It is http://search.maven.org/#artifactdetails%7Corg.apache.struts%7Cstruts2-core%7C2.3.16.1%7Cjar
2014-03-07 17:41 GMT+01:00 JOSE L MARTINEZ-AVIAL <[email protected]>: > Hi Lukasz, > The version 2.3.16.1 is not available yet in Maven repository. When do you > think it will be available? > > Thanks > > JL > > > 2014-03-06 12:27 GMT-05:00 Lukasz Lenart <[email protected]>: > >> Ok, thanks! >> >> 2014-03-06 18:23 GMT+01:00 Mark Thomas <[email protected]>: >> > On 06/03/2014 17:08, Lukasz Lenart wrote: >> >> So who's the reporter? >> > >> > We (the ASF) know who discovered CVE-2014-0050 but they have not given >> > permission to be named. The only public credit information is that which >> > was published for CVE-2014-0050. >> > >> > Mark >> > >> >> >> >> 2014-03-06 16:54 GMT+01:00 Mark Thomas <[email protected]>: >> >>> On 06/03/2014 09:04, Lukasz Lenart wrote: >> >>>> This release includes important security fixes: >> >>>> - S2-020 - ClassLoader manipulation via request parameters >> >>>> - upgraded Commons FileUpload library to prevent DoS attacks >> >>>> >> >>>> * http://struts.apache.org/release/2.3.x/docs/s2-020.html >> >>> >> >>> Please remove my name from the reporters. I just forwarded the e-mail >> >>> that the security team received. I do not deserve any of the credit for >> >>> discovering this issue. >> >>> >> >>> Mark >> >>> >> >> >> >> --------------------------------------------------------------------- >> >> To unsubscribe, e-mail: [email protected] >> >> For additional commands, e-mail: [email protected] >> >> >> > >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: [email protected] >> For additional commands, e-mail: [email protected] >> >> --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
