Return-Path: X-Original-To: apmail-struts-dev-archive@www.apache.org Delivered-To: apmail-struts-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id CF7C2119C1 for ; Fri, 2 May 2014 19:52:24 +0000 (UTC) Received: (qmail 33130 invoked by uid 500); 2 May 2014 19:52:23 -0000 Delivered-To: apmail-struts-dev-archive@struts.apache.org Received: (qmail 33093 invoked by uid 500); 2 May 2014 19:52:22 -0000 Mailing-List: contact dev-help@struts.apache.org; run by ezmlm Precedence: bulk List-Unsubscribe: List-Help: List-Post: List-Id: "Struts Developers List" Reply-To: "Struts Developers List" Delivered-To: mailing list dev@struts.apache.org Received: (qmail 33077 invoked by uid 99); 2 May 2014 19:52:21 -0000 Received: from minotaur.apache.org (HELO minotaur.apache.org) (140.211.11.9) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 02 May 2014 19:52:21 +0000 Received: from localhost (HELO mail-yh0-f41.google.com) (127.0.0.1) (smtp-auth username lukaszlenart, mechanism plain) by minotaur.apache.org (qpsmtpd/0.29) with ESMTP; Fri, 02 May 2014 19:52:21 +0000 Received: by mail-yh0-f41.google.com with SMTP id i57so4586381yha.14 for ; Fri, 02 May 2014 12:52:20 -0700 (PDT) X-Received: by 10.236.51.42 with SMTP id a30mr26482188yhc.19.1399060340397; Fri, 02 May 2014 12:52:20 -0700 (PDT) MIME-Version: 1.0 Received: by 10.170.194.130 with HTTP; Fri, 2 May 2014 12:52:00 -0700 (PDT) From: Lukasz Lenart Date: Fri, 2 May 2014 21:52:00 +0200 Message-ID: Subject: [VOTE][FASTTRACK] Struts 2.3.16.3 To: Struts Developers List Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable The Struts 2.3.16.3 test build is now available. It includes the latest security patch which fixes one possible vulnerabilities: - Extends excluded params in CookieInterceptor to avoid manipulation of Struts' internals For details and the rationale behind these changes, please consult the corresponding security bulletins: * https://cwiki.apache.org/confluence/display/WW/S2-022 Release notes: * [https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.3.16.3] Distribution: * [http://people.apache.org/builds/struts/2.3.16.3/] Maven 2 staging repository: * [https://repository.apache.org/content/repositories/orgapachestruts-1003/= ] Once you have had a chance to review the test build, please respond with a vote on its quality: [ ] Leave at test build [ ] Alpha [ ] Beta [ ] General Availability (GA) Everyone who has tested the build is invited to vote. Votes by PMC members are considered binding. A vote passes if there are at least three binding +1s and more +1s than -1s. This is a "fast-track" release vote. If we have a positive vote after 24 hours (at least three binding +1s and more +1s than -1s), the release may be submitted for mirroring and announced to the usual channels. The website download link will include the mirroring timestamp parameter [1], which limits the selection of mirrors to those that have been refreshed since the indicated time and date. (After 24 hours, we *must* remove the timestamp parameter from the website link, to avoid unnecessary server load.) In the case of a fast-track release, the email announcement will not link directly to , but to , so that we can control use of the timestamp parameter. [1] http://apache.org/dev/mirrors.html#use - The Apache Struts group. Regards --=20 =C5=81ukasz + 48 606 323 122 http://www.lenart.org.pl/ --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org For additional commands, e-mail: dev-help@struts.apache.org