struts-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From JOSE L MARTINEZ-AVIAL <jlm...@gmail.com>
Subject Re: [ANN] Struts 2.3.16.1 GA release available - security fix
Date Fri, 07 Mar 2014 16:41:24 GMT
Hi Lukasz,
 The version 2.3.16.1 is not available yet in Maven repository. When do you
think it will be available?

 Thanks

JL


2014-03-06 12:27 GMT-05:00 Lukasz Lenart <lukaszlenart@apache.org>:

> Ok, thanks!
>
> 2014-03-06 18:23 GMT+01:00 Mark Thomas <markt@apache.org>:
> > On 06/03/2014 17:08, Lukasz Lenart wrote:
> >> So who's the reporter?
> >
> > We (the ASF) know who discovered CVE-2014-0050 but they have not given
> > permission to be named. The only public credit information is that which
> > was published for CVE-2014-0050.
> >
> > Mark
> >
> >>
> >> 2014-03-06 16:54 GMT+01:00 Mark Thomas <markt@apache.org>:
> >>> On 06/03/2014 09:04, Lukasz Lenart wrote:
> >>>> This release includes important security fixes:
> >>>> - S2-020 - ClassLoader manipulation via request parameters
> >>>> - upgraded Commons FileUpload library to prevent DoS attacks
> >>>>
> >>>> * http://struts.apache.org/release/2.3.x/docs/s2-020.html
> >>>
> >>> Please remove my name from the reporters. I just forwarded the e-mail
> >>> that the security team received. I do not deserve any of the credit for
> >>> discovering this issue.
> >>>
> >>> Mark
> >>>
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: security-unsubscribe@apache.org
> >> For additional commands, e-mail: security-help@apache.org
> >>
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
> For additional commands, e-mail: dev-help@struts.apache.org
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message