This is an automated email from the ASF dual-hosted git repository.
git-site-role pushed a commit to branch asf-staging
in repository https://gitbox.apache.org/repos/asf/struts-site.git
The following commit(s) were added to refs/heads/asf-staging by this push:
new 0fb07f09b Updates stage by Jenkins
0fb07f09b is described below
commit 0fb07f09b390c66c82138a38cb45b1c383f906cb
Author: jenkins <[email protected]>
AuthorDate: Mon Dec 1 15:01:10 2025 +0000
Updates stage by Jenkins
---
content/announce-2025.html | 17 +++++++++++++++++
content/index.html | 9 ++++-----
2 files changed, 21 insertions(+), 5 deletions(-)
diff --git a/content/announce-2025.html b/content/announce-2025.html
index 3e3593169..8909ed456 100644
--- a/content/announce-2025.html
+++ b/content/announce-2025.html
@@ -156,6 +156,23 @@
Skip to: <a href="announce-2024">Announcements - 2024</a>
</p>
+<h4 id="a20251201">1 December 2025 - CVE-2025-64775: File leak in multipart
request processing causes disk exhaustion (DoS)</h4>
+
+<p>The Apache Struts group recommends upgrading to Apache Struts version 6.8.0
or 7.1.1 to mitigate potential security
+vulnerability when using <a
href="https://struts.apache.org/core-developers/file-upload";>file upload
support</a>.</p>
+
+<blockquote>
+ <p>Please read the Security Bulletin <a
href="https://cwiki.apache.org/confluence/display/WW/S2-068";>S2-068</a> to find
more
+details about this security vulnerability</p>
+</blockquote>
+
+<p><strong>All developers are strongly advised to perform this
upgrade.</strong></p>
+
+<p>Should any issues arise with your use of any version of the Struts
framework, please post your comments to the user list,
+and, if appropriate, file <a
href="https://issues.apache.org/jira/projects/WW/";>a tracking ticket</a>.</p>
+
+<p>You can download the latest version from our <a
href="download.cgi#struts-ga">download</a> page.</p>
+
<h4 id="a20251018">18 October 2025 - Apache Struts version 7.1.1 General
Availability</h4>
<p>The Apache Struts group is pleased to announce that Apache Struts version
7.1.1 is available as a “General Availability”
diff --git a/content/index.html b/content/index.html
index 09f223155..ce711b415 100644
--- a/content/index.html
+++ b/content/index.html
@@ -183,14 +183,13 @@
<a
href="https://cwiki.apache.org/confluence/display/WW/Version+Notes+6.8.0";>Version
notes</a>
</div>
<div class="column col-md-4">
- <h2>CVE-2024-53677 File upload logic is flawed</h2>
+ <h2>CVE-2025-64775 File leak in multipart request processing causes
disk exhaustion (DoS)</h2>
<p>
- Upgrade to Apache Struts 6.4.0 at least and migrate to
- the new <a href="core-developers/action-file-upload">Action File
Upload</a> mechanism.
+ Upgrade to Apache Struts 6.8.0 or 7.1.1 to mitigate the
vulnerability.
</p>
<p>
- Read more in <a href="announce-2024#a20241210">Announcement</a> or in
- the Security Bulletin <a
href="https://cwiki.apache.org/confluence/display/WW/S2-067";>S2-067</a>
+ Read more in the <a href="announce-2025#a20251201">Announcement</a>
or in
+ the Security Bulletin <a
href="https://cwiki.apache.org/confluence/display/WW/S2-068";>S2-068</a>
</p>
</div>
</div>
