This is an automated email from the ASF dual-hosted git repository. lukaszlenart pushed a commit to branch announce-2529 in repository https://gitbox.apache.org/repos/asf/struts-site.git
commit 7be1b8cc9ae7c8506cc3e743eceb9b6ddbb07b14 Author: Lukasz Lenart <[email protected]> AuthorDate: Sat Jan 22 12:05:07 2022 +0100 Announces Apache Struts 2.5.29 and fixes a few typos --- _config.yml | 8 ++++---- source/announce-2022.md | 29 ++++++++++++++++++++++++++++- source/index.html | 8 ++++---- 3 files changed, 36 insertions(+), 9 deletions(-) diff --git a/_config.yml b/_config.yml index 1d3025e..098ce54 100644 --- a/_config.yml +++ b/_config.yml @@ -9,15 +9,15 @@ kramdown: syntax_highlighter: rouge # Simplifies introducing changes related to the latest release -current_version: 2.5.28.3 -current_version_short: 25283 +current_version: 2.5.29 +current_version_short: 2529 prev_version: 2.3.37 prev_version_short: 2337 archetype_version: 2.5.22 current_beta_version: 2.5-BETA3 current_beta_version_short: 25B3 -release_date: 02 January 2022 -release_date_short: 20220102 +release_date: 22 January 2022 +release_date_short: 20220122 prev_release_date: 30 December 2018 prev_release_date_short: 20181230 beta_release_date_short: 20160126 diff --git a/source/announce-2022.md b/source/announce-2022.md index 13d6aef..4313cef 100644 --- a/source/announce-2022.md +++ b/source/announce-2022.md @@ -13,6 +13,33 @@ title: Announcements 2022 Skip to: <a href="announce-2021">Announcements - 2021</a> </p> +#### 22 January 2022 - Struts 2.5.29 General Availability {#a20220122} + +The Apache Struts group is pleased to announce that Struts 2.5.29 is available as a "General Availability" +release. The GA designation is our highest quality grade. + +Bugs: + - [WW-5117] - %{id} evaluates different for data-* and value attribute + - [WW-5160] - Template not found for name "Empty{name='templateDir'}/simple/hidden.ftl" + - [WW-5163] - Error executing FreeMarker template + +> Please read the [Version Notes]({{ site.wiki_url }}/Version+Notes+2.5.29) to find more details about performed +> bug fixes and improvements. + +Apache Struts 2 is an elegant, extensible framework for creating enterprise-ready Java web applications. +The framework has been designed to streamline the full development cycle, from building, to deploying, +to maintaining applications over time. + +**All developers are strongly advised to perform this upgrade.** + +The 2.5.x series of the Apache Struts framework has a minimum requirement of the following specification versions: +Servlet API 2.4, JSP API 2.0, and Java 7. + +Should any issues arise with your use of any version of the Struts framework, please post your comments to the user list, +and, if appropriate, file [a tracking ticket]({{ site.jira_url }}). + +You can download this version from our [download](download.cgi#struts-ga) page. + #### 02 January 2022 - Struts 2.5.28.3 General Availability {#a20220102} The Apache Struts group is pleased to announce that Struts 2.5.28.3 is available as a "General Availability" @@ -24,7 +51,7 @@ by using the latest Log4j ver. 2.12.4 (Java 1.7 compatible). **Please note, that the Apache Struts itself depends on the `log4j-api` package only, it's users' responsibility to use a proper version of the log4j-core package!** -> Please read the [Version Notes]({{ site.wiki_url }}/Version+Notes+2.5.28.2) to find more details about performed +> Please read the [Version Notes]({{ site.wiki_url }}/Version+Notes+2.5.28.3) to find more details about performed > bug fixes and improvements. Apache Struts 2 is an elegant, extensible framework for creating enterprise-ready Java web applications. diff --git a/source/index.html b/source/index.html index b297d11..e91520d 100644 --- a/source/index.html +++ b/source/index.html @@ -34,10 +34,10 @@ title: Welcome to the Apache Struts project <h2>Security Advice on Log4j 2.12.2/2.16.0</h2> <p> The Apache Struts Security team would like to announce that all the users using - the latest Struts 2.5.x series should either upgrade to Apache Struts 2.5.28.1 which - uses Log4j 2.12.2 version that addresses <a href="https://logging.apache.org/log4j/2.x/security.html#CVE-2021-45046";>CVE-2021-45046</a> - or upgrade Log4j to version 2.12.2 (when running on Java 1.7) or 2.16.0 (when running on Java 8+). - Read more in <a href="announce-2021#a20211212-2">Announcement</a> + the latest Struts 2.5.x series should either upgrade to Apache Struts 2.5.28.3 which + uses Log4j 2.12.4 version which addresses the latest security vulnerabilities in Log4j + or upgrade Log4j to version 2.12.4 (when running on Java 1.7) or 2.17.1 (when running on Java 8+). + Read more in <a href="announce-2022#a20220102">Announcement</a> </p> </div> <div class="column col-md-4">
