Repository: struts-site Updated Branches: refs/heads/asf-site a7b087fd7 -> 8141e9034
Updates production by Jenkins Project: http://git-wip-us.apache.org/repos/asf/struts-site/repo Commit: http://git-wip-us.apache.org/repos/asf/struts-site/commit/8141e903 Tree: http://git-wip-us.apache.org/repos/asf/struts-site/tree/8141e903 Diff: http://git-wip-us.apache.org/repos/asf/struts-site/diff/8141e903 Branch: refs/heads/asf-site Commit: 8141e9034aa5d2b4a4e446ae8110ac279c983114 Parents: a7b087f Author: jenkins <bui...@apache.org> Authored: Thu Sep 7 06:35:48 2017 +0000 Committer: jenkins <bui...@apache.org> Committed: Thu Sep 7 06:35:48 2017 +0000 ---------------------------------------------------------------------- content/announce.html | 45 ++++++++++++++++++++++++++++++++++++++++++++- content/index.html | 8 ++++---- 2 files changed, 48 insertions(+), 5 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/struts-site/blob/8141e903/content/announce.html ---------------------------------------------------------------------- diff --git a/content/announce.html b/content/announce.html index 0158c00..f3832a9 100644 --- a/content/announce.html +++ b/content/announce.html @@ -127,6 +127,7 @@ <h1 class="no_toc" id="announcements">Announcements</h1> <ul id="markdown-toc"> + <li><a href="#a20170907" id="markdown-toc-a20170907">07 September 2017 - Struts 2.3.34 General Availability</a></li> <li><a href="#a20170905" id="markdown-toc-a20170905">05 September 2017 - Struts 2.5.13 General Availability</a></li> <li><a href="#a20170809" id="markdown-toc-a20170809">09 August 2017 - S2-049 Security Bulletin update</a></li> <li><a href="#a20170707" id="markdown-toc-a20170707">07 July 2017 - Struts 2.3.33 General Availability</a></li> @@ -143,6 +144,48 @@ Skip to: <a href="announce-2016.html">Announcements - 2016</a> </p> +<h4 id="a20170907">07 September 2017 - Struts 2.3.34 General Availability</h4> + +<p>The Apache Struts group is pleased to announce that Struts 2.3.34 is available as a âGeneral Availabilityâ +release. The GA designation is our highest quality grade.</p> + +<p>This release addresses two potential security vulnerabilities:</p> + +<ul> + <li><a href="/docs/s2-050.html">S2-050</a> + A regular expression Denial of Service when using URLValidator (similar to S2-044 & S2-047)</li> + <li><a href="/docs/s2-051.html">S2-051</a> +A remote attacker may create a DoS attack by sending crafted xml request when using the Struts REST plugin</li> + <li><a href="/docs/s2-052.html">S2-052</a> +Possible Remote Code Execution attack when using the Struts REST plugin with XStream handler to handle XML payloads</li> + <li><a href="/docs/s2-053.html">S2-053</a> +A possible Remote Code Execution attack when using an unintentional expression in Freemarker tag instead of string literals</li> +</ul> + +<p>Also this version resolves the following issues:</p> + +<ul> + <li>Struts2 JSON Plugin: Send Map with Strings as Key to JSON Action is ignored, Numeric Keys will work and mapped</li> + <li>Threads get blocked due to unnecessary synchronization in OgnlRuntime Dependency</li> + <li>Upgrade to OGNL 3.0.21</li> + <li>Upgrade to struts-master 11</li> + <li>Improve RegEx used to validate URLs</li> +</ul> + +<p>Apache Struts 2 is an elegant, extensible framework for creating enterprise-ready Java web applications. +The framework is designed to streamline the full development cycle, from building, to deploying, +to maintaining applications over time.</p> + +<p><strong>All developers are strongly advised to perform this action.</strong></p> + +<p>The 2.3.x series of the Apache Struts framework has a minimum requirement of the following specification versions: +Servlet API 2.4, JSP API 2.0, and Java 6.</p> + +<p>Should any issues arise with your use of any version of the Struts framework, please post your comments +to the user list, and, if appropriate, file a tracking ticket.</p> + +<p>You can download this version from our <a href="download.cgi#struts-23x">download</a> page.</p> + <h4 id="a20170905">05 September 2017 - Struts 2.5.13 General Availability</h4> <p>The Apache Struts group is pleased to announce that Struts 2.5.13 is available as a âGeneral Availabilityâ @@ -219,7 +262,7 @@ actions if needed.</p> <h4 id="a20170707">07 July 2017 - Struts 2.3.33 General Availability</h4> -<p>The Apache Struts group is pleased to announce that Struts 2.3.32 is available as a âGeneral Availabilityâ +<p>The Apache Struts group is pleased to announce that Struts 2.3.33 is available as a âGeneral Availabilityâ release. The GA designation is our highest quality grade.</p> <p>This release addresses two potential security vulnerabilities:</p> http://git-wip-us.apache.org/repos/asf/struts-site/blob/8141e903/content/index.html ---------------------------------------------------------------------- diff --git a/content/index.html b/content/index.html index 80fc198..4d20e7b 100644 --- a/content/index.html +++ b/content/index.html @@ -157,11 +157,11 @@ <a href="/docs/version-notes-2513.html">Version notes</a> </div> <div class="column col-md-4"> - <h2>Apache Struts 2.3.33 GA</h2> + <h2>Apache Struts 2.3.34 GA</h2> <p> - It's the latest release of Struts 2.3.x which contains the latest security fix, - read more in <a href="announce.html#a20170707">Announcement</a> or in - <a href="/docs/version-notes-2333.html">Version notes</a> + It's the latest release of Struts 2.3.x which contains the latest security fixes, + read more in <a href="announce.html#a20170907">Announcement</a> or in + <a href="/docs/version-notes-2334.html">Version notes</a> </p> </div> </div>
