struts-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From lukaszlen...@apache.org
Subject svn commit: r1100280 - /struts/site/src/site/xdoc/announce.xml
Date Fri, 06 May 2011 16:49:01 GMT
Author: lukaszlenart
Date: Fri May  6 16:49:01 2011
New Revision: 1100280

URL: http://svn.apache.org/viewvc?rev=1100280&view=rev
Log:
Adds new announcement page for 2011

Modified:
    struts/site/src/site/xdoc/announce.xml

Modified: struts/site/src/site/xdoc/announce.xml
URL: http://svn.apache.org/viewvc/struts/site/src/site/xdoc/announce.xml?rev=1100280&r1=1100279&r2=1100280&view=diff
==============================================================================
--- struts/site/src/site/xdoc/announce.xml (original)
+++ struts/site/src/site/xdoc/announce.xml Fri May  6 16:49:01 2011
@@ -26,12 +26,12 @@ limitations under the License.
 
         <section name="Announcements">
             <p class="right">
-                Skip to: <a href="announce-2009.html">Announcements - 2009</a>
+                Skip to: <a href="announce-2010.html">Announcements - 2010</a>
             </p>
 
-             <h4 id="a20101220">20 December 2010 - Struts 2.2.1.1 General Availability
Release</h4>
+             <h4 id="a20100505">5 May 2011 - Struts 2.2.3 General Availability Release</h4>
             <p>
-              The Apache Struts group is pleased to announce that Struts 2.2.1.1 is
+              The Apache Struts group is pleased to announce that Struts 2.2.3 is
               available as a "General Availability" release. The GA designation is our
               highest quality grade.
             </p>
@@ -42,23 +42,36 @@ limitations under the License.
               maintaining applications over time.
             </p>
             <p>
-              This release includes one important security fix regarding Dynamic Method
-              Invocation in the REST Plugin. In the previous versions DMI wasn't under control
-              in the REST Plugin and even setting struts.enable.DynamicMethodInvocation to
false
-              didn't block DMI in the REST Plugin.
+                Two important vulnerability were solved with this release:
+                <ul>
+                    <li>Two important vulnerability were solved with this release:
+                        <ul>
+                            <li>XSS vulnerability in javatemplates plugin</li>
+                            <li>XSS vulnerability regarding DMI and dynamic action
names</li>
+                        </ul>
+                    </li>
+                    <li>
+                        OGNL was upgraded to version 3.0.1 which includes Javassist library,
+                        so you don't have to specify it as a separated dependency in your
project
+                    </li>
+                    <li>Shade of Commons library using maven-shade-plugin was removed
from Struts 2 Core and other modules</li>
+                    <li>The whole project was adjusted to Maven 3 requirements</li>
+                    <li>Add ability to control devMode per request</li>
+                    <li>Many fixes and extensions to JSON plugin and REST plugin</li>
+                </ul>
             </p>
             <p>
               All developers are strongly advised to update existing Struts 2 applications
-              to Struts 2.2.1.1.
+              to Struts 2.2.3.
             </p>
             <p>
-              Struts 2.2.1.1 is available in a full distribution,
+              Struts 2.2.3 is available in a full distribution,
               or as separate library, source, example and documentation
               distributions, from the
-              <a href="http://struts.apache.org/download.cgi#struts2211">releases page</a>.
+              <a href="http://struts.apache.org/download.cgi#struts223">releases page</a>.
               The release is also available through the central Maven repository under Group
ID
               "org.apache.struts". The
-              <a href="http://struts.apache.org/2.2.1.1/docs/version-notes-2211.html">release
notes</a>
+              <a href="http://struts.apache.org/2.2.3/docs/version-notes-223.html">release
notes</a>
               are available online.
             </p>
             <p>
@@ -71,54 +84,10 @@ limitations under the License.
               framework, please post your comments to the user list, and, if
               appropriate, file a tracking ticket.
             </p>
-
-            <h4 id="a20100816">16 August 2010 - Struts 2.2.1 General Availability Release</h4>
-            <p>
-              The Apache Struts group is pleased to announce that Struts 2.2.1 is
-              available as a "General Availability" release. The GA designation is our
-              highest quality grade.
-            </p>
-            <p>
-              Apache Struts 2 is an elegant, extensible framework for creating
-              enterprise-ready Java web applications. The framework is designed to
-              streamline the full development cycle, from building, to deploying, to
-              maintaining applications over time.
-            </p>  
-            <p>
-              This release includes a number of new features and bug fixes since the
-              2.1.8.1 GA release, including important security fixes regarding remote
-              server context manipulation by injecting OGNL expressions in request parameters.
-              For more information about the exploits, see the corresponding
-              security bulletins <a href="http://struts.apache.org/2.2.1/docs/s2-005.html">S2-005</a>.
-            </p>
-            <p>
-              All developers are strongly advised to update existing Struts 2 applications
-              to Struts 2.2.1.
-            </p>
-            <p>
-              Struts 2.2.1 is available in a full distribution,
-              or as separate library, source, example and documentation
-              distributions, from the
-              <a href="http://struts.apache.org/download.cgi#struts221">releases page</a>.
-              The release is also available through the central Maven repository under Group
ID
-              "org.apache.struts". The
-              <a href="http://struts.apache.org/2.2.1/docs/version-notes-221.html">release
notes</a>
-              are available online.
-            </p>
-            <p>
-              The 2.2.x series of the Apache Struts framework has a minimum
-              requirement of the following specification versions: Servlet API 2.4,
-              JSP API 2.0, and Java 5.
-            </p>  
-            <p>
-              Should any issues arise with your use of any version of the Struts
-              framework, please post your comments to the user list, and, if
-              appropriate, file a tracking ticket.
-            </p>
         </section>    
         <section>
             <p class="right">
-                Skip to: <a href="announce-2009.html">Announcements - 2009</a>
+                Skip to: <a href="announce-2010.html">Announcements - 2010</a>
             </p>
 
             <p class="right">



Mime
View raw message