You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@struts.apache.org by lu...@apache.org on 2014/02/09 11:23:31 UTC
svn commit: r1566267 - in /struts/site/branches/jekyll-powered:
content/announce.html old-content/xdoc/announce.xml source/announce.html
Author: lukaszlenart
Date: Sun Feb 9 10:23:31 2014
New Revision: 1566267
URL: http://svn.apache.org/r1566267
Log:
Converts announce to Markdown and Jekyll
Added:
struts/site/branches/jekyll-powered/content/announce.html
struts/site/branches/jekyll-powered/source/announce.html
Removed:
struts/site/branches/jekyll-powered/old-content/xdoc/announce.xml
Added: struts/site/branches/jekyll-powered/content/announce.html
URL: http://svn.apache.org/viewvc/struts/site/branches/jekyll-powered/content/announce.html?rev=1566267&view=auto
==============================================================================
--- struts/site/branches/jekyll-powered/content/announce.html (added)
+++ struts/site/branches/jekyll-powered/content/announce.html Sun Feb 9 10:23:31 2014
@@ -0,0 +1,616 @@
+<!DOCTYPE html>
+<html>
+<head>
+ <meta charset="UTF-8"/>
+ <meta name="viewport" content="width=device-width, initial-scale=1.0"/>
+ <meta name="Date-Revision-yyyymmdd" content="20140206"/>
+ <meta http-equiv="Content-Language" content="en"/>
+ <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
+
+ <title>Announcements</title>
+
+ <link rel="stylesheet" href="/bootstrap/css/bootstrap.css">
+ <link rel="stylesheet" href="/css/main.css">
+
+ <script type="text/javascript" src="/js/jquery-1.11.0.min.js"></script>
+ <script type="text/javascript" src="/bootstrap/js/bootstrap.js"></script>
+ <script type="text/javascript" src="/js/community.js"></script>
+</head>
+<body>
+
+<a href="http://github.com/apache/struts">
+ <img style="position: absolute; top: 0; right: 0; border: 0; z-index: 10000;" src="https://s3.amazonaws.com/github/ribbons/forkme_right_red_aa0000.png" alt="Fork me on GitHub">
+</a>
+
+<header>
+ <!-- Fixed navbar -->
+<nav>
+ <div class="navbar navbar-default navbar-fixed-top" role="navigation">
+ <div class="container">
+ <div class="navbar-collapse collapse">
+ <ul class="nav navbar-nav">
+
+ <li class="dropdown">
+ <a class="dropdown-toggle" data-toggle="dropdown" href="#">Apache Struts <b class="caret"></b></a>
+ <ul class="dropdown-menu">
+ <li><a href="index.html">Welcome</a></li>
+ <li><a href="downloads.html">Downloads</a></li>
+ <li><a href="announce.html">Announcements</a></li>
+ <li><a href="http://www.apache.org/licenses/">License</a></li>
+ <li><a href="http://apache.org/foundation/thanks.html">Thanks!</a></li>
+ <li><a href="http://apache.org/foundation/sponsorship.html">Sponsorship</a></li>
+ </ul>
+ </li>
+
+ <li class="dropdown">
+ <a class="dropdown-toggle" data-toggle="dropdown" href="#">Support <b class="caret"></b></a>
+ <ul class="dropdown-menu">
+ <li><a href="mail.html">User Mailing List</a></li>
+ <li><a href="https://issues.apache.org/jira/browse/WW">Issue Tracker</a></li>
+ <li><a href="security.html">Reporting Security Issues</a></li>
+ </ul>
+ </li>
+
+ <li class="dropdown">
+ <a class="dropdown-toggle" data-toggle="dropdown" href="#">Documentation <b class="caret"></b></a>
+ <ul class="dropdown-menu">
+ <li><a href="birdseye.html">Birds Eye</a></li>
+ <li><a href="primer.html">Key Technologies</a></li>
+ <li><a href="kickstart.html">Kickstart FAQ</a></li>
+ <li><a href="https://cwiki.apache.org/confluence/display/WW/Home">Wiki</a></li>
+ <li><a href="http://struts.apache.org/release/2.3.x/index.html">Struts 2</a></li>
+ <li><a href="http://struts.apache.org/release/1.3.x/index.html">Struts 1</a></li>
+ </ul>
+ </li>
+
+ <li class="dropdown">
+ <a class="dropdown-toggle" data-toggle="dropdown" href="#">Contributing <b class="caret"></b></a>
+ <ul class="dropdown-menu">
+ <li><a href="youatstruts.html">You at Struts</a></li>
+ <li><a href="helping.html">How to Help FAQ</a></li>
+ <li><a href="dev-mail.html">Development Lists</a></li>
+ <li class="divider"></li>
+ <li><a href="git-for-struts.html">Git for Struts</a></li>
+ <li><a href="builds.html">Source Code</a></li>
+ <li><a href="coding-standards.html">Coding standards</a></li>
+ <li class="divider"></li>
+ <li><a href="releases.html">Release Guidelines</a></li>
+ <li><a href="bylaws.html">PMC Charter</a></li>
+ <li><a href="volunteers.html">Volunteers</a></li>
+ <li><a href="https://git-wip-us.apache.org/repos/asf?p=struts.git">Source Repository</a></li>
+ </ul>
+ </li>
+
+ </ul>
+ </div>
+ <!--/.nav-collapse -->
+ </div>
+ </div>
+</nav>
+
+ <div class="container">
+ <div class="row">
+ <div class="pull-left">
+ <a href="/" id="bannerLeft">
+ <img src="/img/struts.gif" alt="Apache Struts"/>
+ </a>
+ </div>
+ <div class="pull-right"><a href="http://www.apache.org" id="bannerRight">
+ <img src="/img/asf-logo.gif" alt="Apache Software Foundation"/>
+ </a>
+ </div>
+ </div>
+ </div>
+</header>
+
+
+<article class="container">
+ <section class="col-md-12">
+ <h1>Announcements</h1>
+<p class="pull-right">
+ Skip to: <a href="announce-2012.html">Announcements - 2012</a>
+</p>
+
+<h4 id="a20131208">8 December 2013 - Struts 2.3.16 General Availability Release - Maintenance Release</h4>
+<p>
+ The Apache Struts group is pleased to announce that Struts 2.3.16 is
+ available as a "General Availability" release. The GA designation is our
+ highest quality grade.
