struts-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From lukaszlen...@apache.org
Subject [3/4] struts-site git commit: Adds info about new versions
Date Thu, 21 Apr 2016 14:38:14 GMT
Adds info about new versions


Project: http://git-wip-us.apache.org/repos/asf/struts-site/repo
Commit: http://git-wip-us.apache.org/repos/asf/struts-site/commit/858bcfd0
Tree: http://git-wip-us.apache.org/repos/asf/struts-site/tree/858bcfd0
Diff: http://git-wip-us.apache.org/repos/asf/struts-site/diff/858bcfd0

Branch: refs/heads/master
Commit: 858bcfd060ac4aec7f2f6c0e44ba3a470424d5c5
Parents: 3d9321a
Author: Lukasz Lenart <lukasz.lenart@gmail.com>
Authored: Thu Apr 21 16:32:48 2016 +0200
Committer: Lukasz Lenart <lukasz.lenart@gmail.com>
Committed: Thu Apr 21 16:32:48 2016 +0200

----------------------------------------------------------------------
 source/announce.md    | 53 ++++++++++++++++++++++++++++++++++++++++++++++
 source/downloads.html | 34 +++++++++++++++++++++++++++++
 source/index.html     | 14 ++++++------
 3 files changed, 94 insertions(+), 7 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/struts-site/blob/858bcfd0/source/announce.md
----------------------------------------------------------------------
diff --git a/source/announce.md b/source/announce.md
index 93945a9..0246bb0 100644
--- a/source/announce.md
+++ b/source/announce.md
@@ -8,6 +8,59 @@ title: Announcements
   Skip to: <a href="announce-2015.html">Announcements - 2015</a>
 </p>
 
+#### 19 April 2016 - Struts 2.3.28.1 General Availability with Security Fixes Release {#a20160419}
+
+The Apache Struts group is pleased to announce that Struts 2.3.28.1 is available as a "General
Availability"
+release. The GA designation is our highest quality grade.
+
+Apache Struts 2 is an elegant, extensible framework for creating enterprise-ready Java web
applications.
+The framework is designed to streamline the full development cycle, from building, to deploying,
+to maintaining applications over time.
+
+This release addresses two potential security vulnerabilities:
+
+  - [S2-031](/docs/s2-031.html)
+    Possible RCE vulnerability in `XSLTResult` was fixed.
+
+  - [S2-032](/docs/s2-032.html)
+    Prevents execution of chained expressions based on new `isSequence` flag introduce in
appropriated OGNL versions.
+
+**All developers are strongly advised to perform this action.**
+
+The 2.3.x series of the Apache Struts framework has a minimum requirement of the following
specification versions:
+Servlet API 2.4, JSP API 2.0, and Java 6.
+
+Should any issues arise with your use of any version of the Struts framework, please post
your comments
+to the user list, and, if appropriate, file a tracking ticket.
+
+#### 19 April 2016 - Struts 2.3.20.3 & 2.3.24.3 General Availability with Security Fixes
Release {#a20160419-1}
+
+The Apache Struts group is pleased to announce that Struts 2.3.20.3 & Struts 2.3.24.3
are available as a "General Availability"
+releases. The GA designation is our highest quality grade.
+
+Apache Struts 2 is an elegant, extensible framework for creating enterprise-ready Java web
applications.
+The framework is designed to streamline the full development cycle, from building, to deploying,
+to maintaining applications over time.
+
+This release addresses two potential security vulnerabilities:
+
+  - [S2-029](/docs/s2-029.html)
+    Forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may
lead to remote code execution.
+
+  - [S2-031](/docs/s2-031.html)
+    Possible RCE vulnerability in `XSLTResult` was fixed.
+
+  - [S2-032](/docs/s2-032.html)
+    Prevents execution of chained expressions based on new `isSequence` flag introduce in
appropriated OGNL versions.
+
+**All developers are strongly advised to perform this action.**
+
+The 2.3.x series of the Apache Struts framework has a minimum requirement of the following
specification versions:
+Servlet API 2.4, JSP API 2.0, and Java 6.
+
+Should any issues arise with your use of any version of the Struts framework, please post
your comments
+to the user list, and, if appropriate, file a tracking ticket.
+
 #### 18 March 2016 - Struts 2.3.28 General Availability with Security Fix Release {#a20160318}
 
