This is an automated email from the ASF dual-hosted git repository. git-site-role pushed a commit to branch asf-site in repository https://gitbox.apache.org/repos/asf/struts-site.git
The following commit(s) were added to refs/heads/asf-site by this push: new 8e3e373 Updates production by Jenkins 8e3e373 is described below commit 8e3e3731e8608898e3abf600c1e431dc31f57aff Author: jenkins <bui...@apache.org> AuthorDate: Wed Nov 14 19:31:06 2018 +0000 Updates production by Jenkins --- content/index.html | 9 +- .../{index.html => struts23-eol-announcement.html} | 146 +++++++-------------- 2 files changed, 54 insertions(+), 101 deletions(-) diff --git a/content/index.html b/content/index.html index f88e773..916f0ac 100644 --- a/content/index.html +++ b/content/index.html @@ -178,12 +178,11 @@ </p> </div> <div class="column col-md-4"> - <h2>Apache Struts Extras GA</h2> + <h2>Apache Struts 2.3.x EOL</h2> <p> - The Struts Extras secure Multipart plugins General Availability - versions 1.1, use them to secure your - application against critical security vulnerability reported in <a href="/docs/s2-045.html">S2-045</a>, - <a href="/docs/s2-046.html">S2-046</a>, read more in <a href="announce-2017.html#a20170323">Announcement</a> - or in <a href="https://github.com/apache/struts-extras">README</a> + The Apache Struts Team informs about discontinuing support for Struts 2.3.x branch in 6 months, you can expect only support + in case of security issues and we recommend migration to the latest version of Struts, read more in + <a href="struts23-eol-announcement.md">Announcement</a> </p> </div> <div class="column col-md-4"> diff --git a/content/index.html b/content/struts23-eol-announcement.html similarity index 62% copy from content/index.html copy to content/struts23-eol-announcement.html index f88e773..ee10646 100644 --- a/content/index.html +++ b/content/struts23-eol-announcement.html @@ -7,11 +7,13 @@ <meta http-equiv="Content-Language" content="en"/> <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1"> - <title>Welcome to the Apache Struts project</title> + <title>Apache Struts 2.3.x EOL Announcement</title> <link href="//fonts.googleapis.com/css?family=Source+Sans+Pro:300,400,600,700,400italic,600italic,700italic" rel="stylesheet" type="text/css"> <link href="//netdna.bootstrapcdn.com/font-awesome/4.0.3/css/font-awesome.css" rel="stylesheet"> <link href="/css/main.css" rel="stylesheet"> + <link href="/css/custom.css" rel="stylesheet"> + <link href="/highlighter/github-theme.css" rel="stylesheet"> <script src="//code.jquery.com/jquery-1.11.0.min.js"></script> <script type="text/javascript" src="/bootstrap/js/bootstrap.js"></script> @@ -121,101 +123,53 @@ </header> -<article class="container index"> - <section> - <div class="container hero"> - <div class="jumbotron col-md-12"> - <h1>Apache Struts</h1> - <p>Apache Struts is a free, open-source, MVC framework for creating elegant, - modern Java web applications. It favors convention over configuration, is - extensible using a plugin architecture, and ships with plugins to support - REST, AJAX and JSON. - </p> - <a href="download.cgi#struts2518" class="btn btn-primary btn-large"> - <img src="img/download-icon.svg"> Download - </a> - <a href="primer.html" class="btn btn-info btn-large"> - <img src="img/primer-icon.svg"> Technology Primer - </a> - </div> -</div> -<div class="container important-notes"> - <div class="col-md-12"> - <div class="row"> - <div class="column col-md-4"> - <h2>Google's Patch Reward program</h2> - <p>During <a href="http://www.meetup.com/sfhtml5/">SFHTML5</a> Google announced that - they extend their program to cover the Apache Struts project as well. Now you can earn - money preparing patches for us! - <a href="submitting-patches.html#googles-patch-reward-program">read more</a> - </p> - </div> - <div class="column col-md-4"> - <h2>Apache Struts 2.5.18 GA</h2> - <p> - Apache Struts 2.5.18 GA has been released<br/>on 15 October 2018. - </p> - Read more in <a href="announce.html#a20181015-1">Announcement</a> or in - <a href="https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.5.18">Version notes</a> - </div> - <div class="column col-md-4"> - <h2>Apache Struts 2.3.36 GA</h2> - <p> - It's the latest release of Struts 2.3.x which contains the latest security fixes, - released on 15 October 2018.