struts-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From René Gielen <>
Subject Re: [VOTE][FASTTRACK] Struts
Date Wed, 29 Nov 2017 19:09:58 GMT
+1 GA (binding)


Am 29. November 2017 19:26:12 MEZ schrieb Lukasz Lenart <>:
>The Apache Struts test build is now available. It includes
>the latest security patch which fixes one possible vulnerability:
>- A crafted JSON request can be used to perform a DoS attack when
>using the Struts REST plugin
>- Vulnerability in the Jackson JSON library
>For details and the rationale behind these changes, please consult the
>corresponding security bulletins:
>Release notes:
>Maven 2 staging repository:
>Once you have had a chance to review the test build, please respond
>with a vote on its quality:
>[ ] Leave at test build
>[ ] Alpha
>[ ] Beta
>[ ] General Availability (GA)
>Everyone who has tested the build is invited to vote. Votes by PMC
>members are considered binding. A vote passes if there are at least
>three binding +1s and more +1s than -1s.
>This is a "fast-track" release vote. If we have a positive vote after
>24 hours (at least three binding +1s and more +1s than -1s),  the
>release may be submitted for mirroring and announced to the usual
>The website download link will include the mirroring timestamp
>parameter [1], which limits the selection of mirrors to those that
>have been refreshed since the indicated time and date. (After 24
>hours, we *must* remove the timestamp parameter from the website link,
>to avoid unnecessary server load.) In the case of a fast-track
>release, the email announcement will not link directly to
><download.cgi>, but to <downloads.html>, so that we can control use of
>the timestamp parameter.
>- The Apache Struts group.
>+ 48 606 323 122
>To unsubscribe, e-mail:
>For additional commands, e-mail:

  • Unnamed multipart/alternative (inline, 7-Bit, 0 bytes)
View raw message