You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@struts.apache.org by lu...@apache.org on 2016/06/17 12:25:14 UTC
[2/6] struts-site git commit: Adds notes about 2.3.29
Adds notes about 2.3.29
Project: http://git-wip-us.apache.org/repos/asf/struts-site/repo
Commit: http://git-wip-us.apache.org/repos/asf/struts-site/commit/a6afc275
Tree: http://git-wip-us.apache.org/repos/asf/struts-site/tree/a6afc275
Diff: http://git-wip-us.apache.org/repos/asf/struts-site/diff/a6afc275
Branch: refs/heads/master
Commit: a6afc2751a92ee69e8e0d4a68731847f42abd09d
Parents: 4cc16c6
Author: Lukasz Lenart <lu...@gmail.com>
Authored: Fri Jun 17 14:16:11 2016 +0200
Committer: Lukasz Lenart <lu...@gmail.com>
Committed: Fri Jun 17 14:25:04 2016 +0200
----------------------------------------------------------------------
source/announce.md | 56 +++++++++++++++-
source/download.html | 162 ++++++----------------------------------------
source/index.html | 33 +++-------
3 files changed, 84 insertions(+), 167 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/struts-site/blob/a6afc275/source/announce.md
----------------------------------------------------------------------
diff --git a/source/announce.md b/source/announce.md
index 70fa7a7..e4c62c8 100644
--- a/source/announce.md
+++ b/source/announce.md
@@ -8,6 +8,61 @@ title: Announcements
Skip to: <a href="announce-2015.html">Announcements - 2015</a>
</p>
+#### 17 June 2016 - Struts 2.3.29 General Availability with Security Fixes Release {#a20160617}
+
+The Apache Struts group is pleased to announce that Struts 2.3.29 is available as a "General Availability"
+release. The GA designation is our highest quality grade.
+
+Apache Struts 2 is an elegant, extensible framework for creating enterprise-ready Java web applications.
+The framework is designed to streamline the full development cycle, from building, to deploying,
+to maintaining applications over time.
+
+This release addresses two potential security vulnerabilities:
+
+ - [S2-035](/docs/s2-035.html)
+ Action name clean up is error prone
+
+ - [S2-036](/docs/s2-036.html)
+ Forced double OGNL evaluation, when evaluated on raw user input in tag attributes,
+ may lead to remote code execution (similar to S2-029)
+
+ - [S2-037](/docs/s2-037.html)
+ Remote Code Execution can be performed when using REST Plugin.
+
+ - [S2-038](/docs/s2-038.html)
+ It is possible to bypass token validation and perform a CSRF attack
+
+ - [S2-039](/docs/s2-039.html)
+ Getter as action method leads to security bypass
+
+ - [S2-040](/docs/s2-040.html)
+ Input validation bypass using existing default action method.
+
+ - [S2-041](/docs/s2-041.html)
+ Possible DoS attack when using URLValidator
+
+This release contains several breaking changes and improvements just to mention few of them:
+
+ - Json result type breaks
+ - MessageStorePreResultListener doesn't store messages for 3rd-party RedirectResult subclasses
+ - Multiple tiles.xml in web.xml
+ - New Tiles version can not find tiles*.xml files in sub-directories
+ - EmailValidator flags .cat emails as invalid
+ - Struts2 JSON Plugin: messages in fieldsErrors are serialized twice since jdk1.7_80
+ - Tile definition Inheritance/overriding is broken in Struts2 tiles plugin 2.3.28+
+ - `<s:submit>` generates a value attribute for type=image which violates W3C
+ - ClassCastException while generating report using Struts 2.3.28 and jasperreports 4.5.1
+
+**All developers are strongly advised to perform this action.**
+
+The 2.3.x series of the Apache Struts framework has a minimum requirement of the following specification versions:
+Servlet API 2.4, JSP API 2.0, and Java 6.
+
+Should any issues arise with your use of any version of the Struts framework, please post your comments
+to the user list, and, if appropriate, file a tracking ticket.
