You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@struts.apache.org by "Muthiraparambil Somasundaram, Jeril" <Je...@cba.com.au> on 2016/12/21 05:11:05 UTC
FW: Apache Struts Upgrade to version 2.3.31
Hi Lukasz/Team,
We do not use Maven. Do you think replacing struts jar file in the below location should suffice?
[cid:image004.png@01D25BA4.D2653D20]
Below is from version 2.3.31 package. Would you be able to advise which of these jar files needs to be used to replace the current one for an upgrade?
[cid:image005.png@01D25BA4.D2653D20]
Thanks,
Jeril
+61450204750
From: Lukasz Lenart [mailto:lukaszlenart@apache.org]
Sent: Friday, 2 December 2016 7:42 PM
To: Davis, Geethu <Ge...@cba.com.au>>
Cc: security@struts.apache.org<ma...@struts.apache.org>; Muthiraparambil Somasundaram, Jeril <Je...@cba.com.au>>; Kannoly, Arathy <Ar...@cba.com.au>>
Subject: Re: Apache Struts Upgrade to version 2.3.31
Hi,
It all depends how do you manage dependencies, do you use Maven or manually by putting jars in WEB-INF/lib? In most cases replacing jars should be enough. And please ask such common questions via Struts Users Mailing List <us...@struts.apache.org>> as this list is used to report and discuss security vulnerabilities.
Regards
--
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/
2016-12-02 7:01 GMT+01:00 Davis, Geethu <Ge...@cba.com.au>>:
Hi team,
Could you please help with this request?
Thanks,
Geethu
Commonwealth Bank
[ITSMO_Logo]
ITSMO, driving an Always Available Bank
Geethu Davis
TCS Equities Support
IT Service Management and Operations
Enterprise Services
P: +91 484 6189534<tel:+91%20484%20618%209534>
E Geethu.Davis@cba.com.au<ma...@cba.com.au>
Our vision is to excel at securing and enhancing the financial wellbeing of people, businesses and communities
From: Davis, Geethu
Sent: Wednesday, 30 November 2016 12:40 AM
To: 'Johannes Geppert' <jo...@apache.org>>; security@struts.apache.org<ma...@struts.apache.org>
Cc: Muthiraparambil Somasundaram, Jeril <Je...@cba.com.au>>
Subject: RE: Apache Struts Upgrade to version 2.3.31
Hi Johannes,
Thanks for the link. However, could you please provide step wise instructions for the installation?
Thanks,
Geethu
Commonwealth Bank
[ITSMO_Logo]
ITSMO, driving an Always Available Bank
Geethu Davis
TCS Equities Support
IT Service Management and Operations
Enterprise Services
P: +91 484 6189534<tel:+91%20484%20618%209534>
E Geethu.Davis@cba.com.au<ma...@cba.com.au>
Our vision is to excel at securing and enhancing the financial wellbeing of people, businesses and communities
From: Johannes Geppert [mailto:jogep@apache.org]
Sent: Tuesday, 15 November 2016 8:04 PM
To: security@struts.apache.org<ma...@struts.apache.org>; Davis, Geethu <Ge...@cba.com.au>>
Subject: Re: Apache Struts Upgrade to version 2.3.31
Hi Geethu,
Just click on the link "Version Notes" to see the release notes for this special release.
http://struts.apache.org/docs/version-notes-2331.html
Best Regards
Johannes
#################################################
web: http://www.jgeppert.com
twitter: http://twitter.com/jogep
2016-11-15 15:18 GMT+01:00 Davis, Geethu <Ge...@cba.com.au>>:
Hi Team,
One of the Windows 2008 R2 servers managed by our team has been found to have Apache Struts version 2.3.16.3 installed in it. As our security team has informed that this version has multiple security remote code execution vulnerabilities, we are planning to upgrade this to version 2.3.31.
We have downloaded the zip file from the below page. Could you please provide us with any release notes/instructions on re-installation so that we could prepare a runsheet for the same? This is to be handed over to the server support team. Any assistance is appreciated.
http://struts.apache.org/download.cgi
[cid:image002.jpg@01D24CBD.B50D8DE0]
Thanks,
Geethu
Commonwealth Bank
[ITSMO_Logo]
ITSMO, driving an Always Available Bank
Geethu Davis
TCS Equities Support
IT Service Management and Operations
Enterprise Services
P: +91 484 6189534<tel:+91%20484%20618%209534>
E Geethu.Davis@cba.com.au<ma...@cba.com.au>
Our vision is to excel at securing and enhancing the financial wellbeing of people, businesses and communities
************** IMPORTANT MESSAGE *****************************
This e-mail message is intended only for the addressee(s) and contains information which may be
confidential.
If you are not the intended recipient please advise the sender by return email, do not use or
disclose the contents, and delete the message and any attachments from your system. Unless
specifically indicated, this email does not constitute formal advice or commitment by the sender
or the Commonwealth Bank of Australia (ABN 48 123 123 124) or its subsidiaries.
