You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@struts.apache.org by lu...@apache.org on 2014/02/09 19:54:56 UTC
svn commit: r1566350 [6/6] - in /struts/site/branches/jekyll-powered:
content/ source/
Copied: struts/site/branches/jekyll-powered/source/announce-2011.html (from r1566344, struts/site/branches/jekyll-powered/source/announce-2011.xml)
URL: http://svn.apache.org/viewvc/struts/site/branches/jekyll-powered/source/announce-2011.html?p2=struts/site/branches/jekyll-powered/source/announce-2011.html&p1=struts/site/branches/jekyll-powered/source/announce-2011.xml&r1=1566344&r2=1566350&rev=1566350&view=diff
==============================================================================
--- struts/site/branches/jekyll-powered/source/announce-2011.xml (original)
+++ struts/site/branches/jekyll-powered/source/announce-2011.html Sun Feb 9 18:54:55 2014
@@ -1,211 +1,187 @@
-<?xml version="1.0"?>
-<!--
-Copyright 1999-2009 The Apache Software Foundation
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
--->
-<!--
-// ======================================================================== 78
--->
-<document>
-
- <properties>
- <title>Announcements</title>
- </properties>
-
- <body>
-
- <section name="Announcements">
- <p class="right">
- Skip to: <a href="announce-2010.html">Announcements - 2010</a>
- </p>
- <h4 id="a20111225">25 December 2011 - Struts 2.3.1.1 General Availability Release</h4>
- <p>
- The Apache Struts group is pleased to announce that Struts 2.3.1.1 is
- available as a "General Availability" release. The GA designation is our
- highest quality grade.
- </p>
- <p>
- Apache Struts 2 is an elegant, extensible framework for creating
- enterprise-ready Java web applications. The framework is designed to
- streamline the full development cycle, from building, to deploying, to
- maintaining applications over time.
- </p>
- <p>
- An important vulnerability were solved with this release:
- <ul>
- <li>
- Remote command execution and arbitrary file overwrite
- </li>
- <li>
- Strict DMI mode does not work correctly
- </li>
- </ul>
- </p>
- <p>
- All developers are strongly advised to update existing Struts 2 applications
- to Struts 2.3.1.1.
- </p>
- <p>
- Struts 2.3.1.1 is available in a full distribution,
- or as separate library, source, example and documentation
- distributions, from the
- <a href="http://struts.apache.org/download.cgi#struts2311">releases page</a>.
- The release is also available through the central Maven repository under Group ID
- "org.apache.struts". The
- <a href="http://struts.apache.org/2.x/docs/version-notes-2311.html">release notes</a>
- are available online.
- </p>
- <p>
- The 2.3.x series of the Apache Struts framework has a minimum
- requirement of the following specification versions: Servlet API 2.4,
- JSP API 2.0, and Java 5.
- </p>
- <p>
- Should any issues arise with your use of any version of the Struts
- framework, please post your comments to the user list, and, if
- appropriate, file a tracking ticket.
- </p>
-
- <h4 id="a20111218">18 December 2011 - Struts 2.0.14 End of Life Announcement</h4>
- <p>
- The Apache Struts Team likes to inform you that the Struts 2.0 branch has reached it's end of life
- and is no longer supported. All users of Struts 2.0.14 or earlier Struts 2 versions are strongly
- advised to update their existing applications to Struts 2.3.x.
- </p>
- <p>
- Struts 2.0.14 was for some time maintained in parallel to the 2.1 and 2.2 branches, since Struts 2.1
- introduced some API and plugin changes that were likely to break existing user code on top of Struts 2.
- However, the community interest in maintaining the Struts 2.0.x branch was not strong enough to
- keep it sufficiently up to date, especially in terms of security fixes. There are several serious
- security problems that, while being continuously addressed in later Struts 2 versions, did not make
- it into the 2.0.x branch. For that reason the Apache Struts PMC decided to remove 2.0.14 as a supported
- version.
- </p>
- <p>
- For more information on how to upgrade existing applications running on top of Struts 2.0.x to
- Struts 2.1 and later, please read the
- <a href="https://cwiki.apache.org/confluence/display/S2WIKI/Troubleshooting+guide+migrating+from+Struts+2.0.x+to+2.1.x">
- Guide to migrating from Struts 2.0.x to 2.1.x</a>.
- </p>
-
-
- <h4 id="a20111212">12 December 2011 - Struts 2.3.1 General Availability Release</h4>
- <p>
- The Apache Struts group is pleased to announce that Struts 2.3.1 is
- available as a "General Availability" release. The GA designation is our
- highest quality grade.
- </p>
- <p>
- Apache Struts 2 is an elegant, extensible framework for creating
- enterprise-ready Java web applications. The framework is designed to
- streamline the full development cycle, from building, to deploying, to
- maintaining applications over time.