+</p>
+<p>
+ Apache Struts 2 is an elegant, extensible framework for creating
+ enterprise-ready Java web applications. The framework is designed to
+ streamline the full development cycle, from building, to deploying, to
+ maintaining applications over time.
+</p>
+<p>
+ This release contains many important improvements and doze of other small fixes, to light just few:
+ <ul>
+ <li>Merged security fix from version 2.3.15.1, 2.3.15.2 and 2.3.15.3</li>
+ <li>Solved problem with global "error" result in the Convention Plugin</li>
+ <li>The action: and method: prefixes are be by default excluded and changed order to first check
+ excludeParams and then acceptedParams in ParametersInterceptor
+ </li>
+ <li>Restored previous behaviour where both ParametersInterceptor AND ParameterNameAware must accept
+ parameter - there is no more precedence
+ </li>
+ <li>Added proper support for multiple ActionMapper's used with PrefixBasedActionMapper</li>
+ <li>Solved problem with creating empty map entries via Ognl</li>
+ <li>... and many more, please check the Version Notes</li>
+ </ul>
+</p>
+<p>
+ All developers are strongly advised to update existing Struts 2 applications to Struts 2.3.16.
+</p>
+<p>
+ Struts 2.3.16 is available in a full distribution or as separate library, source, example
+ and documentation distributions, from the
+ <a href="http://struts.apache.org/download.cgi#struts2316">releases page</a>.
+ The release is also available through the central Maven repository under Group ID "org.apache.struts".
+ The <a href="http://struts.apache.org/release/2.3.x/docs/version-notes-2316.html">version notes</a>
+ are available online.
+</p>
+<p>
+ The 2.3.x series of the Apache Struts framework has a minimum
+ requirement of the following specification versions: Servlet API 2.4,
+ JSP API 2.0, and Java 5.
+</p>
+<p>
+ Should any issues arise with your use of any version of the Struts
+ framework, please post your comments to the user list, and, if
+ appropriate, file a tracking ticket.
+</p>
+
+<h4 id="a20131015">15 October 2013 - Struts 2.3.15.3 General Availability Release - Security Fix Release</h4>
+<p>
+ The Apache Struts group is pleased to announce that Struts 2.3.15.3 is
+ available as a "General Availability" release. The GA designation is our
+ highest quality grade.
+</p>
+<p>
+ Apache Struts 2 is an elegant, extensible framework for creating
+ enterprise-ready Java web applications. The framework is designed to
+ streamline the full development cycle, from building, to deploying, to
+ maintaining applications over time.
+</p>
+<p>
+ One security issue was solved with this release:
+ <ul>
+ <li>
+ <a href="http://struts.apache.org/release/2.3.x/docs/s2-018.html">S2-018</a>
+ - Broken Access Control Vulnerability in Apache Struts2
+ </li>
+ <li>
+ and proper support for action: prefix was restored.
+ </li>
+ </ul>
+</p>
+<p>
+ All developers are strongly advised to update existing Struts 2 applications to Struts 2.3.15.3.
+</p>
+<p>
+ Struts 2.3.15.3 is available in a full distribution or as separate library, source, example and documentation
+ distributions, from the
+ <a href="http://struts.apache.org/download.cgi#struts23153">releases page</a>.
+ The release is also available through the central Maven repository under Group ID "org.apache.struts". The
+ <a href="http://struts.apache.org/release/2.3.x/docs/version-notes-23153.html">release notes</a>
+ are available online.
+</p>
+<p>
+ The 2.3.x series of the Apache Struts framework has a minimum
+ requirement of the following specification versions: Servlet API 2.4,
+ JSP API 2.0, and Java 5.
+</p>
+<p>
+ Should any issues arise with your use of any version of the Struts
+ framework, please post your comments to the user list, and, if
+ appropriate, file a tracking ticket.
+</p>
+
+<h4 id="a20130920">20 September 2013 - Struts 2.3.15.2 General Availability Release - Security Fix Release</h4>
+<p>
+ The Apache Struts group is pleased to announce that Struts 2.3.15.2 is
+ available as a "General Availability" release. The GA designation is our
+ highest quality grade.
+</p>
+<p>
+ Apache Struts 2 is an elegant, extensible framework for creating
+ enterprise-ready Java web applications. The framework is designed to
+ streamline the full development cycle, from building, to deploying, to
+ maintaining applications over time.
+</p>
+<p>
+ Two security issues were solved with this release:
+ <ul>
+ <li>
+ <a href="http://struts.apache.org/release/2.3.x/docs/s2-018.html">S2-018</a>
+ - Broken Access Control Vulnerability in Apache Struts2
+ </li>
+ <li>
+ <a href="http://struts.apache.org/release/2.3.x/docs/s2-019.html">S2-019</a>
+ - Dynamic Method Invocation disabled by default
+ </li>
+ </ul>
+</p>
+<p>
+ All developers are strongly advised to update existing Struts 2 applications to Struts 2.3.15.2.
+</p>
+<p>
+ Struts 2.3.15.2 is available in a full distribution or as separate library, source, example and documentation
+ distributions, from the
+ <a href="http://struts.apache.org/download.cgi#struts23152">releases page</a>.
+ The release is also available through the central Maven repository under Group ID "org.apache.struts". The
+ <a href="http://struts.apache.org/release/2.3.x/docs/version-notes-23152.html">release notes</a>
+ are available online.
+</p>
+<p>
+ The 2.3.x series of the Apache Struts framework has a minimum
+ requirement of the following specification versions: Servlet API 2.4,
+ JSP API 2.0, and Java 5.
