struts-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From JOSE L MARTINEZ-AVIAL <jlm...@gmail.com>
Subject Re: [ANN] Struts 2.3.16.1 GA release available - security fix
Date Fri, 07 Mar 2014 17:07:07 GMT
Oh, thanks. I was looking on
http://mvnrepository.com/artifact/org.apache.struts/struts2-core, not on
maven.org. I got it now.

JL


2014-03-07 11:50 GMT-05:00 Lukasz Lenart <lukaszlenart@apache.org>:

> It is
>
> http://search.maven.org/#artifactdetails%7Corg.apache.struts%7Cstruts2-core%7C2.3.16.1%7Cjar
>
> 2014-03-07 17:41 GMT+01:00 JOSE L MARTINEZ-AVIAL <jlmagc@gmail.com>:
> > Hi Lukasz,
> >  The version 2.3.16.1 is not available yet in Maven repository. When do
> you
> > think it will be available?
> >
> >  Thanks
> >
> > JL
> >
> >
> > 2014-03-06 12:27 GMT-05:00 Lukasz Lenart <lukaszlenart@apache.org>:
> >
> >> Ok, thanks!
> >>
> >> 2014-03-06 18:23 GMT+01:00 Mark Thomas <markt@apache.org>:
> >> > On 06/03/2014 17:08, Lukasz Lenart wrote:
> >> >> So who's the reporter?
> >> >
> >> > We (the ASF) know who discovered CVE-2014-0050 but they have not given
> >> > permission to be named. The only public credit information is that
> which
> >> > was published for CVE-2014-0050.
> >> >
> >> > Mark
> >> >
> >> >>
> >> >> 2014-03-06 16:54 GMT+01:00 Mark Thomas <markt@apache.org>:
> >> >>> On 06/03/2014 09:04, Lukasz Lenart wrote:
> >> >>>> This release includes important security fixes:
> >> >>>> - S2-020 - ClassLoader manipulation via request parameters
> >> >>>> - upgraded Commons FileUpload library to prevent DoS attacks
> >> >>>>
> >> >>>> * http://struts.apache.org/release/2.3.x/docs/s2-020.html
> >> >>>
> >> >>> Please remove my name from the reporters. I just forwarded the
> e-mail
> >> >>> that the security team received. I do not deserve any of the credit
> for
> >> >>> discovering this issue.
> >> >>>
> >> >>> Mark
> >> >>>
> >> >>
> >> >> ---------------------------------------------------------------------
> >> >> To unsubscribe, e-mail: security-unsubscribe@apache.org
> >> >> For additional commands, e-mail: security-help@apache.org
> >> >>
> >> >
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
> >> For additional commands, e-mail: dev-help@struts.apache.org
> >>
> >>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
> For additional commands, e-mail: dev-help@struts.apache.org
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message