struts-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From git-site-r...@apache.org
Subject [struts-site] branch asf-site updated: Updates production by Jenkins
Date Wed, 22 Aug 2018 07:30:55 GMT
This is an automated email from the ASF dual-hosted git repository.

git-site-role pushed a commit to branch asf-site
in repository https://gitbox.apache.org/repos/asf/struts-site.git


The following commit(s) were added to refs/heads/asf-site by this push:
     new 871b9b4  Updates production by Jenkins
871b9b4 is described below

commit 871b9b498d6baefe7f8991bb0c86dd0b8c2ad502
Author: jenkins <builds@apache.org>
AuthorDate: Wed Aug 22 07:30:53 2018 +0000

    Updates production by Jenkins
---
 content/announce.html                           | 72 +++++++++++++++++++++
 content/core-developers/interceptors.html       |  2 +
 content/core-developers/struts-default-xml.html |  2 +
 content/download.html                           | 84 ++++++++++++-------------
 content/index.html                              | 22 +++----
 content/releases.html                           | 15 ++++-
 6 files changed, 143 insertions(+), 54 deletions(-)

diff --git a/content/announce.html b/content/announce.html
index 32f7605..5faaddd 100644
--- a/content/announce.html
+++ b/content/announce.html
@@ -130,6 +130,9 @@
     <h1 class="no_toc" id="announcements-2018">Announcements 2018</h1>
 
 <ul id="markdown-toc">
+  <li><a href="#a20180822-0" id="markdown-toc-a20180822-0">22 August 2018 - CVE-2018-11776
Apache Struts 2.3 to 2.3.34 and 2.5 to 2.5.16</a></li>
+  <li><a href="#a20180822-1" id="markdown-toc-a20180822-1">22 August 2018 - Struts
2.5.17 General Availability</a></li>
+  <li><a href="#a20180822-2" id="markdown-toc-a20180822-2">22 August 2018 - Struts
2.3.35 General Availability</a></li>
   <li><a href="#a20180327" id="markdown-toc-a20180327">27 March 2018 - A crafted
XML request can be used to perform a DoS attack when using the Struts REST plugin</a></li>
   <li><a href="#a20180323" id="markdown-toc-a20180323">23 March 2018 - Immediately
upgrade commons-fileupload to version 1.3.3</a></li>
   <li><a href="#a20180316" id="markdown-toc-a20180316">16 March 2018 - Struts
2.5.16 General Availability</a></li>
@@ -139,6 +142,75 @@
   Skip to: <a href="announce-2017.html">Announcements - 2017</a>
 </p>
 
