struts-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From lukaszlen...@apache.org
Subject [1/2] struts-site git commit: Adds announcement about S2-048
Date Thu, 13 Jul 2017 08:24:08 GMT
Repository: struts-site
Updated Branches:
  refs/heads/master 5385e4526 -> 233616b58


Adds announcement about S2-048


Project: http://git-wip-us.apache.org/repos/asf/struts-site/repo
Commit: http://git-wip-us.apache.org/repos/asf/struts-site/commit/60e3a573
Tree: http://git-wip-us.apache.org/repos/asf/struts-site/tree/60e3a573
Diff: http://git-wip-us.apache.org/repos/asf/struts-site/diff/60e3a573

Branch: refs/heads/master
Commit: 60e3a573e6e77369944d7e3676468393cad210ee
Parents: 5385e45
Author: Lukasz Lenart <lukasz.lenart@gmail.com>
Authored: Fri Jul 7 18:25:20 2017 +0200
Committer: Lukasz Lenart <lukasz.lenart@gmail.com>
Committed: Fri Jul 7 18:25:20 2017 +0200

----------------------------------------------------------------------
 source/announce.md | 13 +++++++++++++
 source/index.html  |  6 ++++++
 2 files changed, 19 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/struts-site/blob/60e3a573/source/announce.md
----------------------------------------------------------------------
diff --git a/source/announce.md b/source/announce.md
index c36c5e7..1d862e9 100644
--- a/source/announce.md
+++ b/source/announce.md
@@ -12,6 +12,19 @@ title: Announcements
   Skip to: <a href="announce-2016.html">Announcements - 2016</a>
 </p>
 
+#### 9 July 2017 - Possible RCE in the Struts Showcase app in the Struts 1 plugin example
in the Struts 2.3.x series {#a20170707}
+
+A potential security vulnerability was reported in the Struts 1 plugin used in the Struts
2.3.x series.
+It is possible to perform a Remote Code Execution attack if given construction exists in
the vulnerable
+application. Please read the security bulletin for more details and inspect your application.
+
+ - [S2-048](/docs/s2-048.html)
+   Possible RCE in the Struts Showcase app in the Struts 1 plugin example in Struts 2.3.x
series
+
+NOTE: Please notice that this vulnerability does not affect applications using Struts 2.5.x
series 
+or applications that do not use the Struts 1 plugin. Even if the plugin is available but
certain code 
+construction is not present, your application is safe.
+
 #### 23 march 2017 - Struts Extras secure Multipart plugins General Availability - versions
1.1 {#a20170323}
 
 The Apache Struts group is pleased to announce that the Apache Struts 2 Secure Jakarta Multipart
parser plugin 1.1 

http://git-wip-us.apache.org/repos/asf/struts-site/blob/60e3a573/source/index.html
----------------------------------------------------------------------
diff --git a/source/index.html b/source/index.html
index 8154f9e..97593b0 100644
--- a/source/index.html
+++ b/source/index.html
@@ -49,6 +49,12 @@ title: Welcome to the Apache Struts project
     </div>
     <div class="row">
       <div class="column col-md-4">
+        <h2>Potential RCE vulnerability in the Showcase app</h2>
+        <p>
+          A potential security vulnerability was reported in the Struts 1 plugin used in
the Struts 2.3.x series.
+          Please read more in <a href="/docs/s2-048.html">S2-048</a> or in the
official
+          <a href="announce.html#a20170707">Announcement</a>
+        </p>
       </div>
       <div class="column col-md-4">
         <h2>Apache Struts Extras GA</h2>


Mime
View raw message