+</p>
+<p>
+ Should any issues arise with your use of any version of the Struts
+ framework, please post your comments to the user list, and, if
+ appropriate, file a tracking ticket.
+</p>
+
+<h4 id="a20130716">16 July 2013 - Struts 2.3.15.1 General Availability Release - Security Fix Release</h4>
+<p>
+ The Apache Struts group is pleased to announce that Struts 2.3.15.1 is
+ available as a "General Availability" release. The GA designation is our
+ highest quality grade.
+</p>
+<p>
+ Apache Struts 2 is an elegant, extensible framework for creating
+ enterprise-ready Java web applications. The framework is designed to
+ streamline the full development cycle, from building, to deploying, to
+ maintaining applications over time.
+</p>
+<p>
+ Two security issues were solved with this release:
+ <ul>
+ <li>
+ <a href="http://struts.apache.org/release/2.3.x/docs/s2-016.html">S2-016</a>
+ - Remote code execution vulnerability when using short-circuit navigation
+ parameter prefixes
+ </li>
+ <li>
+ <a href="http://struts.apache.org/release/2.3.x/docs/s2-017.html">S2-017</a>
+ - Open redirect vulnerability when using short-circuit redirect
+ parameter prefixes
+ </li>
+ </ul>
+</p>
+<p>
+ All developers are strongly advised to update existing Struts 2 applications to Struts 2.3.15.1.
+</p>
+<p>
+ Struts 2.3.15.1 is available in a full distribution or as separate library, source, example and documentation
+ distributions, from the
+ <a href="http://struts.apache.org/download.cgi#struts23151">releases page</a>.
+ The release is also available through the central Maven repository under Group ID "org.apache.struts". The
+ <a href="http://struts.apache.org/release/2.3.x/docs/version-notes-23151.html">release notes</a>
+ are available online.
+</p>
+<p>
+ The 2.3.x series of the Apache Struts framework has a minimum
+ requirement of the following specification versions: Servlet API 2.4,
+ JSP API 2.0, and Java 5.
+</p>
+<p>
+ Should any issues arise with your use of any version of the Struts
+ framework, please post your comments to the user list, and, if
+ appropriate, file a tracking ticket.
+</p>
+
+<h4 id="a20130622">22 June 2013 - Struts 2.3.15 General Availability Release</h4>
+<p>
+ The Apache Struts group is pleased to announce that Struts 2.3.15 is
+ available as a "General Availability" release. The GA designation is our
+ highest quality grade.
+</p>
+<p>
+ Apache Struts 2 is an elegant, extensible framework for creating
+ enterprise-ready Java web applications. The framework is designed to
+ streamline the full development cycle, from building, to deploying, to
+ maintaining applications over time.
+</p>
+<p>
+ It's a mostly maintenance release but few important improvements were added as well:
+ <ul>
+ <li>Merged security fix from version 2.3.14.1, 2.3.14.2 and 2.3.14.3</li>
+ <li>Resolved problem with memory leak in ContainerHolder</li>
+ <li>Resolved bug related to struts.convention.action.includeJars</li>
+ <li>Improved OSGi support to allow work in Glassfish 3</li>
+ <li>Added support to create cookies from whitin an action</li>
+ <li>New interface - ValidationAware - was added to allow notify actions when there are action/field
+ errors
+ </li>
+ <li>and other small improvments</li>
+ </ul>
+Please check the Version Notes to see more details.
+</p>
+<p>
+ All developers are recommended to update existing Struts 2 applications to Struts 2.3.15.
+</p>
+<p>
+ Struts 2.3.15 is available in a full distribution or as separate library, source, example and documentation
+ distributions, from the
+ <a href="http://struts.apache.org/download.cgi#struts2315">releases page</a>.
+ The release is also available through the central Maven repository under Group ID "org.apache.struts". The
+ <a href="http://struts.apache.org/development/2.x/docs/version-notes-2315.html">release notes</a>
+ are available online.
+</p>
+<p>
+ The 2.3.x series of the Apache Struts framework has a minimum
+ requirement of the following specification versions: Servlet API 2.4,
+ JSP API 2.0, and Java 5.
+</p>
+<p>
+ Should any issues arise with your use of any version of the Struts
+ framework, please post your comments to the user list, and, if
+ appropriate, file a tracking ticket.
+</p>
+
+<h4 id="a20130603">3 June 2013 - Struts 2.3.14.3 General Availability Release - Security Fix Release</h4>
+<p>
+ The Apache Struts group is pleased to announce that Struts 2.3.14.3 is
+ available as a "General Availability" release. The GA designation is our
+ highest quality grade.
+</p>
+<p>
+ Apache Struts 2 is an elegant, extensible framework for creating
+ enterprise-ready Java web applications. The framework is designed to
+ streamline the full development cycle, from building, to deploying, to
+ maintaining applications over time.
+</p>
+<p>
+ A highly critical security vulnerability was resolved in this release:
+ <ul>
+ <li>
+ <a href="http://struts.apache.org/release/2.3.x/docs/s2-015.html">S2-015</a>
+ - A vulnerability introduced by wildcard matching mechanism or double evaluation of OGNL Expression allows remote
+ command execution
+ </li>
+ </ul>
+</p>
+<p>
+ <strong>All developers are strongly advised to update existing Struts 2 applications to Struts 2.3.14.3
+ immediately.</strong>
+</p>
+<p>
+ Struts 2.3.14.2 is available in a full distribution or as separate library, source, example and documentation
+ distributions, from the
+ <a href="http://struts.apache.org/download.cgi#struts23143">releases page</a>.
+ The release is also available through the central Maven repository under Group ID "org.apache.struts". The
+ <a href="http://struts.apache.org/release/2.3.x/docs/version-notes-23143.html">release notes</a>
+ are available online.
+</p>
+<p>
+ The 2.3.x series of the Apache Struts framework has a minimum
+ requirement of the following specification versions: Servlet API 2.4,
+ JSP API 2.0, and Java 5.