- </p>
- <p>
- Some new futures are:
- <ul>
- <li>
- New Portlet 2.0 (JSR 286) plugin replaced the Portlet 1.0 (JSR 168) plugin
- </li>
- <li>
- New CDI plugin was added to allow use CDI (JavaEE 6) as an Object Factory in Struts 2
- </li>
- <li>
- The dependencies of the Struts2-Spring plugin were upgraded from Spring 2.5 to 3.0
- </li>
- </ul>
- Besides that, various other bug fixes, improvements and security enhancements have been incorporated.
- </p>
- <p>
- All developers are strongly advised to update existing Struts 2 applications
- to Struts 2.3.1.
- </p>
- <p>
- Struts 2.3.1 is available in a full distribution,
- or as separate library, source, example and documentation
- distributions, from the
- <a href="http://struts.apache.org/download.cgi#struts231">releases page</a>.
- The release is also available through the central Maven repository under Group ID
- "org.apache.struts". The
- <a href="http://struts.apache.org/2.3.1/docs/version-notes-231.html">release notes</a>
- are available online.
- </p>
- <p>
- The 2.3.x series of the Apache Struts framework has a minimum
- requirement of the following specification versions: Servlet API 2.4,
- JSP API 2.0, and Java 5.
- </p>
- <p>
- Should any issues arise with your use of any version of the Struts
- framework, please post your comments to the user list, and, if
- appropriate, file a tracking ticket.
- </p>
-
- <h4 id="a20111007">7 September 2011 - Struts 2.2.3.1 General Availability Release</h4>
- <p>
- The Apache Struts group is pleased to announce that Struts 2.2.3.1 is
- available as a "General Availability" release. The GA designation is our
- highest quality grade.
- </p>
- <p>
- Apache Struts 2 is an elegant, extensible framework for creating
- enterprise-ready Java web applications. The framework is designed to
- streamline the full development cycle, from building, to deploying, to
- maintaining applications over time.
- </p>
- <p>
- An important vulnerability were solved with this release:
- <ul>
- <li>
- User input was evaluated as an OGNL expression when there's a conversion error.
- </li>
- </ul>
- </p>
- <p>
- All developers are strongly advised to update existing Struts 2 applications
- to Struts 2.2.3.1.
- </p>
- <p>
- Struts 2.2.3.1 is available in a full distribution,
- or as separate library, source, example and documentation
- distributions, from the
- <a href="http://struts.apache.org/download.cgi#struts2231">releases page</a>.
- The release is also available through the central Maven repository under Group ID
- "org.apache.struts". The
- <a href="http://struts.apache.org/2.2.3.1/docs/version-notes-2231.html">release notes</a>
- are available online.
- </p>
- <p>
- The 2.2.x series of the Apache Struts framework has a minimum
- requirement of the following specification versions: Servlet API 2.4,
- JSP API 2.0, and Java 5.
- </p>
- <p>
- Should any issues arise with your use of any version of the Struts
- framework, please post your comments to the user list, and, if
- appropriate, file a tracking ticket.
- </p>
- </section>
- <section>
- <p class="right">
- Skip to: <a href="announce-2010.html">Announcements - 2010</a>
- </p>
-
- <p class="right">
- <strong>Next:</strong>
- <a href="kickstart.html">Kickstart FAQ</a>
- </p>
- </section>
-
- </body>
-</document>
+---
+layout: default
+title: Announcements 2011
+---
+
+<h1>Announcements - 2011</h1>
+
+<p class="pull-right">
+ Skip to: <a href="announce-2010.html">Announcements - 2010</a>
+</p>
+
+<h4 id="a20111225">25 December 2011 - Struts 2.3.1.1 General Availability Release</h4>
+<p>
+ The Apache Struts group is pleased to announce that Struts 2.3.1.1 is
+ available as a "General Availability" release. The GA designation is our
+ highest quality grade.
+</p>
+<p>
+ Apache Struts 2 is an elegant, extensible framework for creating
+ enterprise-ready Java web applications. The framework is designed to
+ streamline the full development cycle, from building, to deploying, to
+ maintaining applications over time.
+</p>
+<p>
+ An important vulnerability were solved with this release:
+<ul>
+ <li>
+ Remote command execution and arbitrary file overwrite
+ </li>
+ <li>
+ Strict DMI mode does not work correctly
+ </li>
+</ul>
+</p>
+<p>
+ All developers are strongly advised to update existing Struts 2 applications
+ to Struts 2.3.1.1.
+</p>
+<p>
+ Struts 2.3.1.1 is available in a full distribution,
+ or as separate library, source, example and documentation
+ distributions, from the
+ <a href="http://struts.apache.org/download.cgi#struts2311">releases page</a>.
