struts-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Greg Huber <gregh3...@gmail.com>
Subject Re: [VOTE] Struts 2.3.26
Date Thu, 17 Mar 2016 08:58:56 GMT
>From page

https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.3.26

These cannot be read as it wants a login?

S2-029
<https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=62687048>
and S2-030
<https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=62687301>

On 16 March 2016 at 17:05, Lukasz Lenart <lukaszlenart@apache.org> wrote:

> The Apache Struts 2.3.26 test build is now available. With this release:
> - Possible XSS vulnerability in pages not using UTF-8 was fixed, read
> more details in S2-028
> - Prevents possible RCE when reusing user input in tag's attributes,
> see more details in S2-029
> - I18NInterceptor narrows selected locale to those available in JVM to
> reduce possibility of another XSS vulnerability, see more details in
> S2-030
> - New Configurationprovider type was introduced -
> ServletContextAwareConfigurationProvider, see WW-4410
> - Setting status code in HttpHeaders isn't ignored anymore, see WW-4545
> - Spring BeanPostProcessor(s) are called only once to constructed
> objects., see WW-4554
> - OGNL was upgraded to version 3.0.13, see WW-4562
> - Tiles 2 Plugin was upgraded to latest available Tiles 2 version, see
> WW-4568
> - A dedicated assembly with minimal set of jars was defined, see WW-4570
> - Struts2 Rest plugin properly handles JSESSIONID with DMI, see WW-4585
> - Improved the Struts2 Rest plugin to honor Accept header, see WW-4588
> - MessageStoreInterceptor was refactored to use PreResultListener to
> store messages, see WW-4605
> - A new annotation was added to support configuring Tiles -
> @TilesDefinition, see WW-4606
>
> and few other small improvements, please see the release notes
>
> Security note:
> This release fixes three potential security vulnerabilities as
> mentioned in the Version Notes
>
> Release notes:
> * https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.3.26
>
> Distribution:
> * https://dist.apache.org/repos/dist/dev/struts/2.3.26/
>
> Maven 2 staging repository:
> * https://repository.apache.org/content/repositories/staging/
>
> Once you have had a chance to review the test build, please respond
> with a vote on its quality:
>
> [ ] Leave at test build
> [ ] Alpha
> [ ] Beta
> [ ] General Availability (GA)
>
> Everyone who has tested the build is invited to vote. Votes by PMC
> members are considered binding. A vote passes if there are at least
> three binding +1s and more +1s than -1s.
>
> The vote will remain open for at least 72 hours, longer upon request.
> A vote can be amended at any time to upgrade or downgrade the quality
> of the release based on future experience. If an initial vote
> designates the build as "Beta", the release will be submitted for
> mirroring and announced to the user list. Once released as a public
> beta, subsequent quality votes on a build may be held on the user
> list.
>
> As always, the act of voting carries certain obligations. A binding
> vote not only states an opinion, but means that the voter is agreeing
> to help do the work.
>
>
> Kind regards
> --
> Ɓukasz
> + 48 606 323 122 http://www.lenart.org.pl/
>
> PS. I will close the vote sooner if there be at least 3x +1 binding votes
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
> For additional commands, e-mail: dev-help@struts.apache.org
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message