+</p>
+<p>
+ Should any issues arise with your use of any version of the Struts
+ framework, please post your comments to the user list, and, if
+ appropriate, file a tracking ticket.
+</p>
+
+<h4 id="a20130526">26 May 2013 - Struts 2.3.14.2 General Availability Release - Security Fix Release</h4>
+<p>
+ The Apache Struts group is pleased to announce that Struts 2.3.14.2 is
+ available as a "General Availability" release. The GA designation is our
+ highest quality grade.
+</p>
+<p>
+ Apache Struts 2 is an elegant, extensible framework for creating
+ enterprise-ready Java web applications. The framework is designed to
+ streamline the full development cycle, from building, to deploying, to
+ maintaining applications over time.
+</p>
+<p>
+ A highly critical security vulnerability was resolved in this release:
+ <ul>
+ <li>
+ <a href="http://struts.apache.org/release/2.3.x/docs/s2-014.html">S2-014</a> - A vulnerability introduced by forcing
+ parameter inclusion in the URL and Anchor Tag allows remote command execution, session access and manipulation and
+ XSS attacks
+ </li>
+ </ul>
+</p>
+<p>
+ <strong>All developers are strongly advised to update existing Struts 2 applications to Struts 2.3.14.2
+ immediately.</strong>
+</p>
+<p>
+ Struts 2.3.14.2 is available in a full distribution or as separate library, source, example and documentation
+ distributions, from the
+ <a href="http://struts.apache.org/download.cgi#struts23142">releases page</a>.
+ The release is also available through the central Maven repository under Group ID "org.apache.struts". The
+ <a href="http://struts.apache.org/release/2.3.x/docs/version-notes-23142.html">release notes</a>
+ are available online.
+</p>
+<p>
+ The 2.3.x series of the Apache Struts framework has a minimum
+ requirement of the following specification versions: Servlet API 2.4,
+ JSP API 2.0, and Java 5.
+</p>
+<p>
+ Should any issues arise with your use of any version of the Struts
+ framework, please post your comments to the user list, and, if
+ appropriate, file a tracking ticket.
+</p>
+
+<h4 id="a20130522">22 May 2013 - Struts 2.3.14.1 General Availability Release</h4>
+<p>
+ The Apache Struts group is pleased to announce that Struts 2.3.14.1 is
+ available as a "General Availability" release. The GA designation is our
+ highest quality grade.
+</p>
+<p>
+ Apache Struts 2 is an elegant, extensible framework for creating
+ enterprise-ready Java web applications. The framework is designed to
+ streamline the full development cycle, from building, to deploying, to
+ maintaining applications over time.
+</p>
+<p>
+ Two security issues were solved with this release:
+ <ul>
+ <li>
+ Showcase app vulnerability allows remote command execution
+ </li>
+ <li>
+ A vulnerability, present in the includeParams attribute of the URL and Anchor Tag, allows remote command execution
+ </li>
+ </ul>
+</p>
+<p>
+ All developers are strongly advised to update existing Struts 2 applications to Struts 2.3.14.1.
+</p>
+<p>
+ Struts 2.3.14.1 is available in a full distribution or as separate library, source, example and documentation
+ distributions, from the
+ <a href="http://struts.apache.org/download.cgi#struts23141">releases page</a>.
+ The release is also available through the central Maven repository under Group ID "org.apache.struts". The
+ <a href="http://struts.apache.org/development/2.x/docs/version-notes-23141.html">release notes</a>
+ are available online.
+</p>
+<p>
+ The 2.3.x series of the Apache Struts framework has a minimum
+ requirement of the following specification versions: Servlet API 2.4,
+ JSP API 2.0, and Java 5.
+</p>
+<p>
+ Should any issues arise with your use of any version of the Struts
+ framework, please post your comments to the user list, and, if
+ appropriate, file a tracking ticket.
+</p>
+
+<h4 id="a20130411">11 April 2013 - Struts 2.3.14 General Availability Release</h4>
+<p>
+ The Apache Struts group is pleased to announce that Struts 2.3.14 is
+ available as a "General Availability" release. The GA designation is our
+ highest quality grade.
+</p>
+<p>
+ Apache Struts 2 is an elegant, extensible framework for creating
+ enterprise-ready Java web applications. The framework is designed to
+ streamline the full development cycle, from building, to deploying, to
+ maintaining applications over time.
+</p>
+<p>
+ It's a mostly maintenance release but few important improvements were added as well:
+ <ul>
+ <li>All the annotations related to validators were updated to match the implementing classes</li>
+ <li>The JUnit plugin supports now the Convention plugin configuration (check StrutsJUnit4ConventionTestCaseTest)</li>
+ <li>Logging support was improved and extended to allow use user custom implementation of LoggingFactory</li>
+ </ul>
+Please check the Version Notes to see more details.
+</p>
+<p>
+ All developers are recommended to update existing Struts 2 applications to Struts 2.3.14.
+</p>
+<p>
+ Struts 2.3.14 is available in a full distribution or as separate library, source, example and documentation
+ distributions, from the
+ <a href="http://struts.apache.org/download.cgi#struts2314">releases page</a>.
+ The release is also available through the central Maven repository under Group ID "org.apache.struts". The
+ <a href="http://struts.apache.org/development/2.x/docs/version-notes-2314.html">release notes</a>
+ are available online.
+</p>
+<p>
+ The 2.3.x series of the Apache Struts framework has a minimum
+ requirement of the following specification versions: Servlet API 2.4,
+ JSP API 2.0, and Java 5.
+</p>
+<p>
+ Should any issues arise with your use of any version of the Struts
+ framework, please post your comments to the user list, and, if
+ appropriate, file a tracking ticket.
+</p>
+
+<h4 id="a20130405">5 April 2013 - Apache Struts 1 End-Of-Life (EOL) Announcement</h4>
+<p>
+ The Apache Struts Project Team would like to inform you that the Struts 1.x web framework has
+ reached its end of life and is no longer officially supported.
+</p>
+<p>
+ Please check the following readings to find more details.
