What about: * All developers are strongly advised to update Struts 2 applications to Struts 2.0.11.1 to prevent XSS attacks through Struts 2 tags.
In this way, we aren't quite so "in-your-face" and a quick summary of the issue and what part of Struts 2 is affected is included. The qualifier is probably important as not all apps use the affected Struts 2 tags and since the release just includes that one fix, it is valuable to specify exactly what has been fixed. Still, these are all minor things - the important thing is that you got this release out so quickly and for that, we are all very grateful :) Don On 3/4/08, Rene Gielen <[EMAIL PROTECTED]> wrote: > Agreed. How should we put it better? > > Don Brown schrieb: > > > Good point. This pales in comparison to, say, the OGNL remote code > > exploit. XSS exploits, while important, just aren't anywhere near as > > big of deal. > > > > Don > > > > On Tue, Mar 4, 2008 at 12:43 PM, Jeromy Evans > > <[EMAIL PROTECTED]> wrote: > >> My opinion is that the criticality is overstated. > >> However it is useful to draw attention to the vulnerability. > >> > >> > >> > >> Don Brown wrote: > >> > Looks good. Thanks for creating a security bulletin as well. > >> > > >> > Don > >> > > >> > On 3/4/08, Rene Gielen <[EMAIL PROTECTED]> wrote: > >> > > >> >> The release has been submitted for mirroring. Here's a draft > >> >> announcement that we could post tomorrow morning, including a link > to a > >> >> corresponding security bulletin announcement in the wiki. Comments > and > >> >> corrections to both texts are highly appreciated. > >> >> > >> >> ---- > >> >> > >> >> Apache Struts 2.0.11.1 is now available from > >> >> <http://struts.apache.org/download.cgi#struts20111>. > >> >> > >> >> This release is a fast track security fix release, including > important > >> >> security fixes regarding possible cross site scripting exploits. For > >> >> more information about the exploits, visit our security bulletins > page at > >> >> <http://cwiki.apache.org/confluence/display/WW/S2-002>. > >> >> > >> >> * ALL DEVELOPERS ARE STRONGLY ADVISED TO UPDATE TO STRUTS 2.0.11.1 > >> >> IMMEDIATELY! > >> >> > >> >> For the complete release notes for Struts 2.0.11.1, see > >> >> > <http://cwiki.apache.org/confluence/display/WW/Release+Notes+2.0.11.1>. > >> >> > >> >> --------------------------------------------------------------------- > >> >> To unsubscribe, e-mail: [EMAIL PROTECTED] > >> >> For additional commands, e-mail: [EMAIL PROTECTED] > >> >> > >> >> > >> >> > >> > > >> > --------------------------------------------------------------------- > >> > To unsubscribe, e-mail: [EMAIL PROTECTED] > >> > For additional commands, e-mail: [EMAIL PROTECTED] > >> > > >> > > >> > > >> > > >> > > >> > >> > >> --------------------------------------------------------------------- > >> To unsubscribe, e-mail: [EMAIL PROTECTED] > >> For additional commands, e-mail: [EMAIL PROTECTED] > >> > >> > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
