html
@@ -28,12 +28,12 @@ title: Releases
</ul>
</li>
<li>
- <strong>Beta Releases</strong> - <em>Help test the next release!</em>
+ <strong>Extras</strong> - <em>Additional plugins and quick-fix solutions!</em>
<ul>
<li>
- <a href="http://struts.apache.org/download.cgi#struts-beta">
- Struts 2.5 BETA 3
- </a> (second BETA release of new backward compatibility breaking version 2.5)
+ <a href="http://struts.apache.org/download.cgi#struts-extras">
+ Struts Extras
+ </a>
</li>
</ul>
</li>