+ <ul>
+ <li><a href="struts1eol-announcement.html">Apache Struts 1 EOL Announcement</a>, including a detailed Q/A section</li>
+ <li><a href="struts1eol-press.html">Apache Struts 1 EOL Press Release</a></li>
+ </ul>
+</p>
+
+<h4 id="a20130306">6 March 2013 - Struts 2.3.12 General Availability Release</h4>
+<p>
+ The Apache Struts group is pleased to announce that Struts 2.3.12 is
+ available as a "General Availability" release. The GA designation is our
+ highest quality grade.
+</p>
+<p>
+ Apache Struts 2 is an elegant, extensible framework for creating
+ enterprise-ready Java web applications. The framework is designed to
+ streamline the full development cycle, from building, to deploying, to
+ maintaining applications over time.
+</p>
+<p>
+ It's a mostly maintenance release but few important improvements were added as well:
+ <ul>
+ <li>All validators were refactored and right now parameters can be set via OGNL also parameter parse was removed</li>
+ <li>Tag's required attribute was renamed to requiredLabel to allow support of Html5 required attribute in the tags
+ </li>
+ <li>New Tiles 3 plugin was added to support Tiles 3 result type</li>
+ <li>Support for JBoss 5 to work with the Convention Plugin was improved</li>
+ </ul>
+Please check the Version Notes to see more details.
+</p>
+<p>
+ All developers are recommended to update existing Struts 2 applications to Struts 2.3.12.
+</p>
+<p>
+ Struts 2.3.12 is available in a full distribution or as separate library, source, example and documentation
+ distributions, from the
+ <a href="http://struts.apache.org/download.cgi#struts2312">releases page</a>.
+ The release is also available through the central Maven repository under Group ID "org.apache.struts". The
+ <a href="http://struts.apache.org/development/2.x/docs/version-notes-2312.html">release notes</a>
+ are available online.
+</p>
+<p>
+ The 2.3.x series of the Apache Struts framework has a minimum
+ requirement of the following specification versions: Servlet API 2.4,
+ JSP API 2.0, and Java 5.
+</p>
+<p>
+ Should any issues arise with your use of any version of the Struts
+ framework, please post your comments to the user list, and, if
+ appropriate, file a tracking ticket.
+</p>
+
+<p class="pull-right">
+ Skip to: <a href="announce-2012.html">Announcements - 2012</a>
+</p>
+
+<p class="pull-left">
+ <strong>Next:</strong>
+ <a href="kickstart.html">Kickstart FAQ</a>
+</p>
+
+ </section>
+</article>
+
+ <hr/>
+<footer class="container">
+ <div class="row col-md-12 text-center">
+ Copyright © 2000-2014 <a href="http://www.apache.org/">The Apache Software Foundation</a>. All Rights Reserved.
+ </div>
+ <div class="row col-md-12 text-center">
+ Apache Struts, Struts, Apache, the Apache feather logo, and the Apache Struts
+ project logos are trademarks of The Apache Software Foundation.
+ </div>
+</footer>
+
+
+</body>
+</html>
Added: struts/site/branches/jekyll-powered/source/announce.html
URL: http://svn.apache.org/viewvc/struts/site/branches/jekyll-powered/source/announce.html?rev=1566267&view=auto
==============================================================================
--- struts/site/branches/jekyll-powered/source/announce.html (added)
+++ struts/site/branches/jekyll-powered/source/announce.html Sun Feb 9 10:23:31 2014
@@ -0,0 +1,495 @@
+---
+layout: default
+title: Announcements
+---
+
+<h1>Announcements</h1>
+<p class="pull-right">
+ Skip to: <a href="announce-2012.html">Announcements - 2012</a>
+</p>
+
+<h4 id="a20131208">8 December 2013 - Struts 2.3.16 General Availability Release - Maintenance Release</h4>
+<p>
+ The Apache Struts group is pleased to announce that Struts 2.3.16 is
+ available as a "General Availability" release. The GA designation is our
+ highest quality grade.
+</p>
+<p>
+ Apache Struts 2 is an elegant, extensible framework for creating
+ enterprise-ready Java web applications. The framework is designed to
+ streamline the full development cycle, from building, to deploying, to
+ maintaining applications over time.
+</p>
+<p>
+ This release contains many important improvements and doze of other small fixes, to light just few:
+ <ul>
+ <li>Merged security fix from version 2.3.15.1, 2.3.15.2 and 2.3.15.3</li>
+ <li>Solved problem with global "error" result in the Convention Plugin</li>
+ <li>The action: and method: prefixes are be by default excluded and changed order to first check
+ excludeParams and then acceptedParams in ParametersInterceptor
+ </li>
+ <li>Restored previous behaviour where both ParametersInterceptor AND ParameterNameAware must accept
+ parameter - there is no more precedence
+ </li>
+ <li>Added proper support for multiple ActionMapper's used with PrefixBasedActionMapper</li>
+ <li>Solved problem with creating empty map entries via Ognl</li>
+ <li>... and many more, please check the Version Notes</li>
+ </ul>
+</p>
+<p>
+ All developers are strongly advised to update existing Struts 2 applications to Struts 2.3.16.
+</p>
+<p>
+ Struts 2.3.16 is available in a full distribution or as separate library, source, example
+ and documentation distributions, from the
+ <a href="http://struts.apache.org/download.cgi#struts2316">releases page</a>.
+ The release is also available through the central Maven repository under Group ID "org.apache.struts".
+ The <a href="http://struts.apache.org/release/2.3.x/docs/version-notes-2316.html">version notes</a>
+ are available online.
+</p>
+<p>
+ The 2.3.x series of the Apache Struts framework has a minimum
+ requirement of the following specification versions: Servlet API 2.4,
+ JSP API 2.0, and Java 5.
+</p>
+<p>
+ Should any issues arise with your use of any version of the Struts
+ framework, please post your comments to the user list, and, if
+ appropriate, file a tracking ticket.
