You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@struts.apache.org by lu...@apache.org on 2021/02/19 06:49:33 UTC
[struts-site] 01/01: Adds announcements about Security Impact Levels
This is an automated email from the ASF dual-hosted git repository.
lukaszlenart pushed a commit to branch security-impact-levels
in repository https://gitbox.apache.org/repos/asf/struts-site.git
commit e1366a10ccc714b55e48e83b791eb67a5fd0f476
Author: Lukasz Lenart <lu...@apache.org>
AuthorDate: Fri Feb 19 07:49:10 2021 +0100
Adds announcements about Security Impact Levels
---
source/{announce.md => announce-2020.md} | 0
source/announce-2021.md | 84 ++++++++++++++++++++++++++++++++
source/index.html | 6 +--
3 files changed, 87 insertions(+), 3 deletions(-)
diff --git a/source/announce.md b/source/announce-2020.md
similarity index 100%
rename from source/announce.md
rename to source/announce-2020.md
diff --git a/source/announce-2021.md b/source/announce-2021.md
new file mode 100644
index 0000000..de04eb6
--- /dev/null
+++ b/source/announce-2021.md
@@ -0,0 +1,84 @@
+---
+layout: default
+title: Announcements 2021
+---
+
+# Announcements 2021
+{:.no_toc}
+
+* Will be replaced with the ToC, excluding a header
+{:toc}
+
+<p class="pull-right">
+ Skip to: <a href="announce-2020">Announcements - 2020</a>
+</p>
+
+#### 19 February 2021 - Struts Security Impact Levels {#a20210219}
+
+The Apache Struts Security team would like to announce introducing [Security Impact Levels](https://cwiki.apache.org/confluence/display/WW/Security+Bulletins#SecurityBulletins-Securityimpactlevels)
+which will be used to rate any future Security Bulletins. We also updated the current Security Bulletins to match
+the levels. Below is the list of the updated bulletins with a new Maximum security rating.
+
+- [S2-060](https://cwiki.apache.org/confluence/display/WW/S2-060)
+ Medium -> Moderate
+- [S2-056](https://cwiki.apache.org/confluence/display/WW/S2-056)
+ Medium -> Moderate
+- [S2-055](https://cwiki.apache.org/confluence/display/WW/S2-055)
+ High -> Important
+- [S2-054](https://cwiki.apache.org/confluence/display/WW/S2-054)
+ Medium -> Moderate
+- [S2-051](https://cwiki.apache.org/confluence/display/WW/S2-051)
+ Medium -> Moderate
+- [S2-049](https://cwiki.apache.org/confluence/display/WW/S2-049)
+ High -> Important
+- [S2-048](https://cwiki.apache.org/confluence/display/WW/S2-048)
+ High -> Important
+- [S2-042](https://cwiki.apache.org/confluence/display/WW/S2-042)
+ High -> Important
+- [S2-040](https://cwiki.apache.org/confluence/display/WW/S2-040)
+ Medium -> Moderate
+- [S2-039](https://cwiki.apache.org/confluence/display/WW/S2-039)
+ Medium -> Moderate
+- [S2-038](https://cwiki.apache.org/confluence/display/WW/S2-038)
+ Medium -> Moderate
+- [S2-037](https://cwiki.apache.org/confluence/display/WW/S2-037)
+ High -> Important
+- [S2-036](https://cwiki.apache.org/confluence/display/WW/S2-036)
+ Medium -> Moderate
+- [S2-033](https://cwiki.apache.org/confluence/display/WW/S2-033)
+ High -> Important
+- [S2-032](https://cwiki.apache.org/confluence/display/WW/S2-032)
+ High -> Important
+- [S2-031](https://cwiki.apache.org/confluence/display/WW/S2-031)
+ Medium -> Moderate
+- [S2-026](https://cwiki.apache.org/confluence/display/WW/S2-026)
+ High -> Important
+- [S2-024](https://cwiki.apache.org/confluence/display/WW/S2-024)
+ Medium -> Moderate
+- [S2-023](https://cwiki.apache.org/confluence/display/WW/S2-023)
+ Medium -> Moderate
+- [S2-022](https://cwiki.apache.org/confluence/display/WW/S2-022)
+ Medium -> Moderate
+- [S2-021](https://cwiki.apache.org/confluence/display/WW/S2-021)
+ High -> Important
+- [S2-016](https://cwiki.apache.org/confluence/display/WW/S2-016)
+ Highly Critical -> Critical
+- [S2-015](https://cwiki.apache.org/confluence/display/WW/S2-015)
+ Highly Critical -> Critical
+- [S2-014](https://cwiki.apache.org/confluence/display/WW/S2-014)
+ Highly Critical -> Critical
+- [S2-013](https://cwiki.apache.org/confluence/display/WW/S2-013)
+ Highly Critical -> Critical
+- [S2-012](https://cwiki.apache.org/confluence/display/WW/S2-012)
+ Moderately Critical -> Important
+
+**All developers are strongly advised to read about new Security Impact Levels.**
+
+<p class="pull-right">
+ Skip to: <a href="announce-2020.html">Announcements - 2020</a>
+</p>
+
+<p class="pull-left">
+ <strong>Next:</strong>
+ <a href="kickstart.html">Kickstart FAQ</a>
+</p>
diff --git a/source/index.html b/source/index.html
index d8d5b8d..ec33cb6 100644
--- a/source/index.html
+++ b/source/index.html
@@ -27,7 +27,7 @@ title: Welcome to the Apache Struts project
<p>
Apache Struts {{ site.current_version }} GA has been released<br/>on {{ site.release_date }}.
</p>
- Read more in <a href="announce.html#a{{ site.release_date_short }}">Announcement</a> or in
+ Read more in <a href="announce-2020#a{{ site.release_date_short }}">Announcement</a> or in
<a href="{{ site.wiki_url }}/Version+Notes+{{ site.current_version }}">Version notes</a>
</div>
<div class="column col-md-4">
@@ -35,7 +35,7 @@ title: Welcome to the Apache Struts project
<p>
Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution.
Read more in
- <a href="announce#a20201208">Announcement</a>
+ <a href="announce-2020#a20201208">Announcement</a>
</p>
</div>
<div class="column col-md-4">
@@ -60,7 +60,7 @@ title: Welcome to the Apache Struts project
<h2>Apache Struts {{ site.prev_version }} GA</h2>
<p>
It's the latest release of Struts 2.3.x which contains the latest security fixes,
- released on {{ site.prev_release_date }}.<br/> Read more in <a href="announce-2019.html#a{{ site.prev_release_date_short }}">Announcement</a> or in
+ released on {{ site.prev_release_date }}.<br/> Read more in <a href="announce-2019#a{{ site.prev_release_date_short }}">Announcement</a> or in
<a href="{{ site.wiki_url }}/Version+Notes+{{ site.prev_version }}">Version notes</a>
</p>
</div>