struts-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From lukaszlen...@apache.org
Subject [2/2] struts-site git commit: Adds info about Struts Extras plugins 1.1 versions
Date Thu, 23 Mar 2017 08:11:00 GMT
Adds info about Struts Extras plugins 1.1 versions


Project: http://git-wip-us.apache.org/repos/asf/struts-site/repo
Commit: http://git-wip-us.apache.org/repos/asf/struts-site/commit/33f33df1
Tree: http://git-wip-us.apache.org/repos/asf/struts-site/tree/33f33df1
Diff: http://git-wip-us.apache.org/repos/asf/struts-site/diff/33f33df1

Branch: refs/heads/master
Commit: 33f33df1cc2f27c9cecaddaf082b478829fb8416
Parents: 53daf9d
Author: Lukasz Lenart <lukasz.lenart@gmail.com>
Authored: Thu Mar 23 09:10:47 2017 +0100
Committer: Lukasz Lenart <lukasz.lenart@gmail.com>
Committed: Thu Mar 23 09:10:47 2017 +0100

----------------------------------------------------------------------
 source/announce.md   | 24 ++++++++++++++++++++++++
 source/download.html | 40 ++++++++++++++++++++--------------------
 source/index.html    |  4 ++--
 3 files changed, 46 insertions(+), 22 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/struts-site/blob/33f33df1/source/announce.md
----------------------------------------------------------------------
diff --git a/source/announce.md b/source/announce.md
index 789d122..5d72517 100644
--- a/source/announce.md
+++ b/source/announce.md
@@ -8,6 +8,30 @@ title: Announcements
   Skip to: <a href="announce-2016.html">Announcements - 2016</a>
 </p>
 
+#### 23 march 2017 - Struts Extras secure Multipart plugins General Availability - versions
1.1 {#a20170323}
+
+The Apache Struts group is pleased to announce that the Apache Struts 2 Secure Jakarta Multipart
parser plugin 1.1 
+and Apache Struts 2 Secure Jakarta Stream Multipart parser plugin 1.1 are available as a
"General Availability"
+release. The GA designation is our highest quality grade.
+
+These releases address one critical security vulnerability:
+
+- Possible Remote Code Execution when performing file upload based on Jakarta Multipart parser
+  [S2-045](/docs/s2-045.html), [S2-046](/docs/s2-046.html)
+
+Those plugins were released to allow users running older versions of the Apache Struts secure
their applications
+in an easy way. You don't have to migrate to the latest version (which is still preferable)
but by applying one of those 
+plugins,  your application won't be vulnerable anymore.
+
+Please read the [README](https://github.com/apache/struts-extras) for more details and supported
Apache Struts versions.
+
+**All developers are strongly advised to perform this action.**
+
+Should any issues arise with your use of any version of the Struts framework, please post
your comments
+to the user list, and, if appropriate, file a tracking ticket.
+
+You can download those plugins from our [download](download.cgi#struts-extras) page.
+
 #### 20 march 2017 - Struts Extras secure Multipart plugins General Availability {#a20170320}
 
 The Apache Struts group is pleased to announce that the Apache Struts 2 Secure Jakarta Multipart
parser plugin 