+</p>
+
+<h4 id="a20131015">15 October 2013 - Struts 2.3.15.3 General Availability Release - Security Fix Release</h4>
+<p>
+ The Apache Struts group is pleased to announce that Struts 2.3.15.3 is
+ available as a "General Availability" release. The GA designation is our
+ highest quality grade.
+</p>
+<p>
+ Apache Struts 2 is an elegant, extensible framework for creating
+ enterprise-ready Java web applications. The framework is designed to
+ streamline the full development cycle, from building, to deploying, to
+ maintaining applications over time.
+</p>
+<p>
+ One security issue was solved with this release:
+ <ul>
+ <li>
+ <a href="http://struts.apache.org/release/2.3.x/docs/s2-018.html">S2-018</a>
+ - Broken Access Control Vulnerability in Apache Struts2
+ </li>
+ <li>
+ and proper support for action: prefix was restored.
+ </li>
+ </ul>
+</p>
+<p>
+ All developers are strongly advised to update existing Struts 2 applications to Struts 2.3.15.3.
+</p>
+<p>
+ Struts 2.3.15.3 is available in a full distribution or as separate library, source, example and documentation
+ distributions, from the
+ <a href="http://struts.apache.org/download.cgi#struts23153">releases page</a>.
+ The release is also available through the central Maven repository under Group ID "org.apache.struts". The
+ <a href="http://struts.apache.org/release/2.3.x/docs/version-notes-23153.html">release notes</a>
+ are available online.
+</p>
+<p>
+ The 2.3.x series of the Apache Struts framework has a minimum
+ requirement of the following specification versions: Servlet API 2.4,
+ JSP API 2.0, and Java 5.
+</p>
+<p>
+ Should any issues arise with your use of any version of the Struts
+ framework, please post your comments to the user list, and, if
+ appropriate, file a tracking ticket.
+</p>
+
+<h4 id="a20130920">20 September 2013 - Struts 2.3.15.2 General Availability Release - Security Fix Release</h4>
+<p>
+ The Apache Struts group is pleased to announce that Struts 2.3.15.2 is
+ available as a "General Availability" release. The GA designation is our
+ highest quality grade.
+</p>
+<p>
+ Apache Struts 2 is an elegant, extensible framework for creating
+ enterprise-ready Java web applications. The framework is designed to
+ streamline the full development cycle, from building, to deploying, to
+ maintaining applications over time.
+</p>
+<p>
+ Two security issues were solved with this release:
+ <ul>
+ <li>
+ <a href="http://struts.apache.org/release/2.3.x/docs/s2-018.html">S2-018</a>
+ - Broken Access Control Vulnerability in Apache Struts2
+ </li>
+ <li>
+ <a href="http://struts.apache.org/release/2.3.x/docs/s2-019.html">S2-019</a>
+ - Dynamic Method Invocation disabled by default
+ </li>
+ </ul>
+</p>
+<p>
+ All developers are strongly advised to update existing Struts 2 applications to Struts 2.3.15.2.
+</p>
+<p>
+ Struts 2.3.15.2 is available in a full distribution or as separate library, source, example and documentation
+ distributions, from the
+ <a href="http://struts.apache.org/download.cgi#struts23152">releases page</a>.
+ The release is also available through the central Maven repository under Group ID "org.apache.struts". The
+ <a href="http://struts.apache.org/release/2.3.x/docs/version-notes-23152.html">release notes</a>
+ are available online.
+</p>
+<p>
+ The 2.3.x series of the Apache Struts framework has a minimum
+ requirement of the following specification versions: Servlet API 2.4,
+ JSP API 2.0, and Java 5.
+</p>
+<p>
+ Should any issues arise with your use of any version of the Struts
+ framework, please post your comments to the user list, and, if
+ appropriate, file a tracking ticket.
+</p>
+
+<h4 id="a20130716">16 July 2013 - Struts 2.3.15.1 General Availability Release - Security Fix Release</h4>
+<p>
+ The Apache Struts group is pleased to announce that Struts 2.3.15.1 is
+ available as a "General Availability" release. The GA designation is our
+ highest quality grade.
+</p>
+<p>
+ Apache Struts 2 is an elegant, extensible framework for creating
+ enterprise-ready Java web applications. The framework is designed to
+ streamline the full development cycle, from building, to deploying, to
+ maintaining applications over time.
+</p>
+<p>
+ Two security issues were solved with this release:
+ <ul>
+ <li>
+ <a href="http://struts.apache.org/release/2.3.x/docs/s2-016.html">S2-016</a>
+ - Remote code execution vulnerability when using short-circuit navigation
+ parameter prefixes
+ </li>
+ <li>
+ <a href="http://struts.apache.org/release/2.3.x/docs/s2-017.html">S2-017</a>
+ - Open redirect vulnerability when using short-circuit redirect
+ parameter prefixes
+ </li>
+ </ul>
+</p>
+<p>
+ All developers are strongly advised to update existing Struts 2 applications to Struts 2.3.15.1.
+</p>
+<p>
+ Struts 2.3.15.1 is available in a full distribution or as separate library, source, example and documentation
+ distributions, from the
+ <a href="http://struts.apache.org/download.cgi#struts23151">releases page</a>.
+ The release is also available through the central Maven repository under Group ID "org.apache.struts". The
+ <a href="http://struts.apache.org/release/2.3.x/docs/version-notes-23151.html">release notes</a>
+ are available online.
+</p>
+<p>
+ The 2.3.x series of the Apache Struts framework has a minimum
+ requirement of the following specification versions: Servlet API 2.4,
+ JSP API 2.0, and Java 5.
+</p>
+<p>
+ Should any issues arise with your use of any version of the Struts
+ framework, please post your comments to the user list, and, if
+ appropriate, file a tracking ticket.
+</p>
+
+<h4 id="a20130622">22 June 2013 - Struts 2.3.15 General Availability Release</h4>
+<p>
+ The Apache Struts group is pleased to announce that Struts 2.3.15 is
+ available as a "General Availability" release. The GA designation is our
+ highest quality grade.
