svn commit: r1015506 - in /websites/production/struts/content: announce.html index.html robots.txt
Author: lukaszlenart Date: Sat Jul 15 05:13:09 2017 New Revision: 1015506 Log: Updates production Modified: websites/production/struts/content/announce.html websites/production/struts/content/index.html websites/production/struts/content/robots.txt Modified: websites/production/struts/content/announce.html == --- websites/production/struts/content/announce.html (original) +++ websites/production/struts/content/announce.html Sat Jul 15 05:13:09 2017 @@ -126,8 +126,8 @@ Announcements - 17 July 2017 - Struts 2.5.12 General Availability - 17 July 2017 - Struts 2.3.33 General Availability + 07 July 2017 - Struts 2.3.33 General Availability + 06 July 2017 - Struts 2.5.12 General Availability 9 July 2017 - Possible RCE in the Struts Showcase app in the Struts 1 plugin example in the Struts 2.3.x series 23 march 2017 - Struts Extras secure Multipart plugins General Availability - versions 1.1 20 march 2017 - Struts Extras secure Multipart plugins General Availability @@ -140,7 +140,43 @@ Skip to: Announcements - 2016 -17 July 2017 - Struts 2.5.12 General Availability +07 July 2017 - Struts 2.3.33 General Availability + +The Apache Struts group is pleased to announce that Struts 2.3.32 is available as a âGeneral Availabilityâ +release. The GA designation is our highest quality grade. + +This release addresses two potential security vulnerabilities: + + + S2-049 +A DoS attack is available for Spring secured actions + S2-048 +Possible RCE in the Struts Showcase app in the Struts 1 plugin example in Struts 2.3.x series + + +Also this version resolves the following issues: + + + EmailValidator does not accept new domain suffixes + Revision number still missing from dojo.js and dojo.js.uncompressed.js + Strange Behavior Parsing Action Requests + + +Apache Struts 2 is an elegant, extensible framework for creating enterprise-ready Java web applications. +The framework is designed to streamline the full development cycle, from building, to deploying, +to maintaining applications over time. + +All developers are strongly advised to perform this action. + +The 2.3.x series of the Apache Struts framework has a minimum requirement of the following specification versions: +Servlet API 2.4, JSP API 2.0, and Java 6. + +Should any issues arise with your use of any version of the Struts framework, please post your comments +to the user list, and, if appropriate, file a tracking ticket. + +You can download this version from our download page. + +06 July 2017 - Struts 2.5.12 General Availability The Apache Struts group is pleased to announce that Struts 2.5.12 is available as a âGeneral Availabilityâ release. The GA designation is our highest quality grade. @@ -219,42 +255,6 @@ to the user list, and, if appropriate, f You can download this version from our download page. -17 July 2017 - Struts 2.3.33 General Availability - -The Apache Struts group is pleased to announce that Struts 2.3.32 is available as a âGeneral Availabilityâ -release. The GA designation is our highest quality grade. - -This release addresses two potential security vulnerabilities: - - - S2-049 -A DoS attack is available for Spring secured actions - S2-048 -Possible RCE in the Struts Showcase app in the Struts 1 plugin example in Struts 2.3.x series - - -Also this version resolves the following issues: - - - EmailValidator does not accept new domain suffixes - Revision number still missing from dojo.js and dojo.js.uncompressed.js - Strange Behavior Parsing Action Requests - - -Apache Struts 2 is an elegant, extensible framework for creating enterprise-ready Java web applications. -The framework is designed to streamline the full development cycle, from building, to deploying, -to maintaining applications over time. - -All developers are strongly advised to perform this action. - -The 2.3.x series of the Apache Struts framework has a minimum requirement of the following specification versions: -Servlet API 2.4, JSP API 2.0, and Java 6. - -Should any issues arise with your use of any version of the Struts framework, please post your comments -to the user list, and, if appropriate, file a tracking ticket. - -You can download this version from our download page. - 9 July 2017 - Possible RCE in the Struts Showcase app in the Struts 1 plugin example in the Struts 2.3.x series A potential security vulnerability was reported in the Struts 1 plugin used in the Struts 2.3.x series. Modified: websites/production/struts/content/index.html == --- websites/production/struts/content/index.html (original) +++ websites/production/struts/content/index.html Sat Jul 15 05:13:09 2017 @@ -151,16 +151,16 @@ Apache Struts 2.5.12 GA - Apache Struts 2.5.12 GA has been releasedon 17 July 2017. +