 The Apache Struts group is pleased to announce that Struts 2.3.28 is available as a "General
Availability"

http://git-wip-us.apache.org/repos/asf/struts-site/blob/858bcfd0/source/downloads.html
----------------------------------------------------------------------
diff --git a/source/downloads.html b/source/downloads.html
index b3641ff..780eb45 100644
--- a/source/downloads.html
+++ b/source/downloads.html
@@ -107,10 +107,38 @@ title: Releases
 <tbody>
 <tr>
   <td class="no-wrap">
+    Struts 2.3.24.3
+  </td>
+  <td class="no-wrap">19 April 2016</td>
+  <td>
+    <a href="/docs/s2-030.html">S2-030</a>,
+    <a href="/docs/s2-028.html">S2-028</a>
+  </td>
+  <td>
+    <a href="/docs/version-notes-23243.html">Version notes</a>
+  </td>
+</tr>
+<tr>
+  <td class="no-wrap">
+    Struts 2.3.20.3
+  </td>
+  <td class="no-wrap">19 April 2016</td>
+  <td>
+    <a href="/docs/s2-030.html">S2-030</a>,
+    <a href="/docs/s2-028.html">S2-028</a>
+  </td>
+  <td>
+    <a href="/docs/version-notes-23203.html">Version notes</a>
+  </td>
+</tr>
+<tr>
+  <td class="no-wrap">
     Struts 2.3.24.1
   </td>
   <td class="no-wrap">24 September 2015</td>
   <td>
+    <a href="/docs/s2-032.html">S2-032</a>,
+    <a href="/docs/s2-031.html">S2-031</a>,
     <a href="/docs/s2-030.html">S2-030</a>,
     <a href="/docs/s2-029.html">S2-029</a>,
     <a href="/docs/s2-028.html">S2-028</a>
@@ -125,6 +153,8 @@ title: Releases
   </td>
   <td class="no-wrap">7 May 2015</td>
   <td>
+    <a href="/docs/s2-032.html">S2-032</a>,
+    <a href="/docs/s2-031.html">S2-031</a>,
     <a href="/docs/s2-030.html">S2-030</a>,
     <a href="/docs/s2-029.html">S2-029</a>,
     <a href="/docs/s2-028.html">S2-028</a>,
@@ -140,6 +170,8 @@ title: Releases
   </td>
   <td class="no-wrap">6 May 2015</td>
   <td>
+    <a href="/docs/s2-032.html">S2-032</a>,
+    <a href="/docs/s2-031.html">S2-031</a>,
     <a href="/docs/s2-030.html">S2-030</a>,
     <a href="/docs/s2-029.html">S2-029</a>,
     <a href="/docs/s2-028.html">S2-028</a>,
@@ -155,6 +187,8 @@ title: Releases
   </td>
   <td class="no-wrap">7 December 2014</td>
   <td>
+    <a href="/docs/s2-032.html">S2-032</a>,
+    <a href="/docs/s2-031.html">S2-031</a>,
     <a href="/docs/s2-030.html">S2-030</a>,
     <a href="/docs/s2-029.html">S2-029</a>,
     <a href="/docs/s2-028.html">S2-028</a>,

http://git-wip-us.apache.org/repos/asf/struts-site/blob/858bcfd0/source/index.html
----------------------------------------------------------------------
diff --git a/source/index.html b/source/index.html
index 4184018..47dbc95 100644
--- a/source/index.html
+++ b/source/index.html
@@ -49,24 +49,24 @@ title: Welcome to the Apache Struts project
     </div>
     <div class="row">
       <div class="column col-md-4">
-        <h2>Security Bulletin S2-028</h2>
+        <h2>Apache Struts 2.3.20.3 & 2.3.24.3</h2>
         <p>
-          A new security bulletin was published, please carefully read the
-          <a href="/docs/s2-028.html">Announcement</a>
+          We have released two older versions of Apache Struts which contain the latest security
fixes.
+          Please read announcement for <a href="announce.html#a20160419-1">2.3.20.3
& 2.3.24.3</a>
         </p>
       </div>
       <div class="column col-md-4">
-        <h2>Security Bulletin S2-029</h2>
+        <h2>Security Bulletin S2-031</h2>
         <p>
           A new security bulletin was published, please carefully read the
-          <a href="/docs/s2-029.html">Announcement</a>
+          <a href="/docs/s2-031.html">Announcement</a>
         </p>
       </div>
       <div class="column col-md-4">
-        <h2>Security Bulletin S2-030</h2>
+        <h2>Security Bulletin S2-032</h2>
         <p>
           A new security bulletin was published, please carefully read the
-          <a href="/docs/s2-030.html">Announcement</a>
+          <a href="/docs/s2-032.html">Announcement</a>
         </p>
       </div>
     </div>


Mime
View raw message