+</p>
+<p>
+ Apache Struts 2 is an elegant, extensible framework for creating
+ enterprise-ready Java web applications. The framework is designed to
+ streamline the full development cycle, from building, to deploying, to
+ maintaining applications over time.
+</p>
+<p>
+ It's a mostly maintenance release but few important improvements were added as well:
+ <ul>
+ <li>Merged security fix from version 2.3.14.1, 2.3.14.2 and 2.3.14.3</li>
+ <li>Resolved problem with memory leak in ContainerHolder</li>
+ <li>Resolved bug related to struts.convention.action.includeJars</li>
+ <li>Improved OSGi support to allow work in Glassfish 3</li>
+ <li>Added support to create cookies from whitin an action</li>
+ <li>New interface - ValidationAware - was added to allow notify actions when there are action/field
+ errors
+ </li>
+ <li>and other small improvments</li>
+ </ul>
+Please check the Version Notes to see more details.
+</p>
+<p>
+ All developers are recommended to update existing Struts 2 applications to Struts 2.3.15.
+</p>
+<p>
+ Struts 2.3.15 is available in a full distribution or as separate library, source, example and documentation
+ distributions, from the
+ <a href="http://struts.apache.org/download.cgi#struts2315">releases page</a>.
+ The release is also available through the central Maven repository under Group ID "org.apache.struts". The
+ <a href="http://struts.apache.org/development/2.x/docs/version-notes-2315.html">release notes</a>
+ are available online.
+</p>
+<p>
+ The 2.3.x series of the Apache Struts framework has a minimum
+ requirement of the following specification versions: Servlet API 2.4,
+ JSP API 2.0, and Java 5.
+</p>
+<p>
+ Should any issues arise with your use of any version of the Struts
+ framework, please post your comments to the user list, and, if
+ appropriate, file a tracking ticket.
+</p>
+
+<h4 id="a20130603">3 June 2013 - Struts 2.3.14.3 General Availability Release - Security Fix Release</h4>
+<p>
+ The Apache Struts group is pleased to announce that Struts 2.3.14.3 is
+ available as a "General Availability" release. The GA designation is our
+ highest quality grade.
+</p>
+<p>
+ Apache Struts 2 is an elegant, extensible framework for creating
+ enterprise-ready Java web applications. The framework is designed to
+ streamline the full development cycle, from building, to deploying, to
+ maintaining applications over time.
+</p>
+<p>
+ A highly critical security vulnerability was resolved in this release:
+ <ul>
+ <li>
+ <a href="http://struts.apache.org/release/2.3.x/docs/s2-015.html">S2-015</a>
+ - A vulnerability introduced by wildcard matching mechanism or double evaluation of OGNL Expression allows remote
+ command execution
+ </li>
+ </ul>
+</p>
+<p>
+ <strong>All developers are strongly advised to update existing Struts 2 applications to Struts 2.3.14.3
+ immediately.</strong>
+</p>
+<p>
+ Struts 2.3.14.2 is available in a full distribution or as separate library, source, example and documentation
+ distributions, from the
+ <a href="http://struts.apache.org/download.cgi#struts23143">releases page</a>.
+ The release is also available through the central Maven repository under Group ID "org.apache.struts". The
+ <a href="http://struts.apache.org/release/2.3.x/docs/version-notes-23143.html">release notes</a>
+ are available online.
+</p>
+<p>
+ The 2.3.x series of the Apache Struts framework has a minimum
+ requirement of the following specification versions: Servlet API 2.4,
+ JSP API 2.0, and Java 5.
+</p>
+<p>
+ Should any issues arise with your use of any version of the Struts
+ framework, please post your comments to the user list, and, if
+ appropriate, file a tracking ticket.
+</p>
+
+<h4 id="a20130526">26 May 2013 - Struts 2.3.14.2 General Availability Release - Security Fix Release</h4>
+<p>
+ The Apache Struts group is pleased to announce that Struts 2.3.14.2 is
+ available as a "General Availability" release. The GA designation is our
+ highest quality grade.
+</p>
+<p>
+ Apache Struts 2 is an elegant, extensible framework for creating
+ enterprise-ready Java web applications. The framework is designed to
+ streamline the full development cycle, from building, to deploying, to
+ maintaining applications over time.
+</p>
+<p>
+ A highly critical security vulnerability was resolved in this release:
+ <ul>
+ <li>
+ <a href="http://struts.apache.org/release/2.3.x/docs/s2-014.html">S2-014</a> - A vulnerability introduced by forcing
+ parameter inclusion in the URL and Anchor Tag allows remote command execution, session access and manipulation and
+ XSS attacks
+ </li>
+ </ul>
+</p>
+<p>
+ <strong>All developers are strongly advised to update existing Struts 2 applications to Struts 2.3.14.2
+ immediately.</strong>
+</p>
+<p>
+ Struts 2.3.14.2 is available in a full distribution or as separate library, source, example and documentation
+ distributions, from the
+ <a href="http://struts.apache.org/download.cgi#struts23142">releases page</a>.
+ The release is also available through the central Maven repository under Group ID "org.apache.struts". The
+ <a href="http://struts.apache.org/release/2.3.x/docs/version-notes-23142.html">release notes</a>
+ are available online.
+</p>
+<p>
+ The 2.3.x series of the Apache Struts framework has a minimum
+ requirement of the following specification versions: Servlet API 2.4,
+ JSP API 2.0, and Java 5.
+</p>
+<p>
+ Should any issues arise with your use of any version of the Struts
+ framework, please post your comments to the user list, and, if
+ appropriate, file a tracking ticket.
+</p>
+
+<h4 id="a20130522">22 May 2013 - Struts 2.3.14.1 General Availability Release</h4>
+<p>
+ The Apache Struts group is pleased to announce that Struts 2.3.14.1 is
+ available as a "General Availability" release. The GA designation is our
+ highest quality grade.
+</p>
+<p>
+ Apache Struts 2 is an elegant, extensible framework for creating
+ enterprise-ready Java web applications. The framework is designed to
+ streamline the full development cycle, from building, to deploying, to
+ maintaining applications over time.