+<h4 id="a20180822-0">22 August 2018 - CVE-2018-11776 Apache Struts 2.3 to 2.3.34 and
2.5 to 2.5.16</h4>
+
+<p>CVEID:CVE-2018-11776</p>
+
+<p>PRODUCT:Apache Struts</p>
+
+<p>VERSION:Apache Struts 2.3 to 2.3.34 and 2.5 to 2.5.16</p>
+
+<p>PROBLEMTYPE:Remote Code Execution</p>
+
+<p>REFERENCES:<a href="https://cwiki.apache.org/confluence/display/WW/S2-057">S2-057</a></p>
+
+<p>DESCRIPTION:Man Yue Mo from the Semmle Security Research team was noticed that Apache
Struts versions 2.3 to 2.3.34 and
+2.5 to 2.5.16 suffer from possible Remote Code Execution when using results with no namespace
and in same time, its 
+upper action(s) have no or wildcard namespace. Same possibility when using url tag which
doesn’t have value and action
+set and in same time, its upper action(s) have no or wildcard namespace.</p>
+
+<h4 id="a20180822-1">22 August 2018 - Struts 2.5.17 General Availability</h4>
+
+<p>The Apache Struts group is pleased to announce that Struts 2.5.17 is available as
a “General Availability”
+release. The GA designation is our highest quality grade.</p>
+
+<p>In addition to critical overall proactive security improvements, this release addresses
one potential security vulnerability:</p>
+
+<ul>
+  <li>Possible Remote Code Execution when using results with no namespace and in same
time, its upper action(s) have no or 
+wildcard namespace. Same possibility when using url tag which doesn’t have value and action
set. - <a href="https://cwiki.apache.org/confluence/display/WW/S2-057">S2-057</a></li>
+</ul>
+
+<p>Apache Struts 2 is an elegant, extensible framework for creating enterprise-ready
Java web applications.
+The framework is designed to streamline the full development cycle, from building, to deploying,
+to maintaining applications over time.</p>
+
+<p><strong>All developers are strongly advised to perform this action.</strong></p>
+
+<p>The 2.5.x series of the Apache Struts framework has a minimum requirement of the
following specification versions:
+Servlet API 2.4, JSP API 2.0, and Java 7.</p>
+
+<p>Should any issues arise with your use of any version of the Struts framework, please
post your comments
+to the user list, and, if appropriate, file a tracking ticket.</p>
+
+<p>You can download this version from our <a href="download.cgi#struts-ga">download</a>
page.</p>
+
+<h4 id="a20180822-2">22 August 2018 - Struts 2.3.35 General Availability</h4>
+
+<p>The Apache Struts group is pleased to announce that Struts 2.3.35 is available as
a “General Availability”
+release. The GA designation is our highest quality grade.</p>
+
+<p>In addition to critical overall proactive security improvements, this release addresses
one potential security vulnerability:</p>
+
+<ul>
+  <li>Possible Remote Code Execution when using results with no namespace and in same
time, its upper action(s) have no or 
+wildcard namespace. Same possibility when using url tag which doesn’t have value and action
set. - <a href="https://cwiki.apache.org/confluence/display/WW/S2-057">S2-057</a></li>
+</ul>
+
+<p>Apache Struts 2 is an elegant, extensible framework for creating enterprise-ready
Java web applications.
+The framework is designed to streamline the full development cycle, from building, to deploying,
+to maintaining applications over time.</p>
+
+<p><strong>All developers are strongly advised to perform this action.</strong></p>
+
+<p>The 2.3.x series of the Apache Struts framework has a minimum requirement of the
following specification versions:
+Servlet API 2.4, JSP API 2.0, and Java 6.</p>
+
+<p>Should any issues arise with your use of any version of the Struts framework, please
post your comments
+to the user list, and, if appropriate, file a tracking ticket.</p>
+
+<p>You can download this version from our <a href="download.cgi#struts-23x">download</a>
page.</p>
+
 <h4 id="a20180327">27 March 2018 - A crafted XML request can be used to perform a DoS
attack when using the Struts REST plugin</h4>
 
 <p>The Apache Security Struts Team recommends to immediately upgrade your Struts 2
based projects to use the latest released 
diff --git a/content/core-developers/interceptors.html b/content/core-developers/interceptors.html
index 91095e6..5409037 100644
--- a/content/core-developers/interceptors.html
+++ b/content/core-developers/interceptors.html
@@ -286,6 +286,7 @@ than reiterate the same list of Interceptors, we can bundle these Interceptors
t
     <span class="c">&lt;!-- this is simpler version of the above used with string
comparison --&gt;</span>
     <span class="nt">&lt;constant</span> <span class="na">name=</span><span
class="s">"struts.excludedPackageNames"</span>
               <span class="na">value=</span><span class="s">"</span>
+                <span class="err">com.opensymphony.xwork2.ognl.,</span>
                 <span class="err">java.lang.,</span>
                 <span class="err">ognl.,</span>
                 <span class="err">javax,</span>
@@ -293,6 +294,7 @@ than reiterate the same list of Interceptors, we can bundle these Interceptors
t
                 <span class="err">freemarker.template.,</span>
                 <span class="err">freemarker.ext.rhino.,</span>
                 <span class="err">freemarker.ext.beans.,</span>
+                <span class="err">sun.misc.,</span>
                 <span class="err">sun.reflect.,</span>
                 <span class="err">javassist."</span> <span class="nt">/&gt;</span>
 
diff --git a/content/core-developers/struts-default-xml.html b/content/core-developers/struts-default-xml.html
index 0c0ab39..fab4f27 100644
--- a/content/core-developers/struts-default-xml.html
+++ b/content/core-developers/struts-default-xml.html
@@ -201,6 +201,7 @@ setting in <a href="struts-properties.html">struts.properties</a>.</p>
     <span class="c">&lt;!-- this is simpler version of the above used with string
comparison --&gt;</span>
     <span class="nt">&lt;constant</span> <span class="na">name=</span><span
class="s">"struts.excludedPackageNames"</span>
               <span class="na">value=</span><span class="s">"</span>
+                <span class="err">com.opensymphony.xwork2.ognl.,</span>
                 <span class="err">java.lang.,</span>
                 <span class="err">ognl.,</span>
                 <span class="err">javax,</span>
@@ -208,6 +209,7 @@ setting in <a href="struts-properties.html">struts.properties</a>.</p>
                 <span class="err">freemarker.template.,</span>
                 <span class="err">freemarker.ext.rhino.,</span>
                 <span class="err">freemarker.ext.beans.,</span>
+                <span class="err">sun.misc.,</span>
                 <span class="err">sun.reflect.,</span>
                 <span class="err">javassist."</span> <span class="nt">/&gt;</span>
 