+ The release is also available through the central Maven repository under Group ID
+ "org.apache.struts". The
+ <a href="http://struts.apache.org/2.x/docs/version-notes-2311.html">release notes</a>
+ are available online.
+</p>
+<p>
+ The 2.3.x series of the Apache Struts framework has a minimum
+ requirement of the following specification versions: Servlet API 2.4,
+ JSP API 2.0, and Java 5.
+</p>
+<p>
+ Should any issues arise with your use of any version of the Struts
+ framework, please post your comments to the user list, and, if
+ appropriate, file a tracking ticket.
+</p>
+
+<h4 id="a20111218">18 December 2011 - Struts 2.0.14 End of Life Announcement</h4>
+<p>
+ The Apache Struts Team likes to inform you that the Struts 2.0 branch has reached it's end of life
+ and is no longer supported. All users of Struts 2.0.14 or earlier Struts 2 versions are strongly
+ advised to update their existing applications to Struts 2.3.x.
+</p>
+<p>
+ Struts 2.0.14 was for some time maintained in parallel to the 2.1 and 2.2 branches, since Struts 2.1
+ introduced some API and plugin changes that were likely to break existing user code on top of Struts 2.
+ However, the community interest in maintaining the Struts 2.0.x branch was not strong enough to
+ keep it sufficiently up to date, especially in terms of security fixes. There are several serious
+ security problems that, while being continuously addressed in later Struts 2 versions, did not make
+ it into the 2.0.x branch. For that reason the Apache Struts PMC decided to remove 2.0.14 as a supported
+ version.
+</p>
+<p>
+ For more information on how to upgrade existing applications running on top of Struts 2.0.x to
+ Struts 2.1 and later, please read the
+ <a href="https://cwiki.apache.org/confluence/display/S2WIKI/Troubleshooting+guide+migrating+from+Struts+2.0.x+to+2.1.x">
+ Guide to migrating from Struts 2.0.x to 2.1.x</a>.
+</p>
+
+
+<h4 id="a20111212">12 December 2011 - Struts 2.3.1 General Availability Release</h4>
+<p>
+ The Apache Struts group is pleased to announce that Struts 2.3.1 is
+ available as a "General Availability" release. The GA designation is our
+ highest quality grade.
+</p>
+<p>
+ Apache Struts 2 is an elegant, extensible framework for creating
+ enterprise-ready Java web applications. The framework is designed to
+ streamline the full development cycle, from building, to deploying, to
+ maintaining applications over time.
+</p>
+<p>
+ Some new futures are:
+<ul>
+ <li>
+ New Portlet 2.0 (JSR 286) plugin replaced the Portlet 1.0 (JSR 168) plugin
+ </li>
+ <li>
+ New CDI plugin was added to allow use CDI (JavaEE 6) as an Object Factory in Struts 2
+ </li>
+ <li>
+ The dependencies of the Struts2-Spring plugin were upgraded from Spring 2.5 to 3.0
+ </li>
+</ul>
+Besides that, various other bug fixes, improvements and security enhancements have been incorporated.
+</p>
+<p>
+ All developers are strongly advised to update existing Struts 2 applications
+ to Struts 2.3.1.
+</p>
+<p>
+ Struts 2.3.1 is available in a full distribution,
+ or as separate library, source, example and documentation
+ distributions, from the
+ <a href="http://struts.apache.org/download.cgi#struts231">releases page</a>.
+ The release is also available through the central Maven repository under Group ID
+ "org.apache.struts". The
+ <a href="http://struts.apache.org/2.3.1/docs/version-notes-231.html">release notes</a>
+ are available online.
+</p>
+<p>
+ The 2.3.x series of the Apache Struts framework has a minimum
+ requirement of the following specification versions: Servlet API 2.4,
+ JSP API 2.0, and Java 5.
+</p>
+<p>
+ Should any issues arise with your use of any version of the Struts
+ framework, please post your comments to the user list, and, if
+ appropriate, file a tracking ticket.
+</p>
+
+<h4 id="a20111007">7 September 2011 - Struts 2.2.3.1 General Availability Release</h4>
+<p>
+ The Apache Struts group is pleased to announce that Struts 2.2.3.1 is
+ available as a "General Availability" release. The GA designation is our
+ highest quality grade.
+</p>
+<p>
+ Apache Struts 2 is an elegant, extensible framework for creating
+ enterprise-ready Java web applications. The framework is designed to
+ streamline the full development cycle, from building, to deploying, to
+ maintaining applications over time.
+</p>
+<p>
+ An important vulnerability were solved with this release:
+<ul>
+ <li>
+ User input was evaluated as an OGNL expression when there's a conversion error.
