You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@struts.apache.org by lu...@apache.org on 2016/04/21 16:38:14 UTC
[3/4] struts-site git commit: Adds info about new versions
Adds info about new versions
Project: http://git-wip-us.apache.org/repos/asf/struts-site/repo
Commit: http://git-wip-us.apache.org/repos/asf/struts-site/commit/858bcfd0
Tree: http://git-wip-us.apache.org/repos/asf/struts-site/tree/858bcfd0
Diff: http://git-wip-us.apache.org/repos/asf/struts-site/diff/858bcfd0
Branch: refs/heads/master
Commit: 858bcfd060ac4aec7f2f6c0e44ba3a470424d5c5
Parents: 3d9321a
Author: Lukasz Lenart <lu...@gmail.com>
Authored: Thu Apr 21 16:32:48 2016 +0200
Committer: Lukasz Lenart <lu...@gmail.com>
Committed: Thu Apr 21 16:32:48 2016 +0200
----------------------------------------------------------------------
source/announce.md | 53 ++++++++++++++++++++++++++++++++++++++++++++++
source/downloads.html | 34 +++++++++++++++++++++++++++++
source/index.html | 14 ++++++------
3 files changed, 94 insertions(+), 7 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/struts-site/blob/858bcfd0/source/announce.md
----------------------------------------------------------------------
diff --git a/source/announce.md b/source/announce.md
index 93945a9..0246bb0 100644
--- a/source/announce.md
+++ b/source/announce.md
@@ -8,6 +8,59 @@ title: Announcements
Skip to: <a href="announce-2015.html">Announcements - 2015</a>
</p>
+#### 19 April 2016 - Struts 2.3.28.1 General Availability with Security Fixes Release {#a20160419}
+
+The Apache Struts group is pleased to announce that Struts 2.3.28.1 is available as a "General Availability"
+release. The GA designation is our highest quality grade.
+
+Apache Struts 2 is an elegant, extensible framework for creating enterprise-ready Java web applications.
+The framework is designed to streamline the full development cycle, from building, to deploying,
+to maintaining applications over time.
+
+This release addresses two potential security vulnerabilities:
+
+ - [S2-031](/docs/s2-031.html)
+ Possible RCE vulnerability in `XSLTResult` was fixed.
+
+ - [S2-032](/docs/s2-032.html)
+ Prevents execution of chained expressions based on new `isSequence` flag introduce in appropriated OGNL versions.
+
+**All developers are strongly advised to perform this action.**
+
+The 2.3.x series of the Apache Struts framework has a minimum requirement of the following specification versions:
+Servlet API 2.4, JSP API 2.0, and Java 6.
+
+Should any issues arise with your use of any version of the Struts framework, please post your comments
+to the user list, and, if appropriate, file a tracking ticket.
+
+#### 19 April 2016 - Struts 2.3.20.3 & 2.3.24.3 General Availability with Security Fixes Release {#a20160419-1}
+
+The Apache Struts group is pleased to announce that Struts 2.3.20.3 & Struts 2.3.24.3 are available as a "General Availability"
+releases. The GA designation is our highest quality grade.
+
+Apache Struts 2 is an elegant, extensible framework for creating enterprise-ready Java web applications.
+The framework is designed to streamline the full development cycle, from building, to deploying,
+to maintaining applications over time.
+
+This release addresses two potential security vulnerabilities:
+
+ - [S2-029](/docs/s2-029.html)
+ Forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution.
+
+ - [S2-031](/docs/s2-031.html)
+ Possible RCE vulnerability in `XSLTResult` was fixed.
+
+ - [S2-032](/docs/s2-032.html)
+ Prevents execution of chained expressions based on new `isSequence` flag introduce in appropriated OGNL versions.
+
+**All developers are strongly advised to perform this action.**
+
+The 2.3.x series of the Apache Struts framework has a minimum requirement of the following specification versions:
+Servlet API 2.4, JSP API 2.0, and Java 6.
+
+Should any issues arise with your use of any version of the Struts framework, please post your comments
+to the user list, and, if appropriate, file a tracking ticket.