+</p>
+<p>
+ Two security issues were solved with this release:
+ <ul>
+ <li>
+ Showcase app vulnerability allows remote command execution
+ </li>
+ <li>
+ A vulnerability, present in the includeParams attribute of the URL and Anchor Tag, allows remote command execution
+ </li>
+ </ul>
+</p>
+<p>
+ All developers are strongly advised to update existing Struts 2 applications to Struts 2.3.14.1.
+</p>
+<p>
+ Struts 2.3.14.1 is available in a full distribution or as separate library, source, example and documentation
+ distributions, from the
+ <a href="http://struts.apache.org/download.cgi#struts23141">releases page</a>.
+ The release is also available through the central Maven repository under Group ID "org.apache.struts". The
+ <a href="http://struts.apache.org/development/2.x/docs/version-notes-23141.html">release notes</a>
+ are available online.
+</p>
+<p>
+ The 2.3.x series of the Apache Struts framework has a minimum
+ requirement of the following specification versions: Servlet API 2.4,
+ JSP API 2.0, and Java 5.
+</p>
+<p>
+ Should any issues arise with your use of any version of the Struts
+ framework, please post your comments to the user list, and, if
+ appropriate, file a tracking ticket.
+</p>
+
+<h4 id="a20130411">11 April 2013 - Struts 2.3.14 General Availability Release</h4>
+<p>
+ The Apache Struts group is pleased to announce that Struts 2.3.14 is
+ available as a "General Availability" release. The GA designation is our
+ highest quality grade.
+</p>
+<p>
+ Apache Struts 2 is an elegant, extensible framework for creating
+ enterprise-ready Java web applications. The framework is designed to
+ streamline the full development cycle, from building, to deploying, to
+ maintaining applications over time.
+</p>
+<p>
+ It's a mostly maintenance release but few important improvements were added as well:
+ <ul>
+ <li>All the annotations related to validators were updated to match the implementing classes</li>
+ <li>The JUnit plugin supports now the Convention plugin configuration (check StrutsJUnit4ConventionTestCaseTest)</li>
+ <li>Logging support was improved and extended to allow use user custom implementation of LoggingFactory</li>
+ </ul>
+Please check the Version Notes to see more details.
+</p>
+<p>
+ All developers are recommended to update existing Struts 2 applications to Struts 2.3.14.
+</p>
+<p>
+ Struts 2.3.14 is available in a full distribution or as separate library, source, example and documentation
+ distributions, from the
+ <a href="http://struts.apache.org/download.cgi#struts2314">releases page</a>.
+ The release is also available through the central Maven repository under Group ID "org.apache.struts". The
+ <a href="http://struts.apache.org/development/2.x/docs/version-notes-2314.html">release notes</a>
+ are available online.
+</p>
+<p>
+ The 2.3.x series of the Apache Struts framework has a minimum
+ requirement of the following specification versions: Servlet API 2.4,
+ JSP API 2.0, and Java 5.
+</p>
+<p>
+ Should any issues arise with your use of any version of the Struts
+ framework, please post your comments to the user list, and, if
+ appropriate, file a tracking ticket.
+</p>
+
+<h4 id="a20130405">5 April 2013 - Apache Struts 1 End-Of-Life (EOL) Announcement</h4>
+<p>
+ The Apache Struts Project Team would like to inform you that the Struts 1.x web framework has
+ reached its end of life and is no longer officially supported.
+</p>
+<p>
+ Please check the following readings to find more details.
+ <ul>
+ <li><a href="struts1eol-announcement.html">Apache Struts 1 EOL Announcement</a>, including a detailed Q/A section</li>
+ <li><a href="struts1eol-press.html">Apache Struts 1 EOL Press Release</a></li>
+ </ul>
+</p>
+
+<h4 id="a20130306">6 March 2013 - Struts 2.3.12 General Availability Release</h4>
+<p>
+ The Apache Struts group is pleased to announce that Struts 2.3.12 is
+ available as a "General Availability" release. The GA designation is our
+ highest quality grade.
+</p>
+<p>
+ Apache Struts 2 is an elegant, extensible framework for creating
+ enterprise-ready Java web applications. The framework is designed to
+ streamline the full development cycle, from building, to deploying, to
+ maintaining applications over time.
+</p>
+<p>
+ It's a mostly maintenance release but few important improvements were added as well:
+ <ul>
+ <li>All validators were refactored and right now parameters can be set via OGNL also parameter parse was removed</li>
+ <li>Tag's required attribute was renamed to requiredLabel to allow support of Html5 required attribute in the tags
+ </li>
+ <li>New Tiles 3 plugin was added to support Tiles 3 result type</li>
+ <li>Support for JBoss 5 to work with the Convention Plugin was improved</li>
+ </ul>
+Please check the Version Notes to see more details.
+</p>
+<p>
+ All developers are recommended to update existing Struts 2 applications to Struts 2.3.12.
+</p>
+<p>
+ Struts 2.3.12 is available in a full distribution or as separate library, source, example and documentation
+ distributions, from the
+ <a href="http://struts.apache.org/download.cgi#struts2312">releases page</a>.
+ The release is also available through the central Maven repository under Group ID "org.apache.struts". The
+ <a href="http://struts.apache.org/development/2.x/docs/version-notes-2312.html">release notes</a>
+ are available online.
+</p>
+<p>
+ The 2.3.x series of the Apache Struts framework has a minimum
+ requirement of the following specification versions: Servlet API 2.4,
+ JSP API 2.0, and Java 5.
+</p>
+<p>
+ Should any issues arise with your use of any version of the Struts
+ framework, please post your comments to the user list, and, if
+ appropriate, file a tracking ticket.
+</p>
+
+<p class="pull-right">
+ Skip to: <a href="announce-2012.html">Announcements - 2012</a>
+</p>
+
+<p class="pull-left">
+ <strong>Next:</strong>
+ <a href="kickstart.html">Kickstart FAQ</a>
+</p>