+ </li>
+</ul>
+</p>
+<p>
+ All developers are strongly advised to update existing Struts 2 applications
+ to Struts 2.2.3.1.
+</p>
+<p>
+ Struts 2.2.3.1 is available in a full distribution,
+ or as separate library, source, example and documentation
+ distributions, from the
+ <a href="http://struts.apache.org/download.cgi#struts2231">releases page</a>.
+ The release is also available through the central Maven repository under Group ID
+ "org.apache.struts". The
+ <a href="http://struts.apache.org/2.2.3.1/docs/version-notes-2231.html">release notes</a>
+ are available online.
+</p>
+<p>
+ The 2.2.x series of the Apache Struts framework has a minimum
+ requirement of the following specification versions: Servlet API 2.4,
+ JSP API 2.0, and Java 5.
+</p>
+<p>
+ Should any issues arise with your use of any version of the Struts
+ framework, please post your comments to the user list, and, if
+ appropriate, file a tracking ticket.
+</p>
+
+<p class="pull-right">
+ Skip to: <a href="announce-2010.html">Announcements - 2010</a>
+</p>
+
+<p class="pull-left">
+ <strong>Next:</strong>
+ <a href="kickstart.html">Kickstart FAQ</a>
+</p>
Copied: struts/site/branches/jekyll-powered/source/announce-2012.html (from r1566344, struts/site/branches/jekyll-powered/source/announce-2012.xml)
URL: http://svn.apache.org/viewvc/struts/site/branches/jekyll-powered/source/announce-2012.html?p2=struts/site/branches/jekyll-powered/source/announce-2012.html&p1=struts/site/branches/jekyll-powered/source/announce-2012.xml&r1=1566344&r2=1566350&rev=1566350&view=diff
==============================================================================
--- struts/site/branches/jekyll-powered/source/announce-2012.xml (original)
+++ struts/site/branches/jekyll-powered/source/announce-2012.html Sun Feb 9 18:54:55 2014
@@ -1,312 +1,286 @@
-<?xml version="1.0"?>
-<!--
-Copyright 1999-2009 The Apache Software Foundation
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
--->
-<!--
-// ======================================================================== 78
--->
-<document>
-
- <properties>
- <title>Announcements</title>
- </properties>
-
- <body>
-
- <section name="Announcements">
- <p class="right">
- Skip to:
- <a href="announce-2011.html">Announcements - 2011</a>
- </p>
-
- <h4 id="a20121222">22 December 2012 - Struts 2.3.8 General Availability Release</h4>
- <p>
- The Apache Struts group is pleased to announce that Struts 2.3.8 is
- available as a "General Availability" release. The GA designation is our
- highest quality grade.
- </p>
- <p>
- Apache Struts 2 is an elegant, extensible framework for creating
- enterprise-ready Java web applications. The framework is designed to
- streamline the full development cycle, from building, to deploying, to
- maintaining applications over time.
- </p>
- <p>
- It's a mostly maintenance release which improves overall performance which should be significant
- better than in version 2.3.7 and slightly better than in version 2.3.4.1. This version depends on new OGNL
- version 3.0.6 - thanks to Pelladi Gabor and Johno Crawford for their contribution!
- Please check the Version Notes to see more details.
- </p>
- <p>
- All developers are strongly advised to update existing Struts 2 applications
- to Struts 2.3.8.
- </p>
- <p>
- Struts 2.3.8 is available in a full distribution or as separate library, source, example and documentation
- distributions, from the
- <a href="http://struts.apache.org/download.cgi#struts238">releases page</a>.
- The release is also available through the central Maven repository under Group ID "org.apache.struts". The
- <a href="http://struts.apache.org/2.x/docs/version-notes-238.html">release notes</a>
- are available online.
- </p>
- <p>
- The 2.3.x series of the Apache Struts framework has a minimum
- requirement of the following specification versions: Servlet API 2.4,
- JSP API 2.0, and Java 5.
- </p>
- <p>
- Should any issues arise with your use of any version of the Struts
- framework, please post your comments to the user list, and, if
- appropriate, file a tracking ticket.
- </p>
-
- <h4 id="a20121119">19 November 2012 - Struts 2.3.7 General Availability Release</h4>
- <p>
- The Apache Struts group is pleased to announce that Struts 2.3.7 is
- available as a "General Availability" release. The GA designation is our
- highest quality grade.
- </p>
- <p>
- Apache Struts 2 is an elegant, extensible framework for creating
- enterprise-ready Java web applications. The framework is designed to
- streamline the full development cycle, from building, to deploying, to
- maintaining applications over time.
- </p>
- <p>
- It's a mostly maintenance release where many bugs were solved and many improvements were added.
- Please check the Version Notes to see more details, also performance was improved.