[5/5] struts-archetypes git commit: update maven-compiler-plugin
update maven-compiler-plugin Project: http://git-wip-us.apache.org/repos/asf/struts-archetypes/repo Commit: http://git-wip-us.apache.org/repos/asf/struts-archetypes/commit/396cc66d Tree: http://git-wip-us.apache.org/repos/asf/struts-archetypes/tree/396cc66d Diff: http://git-wip-us.apache.org/repos/asf/struts-archetypes/diff/396cc66d Branch: refs/heads/master Commit: 396cc66d444ab0295ece1eacb6c1812312f3f5fe Parents: ebb8df0 Author: Aleksandr MashchenkoAuthored: Fri Jul 14 20:20:16 2017 +0300 Committer: Aleksandr Mashchenko Committed: Fri Jul 14 20:20:16 2017 +0300 -- .../src/main/resources/archetype-resources/pom.xml | 2 +- .../src/main/resources/archetype-resources/pom.xml | 2 +- .../src/main/resources/archetype-resources/pom.xml | 2 +- .../src/main/resources/archetype-resources/pom.xml | 1 + .../src/main/resources/archetype-resources/pom.xml | 2 +- .../src/main/resources/archetype-resources/pom.xml | 1 + 6 files changed, 6 insertions(+), 4 deletions(-) -- http://git-wip-us.apache.org/repos/asf/struts-archetypes/blob/396cc66d/struts2-archetype-angularjs/src/main/resources/archetype-resources/pom.xml -- diff --git a/struts2-archetype-angularjs/src/main/resources/archetype-resources/pom.xml b/struts2-archetype-angularjs/src/main/resources/archetype-resources/pom.xml index b8150f5..a1b2f65 100644 --- a/struts2-archetype-angularjs/src/main/resources/archetype-resources/pom.xml +++ b/struts2-archetype-angularjs/src/main/resources/archetype-resources/pom.xml @@ -74,7 +74,7 @@ org.apache.maven.plugins maven-compiler-plugin -3.3 +3.6.1 UTF-8 1.7 http://git-wip-us.apache.org/repos/asf/struts-archetypes/blob/396cc66d/struts2-archetype-blank/src/main/resources/archetype-resources/pom.xml -- diff --git a/struts2-archetype-blank/src/main/resources/archetype-resources/pom.xml b/struts2-archetype-blank/src/main/resources/archetype-resources/pom.xml index add4191..6900b64 100644 --- a/struts2-archetype-blank/src/main/resources/archetype-resources/pom.xml +++ b/struts2-archetype-blank/src/main/resources/archetype-resources/pom.xml @@ -61,7 +61,7 @@ maven-compiler-plugin -3.3 +3.6.1 UTF-8 1.7 http://git-wip-us.apache.org/repos/asf/struts-archetypes/blob/396cc66d/struts2-archetype-convention/src/main/resources/archetype-resources/pom.xml -- diff --git a/struts2-archetype-convention/src/main/resources/archetype-resources/pom.xml b/struts2-archetype-convention/src/main/resources/archetype-resources/pom.xml index 39c73dd..461b9d2 100644 --- a/struts2-archetype-convention/src/main/resources/archetype-resources/pom.xml +++ b/struts2-archetype-convention/src/main/resources/archetype-resources/pom.xml @@ -68,7 +68,7 @@ maven-compiler-plugin -3.3 +3.6.1 UTF-8 1.7 http://git-wip-us.apache.org/repos/asf/struts-archetypes/blob/396cc66d/struts2-archetype-dbportlet/src/main/resources/archetype-resources/pom.xml -- diff --git a/struts2-archetype-dbportlet/src/main/resources/archetype-resources/pom.xml b/struts2-archetype-dbportlet/src/main/resources/archetype-resources/pom.xml index 159c452..a4068f1 100644 --- a/struts2-archetype-dbportlet/src/main/resources/archetype-resources/pom.xml +++ b/struts2-archetype-dbportlet/src/main/resources/archetype-resources/pom.xml @@ -99,6 +99,7 @@ maven-compiler-plugin +3.6.1 1.7 1.7 http://git-wip-us.apache.org/repos/asf/struts-archetypes/blob/396cc66d/struts2-archetype-portlet/src/main/resources/archetype-resources/pom.xml -- diff --git a/struts2-archetype-portlet/src/main/resources/archetype-resources/pom.xml b/struts2-archetype-portlet/src/main/resources/archetype-resources/pom.xml index 30263ba..ccd81f0 100644 --- a/struts2-archetype-portlet/src/main/resources/archetype-resources/pom.xml +++ b/struts2-archetype-portlet/src/main/resources/archetype-resources/pom.xml @@ -14,7 +14,7 @@ ${supported.struts2.version} 2.0 -