http://git-wip-us.apache.org/repos/asf/struts-site/blob/33f33df1/source/download.html
----------------------------------------------------------------------
diff --git a/source/download.html b/source/download.html
index 1292f5d..5dbc7e5 100644
--- a/source/download.html
+++ b/source/download.html
@@ -220,12 +220,12 @@ title: Download a Release
   <li>Apache Struts 2 Secure Jakarta Multipart parser plugin:
     <ul>
       <li>
-        <a href="[preferred]struts/struts-extras/struts2-secure-jakarta-multipart-parser-plugin/1.0/struts2-secure-jakarta-multipart-parser-plugin-1.0.jar">
-          struts2-secure-jakarta-multipart-parser-plugin-1.0.jar
+        <a href="[preferred]struts/struts-extras/struts2-secure-jakarta-multipart-parser-plugin/1.1/struts2-secure-jakarta-multipart-parser-plugin-1.1.jar">
+          struts2-secure-jakarta-multipart-parser-plugin-1.1.jar
         </a>
-        [<a href="http://www.apache.org/dist/struts/struts-extras/struts2-secure-jakarta-multipart-parser-plugin/1.0/struts2-secure-jakarta-multipart-parser-plugin-1.0.jar.asc">PGP</a>]
-        [<a href="http://www.apache.org/dist/struts/struts-extras/struts2-secure-jakarta-multipart-parser-plugin/1.0/struts2-secure-jakarta-multipart-parser-plugin-1.0.jar.md5">MD5</a>]
-        [<a href="http://www.apache.org/dist/struts/struts-extras/struts2-secure-jakarta-multipart-parser-plugin/1.0/struts2-secure-jakarta-multipart-parser-plugin-1.0.jar.sha1">SHA1</a>]
+        [<a href="http://www.apache.org/dist/struts/struts-extras/struts2-secure-jakarta-multipart-parser-plugin/1.1/struts2-secure-jakarta-multipart-parser-plugin-1.1.jar.asc">PGP</a>]
+        [<a href="http://www.apache.org/dist/struts/struts-extras/struts2-secure-jakarta-multipart-parser-plugin/1.1/struts2-secure-jakarta-multipart-parser-plugin-1.1.jar.md5">MD5</a>]
+        [<a href="http://www.apache.org/dist/struts/struts-extras/struts2-secure-jakarta-multipart-parser-plugin/1.1/struts2-secure-jakarta-multipart-parser-plugin-1.1.jar.sha1">SHA1</a>]
       </li>
     </ul>
   </li>
@@ -233,12 +233,12 @@ title: Download a Release
   <li>Source:
     <ul>
       <li>
-        <a href="[preferred]struts/struts-extras/struts2-secure-jakarta-multipart-parser-plugin/1.0/struts2-secure-jakarta-multipart-parser-plugin-1.0-source-release.zip">
-          struts2-secure-jakarta-multipart-parser-plugin-1.0-source-release.zip
+        <a href="[preferred]struts/struts-extras/struts2-secure-jakarta-multipart-parser-plugin/1.1/struts2-secure-jakarta-multipart-parser-plugin-1.1-source-release.zip">
+          struts2-secure-jakarta-multipart-parser-plugin-1.1-source-release.zip
         </a>
-        [<a href="http://www.apache.org/dist/struts/struts-extras/struts2-secure-jakarta-multipart-parser-plugin/1.0/struts2-secure-jakarta-multipart-parser-plugin-1.0-source-release.zip.md5">PGP</a>]
-        [<a href="http://www.apache.org/dist/struts/struts-extras/struts2-secure-jakarta-multipart-parser-plugin/1.0/struts2-secure-jakarta-multipart-parser-plugin-1.0-source-release.zip.asc">MD5</a>]
-        [<a href="http://www.apache.org/dist/struts/struts-extras/struts2-secure-jakarta-multipart-parser-plugin/1.0/struts2-secure-jakarta-multipart-parser-plugin-1.0-source-release.zip.sha1">SHA1</a>]
+        [<a href="http://www.apache.org/dist/struts/struts-extras/struts2-secure-jakarta-multipart-parser-plugin/1.1/struts2-secure-jakarta-multipart-parser-plugin-1.1-source-release.zip.md5">PGP</a>]
+        [<a href="http://www.apache.org/dist/struts/struts-extras/struts2-secure-jakarta-multipart-parser-plugin/1.1/struts2-secure-jakarta-multipart-parser-plugin-1.1-source-release.zip.asc">MD5</a>]
+        [<a href="http://www.apache.org/dist/struts/struts-extras/struts2-secure-jakarta-multipart-parser-plugin/1.1/struts2-secure-jakarta-multipart-parser-plugin-1.1-source-release.zip.sha1">SHA1</a>]
       </li>
     </ul>
   </li>
@@ -246,12 +246,12 @@ title: Download a Release
   <li>Apache Struts 2 Secure Jakarta Stream Multipart parser plugin:
     <ul>
       <li>
-        <a href="[preferred]struts/struts-extras/struts2-secure-jakarta-stream-multipart-parser-plugin/1.0/struts2-secure-jakarta-stream-multipart-parser-plugin-1.0.jar">
-          struts2-secure-jakarta-multipart-parser-plugin-1.0.jar
+        <a href="[preferred]struts/struts-extras/struts2-secure-jakarta-stream-multipart-parser-plugin/1.1/struts2-secure-jakarta-stream-multipart-parser-plugin-1.1.jar">
