struts-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Lukasz Lenart <lukaszlen...@apache.org>
Subject Re: [ANN] Struts 2.3.16.1 GA release available - security fix
Date Fri, 07 Mar 2014 16:50:28 GMT
It is
http://search.maven.org/#artifactdetails%7Corg.apache.struts%7Cstruts2-core%7C2.3.16.1%7Cjar

2014-03-07 17:41 GMT+01:00 JOSE L MARTINEZ-AVIAL <jlmagc@gmail.com>:
> Hi Lukasz,
>  The version 2.3.16.1 is not available yet in Maven repository. When do you
> think it will be available?
>
>  Thanks
>
> JL
>
>
> 2014-03-06 12:27 GMT-05:00 Lukasz Lenart <lukaszlenart@apache.org>:
>
>> Ok, thanks!
>>
>> 2014-03-06 18:23 GMT+01:00 Mark Thomas <markt@apache.org>:
>> > On 06/03/2014 17:08, Lukasz Lenart wrote:
>> >> So who's the reporter?
>> >
>> > We (the ASF) know who discovered CVE-2014-0050 but they have not given
>> > permission to be named. The only public credit information is that which
>> > was published for CVE-2014-0050.
>> >
>> > Mark
>> >
>> >>
>> >> 2014-03-06 16:54 GMT+01:00 Mark Thomas <markt@apache.org>:
>> >>> On 06/03/2014 09:04, Lukasz Lenart wrote:
>> >>>> This release includes important security fixes:
>> >>>> - S2-020 - ClassLoader manipulation via request parameters
>> >>>> - upgraded Commons FileUpload library to prevent DoS attacks
>> >>>>
>> >>>> * http://struts.apache.org/release/2.3.x/docs/s2-020.html
>> >>>
>> >>> Please remove my name from the reporters. I just forwarded the e-mail
>> >>> that the security team received. I do not deserve any of the credit
for
>> >>> discovering this issue.
>> >>>
>> >>> Mark
>> >>>
>> >>
>> >> ---------------------------------------------------------------------
>> >> To unsubscribe, e-mail: security-unsubscribe@apache.org
>> >> For additional commands, e-mail: security-help@apache.org
>> >>
>> >
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
>> For additional commands, e-mail: dev-help@struts.apache.org
>>
>>

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org


Mime
View raw message