This is an automated email from the ASF dual-hosted git repository.
lukaszlenart pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/struts-site.git
The following commit(s) were added to refs/heads/main by this push:
new 13ebe2d28 docs: add EOL versions page and cross-link from related
pages (#291)
13ebe2d28 is described below
commit 13ebe2d28cbe9c8ce89aaecf55468f582fde6c9a
Author: Lukasz Lenart <[email protected]>
AuthorDate: Thu May 14 14:03:52 2026 +0200
docs: add EOL versions page and cross-link from related pages (#291)
* docs: add EOL versions page and cross-link from related pages
- Add source/eol-versions.md — dedicated page explaining what EOL means,
listing EOL branches, and linking to commercial support options (neutral
wording)
- Update index.html — generalize the Struts 2.5.x EOL card to cover all EOL
versions and link to the new page
- Update download.md — add note in Prior Releases section pointing to
eol-versions
- Update releases.md — add note before the Prior Releases table and in the
Older Releases bullet
- Update commercial-support.md — clarify HeroDevs entry description and
update date
Co-Authored-By: Claude Sonnet 4.6 <[email protected]>
* docs: add End-of-Life Versions to Support navigation menu
Co-Authored-By: Claude Sonnet 4.6 <[email protected]>
* chore: trigger staging build
Co-Authored-By: Claude Opus 4.7 <[email protected]>
---------
Co-authored-by: Claude Sonnet 4.6 <[email protected]>
---
source/_includes/header.html | 1 +
source/commercial-support.md | 6 +++---
source/download.md | 4 ++++
source/eol-versions.md | 42 ++++++++++++++++++++++++++++++++++++++++++
source/index.html | 21 +++++++++++----------
source/releases.md | 5 ++++-
6 files changed, 65 insertions(+), 14 deletions(-)
diff --git a/source/_includes/header.html b/source/_includes/header.html
index 9285bec62..300aebec8 100644
--- a/source/_includes/header.html
+++ b/source/_includes/header.html
@@ -42,6 +42,7 @@
<li><a href="https://issues.apache.org/jira/browse/WW";>Issue
Tracker</a></li>
<li><a href="/security.html">Reporting Security Issues</a></li>
<li><a href="/commercial-support.html">Commercial
Support</a></li>
+ <li><a href="/eol-versions.html">End-of-Life Versions</a></li>
<li class="divider"></li>
<li><a
href="https://cwiki.apache.org/confluence/display/WW/Migration+Guide";>Version
Notes</a></li>
<li><a
href="https://cwiki.apache.org/confluence/display/WW/Security+Bulletins";>Security
Bulletins</a></li>
diff --git a/source/commercial-support.md b/source/commercial-support.md
index 6c8f6d665..c2c37c896 100644
--- a/source/commercial-support.md
+++ b/source/commercial-support.md
@@ -21,7 +21,7 @@ Explore commercial support options for Apache Struts and
JavaEE applications thr
For detailed assistance, kindly reach out to them directly. Help us keep this
list current; if you’re aware of other
supportive companies, please share details with us.
-Last updated: **2024-12-23**
+Last updated: **2026-04-21**
- <a href="https://softwaremill.com/contact/"; rel="nofollow"
target="_blank">SoftwareMill</a>
- contact details:
@@ -31,11 +31,11 @@ Last updated: **2024-12-23**
- [+48 22 188 11 33](tel:+48221881133) (PL)
- [+44 56 0156 3406](tel:+445601563406) (UK)
- scope of support: consulting, Java & UI development, audit
-- <a href="https://www.herodevs.com/support/struts-nes"; rel="nofollow"
target="_blank">HeroDevs</a>
+- <a href="https://www.herodevs.com/support/struts-nes"; rel="nofollow"
target="_blank">HeroDevs — Never-Ending Support (NES)</a>
- contact details:
- email: [[email protected]](mailto:[email protected])
- phone: [+1 877-586-1965](tel:+18775861965)
- - scope of support: Extended Long-Term Security Support for Apache Struts,
CVE Remediation
+ - scope of support: extended security coverage and CVE remediation for EOL
Apache Struts versions
## How to add a new company
diff --git a/source/download.md b/source/download.md
index a773bcd31..99650fe96 100644
--- a/source/download.md
+++ b/source/download.md
@@ -98,6 +98,10 @@ version of Struts in the 6.x series.
If you are looking for other versions than above please check the <a
href="https://archive.apache.org/dist/struts/";>Apache Archive</a> site.
+Versions no longer listed above are End-of-Life (EOL) and receive no further
security patches from the Apache Struts Team.
+If your organization requires continued security coverage for an EOL version,
see the [End-of-Life versions](eol-versions.html)
+page for available options.
