struts-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From lukaszlen...@apache.org
Subject svn commit: r1015103 - in /websites/production/struts/content: announce.html index.html
Date Fri, 07 Jul 2017 16:25:47 GMT
Author: lukaszlenart
Date: Fri Jul  7 16:25:47 2017
New Revision: 1015103

Log:
Updates production

Modified:
    websites/production/struts/content/announce.html
    websites/production/struts/content/index.html

Modified: websites/production/struts/content/announce.html
==============================================================================
--- websites/production/struts/content/announce.html (original)
+++ websites/production/struts/content/announce.html Fri Jul  7 16:25:47 2017
@@ -125,6 +125,7 @@
     <h1 class="no_toc" id="announcements">Announcements</h1>
 
 <ul id="markdown-toc">
+  <li><a href="#a20170707" id="markdown-toc-a20170707">9 July 2017 - Possible
RCE in the Struts Showcase app in the Struts 1 plugin example in the Struts 2.3.x series</a></li>
   <li><a href="#a20170323" id="markdown-toc-a20170323">23 march 2017 - Struts
Extras secure Multipart plugins General Availability - versions 1.1</a></li>
   <li><a href="#a20170320" id="markdown-toc-a20170320">20 march 2017 - Struts
Extras secure Multipart plugins General Availability</a></li>
   <li><a href="#a20170307" id="markdown-toc-a20170307">7 march 2017 - Struts
2.5.10.1 General Availability</a></li>
@@ -136,6 +137,21 @@
   Skip to: <a href="announce-2016.html">Announcements - 2016</a>
 </p>
 
+<h4 id="a20170707">9 July 2017 - Possible RCE in the Struts Showcase app in the Struts
1 plugin example in the Struts 2.3.x series</h4>
+
+<p>A potential security vulnerability was reported in the Struts 1 plugin used in the
Struts 2.3.x series.
+It is possible to perform a Remote Code Execution attack if given construction exists in
the vulnerable
+application. Please read the security bulletin for more details and inspect your application.</p>
+
+<ul>
+  <li><a href="/docs/s2-048.html">S2-048</a>
+Possible RCE in the Struts Showcase app in the Struts 1 plugin example in Struts 2.3.x series</li>
+</ul>
+
+<p>NOTE: Please notice that this vulnerability does not affect applications using Struts
2.5.x series 
+or applications that do not use the Struts 1 plugin. Even if the plugin is available but
certain code 
+construction is not present, your application is safe.</p>
+
 <h4 id="a20170323">23 march 2017 - Struts Extras secure Multipart plugins General Availability
- versions 1.1</h4>
 
 <p>The Apache Struts group is pleased to announce that the Apache Struts 2 Secure Jakarta
Multipart parser plugin 1.1 

Modified: websites/production/struts/content/index.html
==============================================================================
--- websites/production/struts/content/index.html (original)
+++ websites/production/struts/content/index.html Fri Jul  7 16:25:47 2017
@@ -166,6 +166,12 @@
     </div>
     <div class="row">
       <div class="column col-md-4">
+        <h2>Potential RCE vulnerability in the Showcase app</h2>
+        <p>
+          A potential security vulnerability was reported in the Struts 1 plugin used in
the Struts 2.3.x series.
+          Please read more in <a href="/docs/s2-048.html">S2-048</a> or in the
official
+          <a href="announce.html#a20170707">Announcement</a>
+        </p>
       </div>
       <div class="column col-md-4">
         <h2>Apache Struts Extras GA</h2>



Mime
View raw message