struts-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From lukaszlen...@apache.org
Subject struts-site git commit: Prepares new release
Date Tue, 22 Mar 2016 08:02:40 GMT
Repository: struts-site
Updated Branches:
  refs/heads/master 7f6817166 -> 03cab99dc


Prepares new release


Project: http://git-wip-us.apache.org/repos/asf/struts-site/repo
Commit: http://git-wip-us.apache.org/repos/asf/struts-site/commit/03cab99d
Tree: http://git-wip-us.apache.org/repos/asf/struts-site/tree/03cab99d
Diff: http://git-wip-us.apache.org/repos/asf/struts-site/diff/03cab99d

Branch: refs/heads/master
Commit: 03cab99dc0a59aa2c8a13e0f82324eacec2d670d
Parents: 7f68171
Author: Lukasz Lenart <lukasz.lenart@gmail.com>
Authored: Tue Mar 22 09:02:30 2016 +0100
Committer: Lukasz Lenart <lukasz.lenart@gmail.com>
Committed: Tue Mar 22 09:02:30 2016 +0100

----------------------------------------------------------------------
 _config.yml        |  8 ++++----
 source/announce.md | 44 ++++++++++++++++++++++++++++++++++++++++++++
 source/index.html  | 14 ++++++++++++--
 3 files changed, 60 insertions(+), 6 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/struts-site/blob/03cab99d/_config.yml
----------------------------------------------------------------------
diff --git a/_config.yml b/_config.yml
index e9e00fe..dca6048 100644
--- a/_config.yml
+++ b/_config.yml
@@ -24,10 +24,10 @@ kramdown:
 root:
 
 # Simplifies introducing changes related to the latest release
-current_version: 2.3.24.1
-current_version_short: 23241
+current_version: 2.3.28
+current_version_short: 2328
 current_beta_version: 2.5-BETA3
 current_beta_version_short: 25
-release_date: 24 september 2015
-release_date_short: 20150924
+release_date: 18 march 2016
+release_date_short: 20160318
 beta_release_date_short: 20160126

http://git-wip-us.apache.org/repos/asf/struts-site/blob/03cab99d/source/announce.md
----------------------------------------------------------------------
diff --git a/source/announce.md b/source/announce.md
index 267f001..93945a9 100644
--- a/source/announce.md
+++ b/source/announce.md
@@ -8,6 +8,50 @@ title: Announcements
   Skip to: <a href="announce-2015.html">Announcements - 2015</a>
 </p>
 
+#### 18 March 2016 - Struts 2.3.28 General Availability with Security Fix Release {#a20160318}
+
+The Apache Struts group is pleased to announce that Struts 2.3.28 is available as a "General
Availability"
+release. The GA designation is our highest quality grade.
+
+Apache Struts 2 is an elegant, extensible framework for creating enterprise-ready Java web
applications.
+The framework is designed to streamline the full development cycle, from building, to deploying,
+to maintaining applications over time.
+
+This release addresses three potential security vulnerabilities:
+
+  - [S2-028](/docs/s2-028.html)
+    Possible XSS vulnerability in pages not using UTF-8 was fixed.
+
+  - [S2-029](/docs/s2-029.html)
+    Forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may
lead to remote code execution.
+
+  - [S2-030](/docs/s2-030.html)
+    I18NInterceptor narrows selected locale to those available in JVM to reduce possibility
of another XSS vulnerability.
+
+**All developers are strongly advised to perform this action.**
+
+
+This release contains several breaking changes and improvements just to mention few of them:
+
+ - New Configurationprovider type was introduced - ServletContextAwareConfigurationProvider,
see WW-4410
+ - Setting status code in HttpHeaders isn't ignored anymore, see WW-4545
+ - Spring BeanPostProcessor(s) are called only once to constructed objects., see WW-4554
+ - OGNL was upgraded to version 3.0.13, see WW-4562
+ - Tiles 2 Plugin was upgraded to latest available Tiles 2 version, see WW-4568
+ - A dedicated assembly with minimal set of jars was defined, see WW-4570
+ - Struts2 Rest plugin properly handles JSESSIONID with DMI, see WW-4585
+ - Improved the Struts2 Rest plugin to honor Accept header, see WW-4588
+ - MessageStoreInterceptor was refactored to use PreResultListener to store messages, see
WW-4605
+ - A new annotation was added to support configuring Tiles - @TilesDefinition, see WW-4606
+
+and many other improvements, please check the version notes
+
+The 2.3.x series of the Apache Struts framework has a minimum requirement of the following
specification versions:
+Servlet API 2.4, JSP API 2.0, and Java 6.
+
+Should any issues arise with your use of any version of the Struts framework, please post
your comments
+to the user list, and, if appropriate, file a tracking ticket.
+
 #### 26 January 2016 - Struts 2.5-BETA3 (BETA) {#a20160126}
 
 The Apache Struts group is pleased to announce that Struts 2.5-BETA3 is available as a "BETA"
release.

http://git-wip-us.apache.org/repos/asf/struts-site/blob/03cab99d/source/index.html
----------------------------------------------------------------------
diff --git a/source/index.html b/source/index.html
index 183b9ad..4184018 100644
--- a/source/index.html
+++ b/source/index.html
@@ -49,15 +49,25 @@ title: Welcome to the Apache Struts project
     </div>
     <div class="row">
       <div class="column col-md-4">
+        <h2>Security Bulletin S2-028</h2>
+        <p>
+          A new security bulletin was published, please carefully read the
+          <a href="/docs/s2-028.html">Announcement</a>
+        </p>
       </div>
       <div class="column col-md-4">
-        <h2>Security Bulletin S2-026</h2>
+        <h2>Security Bulletin S2-029</h2>
         <p>
           A new security bulletin was published, please carefully read the
-          <a href="/docs/s2-026.html">Announcement</a>
+          <a href="/docs/s2-029.html">Announcement</a>
         </p>
       </div>
       <div class="column col-md-4">
+        <h2>Security Bulletin S2-030</h2>
+        <p>
+          A new security bulletin was published, please carefully read the
+          <a href="/docs/s2-030.html">Announcement</a>
+        </p>
       </div>
     </div>
   </div>


Mime
View raw message