struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Michael Smith <m...@chat.za.net>
Subject Re: Security vulnerability process for EOL versions
Date Thu, 14 Sep 2017 10:05:40 GMT
A follow on question.

When would we expect 2.3 to become EOL?

Thx

Mike

On 14 September 2017 at 08:13, Lukasz Lenart <lukaszlenart@apache.org>
wrote:

> 2017-09-13 18:57 GMT+02:00 Lehmer, Jason <Jason.Lehmer@capella.edu>:
> > In cases where the Struts community is notified or discovers a security
> vulnerability in a supported version, does the evaluation process include
> identifying unsupported versions that may be impacted as well? I realize
> the recommendation will likely be to upgrade to a supported version but I
> just wanted to confirm that even EOL versions are taken into account when
> identifying potential impacts.
>
> We support two lines now:
> - 2.3.x where you can expect only security fixes and small
> improvements (mostly incorporated from the main line)
> - 2.5.x our main line, with security fixes and new features
>
> When verifying a vulnerability report we try to investigate which
> versions are affected down the line but we omit EOLed versions (in
> this case Struts 1).
>
>
> Regards
> --
> Ɓukasz
> + 48 606 323 122 http://www.lenart.org.pl/
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> For additional commands, e-mail: user-help@struts.apache.org
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message