- </p>
- <p>
- All developers are strongly advised to update existing Struts 2 applications
- to Struts 2.3.7.
- </p>
- <p>
- Struts 2.3.7 is available in a full distribution,
- or as separate library, source, example and documentation
- distributions, from the
- <a href="http://struts.apache.org/download.cgi#struts237">releases page</a>.
- The release is also available through the central Maven repository under Group ID
- "org.apache.struts". The
- <a href="http://struts.apache.org/2.x/docs/version-notes-237.html">release notes</a>
- are available online.
- </p>
- <p>
- The 2.3.x series of the Apache Struts framework has a minimum
- requirement of the following specification versions: Servlet API 2.4,
- JSP API 2.0, and Java 5.
- </p>
- <p>
- Should any issues arise with your use of any version of the Struts
- framework, please post your comments to the user list, and, if
- appropriate, file a tracking ticket.
- </p>
-
- <h4 id="a20120813">13 August 2012 - Struts 2.3.4.1 General Availability Release</h4>
- <p>
- The Apache Struts group is pleased to announce that Struts 2.3.4.1 is
- available as a "General Availability" release. The GA designation is our
- highest quality grade.
- </p>
- <p>
- Apache Struts 2 is an elegant, extensible framework for creating
- enterprise-ready Java web applications. The framework is designed to
- streamline the full development cycle, from building, to deploying, to
- maintaining applications over time.
- </p>
- <p>
- Two security issues were solved with this release:
- <ul>
- <li>
- Decoupling of session attribute and parameter naming for Struts 2 token mechanism,
- to improve security when used for CSRF-attack protection
- </li>
- <li>
- Parameter name length is now by default restricted to 100 characters to diminish possible DOS
- attack effectiveness
- </li>
- </ul>
- </p>
- <p>
- All developers are strongly advised to update existing Struts 2 applications
- to Struts 2.3.4.1.
- </p>
- <p>
- Struts 2.3.4.1 is available in a full distribution,
- or as separate library, source, example and documentation
- distributions, from the
- <a href="http://struts.apache.org/download.cgi#struts2341">releases page</a>.
- The release is also available through the central Maven repository under Group ID
- "org.apache.struts". The
- <a href="http://struts.apache.org/2.x/docs/version-notes-2341.html">release notes</a>
- and the
- <a href="https://cwiki.apache.org/confluence/display/WW/S2-010">token mechanism security bulletin</a>
- as well as the
- <a href="https://cwiki.apache.org/confluence/display/WW/S2-011">parameter name length security bulletin</a>
- are available online.
- </p>
- <p>
- The 2.3.x series of the Apache Struts framework has a minimum
- requirement of the following specification versions: Servlet API 2.4,
- JSP API 2.0, and Java 5.
- </p>
- <p>
- Should any issues arise with your use of any version of the Struts
- framework, please post your comments to the user list, and, if
- appropriate, file a tracking ticket.
- </p>
-
- <h4 id="a20120511">12 May 2012 - Struts 2.3.4 General Availability Release</h4>
- <p>
- The Apache Struts group is pleased to announce that Struts 2.3.4 is
- available as a "General Availability" release. The GA designation is our
- highest quality grade.
- </p>
- <p>
- Apache Struts 2 is an elegant, extensible framework for creating
- enterprise-ready Java web applications. The framework is designed to
- streamline the full development cycle, from building, to deploying, to
- maintaining applications over time.
- </p>
- <p>
- It's a mostly maintenance release where many bugs were solved and many improvements were added.
- Please check the Version Notes to see more details.
- </p>
- <p>
- All developers are strongly advised to update existing Struts 2 applications
- to Struts 2.3.4.
- </p>
- <p>
- Struts 2.3.4 is available in a full distribution, or as separate library, source,
- example and documentation distributions, from the
- <a href="http://struts.apache.org/download.cgi#struts234">releases page</a>.
- The release is also available through the central Maven repository under Group ID
- "org.apache.struts". The
- <a href="http://struts.apache.org/2.x/docs/version-notes-234.html">version notes</a>
- are available online.
- </p>
- <p>
- The 2.3.x series of the Apache Struts framework has a minimum
- requirement of the following specification versions: Servlet API 2.4,
- JSP API 2.0, and Java 5.
- </p>
- <p>
- Should any issues arise with your use of any version of the Struts
- framework, please post your comments to the user list, and, if
- appropriate, file a tracking ticket.
- </p>
-
- <h4 id="a20120416">16 April 2012 - Struts 2.3.3 General Availability Release</h4>
- <p>
- The Apache Struts group is pleased to announce that Struts 2.3.3 is
- available as a "General Availability" release. The GA designation is our
- highest quality grade.