We can be contacted through our web site: commbank.com.au<http://commbank.com.au>.
If you no longer wish to receive commercial electronic messages from us, please reply to this
e-mail by typing Unsubscribe in the subject line.
**************************************************************
************** IMPORTANT MESSAGE *****************************
This e-mail message is intended only for the addressee(s) and contains information which may be
confidential.
If you are not the intended recipient please advise the sender by return email, do not use or
disclose the contents, and delete the message and any attachments from your system. Unless
specifically indicated, this email does not constitute formal advice or commitment by the sender
or the Commonwealth Bank of Australia (ABN 48 123 123 124) or its subsidiaries.
We can be contacted through our web site: commbank.com.au<http://commbank.com.au>.
If you no longer wish to receive commercial electronic messages from us, please reply to this
e-mail by typing Unsubscribe in the subject line.
**************************************************************
************** IMPORTANT MESSAGE *****************************
This e-mail message is intended only for the addressee(s) and contains information which may be
confidential.
If you are not the intended recipient please advise the sender by return email, do not use or
disclose the contents, and delete the message and any attachments from your system. Unless
specifically indicated, this email does not constitute formal advice or commitment by the sender
or the Commonwealth Bank of Australia (ABN 48 123 123 124) or its subsidiaries.
We can be contacted through our web site: commbank.com.au.
If you no longer wish to receive commercial electronic messages from us, please reply to this
e-mail by typing Unsubscribe in the subject line.
**************************************************************
Re: FW: Apache Struts Upgrade to version 2.3.31
Posted by Lukasz Lenart <lu...@apache.org>.
Hi,
It looks like you want to upgrade from Struts 1 to Struts 2 which are two
totally different beasts. In such case replacing JARs won't work, you must
rewrite the web layer part.
Read these
http://struts.apache.org/docs/migration-guide.html#MigrationGuide-Struts1toStruts2
http://stackoverflow.com/questions/7817323/migration-from-struts1-to-struts2
Regards
--
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/
2016-12-21 6:11 GMT+01:00 Muthiraparambil Somasundaram, Jeril <
Jeril.Somasundaram@cba.com.au>:
> Hi Lukasz/Team,
>
>
>
> We do not use Maven. Do you think replacing struts jar file in the below
> location should suffice?
>
>
>
>
>
>
>
>
>
> Below is from version 2.3.31 package. Would you be able to advise which of
> these jar files needs to be used to replace the current one for an upgrade?
>
>
>
>
>
>
>
> Thanks,
>
> Jeril
>
> +61450204750 <+61%20450%20204%20750>
>
>
>
>
>
> *From:* Lukasz Lenart [mailto:lukaszlenart@apache.org
> <lu...@apache.org>]
> *Sent:* Friday, 2 December 2016 7:42 PM
> *To:* Davis, Geethu <Ge...@cba.com.au>
> *Cc:* security@struts.apache.org; Muthiraparambil Somasundaram, Jeril <
> Jeril.Somasundaram@cba.com.au>; Kannoly, Arathy <Arathy.Kannoly@cba.com.au
> >
> *Subject:* Re: Apache Struts Upgrade to version 2.3.31
>
>
>
> Hi,
>
>
>
> It all depends how do you manage dependencies, do you use Maven or
> manually by putting jars in WEB-INF/lib? In most cases replacing jars
> should be enough. And please ask such common questions via Struts Users
> Mailing List <us...@struts.apache.org> as this list is used to report and
> discuss security vulnerabilities.
>
>
>
>
>
> Regards
>
> --
>
> Łukasz
> + 48 606 323 122 <606%20323%20122> http://www.lenart.org.pl/
>
>
>
> 2016-12-02 7:01 GMT+01:00 Davis, Geethu <Ge...@cba.com.au>:
>
> Hi team,
>
>
>
> Could you please help with this request?
>
>
>
> Thanks,
>
> Geethu
>
> *Commonwealth* Bank
>
> [image: ITSMO_Logo]
>
> *ITSMO, driving an Always Available Bank*
>
>
>
> *Geethu Davis*
>
> *TCS Equities Support*
>
> IT Service Management and Operations
>
> Enterprise Services
>
> P: +91 484 6189534 <+91%20484%20618%209534>
>
> E Geethu.Davis@cba.com.au
>
>
>
> *Our vision is **to excel at securing and enhancing the financial
> wellbeing of people, businesses and communities*
>
>
>
> *From:* Davis, Geethu
> *Sent:* Wednesday, 30 November 2016 12:40 AM
> *To:* 'Johannes Geppert' <jo...@apache.org>; security@struts.apache.org
> *Cc:* Muthiraparambil Somasundaram, Jeril <Je...@cba.com.au>
> *Subject:* RE: Apache Struts Upgrade to version 2.3.31
>
>
>
> Hi Johannes,
>
>
>
> Thanks for the link. However, could you please provide step wise
> instructions for the installation?