diff --git a/content/download.html b/content/download.html
index 73b1735..715ed20 100644
--- a/content/download.html
+++ b/content/download.html
@@ -189,26 +189,26 @@
 
 <h2 id="struts-ga">Full Releases</h2>
 
-<h3 id="struts2516">Struts 2.5.16</h3>
+<h3 id="struts2517">Struts 2.5.17</h3>
 
 <p>
-  <a href="https://struts.apache.org/">Apache Struts 2.5.16</a> is an elegant,
extensible
+  <a href="https://struts.apache.org/">Apache Struts 2.5.17</a> is an elegant,
extensible
   framework for creating enterprise-ready Java web applications. It is available in a full
distribution,
   or as separate library, source, example and documentation distributions.
-  Struts 2.5.16 is the "best available" version of Struts in the 2.5 series.
+  Struts 2.5.17 is the "best available" version of Struts in the 2.5 series.
 </p>
 
 <ul>
   <li>
-    <a href="https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.5.16">Version
Notes</a>
+    <a href="https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.5.17">Version
Notes</a>
   </li>
 
   <li>Full Distribution:
     <ul>
       <li>
-        <a href="[preferred]struts/2.5.16/struts-2.5.16-all.zip">struts-2.5.16-all.zip</a>
(65MB)
-        [<a href="https://www.apache.org/dist/struts/2.5.16/struts-2.5.16-all.zip.asc">PGP</a>]
-        [<a href="https://www.apache.org/dist/struts/2.5.16/struts-2.5.16-all.zip.md5">MD5</a>]
+        <a href="[preferred]struts/2.5.17/struts-2.5.17-all.zip">struts-2.5.17-all.zip</a>
(65MB)
+        [<a href="https://www.apache.org/dist/struts/2.5.17/struts-2.5.17-all.zip.asc">PGP</a>]
+        [<a href="https://www.apache.org/dist/struts/2.5.17/struts-2.5.17-all.zip.md5">MD5</a>]
       </li>
     </ul>
   </li>
@@ -216,9 +216,9 @@
   <li>Example Applications:
     <ul>
       <li>
-        <a href="[preferred]struts/2.5.16/struts-2.5.16-apps.zip">struts-2.5.16-apps.zip</a>
(35MB)
-        [<a href="https://www.apache.org/dist/struts/2.5.16/struts-2.5.16-apps.zip.asc">PGP</a>]
-        [<a href="https://www.apache.org/dist/struts/2.5.16/struts-2.5.16-apps.zip.md5">MD5</a>]
+        <a href="[preferred]struts/2.5.17/struts-2.5.17-apps.zip">struts-2.5.17-apps.zip</a>
(35MB)
+        [<a href="https://www.apache.org/dist/struts/2.5.17/struts-2.5.17-apps.zip.asc">PGP</a>]
+        [<a href="https://www.apache.org/dist/struts/2.5.17/struts-2.5.17-apps.zip.md5">MD5</a>]
       </li>
     </ul>
   </li>
@@ -226,9 +226,9 @@
   <li>Essential Dependencies Only:
     <ul>
       <li>
-        <a href="[preferred]struts/2.5.16/struts-2.5.16-min-lib.zip">struts-2.5.16-min-lib.zip</a>
(4MB)
-        [<a href="https://www.apache.org/dist/struts/2.5.16/struts-2.5.16-min-lib.zip.asc">PGP</a>]
-        [<a href="https://www.apache.org/dist/struts/2.5.16/struts-2.5.16-min-lib.zip.md5">MD5</a>]