+
+You can download this version from our [download](download.html#struts-ga) page.
+
#### 1 June 2016 - Two security vulnerabilities reported {#a20160601}
Two potential security vulnerabilities were reported which were already addressed in the latest Apache Struts 2 versions.
@@ -146,7 +201,6 @@ This release addresses three potential security vulnerabilities:
**All developers are strongly advised to perform this action.**
-
This release contains several breaking changes and improvements just to mention few of them:
- New Configurationprovider type was introduced - ServletContextAwareConfigurationProvider, see WW-4410
http://git-wip-us.apache.org/repos/asf/struts-site/blob/a6afc275/source/download.html
----------------------------------------------------------------------
diff --git a/source/download.html b/source/download.html
index 36d03d1..e00d546 100644
--- a/source/download.html
+++ b/source/download.html
@@ -139,20 +139,20 @@ title: Download a Release
</ul>
-<a class="anchor" name="struts23281"></a>
-<h2>Struts 2.3.28.1</h2>
+<a class="anchor" name="struts2329"></a>
+<h2>Struts 2.3.29</h2>
<ul>
<li>
- <a href="http://struts.apache.org/docs/version-notes-23281.html">Version Notes</a>
+ <a href="http://struts.apache.org/docs/version-notes-2329.html">Version Notes</a>
</li>
<li>Full Distribution:
<ul>
<li>
- <a href="[preferred]struts/2.3.28.1/struts-2.3.28.1-all.zip">struts-2.3.28.1-all.zip</a> (65MB)
- [<a href="http://www.apache.org/dist/struts/2.3.28.1/struts-2.3.28.1-all.zip.asc">PGP</a>]
- [<a href="http://www.apache.org/dist/struts/2.3.28.1/struts-2.3.28.1-all.zip.md5">MD5</a>]
+ <a href="[preferred]struts/2.3.29/struts-2.3.29-all.zip">struts-2.3.29-all.zip</a> (65MB)
+ [<a href="http://www.apache.org/dist/struts/2.3.29/struts-2.3.29-all.zip.asc">PGP</a>]
+ [<a href="http://www.apache.org/dist/struts/2.3.29/struts-2.3.29-all.zip.md5">MD5</a>]
</li>
</ul>
</li>
@@ -160,9 +160,9 @@ title: Download a Release
<li>Example Applications:
<ul>
<li>
- <a href="[preferred]struts/2.3.28.1/struts-2.3.28.1-apps.zip">struts-2.3.28.1-apps.zip</a> (35MB)
- [<a href="http://www.apache.org/dist/struts/2.3.28.1/struts-2.3.28.1-apps.zip.asc">PGP</a>]
- [<a href="http://www.apache.org/dist/struts/2.3.28.1/struts-2.3.28.1-apps.zip.md5">MD5</a>]
+ <a href="[preferred]struts/2.3.29/struts-2.3.29-apps.zip">struts-2.3.29-apps.zip</a> (35MB)
+ [<a href="http://www.apache.org/dist/struts/2.3.29/struts-2.3.29-apps.zip.asc">PGP</a>]
+ [<a href="http://www.apache.org/dist/struts/2.3.29/struts-2.3.29-apps.zip.md5">MD5</a>]
</li>
</ul>
</li>
@@ -170,9 +170,9 @@ title: Download a Release
<li>Essential Dependencies Only:
<ul>
<li>
- <a href="[preferred]struts/2.3.28.1/struts-2.3.28.1-min-lib.zip">struts-2.3.28.1-min-lib.zip</a> (4MB)
- [<a href="http://www.apache.org/dist/struts/2.3.28.1/struts-2.3.28.1-min-lib.zip.asc">PGP</a>]