<br/> Read more in <a href="announce.html#a20181015-2">Announcement</a> or in - <a href="https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.3.36">Version notes</a> - </p> - </div> - </div> - <div class="row"> - <div class="column col-md-4"> - <h2>Immediately upgrade commons-fileupload to version 1.3.3</h2> - <p> - The Apache Struts Team recommends to immediately upgrade your Struts 2 - based projects to use the latest released version of Commons - FileUpload library, which is currently 1.3.3. - <a href="announce.html#a20180323">Announcement</a> - </p> - </div> - <div class="column col-md-4"> - <h2>Apache Struts Extras GA</h2> - <p> - The Struts Extras secure Multipart plugins General Availability - versions 1.1, use them to secure your - application against critical security vulnerability reported in <a href="/docs/s2-045.html">S2-045</a>, - <a href="/docs/s2-046.html">S2-046</a>, read more in <a href="announce-2017.html#a20170323">Announcement</a> - or in <a href="https://github.com/apache/struts-extras">README</a> - </p> - </div> - <div class="column col-md-4"> - <h2>Immediately upgrade to version 2.5.18 or 2.3.36</h2> - <p> - The Apache Security Struts Team recommends to immediately upgrade your Struts 2 based projects to use - the latest released version of the Apache Struts to prevent possible RCE attack when using results with no namespace, - reported in <a href="https://cwiki.apache.org/confluence/display/WW/S2-057">S2-057</a>. Read more in <a href="announce.html#a20181015-0">Announcement</a>. - </p> - </div> - </div> - </div> -</div> -<div class="container contact-channels"> - <div class="col-md-12"><h5>Keep in touch: </h5> - - <div class="channels"> - <div class="irc-btn">IRC: <a href="irc://irc.freenode.net/struts">#struts</a></div> - <div class="facebook-btn"> - <div data-href="https://www.facebook.com/apachestruts" data-width="250" data-layout="button_count" - data-action="like" data-show-faces="false" data-share="true" class="fb-like"></div> - </div> - <div class="gplus-btn"> - <div data-annotation="inline" data-size="medium" data-width="225" data-href="http://struts.apache.org/" - class="g-plusone"></div> - </div> - <div class="twitter-btn"><a href="https://twitter.com/TheApacheStruts" data-show-count="false" data-lang="en" - data-width="240px" data-align="left" class="twitter-follow-button">Follow - @TheApacheStruts</a></div> - </div> - </div> -</div> +<article class="container"> + <section class="col-md-12"> + <a class="edit-on-gh" href="https://github.com/apache/struts-site/edit/master/source/struts23-eol-announcement.md" title="Edit this page on GitHub">Edit on GitHub</a> + + <h1 id="apache-struts-23x-end-of-life-eol-announcement">Apache Struts 2.3.x End-Of-Life (EOL) Announcement</h1> + +<p><strong>The Apache Struts Project Team would like to inform you that the Struts 2.3.x web framework will reach its end of life in 6 months and won’t be longer officially supported.</strong></p> + +<p>This announcement takes place on 2018-11-14 and starting from that date we will only support Apache Struts 2.3.x in case of security vulnerabilities. +Within those 6 months period you can expect that we do our best to keep Struts 2.3.x branch secure but some of the security related changes +cannot happen without architectural changes that can affect backward compatibility. This what happened to Struts 2.5.x, we introduced some +internal changes to improve overall framework’s security.</p> + +<h2 id="questions-and-answers">Questions and Answers</h2> + +<ul> + <li> + <p><strong>With the announcement of Struts 2.3.x EOL, what happens to Struts 2.3.x resources?</strong></p> + + <p>All resources will stay where they are. The documentation will still be accessible from the Apache Struts homepage, as well as the downloads +for all released Struts 2.3.x versions. All of the Struts 2.3.x source code can be found in the Apache Struts Git repository under branch +<code class="highlighter-rouge">support-2-3</code>, now and in future. All released Maven artifacts will still be accessible in Maven Central.</p> + </li> + <li> + <p><strong>Given a major security problem or a serious bug is reported for Struts 2.3.x in near future, can we expect a new release with fixes?</strong></p> + + <p>Yes, we will continue to support Struts 2.3.x in case of security issues for the next 6 months, after that time we won’t support this branch +in any case.</p> + </li> + <li> + <p><strong>Is there an immediate need to eliminate Struts 2.3.x from my projects?</strong></p> + + <p>As far as the Struts team is currently aware of, there is no urgent issue posing the immediate need to eliminate Struts 2.3.x usage from +your projects. However, you should consider migration to the latest available version as we stop supporting this version in 6 months.</p> + </li> + <li> + <p><strong>We plan to start a new project based on Struts 2.3.x. Can we still do so?</strong></p> + + <p>Basically yes, but we would not recommend doing so. As long as no code line is written, it is very easy to conceptually select +the latest version of Struts 2.</p> + </li> + <li> + <p><strong>My friends / colleagues and I would like to see Struts 2.3.x being maintained again. What can we do?</strong></p> + + <p>You are free to put effort in Struts 2.3.x. There are basically one possibility: fork the existing source and support it on your own.</p> + </li> +</ul> </section> </article>