+        <a href="[preferred]struts/2.5.17/struts-2.5.17-min-lib.zip">struts-2.5.17-min-lib.zip</a>
(4MB)
+        [<a href="https://www.apache.org/dist/struts/2.5.17/struts-2.5.17-min-lib.zip.asc">PGP</a>]
+        [<a href="https://www.apache.org/dist/struts/2.5.17/struts-2.5.17-min-lib.zip.md5">MD5</a>]
       </li>
     </ul>
   </li>
@@ -236,9 +236,9 @@
   <li>All Dependencies:
     <ul>
       <li>
-        <a href="[preferred]struts/2.5.16/struts-2.5.16-lib.zip">struts-2.5.16-lib.zip</a>
(19MB)
-        [<a href="https://www.apache.org/dist/struts/2.5.16/struts-2.5.16-lib.zip.asc">PGP</a>]
-        [<a href="https://www.apache.org/dist/struts/2.5.16/struts-2.5.16-lib.zip.md5">MD5</a>]
+        <a href="[preferred]struts/2.5.17/struts-2.5.17-lib.zip">struts-2.5.17-lib.zip</a>
(19MB)
+        [<a href="https://www.apache.org/dist/struts/2.5.17/struts-2.5.17-lib.zip.asc">PGP</a>]
+        [<a href="https://www.apache.org/dist/struts/2.5.17/struts-2.5.17-lib.zip.md5">MD5</a>]
       </li>
     </ul>
   </li>
@@ -246,9 +246,9 @@
   <li>Documentation:
     <ul>
       <li>
-        <a href="[preferred]struts/2.5.16/struts-2.5.16-docs.zip">struts-2.5.16-docs.zip</a>
(13MB)
-        [<a href="https://www.apache.org/dist/struts/2.5.16/struts-2.5.16-docs.zip.asc">PGP</a>]
-        [<a href="https://www.apache.org/dist/struts/2.5.16/struts-2.5.16-docs.zip.md5">MD5</a>]
+        <a href="[preferred]struts/2.5.17/struts-2.5.17-docs.zip">struts-2.5.17-docs.zip</a>
(13MB)
+        [<a href="https://www.apache.org/dist/struts/2.5.17/struts-2.5.17-docs.zip.asc">PGP</a>]
+        [<a href="https://www.apache.org/dist/struts/2.5.17/struts-2.5.17-docs.zip.md5">MD5</a>]
       </li>
     </ul>
   </li>
@@ -256,28 +256,28 @@
   <li>Source:
     <ul>
       <li>
-        <a href="[preferred]struts/2.5.16/struts-2.5.16-src.zip">struts-2.5.16-src.zip</a>
(7MB)
-        [<a href="https://www.apache.org/dist/struts/2.5.16/struts-2.5.16-src.zip.asc">PGP</a>]
-        [<a href="https://www.apache.org/dist/struts/2.5.16/struts-2.5.16-src.zip.md5">MD5</a>]
+        <a href="[preferred]struts/2.5.17/struts-2.5.17-src.zip">struts-2.5.17-src.zip</a>
(7MB)
+        [<a href="https://www.apache.org/dist/struts/2.5.17/struts-2.5.17-src.zip.asc">PGP</a>]
+        [<a href="https://www.apache.org/dist/struts/2.5.17/struts-2.5.17-src.zip.md5">MD5</a>]
       </li>
     </ul>
   </li>
 
 </ul>
 
-<h3 id="struts-23x">Struts 2.3.34</h3>
+<h3 id="struts-23x">Struts 2.3.35</h3>
 
 <ul>
   <li>
-    <a href="https://struts.apache.org/docs/version-notes-2334.html">Version Notes</a>
+    <a href="https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.3.35">Version
Notes</a>
   </li>
 
