struts-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christoph Nenning <Christoph.Nenn...@lex-com.net>
Subject Re: [VOTE][FASTTRACK] Struts 2.3.33
Date Wed, 12 Jul 2017 08:12:36 GMT
 [ ] Leave at test build
 [ ] Alpha
 [ ] Beta
 [X] General Availability (GA)

+1, binding

Regards,
Christoph



> 
> The Apache Struts 2.3.33 test build is now available. With this
> release the following security vulnerability was addressed:
> 
> - Possible RCE in the Struts Showcase app in the Struts 1 plugin
> example in Struts 2.3.x series, see
> https://cwiki.apache.org/confluence/display/WW/S2-048
> - A DoS attack is available for Spring secured actions, see
> https://cwiki.apache.org/confluence/display/WW/S2-048
> 
> Except that, the following issues were also addressed:
> 
> Bug
> [WW-4735] - EmailValidator does not accept new domain suffixes
> [WW-4770] - Revision number still missing from dojo.js and
> dojo.js.uncompressed.js
> [WW-4802] - Strange Behavior Parsing Action Requests
> 
> Release notes:
> * https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.3.33
> 
> Distribution:
> * https://dist.apache.org/repos/dist/dev/struts/2.3.33/
> 
> Maven 2 staging repository:
> * https://repository.apache.org/content/repositories/staging/
> 
> Once you have had a chance to review the test build, please respond
> with a vote on its quality:
> 
> [ ] Leave at test build
> [ ] Alpha
> [ ] Beta
> [ ] General Availability (GA)
> 
> Everyone who has tested the build is invited to vote. Votes by PMC
> members are considered binding. A vote passes if there are at least
> three binding +1s and more +1s than -1s.
> 
> The vote will remain open for at least 24 hours, longer upon request.
> A vote can be amended at any time to upgrade or downgrade the quality
> of the release based on future experience. If an initial vote
> designates the build as "Beta", the release will be submitted for
> mirroring and announced to the user list. Once released as a public
> beta, subsequent quality votes on a build may be held on the user
> list.
> 
> As always, the act of voting carries certain obligations. A binding
> vote not only states an opinion, but means that the voter is agreeing
> to help do the work.
> 
> 
> Kind regards
> -- 
> Ɓukasz
> + 48 606 323 122 http://www.lenart.org.pl/
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
> For additional commands, e-mail: dev-help@struts.apache.org
> 

This Email was scanned by Sophos Anti Virus

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message