2012/3/22 Robert <[email protected]>: > There is not a perfect solution, as Dave indicated beta may not mean much to > managers.
Yeah, it does nothing ;-) Beta, Alpha, GA is all the same for them. > A hard line approach would be to reclassify all prior releases of Struts 2, > as beta or alpha, does Struts have a not recommended classification ? No, we just strongly advise to upgrade. > Then change the download page,http://struts.apache.org/downloads.html, > wording for older releases > > from: > 'As a courtesy, we retain archival copies of the website for each "General > Availability" release.' > > to > 'As a courtesy, we retain archival copies of the website for releases that > initially were considered "General Availability" > but which has been reclassified as "Not recommended" since they contain > security issues' > ^ or beta/alpha ^ Hmm... interesting idea, worth consideration :-) > Then instead of listing just the prior version of the web site, explicitly > list the vulnerabilities these releases are known/assumed to contain. > > Struts 2.X Releases > Release, Approx Rel Date, Vulnerability > > Struts 2.3.1.1 , 2012/1/23 S2-009 > Struts 2.3.1, 2011/12/14, S2-008 likely : S2-009 > Struts 2.2.3.1, 2011/9/7, likely : S2-008, S2-009 > Struts 2.2.3 , 2011/5/7, S2-007 likely : S2-008, S2-009 > Struts 2.2.1.1 , 2010/12/21, S2-006 likely : S2-007, S2-008, S2-009 > Struts 2.2.1, 2010/8/16 likely : S2-006, S2-007, S2-008, > S2-009 > Struts 2.1.8.1, 2010/8/16 S2-005 likely : S2-006, S2-007, > S2-008, S2-009 > Struts 2.1.8, 2009/9/30, likely : S2-005, S2-006, S2-007, > S2-008, S2-009 > Struts 2.1.6, 2009/1/5, likely : S2-005, S2-006, S2-007, > S2-008, S2-009 > Struts 2.0.14, 2008/11/16, likely : S2-005, S2-006, S2-007, S2-008, > S2-009 > Struts 2.0.12, 2008/10/16, likely : S2-005, S2-006, S2-007, S2-008, > S2-009 > Struts 2.0.11.2, 2008/6/22, S2-004, S2-003, likely : S2-005, > S2-006, S2-007, S2-008, S2-009 > Struts 2.0.11.1, 2008/3/2, likely : S2-003, S2-004, S2-005, > S2-006, S2-007, S2-008, S2-009 > Struts 2.0.11, 2007/9/21, S2-002 likely : S2-003, S2-004, > S2-005, S2-006, S2-007, S2-008, S2-009 > Struts 2.0.9, 2007/7/23, likely : S2-002, S2-003, S2-004, > S2-005, S2-006, S2-007, S2-008, S2-009 > Struts 2.0.8, 2007/6/6, S2-001 likely : S2-002, S2-003, > S2-004, S2-005, S2-006, S2-007, S2-008, S2-009 > Struts 2.0.6, 2007/2/18, S2-001 likely : S2-002, S2-003, > S2-004, S2-005, S2-006, S2-007, S2-008, S2-009 I think that's the best part, even without reclassification it clear shows why to upgrade to latest GA. I think we can introduce that change smoothly, by consensus. Any objections ? Kind regards -- Łukasz http://www.lenart.org.pl/ mobile +48 606 323 122, office +27 11 0838747 Warszawa JUG conference - Confitura http://confitura.pl/ --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