   <li>Full Distribution:
     <ul>
       <li>
-        <a href="[preferred]struts/2.3.34/struts-2.3.34-all.zip">struts-2.3.34-all.zip</a>
(65MB)
-        [<a href="https://www.apache.org/dist/struts/2.3.34/struts-2.3.34-all.zip.asc">PGP</a>]
-        [<a href="https://www.apache.org/dist/struts/2.3.34/struts-2.3.34-all.zip.md5">MD5</a>]
+        <a href="[preferred]struts/2.3.35/struts-2.3.35-all.zip">struts-2.3.35-all.zip</a>
(65MB)
+        [<a href="https://www.apache.org/dist/struts/2.3.35/struts-2.3.35-all.zip.asc">PGP</a>]
+        [<a href="https://www.apache.org/dist/struts/2.3.35/struts-2.3.35-all.zip.md5">MD5</a>]
       </li>
     </ul>
   </li>
@@ -285,9 +285,9 @@
   <li>Example Applications:
     <ul>
       <li>
-        <a href="[preferred]struts/2.3.34/struts-2.3.34-apps.zip">struts-2.3.34-apps.zip</a>
(35MB)
-        [<a href="https://www.apache.org/dist/struts/2.3.34/struts-2.3.34-apps.zip.asc">PGP</a>]
-        [<a href="https://www.apache.org/dist/struts/2.3.34/struts-2.3.34-apps.zip.md5">MD5</a>]
+        <a href="[preferred]struts/2.3.35/struts-2.3.35-apps.zip">struts-2.3.35-apps.zip</a>
(35MB)
+        [<a href="https://www.apache.org/dist/struts/2.3.35/struts-2.3.35-apps.zip.asc">PGP</a>]
+        [<a href="https://www.apache.org/dist/struts/2.3.35/struts-2.3.35-apps.zip.md5">MD5</a>]
       </li>
     </ul>
   </li>
@@ -295,9 +295,9 @@
   <li>Essential Dependencies Only:
     <ul>
       <li>
-        <a href="[preferred]struts/2.3.34/struts-2.3.34-min-lib.zip">struts-2.3.34-min-lib.zip</a>
(4MB)
-        [<a href="https://www.apache.org/dist/struts/2.3.34/struts-2.3.34-min-lib.zip.asc">PGP</a>]
-        [<a href="https://www.apache.org/dist/struts/2.3.34/struts-2.3.34-min-lib.zip.md5">MD5</a>]
+        <a href="[preferred]struts/2.3.35/struts-2.3.35-min-lib.zip">struts-2.3.35-min-lib.zip</a>
(4MB)
+        [<a href="https://www.apache.org/dist/struts/2.3.35/struts-2.3.35-min-lib.zip.asc">PGP</a>]
+        [<a href="https://www.apache.org/dist/struts/2.3.35/struts-2.3.35-min-lib.zip.md5">MD5</a>]
       </li>
     </ul>
   </li>
@@ -305,9 +305,9 @@
   <li>All Dependencies:
     <ul>
       <li>
-        <a href="[preferred]struts/2.3.34/struts-2.3.34-lib.zip">struts-2.3.34-lib.zip</a>
(19MB)
-        [<a href="https://www.apache.org/dist/struts/2.3.34/struts-2.3.34-lib.zip.asc">PGP</a>]
-        [<a href="https://www.apache.org/dist/struts/2.3.34/struts-2.3.34-lib.zip.md5">MD5</a>]
+        <a href="[preferred]struts/2.3.35/struts-2.3.35-lib.zip">struts-2.3.35-lib.zip</a>
(19MB)
+        [<a href="https://www.apache.org/dist/struts/2.3.35/struts-2.3.35-lib.zip.asc">PGP</a>]
+        [<a href="https://www.apache.org/dist/struts/2.3.35/struts-2.3.35-lib.zip.md5">MD5</a>]
       </li>
     </ul>
   </li>
@@ -315,9 +315,9 @@
   <li>Documentation:
     <ul>
       <li>
-        <a href="[preferred]struts/2.3.34/struts-2.3.34-docs.zip">struts-2.3.34-docs.zip</a>
(13MB)
-        [<a href="https://www.apache.org/dist/struts/2.3.34/struts-2.3.34-docs.zip.asc">PGP</a>]
-        [<a href="https://www.apache.org/dist/struts/2.3.34/struts-2.3.34-docs.zip.md5">MD5</a>]
+        <a href="[preferred]struts/2.3.35/struts-2.3.35-docs.zip">struts-2.3.35-docs.zip</a>
(13MB)
+        [<a href="https://www.apache.org/dist/struts/2.3.35/struts-2.3.35-docs.zip.asc">PGP</a>]
+        [<a href="https://www.apache.org/dist/struts/2.3.35/struts-2.3.35-docs.zip.md5">MD5</a>]
       </li>
     </ul>
   </li>
@@ -325,9 +325,9 @@
   <li>Source:
     <ul>
       <li>
-        <a href="[preferred]struts/2.3.34/struts-2.3.34-src.zip">struts-2.3.34-src.zip</a>
(7MB)
-        [<a href="https://www.apache.org/dist/struts/2.3.34/struts-2.3.34-src.zip.asc">PGP</a>]
-        [<a href="https://www.apache.org/dist/struts/2.3.34/struts-2.3.34-src.zip.md5">MD5</a>]
+        <a href="[preferred]struts/2.3.35/struts-2.3.35-src.zip">struts-2.3.35-src.zip</a>
(7MB)
+        [<a href="https://www.apache.org/dist/struts/2.3.35/struts-2.3.35-src.zip.asc">PGP</a>]