+          struts2-secure-jakarta-multipart-parser-plugin-1.1.jar
         </a>
-        [<a href="http://www.apache.org/dist/struts/struts-extras/struts2-secure-jakarta-stream-multipart-parser-plugin/1.0/struts2-secure-jakarta-stream-multipart-parser-plugin-1.0.jar.asc">PGP</a>]
-        [<a href="http://www.apache.org/dist/struts/struts-extras/struts2-secure-jakarta-stream-multipart-parser-plugin/1.0/struts2-secure-jakarta-stream-multipart-parser-plugin-1.0.jar.md5">MD5</a>]
-        [<a href="http://www.apache.org/dist/struts/struts-extras/struts2-secure-jakarta-stream-multipart-parser-plugin/1.0/struts2-secure-jakarta-stream-multipart-parser-plugin-1.0.jar.sha1">SHA1</a>]
+        [<a href="http://www.apache.org/dist/struts/struts-extras/struts2-secure-jakarta-stream-multipart-parser-plugin/1.1/struts2-secure-jakarta-stream-multipart-parser-plugin-1.1.jar.asc">PGP</a>]
+        [<a href="http://www.apache.org/dist/struts/struts-extras/struts2-secure-jakarta-stream-multipart-parser-plugin/1.1/struts2-secure-jakarta-stream-multipart-parser-plugin-1.1.jar.md5">MD5</a>]
+        [<a href="http://www.apache.org/dist/struts/struts-extras/struts2-secure-jakarta-stream-multipart-parser-plugin/1.1/struts2-secure-jakarta-stream-multipart-parser-plugin-1.1.jar.sha1">SHA1</a>]
       </li>
     </ul>
   </li>
@@ -259,12 +259,12 @@ title: Download a Release
   <li>Source:
     <ul>
       <li>
-        <a href="[preferred]struts/struts-extras/struts2-secure-jakarta-stream-multipart-parser-plugin/1.0/struts2-secure-jakarta-stream-multipart-parser-plugin-1.0-source-release.zip">
-          struts2-secure-jakarta-multipart-parser-plugin-1.0-source-release.zip
+        <a href="[preferred]struts/struts-extras/struts2-secure-jakarta-stream-multipart-parser-plugin/1.1/struts2-secure-jakarta-stream-multipart-parser-plugin-1.1-source-release.zip">
+          struts2-secure-jakarta-multipart-parser-plugin-1.1-source-release.zip
         </a>
-        [<a href="http://www.apache.org/dist/struts/struts-extras/struts2-secure-jakarta-stream-multipart-parser-plugin/1.0/struts2-secure-jakarta-stream-multipart-parser-plugin-1.0-source-release.zip.md5">PGP</a>]
-        [<a href="http://www.apache.org/dist/struts/struts-extras/struts2-secure-jakarta-stream-multipart-parser-plugin/1.0/struts2-secure-jakarta-stream-multipart-parser-plugin-1.0-source-release.zip.asc">MD5</a>]
-        [<a href="http://www.apache.org/dist/struts/struts-extras/struts2-secure-jakarta-stream-multipart-parser-plugin/1.0/struts2-secure-jakarta-stream-multipart-parser-plugin-1.0-source-release.zip.sha1">SHA1</a>]
+        [<a href="http://www.apache.org/dist/struts/struts-extras/struts2-secure-jakarta-stream-multipart-parser-plugin/1.1/struts2-secure-jakarta-stream-multipart-parser-plugin-1.1-source-release.zip.md5">PGP</a>]
+        [<a href="http://www.apache.org/dist/struts/struts-extras/struts2-secure-jakarta-stream-multipart-parser-plugin/1.1/struts2-secure-jakarta-stream-multipart-parser-plugin-1.1-source-release.zip.asc">MD5</a>]
+        [<a href="http://www.apache.org/dist/struts/struts-extras/struts2-secure-jakarta-stream-multipart-parser-plugin/1.1/struts2-secure-jakarta-stream-multipart-parser-plugin-1.1-source-release.zip.sha1">SHA1</a>]
       </li>
     </ul>
   </li>

http://git-wip-us.apache.org/repos/asf/struts-site/blob/33f33df1/source/index.html
----------------------------------------------------------------------
diff --git a/source/index.html b/source/index.html
index 3b868f2..7156908 100644
--- a/source/index.html
+++ b/source/index.html
@@ -53,9 +53,9 @@ title: Welcome to the Apache Struts project
       <div class="column col-md-4">
         <h2>Apache Struts Extras GA</h2>
         <p>
-          The Struts Extras secure Multipart plugins General Availability, use them to secure
your application against critical security
+          The Struts Extras secure Multipart plugins General Availability - versions 1.1,
use them to secure your application against critical security
           vulnerability reported in <a href="/docs/s2-045.html">S2-045</a>, <a
href="/docs/s2-046.html">S2-046</a>,
-          read more in <a href="announce.html#a20170320">Announcement</a> or
in
+          read more in <a href="announce.html#a20170323">Announcement</a> or
in
           <a href="https://github.com/apache/struts-extras">README</a>
         </p>
       </div>


Mime
View raw message