struts-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From lukaszlen...@apache.org
Subject [06/13] struts-extras git commit: Adds more detailed readme with explanation how to use the plugin
Date Mon, 20 Mar 2017 07:05:21 GMT
Adds more detailed readme with explanation how to use the plugin


Project: http://git-wip-us.apache.org/repos/asf/struts-extras/repo
Commit: http://git-wip-us.apache.org/repos/asf/struts-extras/commit/29f42319
Tree: http://git-wip-us.apache.org/repos/asf/struts-extras/tree/29f42319
Diff: http://git-wip-us.apache.org/repos/asf/struts-extras/diff/29f42319

Branch: refs/heads/master
Commit: 29f423199d19f52aad8f4241a34eae418fff6667
Parents: 1cd42a6
Author: Lukasz Lenart <lukasz.lenart@gmail.com>
Authored: Sat Mar 18 14:54:58 2017 +0100
Committer: Lukasz Lenart <lukasz.lenart@gmail.com>
Committed: Sat Mar 18 14:54:58 2017 +0100

----------------------------------------------------------------------
 .../README.md                                   | 30 ++++++++++++++++++++
 1 file changed, 30 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/struts-extras/blob/29f42319/struts2-secure-jakarta-stream-multipart-parser-plugin/README.md
----------------------------------------------------------------------
diff --git a/struts2-secure-jakarta-stream-multipart-parser-plugin/README.md b/struts2-secure-jakarta-stream-multipart-parser-plugin/README.md
new file mode 100644
index 0000000..c37e0a8
--- /dev/null
+++ b/struts2-secure-jakarta-stream-multipart-parser-plugin/README.md
@@ -0,0 +1,30 @@
+# Apache Struts 2 Extras - Secure Jakarta Stream Multipart parser plugin
+
+This plugin provides a safe implementation of the Jakarta Stream Multipart parser from the
Struts Core. It can be used
+to mitigate vulnerability described in the [S2-045](http://struts.apache.org/docs/s2-045.html)
Security Bulletin.
+ 
+You should use this plugin in case you are not able to migrated to the latest Struts version.
+
+## Supported versions
+
+This plugins can be used with the Apache Struts versions 2.5.20 till 2.5.5, if you are running
the Apache Struts 2.5.8+
+you must migrate to the latest version which is [Struts 2.5.10.1](http://struts.apache.org/announce.html#a20170307).
+
+## How to use it
+
+Just drop the jar into `WEB-INF/libs` folder and restart your application, you can use on
of the existing PoCs
+to test if everything is ok.
+
+If you are using Maven to build your project, please add the following dependency into your
pom:
+  
+```xml
+<dependency>
+    <groupId>org.apache.struts</groupId>
+    <artifactId>struts2-secure-jakarta-multipart-parser-plugin</artifactId>
+    <version>[VERSION]</version>            
+</dependency>
+```
+
+## Remarks
+
+Please be aware that this is just a temporary solution, you should consider migration to
the latest version anyway.


Mime
View raw message