Repository: struts-site Updated Branches: refs/heads/master 6b268e76b -> c23856043
Updates info about the latest 2.3.x release Project: http://git-wip-us.apache.org/repos/asf/struts-site/repo Commit: http://git-wip-us.apache.org/repos/asf/struts-site/commit/eca04da9 Tree: http://git-wip-us.apache.org/repos/asf/struts-site/tree/eca04da9 Diff: http://git-wip-us.apache.org/repos/asf/struts-site/diff/eca04da9 Branch: refs/heads/master Commit: eca04da9e1464d174fbdb54e1ea0718e0ddbee88 Parents: 6b268e7 Author: Lukasz Lenart <lukasz.len...@gmail.com> Authored: Fri Jul 14 07:46:38 2017 +0200 Committer: Lukasz Lenart <lukasz.len...@gmail.com> Committed: Fri Jul 14 07:46:38 2017 +0200 ---------------------------------------------------------------------- source/announce.md | 34 +++++++++++++++++++++++++++++++++- source/index.html | 6 +++--- 2 files changed, 36 insertions(+), 4 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/struts-site/blob/eca04da9/source/announce.md ---------------------------------------------------------------------- diff --git a/source/announce.md b/source/announce.md index 3de40b3..0cfa31e 100644 --- a/source/announce.md +++ b/source/announce.md @@ -26,7 +26,7 @@ This release contains fixes for the following potential security vulnerabilities - [S2-047](/docs/s2-047.html) Possible DoS attack when using URLValidator - [S2-049](/docs/s2-049.html) - A DoS attack is available for Spring secured actions, + A DoS attack is available for Spring secured actions Except the above this release also contains several improvements just to mention few of them: @@ -85,6 +85,38 @@ to the user list, and, if appropriate, file a tracking ticket. You can download this version from our [download](download.cgi#struts-ga) page. +#### 17 July 2017 - Struts 2.3.33 General Availability {#a20170717-2} + +The Apache Struts group is pleased to announce that Struts 2.3.32 is available as a "General Availability" +release. The GA designation is our highest quality grade. + +This release addresses two potential security vulnerabilities: + + - [S2-049](/docs/s2-049.html) + A DoS attack is available for Spring secured actions + - [S2-048](/docs/s2-048.html) + Possible RCE in the Struts Showcase app in the Struts 1 plugin example in Struts 2.3.x series + +Also this version resolves the following issues: + + - `EmailValidator` does not accept new domain suffixes + - Revision number still missing from `dojo.js` and `dojo.js.uncompressed.js` + - Strange Behavior Parsing Action Requests + +Apache Struts 2 is an elegant, extensible framework for creating enterprise-ready Java web applications. +The framework is designed to streamline the full development cycle, from building, to deploying, +to maintaining applications over time. + +**All developers are strongly advised to perform this action.** + +The 2.3.x series of the Apache Struts framework has a minimum requirement of the following specification versions: +Servlet API 2.4, JSP API 2.0, and Java 6. + +Should any issues arise with your use of any version of the Struts framework, please post your comments +to the user list, and, if appropriate, file a tracking ticket. + +You can download this version from our [download](download.cgi#struts-23x) page. + #### 9 July 2017 - Possible RCE in the Struts Showcase app in the Struts 1 plugin example in the Struts 2.3.x series {#a20170707} A potential security vulnerability was reported in the Struts 1 plugin used in the Struts 2.3.x series. http://git-wip-us.apache.org/repos/asf/struts-site/blob/eca04da9/source/index.html ---------------------------------------------------------------------- diff --git a/source/index.html b/source/index.html index 97593b0..7699683 100644 --- a/source/index.html +++ b/source/index.html @@ -39,11 +39,11 @@ title: Welcome to the Apache Struts project <a href="/docs/version-notes-{{ site.current_version_short }}.html">Version notes</a> </div> <div class="column col-md-4"> - <h2>Apache Struts 2.3.32 GA</h2> + <h2>Apache Struts 2.3.33 GA</h2> <p> It's the latest release of Struts 2.3.x which contains the latest security fix, - read more in <a href="announce.html#a20170307-2">Announcement</a> or in - <a href="/docs/version-notes-2332.html">Version notes</a> + read more in <a href="announce.html#a20170717-2">Announcement</a> or in + <a href="/docs/version-notes-2333.html">Version notes</a> </p> </div> </div>