>
>
>
> Thanks,
>
> Geethu
>
> *Commonwealth* Bank
>
> [image: ITSMO_Logo]
>
> *ITSMO, driving an Always Available Bank*
>
>
>
> *Geethu Davis*
>
> *TCS Equities Support*
>
> IT Service Management and Operations
>
> Enterprise Services
>
> P: +91 484 6189534 <+91%20484%20618%209534>
>
> E Geethu.Davis@cba.com.au
>
>
>
> *Our vision is **to excel at securing and enhancing the financial
> wellbeing of people, businesses and communities*
>
>
>
> *From:* Johannes Geppert [mailto:jogep@apache.org <jo...@apache.org>]
> *Sent:* Tuesday, 15 November 2016 8:04 PM
> *To:* security@struts.apache.org; Davis, Geethu <Ge...@cba.com.au>
> *Subject:* Re: Apache Struts Upgrade to version 2.3.31
>
>
>
> Hi Geethu,
>
>
>
> Just click on the link "Version Notes" to see the release notes for this
> special release.
>
>
>
> http://struts.apache.org/docs/version-notes-2331.html
>
>
>
> Best Regards
>
>
>
> Johannes
>
>
> #################################################
>
> web: http://www.jgeppert.com
>
> twitter: http://twitter.com/jogep
>
>
>
>
>
> 2016-11-15 15:18 GMT+01:00 Davis, Geethu <Ge...@cba.com.au>:
>
> Hi Team,
>
>
>
> One of the Windows 2008 R2 servers managed by our team has been found to
> have Apache Struts version 2.3.16.3 installed in it. As our security team
> has informed that this version has multiple security remote code execution
> vulnerabilities, we are planning to upgrade this to version 2.3.31.
>
>
> We have downloaded the zip file from the below page. Could you please
> provide us with any release notes/instructions on re-installation so that
> we could prepare a runsheet for the same? This is to be handed over to the
> server support team. Any assistance is appreciated.
>
>
>
> http://struts.apache.org/download.cgi
>
> [image: cid:image002.jpg@01D24CBD.B50D8DE0]
>
>
>
> Thanks,
> Geethu
>
> *Commonwealth* Bank
>
> [image: ITSMO_Logo]
>
> *ITSMO, driving an Always Available Bank*
>
>
>
> *Geethu Davis*
>
> *TCS Equities Support*
>
> IT Service Management and Operations
>
> Enterprise Services
>
> P: +91 484 6189534 <+91%20484%20618%209534>
>
> E Geethu.Davis@cba.com.au
>
>
>
> *Our vision is **to excel at securing and enhancing the financial
> wellbeing of people, businesses and communities*
>
>
>
>
> ************** IMPORTANT MESSAGE *****************************
> This e-mail message is intended only for the addressee(s) and contains
> information which may be
> confidential.
> If you are not the intended recipient please advise the sender by return
> email, do not use or
> disclose the contents, and delete the message and any attachments from
> your system. Unless
> specifically indicated, this email does not constitute formal advice or
> commitment by the sender
> or the Commonwealth Bank of Australia (ABN 48 123 123 124) or its
> subsidiaries.
> We can be contacted through our web site: commbank.com.au.
> If you no longer wish to receive commercial electronic messages from us,
> please reply to this
> e-mail by typing Unsubscribe in the subject line.
> **************************************************************
>
>
>
>
> ************** IMPORTANT MESSAGE *****************************
> This e-mail message is intended only for the addressee(s) and contains
> information which may be
> confidential.
> If you are not the intended recipient please advise the sender by return
> email, do not use or
> disclose the contents, and delete the message and any attachments from
> your system. Unless
> specifically indicated, this email does not constitute formal advice or
> commitment by the sender
> or the Commonwealth Bank of Australia (ABN 48 123 123 124) or its
> subsidiaries.
> We can be contacted through our web site: commbank.com.au.
> If you no longer wish to receive commercial electronic messages from us,
> please reply to this
> e-mail by typing Unsubscribe in the subject line.
> **************************************************************
>
>
>
>
> ************** IMPORTANT MESSAGE *****************************
> This e-mail message is intended only for the addressee(s) and contains
> information which may be
> confidential.
> If you are not the intended recipient please advise the sender by return
> email, do not use or
> disclose the contents, and delete the message and any attachments from
> your system. Unless
> specifically indicated, this email does not constitute formal advice or
> commitment by the sender
> or the Commonwealth Bank of Australia (ABN 48 123 123 124) or its
> subsidiaries.
> We can be contacted through our web site: commbank.com.au.
> If you no longer wish to receive commercial electronic messages from us,
> please reply to this
> e-mail by typing Unsubscribe in the subject line.
> **************************************************************
>
>