struts-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Greg Huber <gregh3...@gmail.com>
Subject Re: [VOTE] Struts 2.3.27
Date Fri, 18 Mar 2016 10:02:14 GMT
Re-testing this...

did the result = createResult(); get reinstated in the
DefaultActionInvocation.executeResult(), as my views are not switching
correctly.

The message on the redirect works OK. Part of the pre result listener mods.




On 18 March 2016 at 09:01, Lukasz Lenart <lukaszlenart@apache.org> wrote:

> This is a third call in row with tiny fix discovered during test
> period so I'm going to speed things up as there are three security
> bulletins addressed with this release.
>
> The Apache Struts 2.3.26 test build is now available. With this release:
> - Possible XSS vulnerability in pages not using UTF-8 was fixed, read
> more details in S2-028
> - Prevents possible RCE when reusing user input in tag's attributes,
> see more details in S2-029
> - I18NInterceptor narrows selected locale to those available in JVM to
> reduce possibility of another XSS vulnerability, see more details in
> S2-030
> - New Configurationprovider type was introduced -
> ServletContextAwareConfigurationProvider, see WW-4410
> - Setting status code in HttpHeaders isn't ignored anymore, see WW-4545
> - Spring BeanPostProcessor(s) are called only once to constructed
> objects., see WW-4554
> - OGNL was upgraded to version 3.0.13, see WW-4562
> - Tiles 2 Plugin was upgraded to latest available Tiles 2 version, see
> WW-4568
> - A dedicated assembly with minimal set of jars was defined, see WW-4570
> - Struts2 Rest plugin properly handles JSESSIONID with DMI, see WW-4585
> - Improved the Struts2 Rest plugin to honor Accept header, see WW-4588
> - MessageStoreInterceptor was refactored to use PreResultListener to
> store messages, see WW-4605
> - A new annotation was added to support configuring Tiles -
> @TilesDefinition, see WW-4606
>
> and few other small improvements, please see the release notes
>
> Security note:
> This release fixes three potential security vulnerabilities as
> mentioned in the Version Notes
>
> Release notes:
> * https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.3.27
>
> Distribution:
> * https://dist.apache.org/repos/dist/dev/struts/2.3.27/
>
> Maven 2 staging repository:
> * https://repository.apache.org/content/repositories/staging/
>
> Once you have had a chance to review the test build, please respond
> with a vote on its quality:
>
> [ ] Leave at test build
> [ ] Alpha
> [ ] Beta
> [ ] General Availability (GA)
>
> Everyone who has tested the build is invited to vote. Votes by PMC
> members are considered binding. A vote passes if there are at least
> three binding +1s and more +1s than -1s.
>
> The vote will remain open for at least 24 hours, longer upon request.
> A vote can be amended at any time to upgrade or downgrade the quality
> of the release based on future experience. If an initial vote
> designates the build as "Beta", the release will be submitted for
> mirroring and announced to the user list. Once released as a public
> beta, subsequent quality votes on a build may be held on the user
> list.
>
> As always, the act of voting carries certain obligations. A binding
> vote not only states an opinion, but means that the voter is agreeing
> to help do the work.
>
>
> Kind regards
> --
> Ɓukasz
> + 48 606 323 122 http://www.lenart.org.pl/
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
> For additional commands, e-mail: dev-help@struts.apache.org
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message