struts-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "info@flyingfischer.ch" <i...@flyingfischer.ch>
Subject Re: [VOTE][FASTTRACK] Struts 2.3.16.3
Date Sat, 03 May 2014 08:26:20 GMT
+1

Markus

Am 03.05.2014 05:41, schrieb Paul Benedict:
> +1
>
>
> Cheers,
> Paul
>
>
> On Fri, May 2, 2014 at 4:16 PM, Don Brown <mrdon@apache.org> wrote:
>
>> +1
>>
>>
>> On Fri, May 2, 2014 at 1:58 PM, Dave Newton <davelnewton@gmail.com> wrote:
>>
>>> +1
>>> On May 2, 2014 3:52 PM, "Lukasz Lenart" <lukaszlenart@apache.org> wrote:
>>>
>>>> The Struts 2.3.16.3 test build is now available. It includes the
>>>> latest security patch which fixes one possible vulnerabilities:
>>>> - Extends excluded params in CookieInterceptor to avoid manipulation
>>>> of Struts' internals
>>>>
>>>> For details and the rationale behind these changes, please consult the
>>>> corresponding security bulletins:
>>>> * https://cwiki.apache.org/confluence/display/WW/S2-022
>>>>
>>>> Release notes:
>>>> * [
>> https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.3.16.3
>>> ]
>>>>
>>>> Distribution:
>>>> * [http://people.apache.org/builds/struts/2.3.16.3/]
>>>>
>>>> Maven 2 staging repository:
>>>> * [
>>>>
>> https://repository.apache.org/content/repositories/orgapachestruts-1003/
>>> ]
>>>>
>>>> Once you have had a chance to review the test build, please respond
>>>> with a vote on its quality:
>>>>
>>>> [ ] Leave at test build
>>>> [ ] Alpha
>>>> [ ] Beta
>>>> [ ] General Availability (GA)
>>>>
>>>> Everyone who has tested the build is invited to vote. Votes by PMC
>>>> members are considered binding. A vote passes if there are at least
>>>> three binding +1s and more +1s than -1s.
>>>>
>>>> This is a "fast-track" release vote. If we have a positive vote after
>>>> 24 hours (at least three binding +1s and more +1s than -1s),  the
>>>> release may be submitted for mirroring and announced to the usual
>>>> channels.
>>>>
>>>> The website download link will include the mirroring timestamp
>>>> parameter [1], which limits the selection of mirrors to those that
>>>> have been refreshed since the indicated time and date. (After 24
>>>> hours, we *must* remove the timestamp parameter from the website link,
>>>> to avoid unnecessary server load.) In the case of a fast-track
>>>> release, the email announcement will not link directly to
>>>> <download.cgi>, but to <downloads.html>, so that we can control
use of
>>>> the timestamp parameter.
>>>>
>>>> [1] http://apache.org/dev/mirrors.html#use
>>>>
>>>> - The Apache Struts group.
>>>>
>>>>
>>>> Regards
>>>> --
>>>> Ɓukasz
>>>> + 48 606 323 122 http://www.lenart.org.pl/
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
>>>> For additional commands, e-mail: dev-help@struts.apache.org
>>>>
>>>>
>>>
>>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org


Mime
View raw message