- </p>
- <p>
- Apache Struts 2 is an elegant, extensible framework for creating
- enterprise-ready Java web applications. The framework is designed to
- streamline the full development cycle, from building, to deploying, to
- maintaining applications over time.
- </p>
- <p>
- It's a mostly maintenance release where many bugs were solved and many improvements were added.
- Please check the Version Notes to see more details.
- </p>
- <p>
- All developers are strongly advised to update existing Struts 2 applications
- to Struts 2.3.3.
- </p>
- <p>
- Struts 2.3.3 is available in a full distribution, or as separate library, source,
- example and documentation distributions, from the
- <a href="http://struts.apache.org/download.cgi#struts233">releases page</a>.
- The release is also available through the central Maven repository under Group ID
- "org.apache.struts". The
- <a href="http://struts.apache.org/2.x/docs/version-notes-233.html">version notes</a>
- are available online.
- </p>
- <p>
- The 2.3.x series of the Apache Struts framework has a minimum
- requirement of the following specification versions: Servlet API 2.4,
- JSP API 2.0, and Java 5.
- </p>
- <p>
- Should any issues arise with your use of any version of the Struts
- framework, please post your comments to the user list, and, if
- appropriate, file a tracking ticket.
- </p>
-
- <h4 id="a20120122">22 January 2012 - Struts 2.3.1.2 General Availability Release</h4>
- <p>
- The Apache Struts group is pleased to announce that Struts 2.3.1.2 is
- available as a "General Availability" release. The GA designation is our
- highest quality grade.
- </p>
- <p>
- Apache Struts 2 is an elegant, extensible framework for creating
- enterprise-ready Java web applications. The framework is designed to
- streamline the full development cycle, from building, to deploying, to
- maintaining applications over time.
- </p>
- <p>
- An important vulnerability were solved with this release:
- <ul>
- <li>
- ParameterInterceptor vulnerability allowed remote command execution
- </li>
- <li>
- Default acceptedParamNames has been updated to more restrictive values
- </li>
- </ul>
- </p>
- <p>
- All developers are strongly advised to update existing Struts 2 applications
- to Struts 2.3.1.2.
- </p>
- <p>
- Struts 2.3.1.2 is available in a full distribution,
- or as separate library, source, example and documentation
- distributions, from the
- <a href="http://struts.apache.org/download.cgi#struts2312">releases page</a>.
- The release is also available through the central Maven repository under Group ID
- "org.apache.struts". The
- <a href="http://struts.apache.org/2.x/docs/version-notes-2312.html">release notes</a>
- and the
- <a href="https://cwiki.apache.org/confluence/display/WW/S2-009">security bulletin</a>
- are available online.
- </p>
- <p>
- The 2.3.x series of the Apache Struts framework has a minimum
- requirement of the following specification versions: Servlet API 2.4,
- JSP API 2.0, and Java 5.
- </p>
- <p>
- Should any issues arise with your use of any version of the Struts
- framework, please post your comments to the user list, and, if
- appropriate, file a tracking ticket.
- </p>
- </section>
- <section>
- <p class="right">
- Skip to:
- <a href="announce-2011.html">Announcements - 2011</a>
- </p>
-
- <p class="right">
- <strong>Next:</strong>
- <a href="kickstart.html">Kickstart FAQ</a>
- </p>
- </section>
-
- </body>
-</document>
+---
+layout: default
+title: Announcements 2012
+---
+
+<h1>Announcements - 2012</h1>
+
+<p class="pull-right">
+ Skip to:
+ <a href="announce-2011.html">Announcements - 2011</a>
+</p>
+
+<h4 id="a20121222">22 December 2012 - Struts 2.3.8 General Availability Release</h4>
+<p>
+ The Apache Struts group is pleased to announce that Struts 2.3.8 is
+ available as a "General Availability" release. The GA designation is our
+ highest quality grade.
+</p>
+<p>
+ Apache Struts 2 is an elegant, extensible framework for creating
+ enterprise-ready Java web applications. The framework is designed to
+ streamline the full development cycle, from building, to deploying, to
+ maintaining applications over time.
+</p>
+<p>
+ It's a mostly maintenance release which improves overall performance which should be significant
+ better than in version 2.3.7 and slightly better than in version 2.3.4.1. This version depends on new OGNL
+ version 3.0.6 - thanks to Pelladi Gabor and Johno Crawford for their contribution!
+ Please check the Version Notes to see more details.
+</p>
+<p>
+ All developers are strongly advised to update existing Struts 2 applications
+ to Struts 2.3.8.
+</p>
+<p>
+ Struts 2.3.8 is available in a full distribution or as separate library, source, example and documentation
+ distributions, from the
+ <a href="http://struts.apache.org/download.cgi#struts238">releases page</a>.