+
## Verify the integrity of the files {#verify}
We recommend that you verify the integrity of the downloaded files using the
PGP or MD5/SHA256 signatures.
diff --git a/source/eol-versions.md b/source/eol-versions.md
new file mode 100644
index 000000000..e10ffd700
--- /dev/null
+++ b/source/eol-versions.md
@@ -0,0 +1,42 @@
+---
+layout: default
+title: End-of-Life Versions
+---
+
+# End-of-Life Apache Struts Versions
+{:.no_toc}
+
+* Will be replaced with the ToC, excluding a header
+{:toc}
+
+## What End-of-Life means
+
+When a Struts version reaches End-of-Life (EOL), the Apache Struts Team no
longer provides
+security patches, bug fixes, or updates for that branch. Users are strongly
encouraged to
+migrate to a [currently supported release](download.cgi).
+
+The user mailing list and issue tracker are the **only** support options
hosted by the Apache
+Struts project for supported versions. EOL versions receive no support at all
from the project.
+
+## EOL versions
+
+| Branch | EOL date | Announcement |
+|--------|----------|--------------|
+| Struts 2.5.x | 30 October 2023 | [Announcement](announce-2023#a20231030) |
+| Struts 2.3.x | 12 September 2019 | [Announcement](announce-2019#a20190912) |
+| Struts 1.x | 5 April 2013 | [Announcement](struts1eol-announcement.html) |
+
+For a full list of individual releases that are no longer recommended due to
known security issues,
+see the [Releases](releases.html#prior-releases) page.
+
+## Commercial support for EOL versions
+
+If migration is not immediately feasible, third-party vendors offer extended
security support
+for EOL Struts versions. The Apache Software Foundation does not endorse any
commercial offering;
+the following is provided for informational purposes only.
+
+{:.alert .alert-info}
+[HeroDevs Never-Ending Support
(NES)](https://www.herodevs.com/support/struts-nes){:rel="nofollow"
target="_blank"}
+— extended security coverage and CVE remediation for EOL Apache Struts
versions.
+
+For a full list of commercial support options, see the [Commercial
Support](commercial-support.html) page.
\ No newline at end of file
diff --git a/source/index.html b/source/index.html
index 8a5d18258..fd4e35225 100644
--- a/source/index.html
+++ b/source/index.html
@@ -39,13 +39,12 @@ title: Welcome to the Apache Struts project
<a href="{{ site.wiki_url }}/Version+Notes+{{ site.prev_version
}}">Version notes</a>
</div>
<div class="column col-md-4">
- <h2>CVE-2025-64775 File leak in multipart request processing causes
disk exhaustion (DoS)</h2>
- <p>
- Upgrade to Apache Struts 6.8.0 or 7.1.1 to mitigate the
vulnerability.
- </p>
+ <h2>End-of-Life Struts Versions</h2>
<p>
- Read more in the <a href="announce-2025#a20251201">Announcement</a>
or in
- the Security Bulletin <a href="{{ site.wiki_url }}/S2-068">S2-068</a>
+ Some Struts versions are no longer supported and receive no further
security patches.
+ We recommend migrating to the <a href="download.cgi">latest
release</a>.
+ If migration is not immediately feasible, see <a
href="eol-versions.html">End-of-Life versions</a>
+ for available options.
</p>
</div>
</div>
@@ -69,11 +68,13 @@ title: Welcome to the Apache Struts project
</p>
</div>
<div class="column col-md-4">
- <h2>Apache Struts 2.5.x EOL</h2>
+ <h2>CVE-2025-64775 File leak in multipart request processing causes
disk exhaustion (DoS)</h2>
+ <p>
+ Upgrade to Apache Struts 6.8.0 or 7.1.1 to mitigate the
vulnerability.
+ </p>
<p>
- The Apache Struts Team informs about discontinuing support for
Struts 2.5.x branch, we recommend migration
- to the latest version of Struts, read more in
- <a href="announce-2023#a20231030">Announcement</a>
+ Read more in the <a href="announce-2025#a20251201">Announcement</a>
or in
+ the Security Bulletin <a href="{{ site.wiki_url }}/S2-068">S2-068</a>
</p>
</div>
</div>
diff --git a/source/releases.md b/source/releases.md
index 61e65dba5..8a9af8fa2 100644
--- a/source/releases.md
+++ b/source/releases.md
@@ -23,6 +23,7 @@ repositories, like [ibiblio.](http://ibiblio.org)
the [Apache Maven
Repository](https://repository.apache.org/content/groups/snapshots/).
- **Older Releases** are available here
- [Archive Site](https://archive.apache.org/dist/struts/)
+ - For support options on older releases, see [End-of-Life
versions](eol-versions.html)
Project releases have been approved by the vote of the Apache Struts [Project
Management Committee.](bylaws.html)
Support for a release is provided by [project volunteers](volunteers.html)
@@ -37,7 +38,9 @@ The user mailing list and issue tracker are the **only**
support options hosted
## Prior Releases {#prior-releases}
As a courtesy, we retain archival copies of the website for releases that
initially were considered
-"General Availability" but which has been reclassified as "Not recommended"
since they contain security issues
+"General Availability" but which has been reclassified as "Not recommended"
since they contain security issues.
+If you are running one of the versions below and cannot migrate, see the
[End-of-Life versions](eol-versions.html)
+page for available options.
| Release | Release Date | Vulnerability
[...]
|-----------------|-------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
[...]
