struts-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rene Gielen <gie...@it-neering.net>
Subject Re: [VOTE] Struts 2.0.11.1 Quality (fast track) - PROPOSED ANNOUNCEMENT
Date Tue, 04 Mar 2008 07:58:49 GMT
Agreed. How should we put it better?

Don Brown schrieb:
> Good point.  This pales in comparison to, say, the OGNL remote code
> exploit.  XSS exploits, while important, just aren't anywhere near as
> big of deal.
> 
> Don
> 
> On Tue, Mar 4, 2008 at 12:43 PM, Jeromy Evans
> <jeromy.evans@blueskyminds.com.au> wrote:
>> My opinion is that the criticality is overstated.
>>  However it is useful to draw attention to the vulnerability.
>>
>>
>>
>>  Don Brown wrote:
>>  > Looks good.  Thanks for creating a security bulletin as well.
>>  >
>>  > Don
>>  >
>>  > On 3/4/08, Rene Gielen <rgielen@apache.org> wrote:
>>  >
>>  >> The release has been submitted for mirroring. Here's a draft
>>  >>  announcement that we could post tomorrow morning, including a link to
a
>>  >>  corresponding security bulletin announcement in the wiki. Comments and
>>  >>  corrections to both texts are highly appreciated.
>>  >>
>>  >>  ----
>>  >>
>>  >>  Apache Struts 2.0.11.1 is now available from
>>  >>  <http://struts.apache.org/download.cgi#struts20111>.
>>  >>
>>  >>  This release is a fast track security fix release, including important
>>  >>  security fixes regarding possible cross site scripting exploits. For
>>  >>  more information about the exploits, visit our security bulletins page
at
>>  >>  <http://cwiki.apache.org/confluence/display/WW/S2-002>.
>>  >>
>>  >>  * ALL DEVELOPERS ARE STRONGLY ADVISED TO UPDATE TO STRUTS 2.0.11.1
>>  >>  IMMEDIATELY!
>>  >>
>>  >>  For the complete release notes for Struts 2.0.11.1, see
>>  >>  <http://cwiki.apache.org/confluence/display/WW/Release+Notes+2.0.11.1>.
>>  >>
>>  >>  ---------------------------------------------------------------------
>>  >>  To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
>>  >>  For additional commands, e-mail: dev-help@struts.apache.org
>>  >>
>>  >>
>>  >>
>>  >
>>  > ---------------------------------------------------------------------
>>  > To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
>>  > For additional commands, e-mail: dev-help@struts.apache.org
>>  >
>>  >
>>  >
>>  >
>>  >
>>
>>
>>  ---------------------------------------------------------------------
>>  To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
>>  For additional commands, e-mail: dev-help@struts.apache.org
>>
>>
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
> For additional commands, e-mail: dev-help@struts.apache.org
> 

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org


Mime
View raw message