+ The release is also available through the central Maven repository under Group ID "org.apache.struts". The
+ <a href="http://struts.apache.org/2.x/docs/version-notes-238.html">release notes</a>
+ are available online.
+</p>
+<p>
+ The 2.3.x series of the Apache Struts framework has a minimum
+ requirement of the following specification versions: Servlet API 2.4,
+ JSP API 2.0, and Java 5.
+</p>
+<p>
+ Should any issues arise with your use of any version of the Struts
+ framework, please post your comments to the user list, and, if
+ appropriate, file a tracking ticket.
+</p>
+
+<h4 id="a20121119">19 November 2012 - Struts 2.3.7 General Availability Release</h4>
+<p>
+ The Apache Struts group is pleased to announce that Struts 2.3.7 is
+ available as a "General Availability" release. The GA designation is our
+ highest quality grade.
+</p>
+<p>
+ Apache Struts 2 is an elegant, extensible framework for creating
+ enterprise-ready Java web applications. The framework is designed to
+ streamline the full development cycle, from building, to deploying, to
+ maintaining applications over time.
+</p>
+<p>
+ It's a mostly maintenance release where many bugs were solved and many improvements were added.
+ Please check the Version Notes to see more details, also performance was improved.
+</p>
+<p>
+ All developers are strongly advised to update existing Struts 2 applications
+ to Struts 2.3.7.
+</p>
+<p>
+ Struts 2.3.7 is available in a full distribution,
+ or as separate library, source, example and documentation
+ distributions, from the
+ <a href="http://struts.apache.org/download.cgi#struts237">releases page</a>.
+ The release is also available through the central Maven repository under Group ID
+ "org.apache.struts". The
+ <a href="http://struts.apache.org/2.x/docs/version-notes-237.html">release notes</a>
+ are available online.
+</p>
+<p>
+ The 2.3.x series of the Apache Struts framework has a minimum
+ requirement of the following specification versions: Servlet API 2.4,
+ JSP API 2.0, and Java 5.
+</p>
+<p>
+ Should any issues arise with your use of any version of the Struts
+ framework, please post your comments to the user list, and, if
+ appropriate, file a tracking ticket.
+</p>
+
+<h4 id="a20120813">13 August 2012 - Struts 2.3.4.1 General Availability Release</h4>
+<p>
+ The Apache Struts group is pleased to announce that Struts 2.3.4.1 is
+ available as a "General Availability" release. The GA designation is our
+ highest quality grade.
+</p>
+<p>
+ Apache Struts 2 is an elegant, extensible framework for creating
+ enterprise-ready Java web applications. The framework is designed to
+ streamline the full development cycle, from building, to deploying, to
+ maintaining applications over time.
+</p>
+<p>
+ Two security issues were solved with this release:
+<ul>
+ <li>
+ Decoupling of session attribute and parameter naming for Struts 2 token mechanism,
+ to improve security when used for CSRF-attack protection
+ </li>
+ <li>
+ Parameter name length is now by default restricted to 100 characters to diminish possible DOS
+ attack effectiveness
+ </li>
+</ul>
+</p>
+<p>
+ All developers are strongly advised to update existing Struts 2 applications
+ to Struts 2.3.4.1.
+</p>
+<p>
+ Struts 2.3.4.1 is available in a full distribution,
+ or as separate library, source, example and documentation
+ distributions, from the
+ <a href="http://struts.apache.org/download.cgi#struts2341">releases page</a>.
+ The release is also available through the central Maven repository under Group ID
+ "org.apache.struts". The
+ <a href="http://struts.apache.org/2.x/docs/version-notes-2341.html">release notes</a>
+ and the
+ <a href="https://cwiki.apache.org/confluence/display/WW/S2-010">token mechanism security bulletin</a>
+ as well as the
+ <a href="https://cwiki.apache.org/confluence/display/WW/S2-011">parameter name length security bulletin</a>
+ are available online.
+</p>
+<p>
+ The 2.3.x series of the Apache Struts framework has a minimum
+ requirement of the following specification versions: Servlet API 2.4,
+ JSP API 2.0, and Java 5.
+</p>
+<p>
+ Should any issues arise with your use of any version of the Struts
+ framework, please post your comments to the user list, and, if
+ appropriate, file a tracking ticket.
+</p>
+
+<h4 id="a20120511">12 May 2012 - Struts 2.3.4 General Availability Release</h4>
+<p>
+ The Apache Struts group is pleased to announce that Struts 2.3.4 is
+ available as a "General Availability" release. The GA designation is our
+ highest quality grade.
+</p>
+<p>
+ Apache Struts 2 is an elegant, extensible framework for creating
+ enterprise-ready Java web applications. The framework is designed to
+ streamline the full development cycle, from building, to deploying, to
+ maintaining applications over time.