+
#### 18 March 2016 - Struts 2.3.28 General Availability with Security Fix Release {#a20160318}
The Apache Struts group is pleased to announce that Struts 2.3.28 is available as a "General Availability"
http://git-wip-us.apache.org/repos/asf/struts-site/blob/858bcfd0/source/downloads.html
----------------------------------------------------------------------
diff --git a/source/downloads.html b/source/downloads.html
index b3641ff..780eb45 100644
--- a/source/downloads.html
+++ b/source/downloads.html
@@ -107,10 +107,38 @@ title: Releases
<tbody>
<tr>
<td class="no-wrap">
+ Struts 2.3.24.3
+ </td>
+ <td class="no-wrap">19 April 2016</td>
+ <td>
+ <a href="/docs/s2-030.html">S2-030</a>,
+ <a href="/docs/s2-028.html">S2-028</a>
+ </td>
+ <td>
+ <a href="/docs/version-notes-23243.html">Version notes</a>
+ </td>
+</tr>
+<tr>
+ <td class="no-wrap">
+ Struts 2.3.20.3
+ </td>
+ <td class="no-wrap">19 April 2016</td>
+ <td>
+ <a href="/docs/s2-030.html">S2-030</a>,
+ <a href="/docs/s2-028.html">S2-028</a>
+ </td>
+ <td>
+ <a href="/docs/version-notes-23203.html">Version notes</a>
+ </td>
+</tr>
+<tr>
+ <td class="no-wrap">
Struts 2.3.24.1
</td>
<td class="no-wrap">24 September 2015</td>
<td>
+ <a href="/docs/s2-032.html">S2-032</a>,
+ <a href="/docs/s2-031.html">S2-031</a>,
<a href="/docs/s2-030.html">S2-030</a>,
<a href="/docs/s2-029.html">S2-029</a>,
<a href="/docs/s2-028.html">S2-028</a>
@@ -125,6 +153,8 @@ title: Releases
</td>
<td class="no-wrap">7 May 2015</td>
<td>
+ <a href="/docs/s2-032.html">S2-032</a>,
+ <a href="/docs/s2-031.html">S2-031</a>,
<a href="/docs/s2-030.html">S2-030</a>,
<a href="/docs/s2-029.html">S2-029</a>,
<a href="/docs/s2-028.html">S2-028</a>,
@@ -140,6 +170,8 @@ title: Releases
</td>
<td class="no-wrap">6 May 2015</td>
<td>
+ <a href="/docs/s2-032.html">S2-032</a>,
+ <a href="/docs/s2-031.html">S2-031</a>,
<a href="/docs/s2-030.html">S2-030</a>,
<a href="/docs/s2-029.html">S2-029</a>,
<a href="/docs/s2-028.html">S2-028</a>,
@@ -155,6 +187,8 @@ title: Releases
</td>
<td class="no-wrap">7 December 2014</td>
<td>
+ <a href="/docs/s2-032.html">S2-032</a>,
+ <a href="/docs/s2-031.html">S2-031</a>,
<a href="/docs/s2-030.html">S2-030</a>,
<a href="/docs/s2-029.html">S2-029</a>,
<a href="/docs/s2-028.html">S2-028</a>,
http://git-wip-us.apache.org/repos/asf/struts-site/blob/858bcfd0/source/index.html
----------------------------------------------------------------------
diff --git a/source/index.html b/source/index.html
index 4184018..47dbc95 100644
--- a/source/index.html
+++ b/source/index.html
@@ -49,24 +49,24 @@ title: Welcome to the Apache Struts project
</div>
<div class="row">
<div class="column col-md-4">
- <h2>Security Bulletin S2-028</h2>
+ <h2>Apache Struts 2.3.20.3 & 2.3.24.3</h2>
<p>
- A new security bulletin was published, please carefully read the
- <a href="/docs/s2-028.html">Announcement</a>
+ We have released two older versions of Apache Struts which contain the latest security fixes.
+ Please read announcement for <a href="announce.html#a20160419-1">2.3.20.3 & 2.3.24.3</a>
</p>
</div>
<div class="column col-md-4">
- <h2>Security Bulletin S2-029</h2>
+ <h2>Security Bulletin S2-031</h2>
<p>
A new security bulletin was published, please carefully read the
- <a href="/docs/s2-029.html">Announcement</a>
+ <a href="/docs/s2-031.html">Announcement</a>
</p>
</div>
<div class="column col-md-4">
- <h2>Security Bulletin S2-030</h2>
+ <h2>Security Bulletin S2-032</h2>
<p>
A new security bulletin was published, please carefully read the
- <a href="/docs/s2-030.html">Announcement</a>
+ <a href="/docs/s2-032.html">Announcement</a>
</p>
</div>
</div>