+        [<a href="https://www.apache.org/dist/struts/2.3.35/struts-2.3.35-src.zip.md5">MD5</a>]
       </li>
     </ul>
   </li>
diff --git a/content/index.html b/content/index.html
index ec24232..4479be6 100644
--- a/content/index.html
+++ b/content/index.html
@@ -131,7 +131,7 @@
       extensible using a plugin architecture, and ships with plugins to support
       REST, AJAX and JSON.
     </p>
-    <a href="download.cgi#struts2516" class="btn btn-primary btn-large">
+    <a href="download.cgi#struts2517" class="btn btn-primary btn-large">
       <img src="img/download-icon.svg"> Download
     </a>
     <a href="primer.html" class="btn btn-info btn-large">
@@ -156,19 +156,19 @@
         </p>
       </div>
       <div class="column col-md-4">
-        <h2>Apache Struts 2.5.16 GA</h2>
+        <h2>Apache Struts 2.5.17 GA</h2>
         <p>
-          Apache Struts 2.5.16 GA has been released<br/>on 16 March 2018.
+          Apache Struts 2.5.17 GA has been released<br/>on 22 August 2018.
         </p>
-        Read more in <a href="announce.html#a20180316">Announcement</a> or in
-        <a href="https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.5.16">Version
notes</a>
+        Read more in <a href="announce.html#a20180822-1">Announcement</a> or
in
+        <a href="https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.5.17">Version
notes</a>
       </div>
       <div class="column col-md-4">
-        <h2>Apache Struts 2.3.34 GA</h2>
+        <h2>Apache Struts 2.3.35 GA</h2>
         <p>
           It's the latest release of Struts 2.3.x which contains the latest security fixes,
-          read more in <a href="announce-2017.html#a20170907">Announcement</a>
or in
-          <a href="/docs/version-notes-2334.html">Version notes</a>
+          released on 22 August 2018.<br/> Read more in <a href="announce.html#a20180822-2">Announcement</a>
or in
+          <a href="https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.3.35">Version
notes</a>
         </p>
       </div>
     </div>
@@ -192,11 +192,11 @@
         </p>
       </div>
       <div class="column col-md-4">
-        <h2>A crafted XML request can be used to perform a DoS attack when using the
Struts REST plugin</h2>
+        <h2>Immediately upgrade to version 2.5.17 or 2.3.35</h2>
         <p>
           The Apache Security Struts Team recommends to immediately upgrade your Struts 2
based projects to use
-          the latest released version of the Apache Struts to prevent possible DoS attack
when using the REST plugin.
-          <a href="announce.html#a20180327">Announcement</a>
+          the latest released version of the Apache Struts to prevent possible RCE attack
when using results with no namespace,
+          reported in <a href="https://cwiki.apache.org/confluence/display/WW/S2-057">S2-057</a>.
Read more in <a href="announce.html#a20180822-0">Announcement</a>.
         </p>
       </div>
     </div>
diff --git a/content/releases.html b/content/releases.html
index aec9fb7..f1bd7e4 100644
--- a/content/releases.html
+++ b/content/releases.html
@@ -147,7 +147,7 @@
     <ul>
       <li>
         <a href="/download.cgi#struts-ga">
-          Struts 2.5.16
+          Struts 2.5.17
         </a> ("best available")
       </li>
     </ul>
@@ -231,6 +231,18 @@
   <tbody>
   <tr>
     <td class="no-wrap">
+      Struts 2.5.16
+    </td>
+    <td class="no-wrap">16 March 2018</td>
+    <td>
+      <a href="https://cwiki.apache.org/confluence/display/WW/S2-057">S2-057</a>
+    </td>
+    <td>
+      <a href="https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.5.16">Version
notes</a>
+    </td>
+  </tr>
+  <tr>
+    <td class="no-wrap">
       Struts 2.5.14.1
     </td>
     <td class="no-wrap">30 November 2017</td>
@@ -260,6 +272,7 @@
     </td>
     <td class="no-wrap">7 September 2017</td>
     <td>
+      <a href="https://cwiki.apache.org/confluence/display/WW/S2-057">S2-057</a>
     </td>
     <td>
       <a href="https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.3.34">Version
notes</a>


Mime
View raw message