You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@struts.apache.org by lu...@apache.org on 2021/02/19 20:12:28 UTC
[struts-site] branch security-impact-levels updated (16942ba ->
91473d8)
This is an automated email from the ASF dual-hosted git repository.
lukaszlenart pushed a change to branch security-impact-levels
in repository https://gitbox.apache.org/repos/asf/struts-site.git.
discard 16942ba Adds missing alt attributes
omit 60b0b71 Adds announcements about Security Impact Levels
add a9b1b89 Possible site tag documentation updates for WW-5093. - Minor updates to set, text and url tag text, to clarify scope and behaviour. - Minor clarifications on "accessing-application-session-request-objects", plus a few other minor edits.
add ec36f55 - Add HTML paragraph tags, as requested. - Add (retrieve via #attr) for page scope items on set-tag page.
add 799c482 Merge pull request #154 from JCgH4164838Gh792C124B5/local_WW-5093_docupdate
new d7318a5 Adds announcements about Security Impact Levels
new 91473d8 Adds missing alt attributes
This update added new revisions after undoing existing revisions.
That is to say, some revisions that were in the old version of the
branch are not in the new version. This situation occurs
when a user --force pushes a change and generates a repository
containing something like this:
* -- * -- B -- O -- O -- O (16942ba)
\
N -- N -- N refs/heads/security-impact-levels (91473d8)
You should already have received notification emails for all of the O
revisions, and so the following emails describe only the N revisions
from the common base, B.
Any revisions marked "omit" are not gone; other references still
refer to them. Any revisions marked "discard" are gone forever.
The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
.../accessing-application-session-request-objects.md | 18 +++++++++++++-----
source/tag-developers/set-tag.md | 7 ++++---
source/tag-developers/text-tag.md | 3 +++
source/tag-developers/url-tag.md | 3 +++
4 files changed, 23 insertions(+), 8 deletions(-)
[struts-site] 02/02: Adds missing alt attributes
Posted by lu...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
lukaszlenart pushed a commit to branch security-impact-levels
in repository https://gitbox.apache.org/repos/asf/struts-site.git
commit 91473d8dd9bd2ec7a57de1d2c100e68f2855a5af
Author: Lukasz Lenart <lu...@apache.org>
AuthorDate: Fri Feb 19 21:06:49 2021 +0100
Adds missing alt attributes
---
source/index.html | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/source/index.html b/source/index.html
index ec33cb6..7136a45 100644
--- a/source/index.html
+++ b/source/index.html
@@ -12,10 +12,10 @@ title: Welcome to the Apache Struts project
REST, AJAX and JSON.
</p>
<a href="download.cgi#struts{{ site.current_version_short }}" class="btn btn-primary btn-large">
- <img src="img/download-icon.svg"> Download
+ <img src="img/download-icon.svg" alt="Download"> Download
</a>
<a href="primer.html" class="btn btn-info btn-large">
- <img src="img/primer-icon.svg"> Technology Primer
+ <img src="img/primer-icon.svg" alt="Technology Primer"> Technology Primer
</a>
</div>
</div>
[struts-site] 01/02: Adds announcements about Security Impact Levels
Posted by lu...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
lukaszlenart pushed a commit to branch security-impact-levels
in repository https://gitbox.apache.org/repos/asf/struts-site.git
commit d7318a5065cbd77aed8ba0cd19d014249f0e06d9
Author: Lukasz Lenart <lu...@apache.org>
AuthorDate: Fri Feb 19 07:49:10 2021 +0100
Adds announcements about Security Impact Levels
---
source/{announce.md => announce-2020.md} | 0
source/announce-2021.md | 84 ++++++++++++++++++++++++++++++++
source/index.html | 6 +--
3 files changed, 87 insertions(+), 3 deletions(-)
diff --git a/source/announce.md b/source/announce-2020.md
similarity index 100%
rename from source/announce.md
rename to source/announce-2020.md
diff --git a/source/announce-2021.md b/source/announce-2021.md
new file mode 100644
index 0000000..ad9cc5d
--- /dev/null
+++ b/source/announce-2021.md
@@ -0,0 +1,84 @@
+---
+layout: default
+title: Announcements 2021
+---
+
+# Announcements 2021
+{:.no_toc}
+
+* Will be replaced with the ToC, excluding a header
+{:toc}
+
+<p class="pull-right">
+ Skip to: <a href="announce-2020">Announcements - 2020</a>
+</p>
+
+#### 19 February 2021 - Struts Security Impact Levels {#a20210219}
+
+The Apache Struts Security team would like to announce [Security Impact Levels](https://cwiki.apache.org/confluence/display/WW/Security+Bulletins#SecurityBulletins-Securityimpactlevels)
+which will be used to rate any future Security Bulletins. We also updated the current Security Bulletins to match
+the levels. Below is the list of the updated bulletins with a new Maximum security rating.
