struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Lukasz Lenart <>
Subject Re: Security vulnerability process for EOL versions
Date Thu, 14 Sep 2017 07:13:23 GMT
2017-09-13 18:57 GMT+02:00 Lehmer, Jason <>:
> In cases where the Struts community is notified or discovers a security vulnerability
in a supported version, does the evaluation process include identifying unsupported versions
that may be impacted as well? I realize the recommendation will likely be to upgrade to a
supported version but I just wanted to confirm that even EOL versions are taken into account
when identifying potential impacts.

We support two lines now:
- 2.3.x where you can expect only security fixes and small
improvements (mostly incorporated from the main line)
- 2.5.x our main line, with security fixes and new features

When verifying a vulnerability report we try to investigate which
versions are affected down the line but we omit EOLed versions (in
this case Struts 1).

+ 48 606 323 122

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message