Hi Lukasz, The version 2.3.16.1 is not available yet in Maven repository. When do you think it will be available?
Thanks JL 2014-03-06 12:27 GMT-05:00 Lukasz Lenart <lukaszlen...@apache.org>: > Ok, thanks! > > 2014-03-06 18:23 GMT+01:00 Mark Thomas <ma...@apache.org>: > > On 06/03/2014 17:08, Lukasz Lenart wrote: > >> So who's the reporter? > > > > We (the ASF) know who discovered CVE-2014-0050 but they have not given > > permission to be named. The only public credit information is that which > > was published for CVE-2014-0050. > > > > Mark > > > >> > >> 2014-03-06 16:54 GMT+01:00 Mark Thomas <ma...@apache.org>: > >>> On 06/03/2014 09:04, Lukasz Lenart wrote: > >>>> This release includes important security fixes: > >>>> - S2-020 - ClassLoader manipulation via request parameters > >>>> - upgraded Commons FileUpload library to prevent DoS attacks > >>>> > >>>> * http://struts.apache.org/release/2.3.x/docs/s2-020.html > >>> > >>> Please remove my name from the reporters. I just forwarded the e-mail > >>> that the security team received. I do not deserve any of the credit for > >>> discovering this issue. > >>> > >>> Mark > >>> > >> > >> --------------------------------------------------------------------- > >> To unsubscribe, e-mail: security-unsubscr...@apache.org > >> For additional commands, e-mail: security-h...@apache.org > >> > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org > For additional commands, e-mail: dev-h...@struts.apache.org > >
