Return-Path:
Struts 2.3.16 is available in a full distribution or as separate library, source, example
and documentation distributions, from the
- releases page.
+ releases page.
The release is also available through the central Maven repository under Group ID "org.apache.struts".
- The version notes
+ The version notes
are available online.
Modified: websites/production/struts/content/announce.html
==============================================================================
--- websites/production/struts/content/announce.html (original)
+++ websites/production/struts/content/announce.html Thu Mar 6 07:13:31 2014
@@ -112,46 +112,57 @@
Skip to: Announcements - 2013
- The Apache Struts Team recommends to immediately upgrade your Struts 2
- based projects to use the latest released version of Commons
- FileUpload library, which is currently 1.3.1. This is necessary to
- prevent your publicly accessible web site from being exposed to
- possible DoS attacks [1] [2].
-
- Your project is affected if it uses the built-in file upload mechanism
- of Struts 2, which defaults to the use of commons-fileupload. The
- updated commons-fileupload library is a drop-in replacement for the
- vulnerable version. Deployed applications can be hardened by replacing
- the commons-fileupload jar file in WEB-INF/lib with the fixed jar. For
- Maven based Struts 2 projects, the following dependency needs to be
- added:
-
- More details can be found here:
- 21 February 2014 - Immediately upgrade commons-fileupload to version 1.3.1
-
- <dependency>
- <groupId>commons-fileupload</groupId>
- <artifactId>commons-fileupload</artifactId>
- <version>1.3.1</version>
- </dependency>
-
-
- All developers are strongly advised to perform this action. -
+The Apache Struts group is pleased to announce that Struts 2.3.15.2 is available as a "General Availability" +release. The GA designation is our highest quality grade.
+ +Apache Struts 2 is an elegant, extensible framework for creating enterprise-ready Java web applications. +The framework is designed to streamline the full development cycle, from building, to deploying, +to maintaining applications over time.
+ +Two security issues were solved with this release:
+ +All developers are strongly advised to perform this action.
+ +The Apache Struts Team recommends to immediately upgrade your Struts 2 +based projects to use the latest released version of Commons +FileUpload library, which is currently 1.3.1. This is necessary to +prevent your publicly accessible web site from being exposed to +possible DoS attacks (see [1] [2]).
+ +Your project is affected if it uses the built-in file upload mechanism +of Struts 2, which defaults to the use of commons-fileupload. The +updated commons-fileupload library is a drop-in replacement for the +vulnerable version. Deployed applications can be hardened by replacing +the commons-fileupload jar file in WEB-INF/lib with the fixed jar. For +Maven based Struts 2 projects, the following dependency needs to be +added:
+<dependency>
+ <groupId>commons-fileupload</groupId>
+ <artifactId>commons-fileupload</artifactId>
+ <version>1.3.1</version>
+</dependency>
+
More details can be found here:
+ +All developers are strongly advised to perform this action.
Skip to: Announcements - 2013 Modified: websites/production/struts/content/archetype-catalog.xml ============================================================================== Binary files - no diff available. Modified: websites/production/struts/content/download.html ============================================================================== --- websites/production/struts/content/download.html (original) +++ websites/production/struts/content/download.html Thu Mar 6 07:13:31 2014 @@ -165,27 +165,27 @@
- Apache Struts 2.3.16 is an elegant, extensible + Apache Struts 2.3.16.1 is an elegant, extensible framework for creating enterprise-ready Java web applications. It is available in a full distribution, or as separate library, source, example and documentation distributions. - Struts 2.3.16 is the "best available" version of Struts in the 2.3 series. + Struts 2.3.16.1 is the "best available" version of Struts in the 2.3 series.
Apache Struts 2.3.16 GA has been released on 8 december 2013.
- Version notes +Apache Struts 2.3.16.1 GA has been released on 8 december 2013.
+ Read more in Announcement or in + Version notes