Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id 26464200CC8 for ; Fri, 14 Jul 2017 09:19:26 +0200 (CEST) Received: by cust-asf.ponee.io (Postfix) id 24DF016D53A; Fri, 14 Jul 2017 07:19:26 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id 6B53C16D52D for ; Fri, 14 Jul 2017 09:19:25 +0200 (CEST) Received: (qmail 17102 invoked by uid 500); 14 Jul 2017 07:19:24 -0000 Mailing-List: contact commits-help@struts.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@struts.apache.org Delivered-To: mailing list commits@struts.apache.org Received: (qmail 17093 invoked by uid 99); 14 Jul 2017 07:19:24 -0000 Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org) (140.211.11.23) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 14 Jul 2017 07:19:24 +0000 Received: by git1-us-west.apache.org (ASF Mail Server at git1-us-west.apache.org, from userid 33) id 61D61E0A38; Fri, 14 Jul 2017 07:19:24 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: lukaszlenart@apache.org To: commits@struts.apache.org Date: Fri, 14 Jul 2017 07:19:24 -0000 Message-Id: <5cc59de9676849339686b36b0b10c26c@git.apache.org> X-Mailer: ASF-Git Admin Mailer Subject: [1/2] struts-site git commit: Updates info about the latest 2.3.x release archived-at: Fri, 14 Jul 2017 07:19:26 -0000 Repository: struts-site Updated Branches: refs/heads/master 6b268e76b -> c23856043 Updates info about the latest 2.3.x release Project: http://git-wip-us.apache.org/repos/asf/struts-site/repo Commit: http://git-wip-us.apache.org/repos/asf/struts-site/commit/eca04da9 Tree: http://git-wip-us.apache.org/repos/asf/struts-site/tree/eca04da9 Diff: http://git-wip-us.apache.org/repos/asf/struts-site/diff/eca04da9 Branch: refs/heads/master Commit: eca04da9e1464d174fbdb54e1ea0718e0ddbee88 Parents: 6b268e7 Author: Lukasz Lenart Authored: Fri Jul 14 07:46:38 2017 +0200 Committer: Lukasz Lenart Committed: Fri Jul 14 07:46:38 2017 +0200 ---------------------------------------------------------------------- source/announce.md | 34 +++++++++++++++++++++++++++++++++- source/index.html | 6 +++--- 2 files changed, 36 insertions(+), 4 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/struts-site/blob/eca04da9/source/announce.md ---------------------------------------------------------------------- diff --git a/source/announce.md b/source/announce.md index 3de40b3..0cfa31e 100644 --- a/source/announce.md +++ b/source/announce.md @@ -26,7 +26,7 @@ This release contains fixes for the following potential security vulnerabilities - [S2-047](/docs/s2-047.html) Possible DoS attack when using URLValidator - [S2-049](/docs/s2-049.html) - A DoS attack is available for Spring secured actions, + A DoS attack is available for Spring secured actions Except the above this release also contains several improvements just to mention few of them: @@ -85,6 +85,38 @@ to the user list, and, if appropriate, file a tracking ticket. You can download this version from our [download](download.cgi#struts-ga) page. +#### 17 July 2017 - Struts 2.3.33 General Availability {#a20170717-2} + +The Apache Struts group is pleased to announce that Struts 2.3.32 is available as a "General Availability" +release. The GA designation is our highest quality grade. + +This release addresses two potential security vulnerabilities: + + - [S2-049](/docs/s2-049.html) + A DoS attack is available for Spring secured actions + - [S2-048](/docs/s2-048.html) + Possible RCE in the Struts Showcase app in the Struts 1 plugin example in Struts 2.3.x series + +Also this version resolves the following issues: + + - `EmailValidator` does not accept new domain suffixes + - Revision number still missing from `dojo.js` and `dojo.js.uncompressed.js` + - Strange Behavior Parsing Action Requests + +Apache Struts 2 is an elegant, extensible framework for creating enterprise-ready Java web applications. +The framework is designed to streamline the full development cycle, from building, to deploying, +to maintaining applications over time. + +**All developers are strongly advised to perform this action.** + +The 2.3.x series of the Apache Struts framework has a minimum requirement of the following specification versions: +Servlet API 2.4, JSP API 2.0, and Java 6. + +Should any issues arise with your use of any version of the Struts framework, please post your comments +to the user list, and, if appropriate, file a tracking ticket. + +You can download this version from our [download](download.cgi#struts-23x) page. + #### 9 July 2017 - Possible RCE in the Struts Showcase app in the Struts 1 plugin example in the Struts 2.3.x series {#a20170707} A potential security vulnerability was reported in the Struts 1 plugin used in the Struts 2.3.x series. http://git-wip-us.apache.org/repos/asf/struts-site/blob/eca04da9/source/index.html ---------------------------------------------------------------------- diff --git a/source/index.html b/source/index.html index 97593b0..7699683 100644 --- a/source/index.html +++ b/source/index.html @@ -39,11 +39,11 @@ title: Welcome to the Apache Struts project Version notes
-

Apache Struts 2.3.32 GA

+

Apache Struts 2.3.33 GA

It's the latest release of Struts 2.3.x which contains the latest security fix, - read more in Announcement or in - Version notes + read more in Announcement or in + Version notes