- [<a href="http://www.apache.org/dist/struts/2.3.28.1/struts-2.3.28.1-min-lib.zip.md5">MD5</a>]
+ <a href="[preferred]struts/2.3.29/struts-2.3.29-min-lib.zip">struts-2.3.29-min-lib.zip</a> (4MB)
+ [<a href="http://www.apache.org/dist/struts/2.3.29/struts-2.3.29-min-lib.zip.asc">PGP</a>]
+ [<a href="http://www.apache.org/dist/struts/2.3.29/struts-2.3.29-min-lib.zip.md5">MD5</a>]
</li>
</ul>
</li>
@@ -180,9 +180,9 @@ title: Download a Release
<li>All Dependencies:
<ul>
<li>
- <a href="[preferred]struts/2.3.28.1/struts-2.3.28.1-lib.zip">struts-2.3.28.1-lib.zip</a> (19MB)
- [<a href="http://www.apache.org/dist/struts/2.3.28.1/struts-2.3.28.1-lib.zip.asc">PGP</a>]
- [<a href="http://www.apache.org/dist/struts/2.3.28.1/struts-2.3.28.1-lib.zip.md5">MD5</a>]
+ <a href="[preferred]struts/2.3.29/struts-2.3.29-lib.zip">struts-2.3.29-lib.zip</a> (19MB)
+ [<a href="http://www.apache.org/dist/struts/2.3.29/struts-2.3.29-lib.zip.asc">PGP</a>]
+ [<a href="http://www.apache.org/dist/struts/2.3.29/struts-2.3.29-lib.zip.md5">MD5</a>]
</li>
</ul>
</li>
@@ -190,9 +190,9 @@ title: Download a Release
<li>Documentation:
<ul>
<li>
- <a href="[preferred]struts/2.3.28.1/struts-2.3.28.1-docs.zip">struts-2.3.28.1-docs.zip</a> (13MB)
- [<a href="http://www.apache.org/dist/struts/2.3.28.1/struts-2.3.28.1-docs.zip.asc">PGP</a>]
- [<a href="http://www.apache.org/dist/struts/2.3.28.1/struts-2.3.28.1-docs.zip.md5">MD5</a>]
+ <a href="[preferred]struts/2.3.29/struts-2.3.29-docs.zip">struts-2.3.29-docs.zip</a> (13MB)
+ [<a href="http://www.apache.org/dist/struts/2.3.29/struts-2.3.29-docs.zip.asc">PGP</a>]
+ [<a href="http://www.apache.org/dist/struts/2.3.29/struts-2.3.29-docs.zip.md5">MD5</a>]
</li>
</ul>
</li>
@@ -200,129 +200,9 @@ title: Download a Release
<li>Source:
<ul>
<li>
- <a href="[preferred]struts/2.3.28.1/struts-2.3.28.1-src.zip">struts-2.3.28.1-src.zip</a> (7MB)
- [<a href="http://www.apache.org/dist/struts/2.3.28.1/struts-2.3.28.1-src.zip.asc">PGP</a>]
- [<a href="http://www.apache.org/dist/struts/2.3.28.1/struts-2.3.28.1-src.zip.md5">MD5</a>]
- </li>
- </ul>
- </li>
-
-</ul>
-
-<a class="anchor" name="struts23243"></a>
-<h2>Struts 2.3.24.3</h2>
-
-<ul>
- <li>
- <a href="http://struts.apache.org/docs/version-notes-23243.html">Version Notes</a>
- </li>
-
- <li>Full Distribution:
- <ul>
- <li>
- <a href="[preferred]struts/2.3.24.3/struts-2.3.24.3-all.zip">struts-2.3.24.3-all.zip</a> (65MB)
- [<a href="http://www.apache.org/dist/struts/2.3.24.3/struts-2.3.24.3-all.zip.asc">PGP</a>]
- [<a href="http://www.apache.org/dist/struts/2.3.24.3/struts-2.3.24.3-all.zip.md5">MD5</a>]
- </li>
- </ul>
- </li>
-
- <li>Example Applications:
- <ul>
- <li>
- <a href="[preferred]struts/2.3.24.3/struts-2.3.24.3-apps.zip">struts-2.3.24.3-apps.zip</a> (35MB)
- [<a href="http://www.apache.org/dist/struts/2.3.24.3/struts-2.3.24.3-apps.zip.asc">PGP</a>]
