Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id 34455200C40 for ; Thu, 23 Mar 2017 09:19:51 +0100 (CET) Received: by cust-asf.ponee.io (Postfix) id 32D1A160B84; Thu, 23 Mar 2017 08:19:51 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id 73E43160B75 for ; Thu, 23 Mar 2017 09:19:50 +0100 (CET) Received: (qmail 19094 invoked by uid 500); 23 Mar 2017 08:19:49 -0000 Mailing-List: contact user-help@struts.apache.org; run by ezmlm Precedence: bulk List-Unsubscribe: List-Help: List-Post: List-Id: "Struts Users Mailing List" Reply-To: "Struts Users Mailing List" Delivered-To: mailing list user@struts.apache.org Received: (qmail 19056 invoked by uid 99); 23 Mar 2017 08:19:48 -0000 Received: from mail-relay.apache.org (HELO mail-relay.apache.org) (140.211.11.15) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 23 Mar 2017 08:19:48 +0000 Received: from mail-vk0-f54.google.com (mail-vk0-f54.google.com [209.85.213.54]) by mail-relay.apache.org (ASF Mail Server at mail-relay.apache.org) with ESMTPSA id 022E11A0504; Thu, 23 Mar 2017 08:19:47 +0000 (UTC) Received: by mail-vk0-f54.google.com with SMTP id j64so128270883vkg.3; Thu, 23 Mar 2017 01:19:47 -0700 (PDT) X-Gm-Message-State: AFeK/H1Fj0jkTHNmsSiDK2MoN6JI47WKmakGEEhKtaoy2kxEDp/8i3HGewq4qgFYYBvEBvUxFZbUrCrwBbHUJA== X-Received: by 10.31.33.75 with SMTP id h72mr548577vkh.26.1490257186925; Thu, 23 Mar 2017 01:19:46 -0700 (PDT) MIME-Version: 1.0 Received: by 10.31.107.193 with HTTP; Thu, 23 Mar 2017 01:19:26 -0700 (PDT) From: Lukasz Lenart Date: Thu, 23 Mar 2017 09:19:26 +0100 X-Gmail-Original-Message-ID: Message-ID: Subject: [ANN] [SECURITY] Struts Extras secure Multipart plugins GA - versions 1.1 To: "announcements@struts.apache.org" , announce@apache.org, Struts Users Mailing List Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable archived-at: Thu, 23 Mar 2017 08:19:51 -0000 The Apache Struts group is pleased to announce that the Apache Struts 2 Secure Jakarta Multipart parser plugin 1.1 and Apache Struts 2 Secure Jakarta Stream Multipart parser plugin 1.1 are available as a =E2=80=9CGeneral Availability=E2=80=9D release. The GA designation is our h= ighest quality grade. These releases address one critical security vulnerability: - Possible Remote Code Execution when performing file upload based on Jakarta Multipart parser S2-045, S2-046 (CVE-2017-5638) Also backward comaptibility between different Struts versions was improved. http://struts.apache.org/docs/s2-045.html http://struts.apache.org/docs/s2-046.html Those plugins were released to allow users running older versions of the Apache Struts secure their applications in easy way. You don=E2=80=99t have to migrate to the latest version (which is still preferable) but by applying one of those plugins, your application won=E2=80=99t be vulnera= ble anymore. Please read the README (https://github.com/apache/struts-extras) for more details and supported Apache Struts versions. All developers are strongly advised to perform this action. Should any issues arise with your use of any version of the Struts framework, please post your comments to the user list, and, if appropriate, file a tracking ticket. You can download those plugins from our download page. http://struts.apache.org/download.cgi#struts-extras Regards --=20 =C5=81ukasz + 48 606 323 122 http://www.lenart.org.pl/ --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscribe@struts.apache.org For additional commands, e-mail: user-help@struts.apache.org