struts-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Lukasz Lenart <>
Subject [VOTE][FASTTRACK] Apache Struts Extras - Multipart parser plugins 1.1
Date Wed, 22 Mar 2017 06:34:40 GMT
The Apache Struts Extras Secure Jakarta Multipart parser plugin 1.1
and Secure Jakarta Stream Multipart parser plugin 1.1 test builds are
now available. They provider multipart parser implementations to fix
the latest critical security vulnerability:

- Possible Remote Code Execution when performing file upload based on
Jakarta plugin

For details and the rationale behind these changes, please consult the
corresponding security bulletins:

These releases contains a fix for wrong scope used in a bean
definition which works with Struts 2.5.x series but fallbacks to
"singleton" for Struts 2.3.x

Release notes:


Maven 2 staging repository:

Once you have had a chance to review the test build, please respond
with a vote on its quality:

[ ] Leave at test build
[ ] Alpha
[ ] Beta
[ ] General Availability (GA)

Everyone who has tested the build is invited to vote. Votes by PMC
members are considered binding. A vote passes if there are at least
three binding +1s and more +1s than -1s.

This is a "fast-track" release vote. If we have a positive vote within
24 hours (at least three binding +1s and more +1s than -1s), the
release may be submitted for mirroring and announced to the usual

The website download link will include the mirroring timestamp
parameter [1], which limits the selection of mirrors to those that
have been refreshed since the indicated time and date. (After 24
hours, we *must* remove the timestamp parameter from the website link,
to avoid unnecessary server load.) In the case of a fast-track
release, the email announcement will not link directly to
<download.cgi>, but to <downloads.html>, so that we can control use of
the timestamp parameter.


- The Apache Struts group.

+ 48 606 323 122

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message