2017-07-14 14:40 GMT+02:00 Adam Brin <ab...@digitalantiquity.org>: > Hi Lukasz, > Out of curiosity, I'm wondering, what the protocol or choice was about > including the security patches for struts2 in a "new" release as opposed to > a point release for 2.5.10 (eg. 2.5.10.1)? It would seem like the smallest > change possible should be included, but this version seemed to have quite a > few more changes.
We assumed that the vulnerabilities are not so critical and the new version is almost ready. Also workarounds exist so you can apply them to be safe if you are not able to migrate to the latest version. https://cwiki.apache.org/confluence/display/WW/S2-047 https://cwiki.apache.org/confluence/display/WW/S2-049 Regards -- Ćukasz + 48 606 323 122 http://www.lenart.org.pl/ --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org