Return-Path: X-Original-To: apmail-struts-dev-archive@www.apache.org Delivered-To: apmail-struts-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 22350D787 for ; Thu, 23 May 2013 06:59:59 +0000 (UTC) Received: (qmail 60767 invoked by uid 500); 23 May 2013 06:59:58 -0000 Delivered-To: apmail-struts-dev-archive@struts.apache.org Received: (qmail 58586 invoked by uid 500); 23 May 2013 06:59:55 -0000 Mailing-List: contact dev-help@struts.apache.org; run by ezmlm Precedence: bulk List-Unsubscribe: List-Help: List-Post: List-Id: "Struts Developers List" Reply-To: "Struts Developers List" Delivered-To: mailing list dev@struts.apache.org Received: (qmail 58539 invoked by uid 99); 23 May 2013 06:59:55 -0000 Received: from minotaur.apache.org (HELO minotaur.apache.org) (140.211.11.9) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 23 May 2013 06:59:55 +0000 Received: from localhost (HELO mail-pa0-f48.google.com) (127.0.0.1) (smtp-auth username lukaszlenart, mechanism plain) by minotaur.apache.org (qpsmtpd/0.29) with ESMTP; Thu, 23 May 2013 06:59:54 +0000 Received: by mail-pa0-f48.google.com with SMTP id kp6so2612855pab.7 for ; Wed, 22 May 2013 23:59:54 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:from:date:message-id:subject:to:content-type :content-transfer-encoding; bh=7Bn1gyMWsvEegHHIreGXvjxbQLFfP7b7CuadlFKtmaQ=; b=ONMfkS/iG0Dx/B1PJmKi1MtDQkDDkxSe5L0fXfWpH9aPh0obfzki41DOATPxzPU2Sp Bpcpf+RyhUtXqSylWQ6Z/Tyj/sdaQzeaGMNWaH3OsjoCs6+nWO9GGqpMc6uknqjn6e8a TCZ9oapHu12YB49Y/Yhbpcx/JqUXV35yHt5r7bXrNo6tpxAST4hBd3/xWB1p1eFYY+iF Bbj8c7TGopvE3bOqlfaWgK1Nm1GR2tf5ryv56OCKk58Ehk93S0/iS8m1mjq8vPC9nJdp C0NPTO67DY3Qq/p9Cbn8vLjifMXixAWdH7NOk8yn1nUvrWQDKSnN3UqoGHDFN4Ob3ojd iN4w== X-Received: by 10.66.20.66 with SMTP id l2mr11688392pae.205.1369292394004; Wed, 22 May 2013 23:59:54 -0700 (PDT) MIME-Version: 1.0 Received: by 10.68.216.102 with HTTP; Wed, 22 May 2013 23:59:33 -0700 (PDT) From: Lukasz Lenart Date: Thu, 23 May 2013 08:59:33 +0200 Message-ID: Subject: [ANN] Struts 2.3.14.1 GA (fast track | security) To: user@struts.apache.oorg, dev@struts.apache.org, announcements@struts.apache.org, security@apache.org, full-disclosure@lists.grok.org.uk, bugtraq@securityfocus.com Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable The Apache Struts group is pleased to announce that Struts 2.3.14.1 is available as a "General Availability" release. The GA designation is our highest quality grade. Apache Struts 2 is an elegant, extensible framework for creating enterprise-ready Java web applications. The framework is designed to streamline the full development cycle, from building, to deploying, to maintaining applications over time. Two security issues were solved with this release: * Showcase app vulnerability allows remote command execution * A vulnerability, present in the includeParams attribute of the URL and Anchor Tag, allows remote command execution All developers are strongly advised to update existing Struts 2 applications to Struts 2.3.14.1. Struts 2.3.14.1 is available in a full distribution or as separate library, source, example and documentation distributions, from the releases page. The release is also available through the central Maven repository under Group ID "org.apache.struts". The release notes are available online. The 2.3.x series of the Apache Struts framework has a minimum requirement of the following specification versions: Servlet API 2.4, JSP API 2.0, and Java 5. Should any issues arise with your use of any version of the Struts framework, please post your comments to the user list, and, if appropriate, file a tracking ticket. - The Apache Struts group. Kind regards --=20 =C5=81ukasz --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org For additional commands, e-mail: dev-help@struts.apache.org