Return-Path: X-Original-To: apmail-struts-commits-archive@minotaur.apache.org Delivered-To: apmail-struts-commits-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 3919610562 for ; Thu, 6 Mar 2014 07:13:58 +0000 (UTC) Received: (qmail 21868 invoked by uid 500); 6 Mar 2014 07:13:57 -0000 Delivered-To: apmail-struts-commits-archive@struts.apache.org Received: (qmail 21819 invoked by uid 500); 6 Mar 2014 07:13:56 -0000 Mailing-List: contact commits-help@struts.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@struts.apache.org Delivered-To: mailing list commits@struts.apache.org Received: (qmail 21785 invoked by uid 99); 6 Mar 2014 07:13:54 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 06 Mar 2014 07:13:54 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=5.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 06 Mar 2014 07:13:52 +0000 Received: from eris.apache.org (localhost [127.0.0.1]) by eris.apache.org (Postfix) with ESMTP id 019EF238890D for ; Thu, 6 Mar 2014 07:13:32 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r900204 - in /websites/production/struts/content: announce-2013.html announce.html archetype-catalog.xml download.html downloads.html index.html Date: Thu, 06 Mar 2014 07:13:31 -0000 To: commits@struts.apache.org From: lukaszlenart@apache.org X-Mailer: svnmailer-1.0.9 Message-Id: <20140306071332.019EF238890D@eris.apache.org> X-Virus-Checked: Checked by ClamAV on apache.org Author: lukaszlenart Date: Thu Mar 6 07:13:31 2014 New Revision: 900204 Log: Updates main site about the latest release Modified: websites/production/struts/content/announce-2013.html websites/production/struts/content/announce.html websites/production/struts/content/archetype-catalog.xml websites/production/struts/content/download.html websites/production/struts/content/downloads.html websites/production/struts/content/index.html Modified: websites/production/struts/content/announce-2013.html ============================================================================== --- websites/production/struts/content/announce-2013.html (original) +++ websites/production/struts/content/announce-2013.html Thu Mar 6 07:13:31 2014 @@ -145,9 +145,9 @@

Struts 2.3.16 is available in a full distribution or as separate library, source, example and documentation distributions, from the - releases page. + releases page. The release is also available through the central Maven repository under Group ID "org.apache.struts". - The version notes + The version notes are available online.

Modified: websites/production/struts/content/announce.html ============================================================================== --- websites/production/struts/content/announce.html (original) +++ websites/production/struts/content/announce.html Thu Mar 6 07:13:31 2014 @@ -112,46 +112,57 @@ Skip to: Announcements - 2013

-

21 February 2014 - Immediately upgrade commons-fileupload to version 1.3.1

-

- The Apache Struts Team recommends to immediately upgrade your Struts 2 - based projects to use the latest released version of Commons - FileUpload library, which is currently 1.3.1. This is necessary to - prevent your publicly accessible web site from being exposed to - possible DoS attacks [1] [2]. -

-

- Your project is affected if it uses the built-in file upload mechanism - of Struts 2, which defaults to the use of commons-fileupload. The - updated commons-fileupload library is a drop-in replacement for the - vulnerable version. Deployed applications can be hardened by replacing - the commons-fileupload jar file in WEB-INF/lib with the fixed jar. For - Maven based Struts 2 projects, the following dependency needs to be - added: -

-
-  <dependency>
-    <groupId>commons-fileupload</groupId>
-    <artifactId>commons-fileupload</artifactId>
-    <version>1.3.1</version>
-  </dependency>
-
-

- More details can be found here: -

    -
  1. - - http://commons.apache.org/proper/commons-fileupload/changes-report.html#a1.3.1 -
    2. -
  2. - - http://mail-archives.apache.org/mod_mbox/www-announce/201402.mbox/%3C52F373FC.9030907@apache.org%3E -
    3. -
-

-

- All developers are strongly advised to perform this action. -

+

2 March 2014 - Struts 2.3.16.1 General Availability Release - Security Fix Release

+ +

The Apache Struts group is pleased to announce that Struts 2.3.15.2 is available as a "General Availability" +release. The GA designation is our highest quality grade.

+ +

Apache Struts 2 is an elegant, extensible framework for creating enterprise-ready Java web applications. +The framework is designed to streamline the full development cycle, from building, to deploying, +to maintaining applications over time.

+ +

Two security issues were solved with this release:

+ +
    +
  • S2-020 ClassLoader manipulation +via request parameters
    • +
  • S2-020 Commons FileUpload library was upgraded +to version 1.3.1 to prevent DoS attacks
    • +
+ +

All developers are strongly advised to perform this action.

+ +

21 February 2014 - Immediately upgrade commons-fileupload to version 1.3.1

+ +

The Apache Struts Team recommends to immediately upgrade your Struts 2 +based projects to use the latest released version of Commons +FileUpload library, which is currently 1.3.1. This is necessary to +prevent your publicly accessible web site from being exposed to +possible DoS attacks (see [1] [2]).

+ +

Your project is affected if it uses the built-in file upload mechanism +of Struts 2, which defaults to the use of commons-fileupload. The +updated commons-fileupload library is a drop-in replacement for the +vulnerable version. Deployed applications can be hardened by replacing +the commons-fileupload jar file in WEB-INF/lib with the fixed jar. For +Maven based Struts 2 projects, the following dependency needs to be +added:

+
<dependency>
+  <groupId>commons-fileupload</groupId>
+  <artifactId>commons-fileupload</artifactId>
+  <version>1.3.1</version>
+</dependency>
+
+

More details can be found here:

+ +
    +
  1. + http://commons.apache.org/proper/commons-fileupload/changes-report.html#a1.3.1
    2. +
  2. + http://mail-archives.apache.org/mod_mbox/www-announce/201402.mbox/%3C52F373FC.9030907@apache.org%3E
    3. +
+ +

All developers are strongly advised to perform this action.

Skip to: Announcements - 2013 Modified: websites/production/struts/content/archetype-catalog.xml ============================================================================== Binary files - no diff available. Modified: websites/production/struts/content/download.html ============================================================================== --- websites/production/struts/content/download.html (original) +++ websites/production/struts/content/download.html Thu Mar 6 07:13:31 2014 @@ -165,27 +165,27 @@

Full Releases

- -

Struts 2.3.16

+ +

Struts 2.3.16.1

- Apache Struts 2.3.16 is an elegant, extensible + Apache Struts 2.3.16.1 is an elegant, extensible framework for creating enterprise-ready Java web applications. It is available in a full distribution, or as separate library, source, example and documentation distributions. - Struts 2.3.16 is the "best available" version of Struts in the 2.3 series. + Struts 2.3.16.1 is the "best available" version of Struts in the 2.3 series.