You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@struts.apache.org by Adam Brin <ab...@digitalantiquity.org> on 2017/07/14 12:40:53 UTC
2.5.12 & security fix protocol
Hi Lukasz,
Out of curiosity, I'm wondering, what the protocol or choice was about
including the security patches for struts2 in a "new" release as opposed to
a point release for 2.5.10 (eg. 2.5.10.1)? It would seem like the smallest
change possible should be included, but this version seemed to have quite a
few more changes.
thanks,
adam
--
_________________________________________________________
Adam Brin
Director of Technology, Digital Antiquity
480.965.1278
Re: 2.5.12 & security fix protocol
Posted by Adam Brin <ab...@digitalantiquity.org>.
thanks for the clarification.
On Fri, Jul 14, 2017 at 5:53 AM, Lukasz Lenart <lu...@apache.org>
wrote:
> 2017-07-14 14:40 GMT+02:00 Adam Brin <ab...@digitalantiquity.org>:
> > Hi Lukasz,
> > Out of curiosity, I'm wondering, what the protocol or choice was about
> > including the security patches for struts2 in a "new" release as opposed
> to
> > a point release for 2.5.10 (eg. 2.5.10.1)? It would seem like the
> smallest
> > change possible should be included, but this version seemed to have
> quite a
> > few more changes.
>
> We assumed that the vulnerabilities are not so critical and the new
> version is almost ready. Also workarounds exist so you can apply them
> to be safe if you are not able to migrate to the latest version.
>
> https://cwiki.apache.org/confluence/display/WW/S2-047
> https://cwiki.apache.org/confluence/display/WW/S2-049
>
>
> Regards
> --
> Łukasz
> + 48 606 323 122 http://www.lenart.org.pl/
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> For additional commands, e-mail: user-help@struts.apache.org
>
>
--
_________________________________________________________
Adam Brin
Director of Technology, Digital Antiquity
480.965.1278 <(480)%20965-1278>
Re: 2.5.12 & security fix protocol
Posted by Lukasz Lenart <lu...@apache.org>.
2017-07-14 14:40 GMT+02:00 Adam Brin <ab...@digitalantiquity.org>:
> Hi Lukasz,
> Out of curiosity, I'm wondering, what the protocol or choice was about
> including the security patches for struts2 in a "new" release as opposed to
> a point release for 2.5.10 (eg. 2.5.10.1)? It would seem like the smallest
> change possible should be included, but this version seemed to have quite a
> few more changes.
We assumed that the vulnerabilities are not so critical and the new
version is almost ready. Also workarounds exist so you can apply them
to be safe if you are not able to migrate to the latest version.
https://cwiki.apache.org/confluence/display/WW/S2-047
https://cwiki.apache.org/confluence/display/WW/S2-049
Regards
--
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org