+
+- [S2-060](https://cwiki.apache.org/confluence/display/WW/S2-060)
+ Medium -> Moderate
+- [S2-056](https://cwiki.apache.org/confluence/display/WW/S2-056)
+ Medium -> Moderate
+- [S2-055](https://cwiki.apache.org/confluence/display/WW/S2-055)
+ High -> Important
+- [S2-054](https://cwiki.apache.org/confluence/display/WW/S2-054)
+ Medium -> Moderate
+- [S2-051](https://cwiki.apache.org/confluence/display/WW/S2-051)
+ Medium -> Moderate
+- [S2-049](https://cwiki.apache.org/confluence/display/WW/S2-049)
+ High -> Important
+- [S2-048](https://cwiki.apache.org/confluence/display/WW/S2-048)
+ High -> Important
+- [S2-042](https://cwiki.apache.org/confluence/display/WW/S2-042)
+ High -> Important
+- [S2-040](https://cwiki.apache.org/confluence/display/WW/S2-040)
+ Medium -> Moderate
+- [S2-039](https://cwiki.apache.org/confluence/display/WW/S2-039)
+ Medium -> Moderate
+- [S2-038](https://cwiki.apache.org/confluence/display/WW/S2-038)
+ Medium -> Moderate
+- [S2-037](https://cwiki.apache.org/confluence/display/WW/S2-037)
+ High -> Important
+- [S2-036](https://cwiki.apache.org/confluence/display/WW/S2-036)
+ Medium -> Moderate
+- [S2-033](https://cwiki.apache.org/confluence/display/WW/S2-033)
+ High -> Important
+- [S2-032](https://cwiki.apache.org/confluence/display/WW/S2-032)
+ High -> Important
+- [S2-031](https://cwiki.apache.org/confluence/display/WW/S2-031)
+ Medium -> Moderate
+- [S2-026](https://cwiki.apache.org/confluence/display/WW/S2-026)
+ High -> Important
+- [S2-024](https://cwiki.apache.org/confluence/display/WW/S2-024)
+ Medium -> Moderate
+- [S2-023](https://cwiki.apache.org/confluence/display/WW/S2-023)
+ Medium -> Moderate
+- [S2-022](https://cwiki.apache.org/confluence/display/WW/S2-022)
+ Medium -> Moderate
+- [S2-021](https://cwiki.apache.org/confluence/display/WW/S2-021)
+ High -> Important
+- [S2-016](https://cwiki.apache.org/confluence/display/WW/S2-016)
+ Highly Critical -> Critical
+- [S2-015](https://cwiki.apache.org/confluence/display/WW/S2-015)
+ Highly Critical -> Critical
+- [S2-014](https://cwiki.apache.org/confluence/display/WW/S2-014)
+ Highly Critical -> Critical
+- [S2-013](https://cwiki.apache.org/confluence/display/WW/S2-013)
+ Highly Critical -> Critical
+- [S2-012](https://cwiki.apache.org/confluence/display/WW/S2-012)
+ Moderately Critical -> Important
+
+**All developers are strongly advised to read about new Security Impact Levels.**
+
+<p class="pull-right">
+ Skip to: <a href="announce-2020.html">Announcements - 2020</a>
+</p>
+
+<p class="pull-left">
+ <strong>Next:</strong>
+ <a href="kickstart.html">Kickstart FAQ</a>
+</p>
diff --git a/source/index.html b/source/index.html
index d8d5b8d..ec33cb6 100644
--- a/source/index.html
+++ b/source/index.html
@@ -27,7 +27,7 @@ title: Welcome to the Apache Struts project
<p>
Apache Struts {{ site.current_version }} GA has been released<br/>on {{ site.release_date }}.
</p>
- Read more in <a href="announce.html#a{{ site.release_date_short }}">Announcement</a> or in
+ Read more in <a href="announce-2020#a{{ site.release_date_short }}">Announcement</a> or in
<a href="{{ site.wiki_url }}/Version+Notes+{{ site.current_version }}">Version notes</a>
</div>
<div class="column col-md-4">
@@ -35,7 +35,7 @@ title: Welcome to the Apache Struts project
<p>
Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution.
Read more in
- <a href="announce#a20201208">Announcement</a>
+ <a href="announce-2020#a20201208">Announcement</a>
</p>
</div>
<div class="column col-md-4">
@@ -60,7 +60,7 @@ title: Welcome to the Apache Struts project
<h2>Apache Struts {{ site.prev_version }} GA</h2>
<p>
It's the latest release of Struts 2.3.x which contains the latest security fixes,
- released on {{ site.prev_release_date }}.<br/> Read more in <a href="announce-2019.html#a{{ site.prev_release_date_short }}">Announcement</a> or in
+ released on {{ site.prev_release_date }}.<br/> Read more in <a href="announce-2019#a{{ site.prev_release_date_short }}">Announcement</a> or in
<a href="{{ site.wiki_url }}/Version+Notes+{{ site.prev_version }}">Version notes</a>
</p>
</div>