- [<a href="http://www.apache.org/dist/struts/2.3.24.3/struts-2.3.24.3-apps.zip.md5">MD5</a>]
- </li>
- </ul>
- </li>
-
- <li>All Dependencies:
- <ul>
- <li>
- <a href="[preferred]struts/2.3.24.3/struts-2.3.24.3-lib.zip">struts-2.3.24.3-lib.zip</a> (19MB)
- [<a href="http://www.apache.org/dist/struts/2.3.24.3/struts-2.3.24.3-lib.zip.asc">PGP</a>]
- [<a href="http://www.apache.org/dist/struts/2.3.24.3/struts-2.3.24.3-lib.zip.md5">MD5</a>]
- </li>
- </ul>
- </li>
-
- <li>Documentation:
- <ul>
- <li>
- <a href="[preferred]struts/2.3.24.3/struts-2.3.24.3-docs.zip">struts-2.3.24.3-docs.zip</a> (13MB)
- [<a href="http://www.apache.org/dist/struts/2.3.24.3/struts-2.3.24.3-docs.zip.asc">PGP</a>]
- [<a href="http://www.apache.org/dist/struts/2.3.24.3/struts-2.3.24.3-docs.zip.md5">MD5</a>]
- </li>
- </ul>
- </li>
-
- <li>Source:
- <ul>
- <li>
- <a href="[preferred]struts/2.3.24.3/struts-2.3.24.3-src.zip">struts-2.3.24.3-src.zip</a> (7MB)
- [<a href="http://www.apache.org/dist/struts/2.3.24.3/struts-2.3.24.3-src.zip.asc">PGP</a>]
- [<a href="http://www.apache.org/dist/struts/2.3.24.3/struts-2.3.24.3-src.zip.md5">MD5</a>]
- </li>
- </ul>
- </li>
-
-</ul>
-
-<a class="anchor" name="struts23203"></a>
-<h2>Struts 2.3.20.3</h2>
-
-<ul>
- <li>
- <a href="http://struts.apache.org/docs/version-notes-23203.html">Version Notes</a>
- </li>
-
- <li>Full Distribution:
- <ul>
- <li>
- <a href="[preferred]struts/2.3.20.3/struts-2.3.20.3-all.zip">struts-2.3.20.3-all.zip</a> (65MB)
- [<a href="http://www.apache.org/dist/struts/2.3.20.3/struts-2.3.20.3-all.zip.asc">PGP</a>]
- [<a href="http://www.apache.org/dist/struts/2.3.20.3/struts-2.3.20.3-all.zip.md5">MD5</a>]
- </li>
- </ul>
- </li>
-
- <li>Example Applications:
- <ul>
- <li>
- <a href="[preferred]struts/2.3.20.3/struts-2.3.20.3-apps.zip">struts-2.3.20.3-apps.zip</a> (35MB)
- [<a href="http://www.apache.org/dist/struts/2.3.20.3/struts-2.3.20.3-apps.zip.asc">PGP</a>]
- [<a href="http://www.apache.org/dist/struts/2.3.20.3/struts-2.3.20.3-apps.zip.md5">MD5</a>]
- </li>
- </ul>
- </li>
-
- <li>All Dependencies:
- <ul>
- <li>
- <a href="[preferred]struts/2.3.20.3/struts-2.3.20.3-lib.zip">struts-2.3.20.3-lib.zip</a> (19MB)
- [<a href="http://www.apache.org/dist/struts/2.3.20.3/struts-2.3.20.3-lib.zip.asc">PGP</a>]
- [<a href="http://www.apache.org/dist/struts/2.3.20.3/struts-2.3.20.3-lib.zip.md5">MD5</a>]
- </li>
- </ul>
- </li>
-
- <li>Documentation:
- <ul>
- <li>
- <a href="[preferred]struts/2.3.20.3/struts-2.3.20.3-docs.zip">struts-2.3.20.3-docs.zip</a> (13MB)
- [<a href="http://www.apache.org/dist/struts/2.3.20.3/struts-2.3.20.3-docs.zip.asc">PGP</a>]
- [<a href="http://www.apache.org/dist/struts/2.3.20.3/struts-2.3.20.3-docs.zip.md5">MD5</a>]
- </li>
- </ul>
- </li>
-
- <li>Source:
- <ul>
- <li>
- <a href="[preferred]struts/2.3.20.3/struts-2.3.20.3-src.zip">struts-2.3.20.3-src.zip</a> (7MB)
