Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id 15BBE200C31 for ; Wed, 8 Mar 2017 13:24:35 +0100 (CET) Received: by cust-asf.ponee.io (Postfix) id 12B9E160B83; Wed, 8 Mar 2017 12:24:35 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id 5AA94160B75 for ; Wed, 8 Mar 2017 13:24:34 +0100 (CET) Received: (qmail 1888 invoked by uid 500); 8 Mar 2017 12:24:32 -0000 Mailing-List: contact user-help@struts.apache.org; run by ezmlm Precedence: bulk List-Unsubscribe: List-Help: List-Post: List-Id: "Struts Users Mailing List" Reply-To: "Struts Users Mailing List" Delivered-To: mailing list user@struts.apache.org Received: (qmail 1819 invoked by uid 99); 8 Mar 2017 12:24:32 -0000 Received: from mail-relay.apache.org (HELO mail-relay.apache.org) (140.211.11.15) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 08 Mar 2017 12:24:32 +0000 Received: from mail-vk0-f42.google.com (mail-vk0-f42.google.com [209.85.213.42]) by mail-relay.apache.org (ASF Mail Server at mail-relay.apache.org) with ESMTPSA id 5610F1A098D; Wed, 8 Mar 2017 12:24:32 +0000 (UTC) Received: by mail-vk0-f42.google.com with SMTP id x75so8285197vke.2; Wed, 08 Mar 2017 04:24:32 -0800 (PST) X-Gm-Message-State: AMke39lsAUAz9bMzVhGOTaqrzmZYUucRAppM50gKkCK9GBGSGmohS/LzKjsSmJsS7vRmRplN1wRWLwxHNTOupg== X-Received: by 10.31.58.203 with SMTP id h194mr3464488vka.141.1488975871356; Wed, 08 Mar 2017 04:24:31 -0800 (PST) MIME-Version: 1.0 Received: by 10.31.107.193 with HTTP; Wed, 8 Mar 2017 04:24:10 -0800 (PST) From: Lukasz Lenart Date: Wed, 8 Mar 2017 13:24:10 +0100 X-Gmail-Original-Message-ID: Message-ID: Subject: [ANN] Apache Struts 2.5.10.1 GA with Security Fixe Release To: Struts Users Mailing List , "announcements@struts.apache.org" , announce@apache.org Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable archived-at: Wed, 08 Mar 2017 12:24:35 -0000 The Apache Struts group is pleased to announce that Struts 2.5.10.1 is available as a =E2=80=9CGeneral Availability=E2=80=9D release. The GA desig= nation is our highest quality grade. This release addresses one potential security vulnerability: - Possible Remote Code Execution when performing file upload based on Jakarta Multipart parser - S2-045 - http://struts.apache.org/docs/s2-045.html Apache Struts 2 is an elegant, extensible framework for creating enterprise-ready Java web applications. The framework is designed to streamline the full development cycle, from building, to deploying, to maintaining applications over time. All developers are strongly advised to perform this action. The 2.5.x series of the Apache Struts framework has a minimum requirement of the following specification versions: Servlet API 2.4, JSP API 2.0, and Java 7. Should any issues arise with your use of any version of the Struts framework, please post your comments to the user list, and, if appropriate, file a tracking ticket. You can download this version from our download page. http://struts.apache.org/download.cgi#struts25101 Regards --=20 =C5=81ukasz + 48 606 323 122 http://www.lenart.org.pl/ --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscribe@struts.apache.org For additional commands, e-mail: user-help@struts.apache.org