struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Paweł Wielgus <poulw...@gmail.com>
Subject Re: [ANN] [SECURITY] Struts Extras secure Multipart plugins GA
Date Mon, 20 Mar 2017 19:30:21 GMT
This is fantastic news!
And also shows how serious and thoughtful your work is.
--
Pozdrawiam,
Paweł Wielgus.
tel: +48 604 603 546


2017-03-20 14:38 GMT+01:00 Lukasz Lenart <lukaszlenart@apache.org>:
> The Apache Struts group is pleased to announce that the Apache Struts
> 2 Secure Jakarta Multipart parser plugin and Apache Struts 2 Secure
> Jakarta Stream Multipart parser plugin are available as a “General
> Availability” release. The GA designation is our highest quality
> grade.
>
> These releases address one critical security vulnerability:
>
> - Possible Remote Code Execution when performing file upload based on
> Jakarta Multipart parser S2-045, S2-046 (CVE-2017-5638)
>
> http://struts.apache.org/docs/s2-045.html
> http://struts.apache.org/docs/s2-046.html
>
> Those plugins were released to allow users running older versions of
> the Apache Struts secure their applications in easy way. You don’t
> have to migrate to the latest version (which is still preferable) but
> by applying one of those plugins, your application won’t be vulnerable
> anymore.
>
> It is a drop-in installation, just select a proper jar file and copy
> it to WEB-INF/lib folder. Please read the README
> (https://github.com/apache/struts-extras) for more details and
> supported Apache Struts versions.
>
> All developers are strongly advised to perform this action.
>
> Should any issues arise with your use of any version of the Struts
> framework, please post your comments to the user list, and, if
> appropriate, file a tracking ticket.
>
> You can download those plugins from our download page.
> http://struts.apache.org/download.cgi#struts-extras
>
>
> Kind regards
> --
> Łukasz
> + 48 606 323 122 http://www.lenart.org.pl/
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> For additional commands, e-mail: user-help@struts.apache.org
>

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org


Mime
View raw message