- [<a href="http://www.apache.org/dist/struts/2.3.20.3/struts-2.3.20.3-src.zip.asc">PGP</a>]
- [<a href="http://www.apache.org/dist/struts/2.3.20.3/struts-2.3.20.3-src.zip.md5">MD5</a>]
+ <a href="[preferred]struts/2.3.29/struts-2.3.29-src.zip">struts-2.3.29-src.zip</a> (7MB)
+ [<a href="http://www.apache.org/dist/struts/2.3.29/struts-2.3.29-src.zip.asc">PGP</a>]
+ [<a href="http://www.apache.org/dist/struts/2.3.29/struts-2.3.29-src.zip.md5">MD5</a>]
</li>
</ul>
</li>
http://git-wip-us.apache.org/repos/asf/struts-site/blob/a6afc275/source/index.html
----------------------------------------------------------------------
diff --git a/source/index.html b/source/index.html
index 97d15d5..86cd9c0 100644
--- a/source/index.html
+++ b/source/index.html
@@ -31,45 +31,28 @@ title: Welcome to the Apache Struts project
</p>
</div>
<div class="column col-md-4">
- <h2>Apache Struts {{ site.current_version }} GA</h2>
+ <h2>Apache Struts 2.3.29 GA</h2>
<p>
- Apache Struts {{ site.current_version }} GA has been released<br/>on {{ site.release_date }}.
+ It's the latest release of Struts 2.3.x,
+ read more in <a href="announce.html#a20160617">Announcement</a> or in
+ <a href="/docs/version-notes-2329.html">Version notes</a>
</p>
- Read more in <a href="announce.html#a{{ site.release_date_short }}">Announcement</a> or in
- <a href="/docs/version-notes-{{ site.current_version_short }}.html">Version notes</a>
</div>
<div class="column col-md-4">
- <h2>Apache Struts 2.3.28.1 GA</h2>
+ <h2>Apache Struts {{ site.current_version }} GA</h2>
<p>
- It's the latest release of Struts 2.3.x,
- read more in <a href="announce.html#aa20160419">Announcement</a> or in
- <a href="/docs/version-notes-23281.html">Version notes</a>
+ Apache Struts {{ site.current_version }} GA has been released<br/>on {{ site.release_date }}.
</p>
+ Read more in <a href="announce.html#a{{ site.release_date_short }}">Announcement</a> or in
+ <a href="/docs/version-notes-{{ site.current_version_short }}.html">Version notes</a>
</div>
</div>
<div class="row">
<div class="column col-md-4">
- <h2>Apache Struts 2.3.20.3 & 2.3.24.3</h2>
- <p>
- We have released two older versions of Apache Struts which contain the latest security fixes.
- Please read announcement for <a href="announce.html#a20160419-1">2.3.20.3 & 2.3.24.3</a>
- and version notes for <a href="/docs/version-notes-23203.html">2.3.20.3</a> and
- <a href="/docs/version-notes-23243.html">2.3.24.3</a>.
- </p>
</div>
<div class="column col-md-4">
- <h2>Security Bulletin S2-033 & S2-034</h2>
- <p>
- Two new Security Bulletins were published, please read more in the
- <a href="announce.html#a20160601">Announcement</a>.
- </p>
</div>
<div class="column col-md-4">
- <h2>Security Bulletin S2-032</h2>
- <p>
- A new security bulletin was published, please carefully read the
- <a href="/docs/s2-032.html">S2-032</a> bulletin.
- </p>
</div>
</div>
</div>