+</p>
+<p>
+ It's a mostly maintenance release where many bugs were solved and many improvements were added.
+ Please check the Version Notes to see more details.
+</p>
+<p>
+ All developers are strongly advised to update existing Struts 2 applications
+ to Struts 2.3.4.
+</p>
+<p>
+ Struts 2.3.4 is available in a full distribution, or as separate library, source,
+ example and documentation distributions, from the
+ <a href="http://struts.apache.org/download.cgi#struts234">releases page</a>.
+ The release is also available through the central Maven repository under Group ID
+ "org.apache.struts". The
+ <a href="http://struts.apache.org/2.x/docs/version-notes-234.html">version notes</a>
+ are available online.
+</p>
+<p>
+ The 2.3.x series of the Apache Struts framework has a minimum
+ requirement of the following specification versions: Servlet API 2.4,
+ JSP API 2.0, and Java 5.
+</p>
+<p>
+ Should any issues arise with your use of any version of the Struts
+ framework, please post your comments to the user list, and, if
+ appropriate, file a tracking ticket.
+</p>
+
+<h4 id="a20120416">16 April 2012 - Struts 2.3.3 General Availability Release</h4>
+<p>
+ The Apache Struts group is pleased to announce that Struts 2.3.3 is
+ available as a "General Availability" release. The GA designation is our
+ highest quality grade.
+</p>
+<p>
+ Apache Struts 2 is an elegant, extensible framework for creating
+ enterprise-ready Java web applications. The framework is designed to
+ streamline the full development cycle, from building, to deploying, to
+ maintaining applications over time.
+</p>
+<p>
+ It's a mostly maintenance release where many bugs were solved and many improvements were added.
+ Please check the Version Notes to see more details.
+</p>
+<p>
+ All developers are strongly advised to update existing Struts 2 applications
+ to Struts 2.3.3.
+</p>
+<p>
+ Struts 2.3.3 is available in a full distribution, or as separate library, source,
+ example and documentation distributions, from the
+ <a href="http://struts.apache.org/download.cgi#struts233">releases page</a>.
+ The release is also available through the central Maven repository under Group ID
+ "org.apache.struts". The
+ <a href="http://struts.apache.org/2.x/docs/version-notes-233.html">version notes</a>
+ are available online.
+</p>
+<p>
+ The 2.3.x series of the Apache Struts framework has a minimum
+ requirement of the following specification versions: Servlet API 2.4,
+ JSP API 2.0, and Java 5.
+</p>
+<p>
+ Should any issues arise with your use of any version of the Struts
+ framework, please post your comments to the user list, and, if
+ appropriate, file a tracking ticket.
+</p>
+
+<h4 id="a20120122">22 January 2012 - Struts 2.3.1.2 General Availability Release</h4>
+<p>
+ The Apache Struts group is pleased to announce that Struts 2.3.1.2 is
+ available as a "General Availability" release. The GA designation is our
+ highest quality grade.
+</p>
+<p>
+ Apache Struts 2 is an elegant, extensible framework for creating
+ enterprise-ready Java web applications. The framework is designed to
+ streamline the full development cycle, from building, to deploying, to
+ maintaining applications over time.
+</p>
+<p>
+ An important vulnerability were solved with this release:
+<ul>
+ <li>
+ ParameterInterceptor vulnerability allowed remote command execution
+ </li>
+ <li>
+ Default acceptedParamNames has been updated to more restrictive values
+ </li>
+</ul>
+</p>
+<p>
+ All developers are strongly advised to update existing Struts 2 applications
+ to Struts 2.3.1.2.
+</p>
+<p>
+ Struts 2.3.1.2 is available in a full distribution,
+ or as separate library, source, example and documentation
+ distributions, from the
+ <a href="http://struts.apache.org/download.cgi#struts2312">releases page</a>.
+ The release is also available through the central Maven repository under Group ID
+ "org.apache.struts". The
+ <a href="http://struts.apache.org/2.x/docs/version-notes-2312.html">release notes</a>
+ and the
+ <a href="https://cwiki.apache.org/confluence/display/WW/S2-009">security bulletin</a>
+ are available online.
+</p>
+<p>
+ The 2.3.x series of the Apache Struts framework has a minimum
+ requirement of the following specification versions: Servlet API 2.4,
+ JSP API 2.0, and Java 5.
+</p>
+<p>
+ Should any issues arise with your use of any version of the Struts
+ framework, please post your comments to the user list, and, if
+ appropriate, file a tracking ticket.
+</p>
+
+<p class="pull-right">
+ Skip to: <a href="announce-2011.html">Announcements - 2011</a>
+</p>
+
+<p class="pull-left">
+ <strong>Next:</strong>
+ <a href="kickstart.html">Kickstart FAQ</a>
+</p>