[2/5] struts-archetypes git commit: fix tests
fix tests Project: http://git-wip-us.apache.org/repos/asf/struts-archetypes/repo Commit: http://git-wip-us.apache.org/repos/asf/struts-archetypes/commit/de51ed9a Tree: http://git-wip-us.apache.org/repos/asf/struts-archetypes/tree/de51ed9a Diff: http://git-wip-us.apache.org/repos/asf/struts-archetypes/diff/de51ed9a Branch: refs/heads/master Commit: de51ed9a9fb6e191c76b82634094680af14e948e Parents: 7cfced2 Author: Aleksandr MashchenkoAuthored: Fri Jul 14 20:11:44 2017 +0300 Committer: Aleksandr Mashchenko Committed: Fri Jul 14 20:11:44 2017 +0300 -- .../src/test/java/example/HelloWorldTest.java | 2 ++ .../src/test/java/actions/HelloActionTest.java | 5 - 2 files changed, 6 insertions(+), 1 deletion(-) -- http://git-wip-us.apache.org/repos/asf/struts-archetypes/blob/de51ed9a/struts2-archetype-blank/src/main/resources/archetype-resources/src/test/java/example/HelloWorldTest.java -- diff --git a/struts2-archetype-blank/src/main/resources/archetype-resources/src/test/java/example/HelloWorldTest.java b/struts2-archetype-blank/src/main/resources/archetype-resources/src/test/java/example/HelloWorldTest.java index 28c0a4d..27397a9 100644 --- a/struts2-archetype-blank/src/main/resources/archetype-resources/src/test/java/example/HelloWorldTest.java +++ b/struts2-archetype-blank/src/main/resources/archetype-resources/src/test/java/example/HelloWorldTest.java @@ -21,6 +21,7 @@ package ${package}.example; +import com.opensymphony.xwork2.ActionContext; import com.opensymphony.xwork2.ActionSupport; import org.apache.struts2.StrutsTestCase; @@ -28,6 +29,7 @@ public class HelloWorldTest extends StrutsTestCase { public void testHelloWorld() throws Exception { HelloWorld hello_world = container.inject(HelloWorld.class); +ActionContext.getContext().getContainer().inject(hello_world); String result = hello_world.execute(); assertTrue("Expected a success result!", ActionSupport.SUCCESS.equals(result)); http://git-wip-us.apache.org/repos/asf/struts-archetypes/blob/de51ed9a/struts2-archetype-convention/src/main/resources/archetype-resources/src/test/java/actions/HelloActionTest.java -- diff --git a/struts2-archetype-convention/src/main/resources/archetype-resources/src/test/java/actions/HelloActionTest.java b/struts2-archetype-convention/src/main/resources/archetype-resources/src/test/java/actions/HelloActionTest.java index 91c508e..8b83735 100644 --- a/struts2-archetype-convention/src/main/resources/archetype-resources/src/test/java/actions/HelloActionTest.java +++ b/struts2-archetype-convention/src/main/resources/archetype-resources/src/test/java/actions/HelloActionTest.java @@ -1,12 +1,15 @@ package ${package}.actions; -import com.opensymphony.xwork2.ActionSupport; import org.apache.struts2.StrutsTestCase; +import com.opensymphony.xwork2.ActionContext; +import com.opensymphony.xwork2.ActionSupport; + public class HelloActionTest extends StrutsTestCase { public void testHelloAction() throws Exception { HelloAction hello = new HelloAction(); +ActionContext.getContext().getContainer().inject(hello); String result = hello.execute(); assertTrue("Expected a success result!", ActionSupport.SUCCESS.equals(result));
[1/5] struts-archetypes git commit: WW-4816 Archetypes: update source and target settings to 1.7
Repository: struts-archetypes Updated Branches: refs/heads/master a691a13b7 -> 396cc66d4 WW-4816 Archetypes: update source and target settings to 1.7 Project: http://git-wip-us.apache.org/repos/asf/struts-archetypes/repo Commit: http://git-wip-us.apache.org/repos/asf/struts-archetypes/commit/7cfced21 Tree: http://git-wip-us.apache.org/repos/asf/struts-archetypes/tree/7cfced21 Diff: http://git-wip-us.apache.org/repos/asf/struts-archetypes/diff/7cfced21 Branch: refs/heads/master Commit: 7cfced21da6f25bef716c500da68046d8550b020 Parents: a691a13 Author: Aleksandr MashchenkoAuthored: Fri Jul 14 20:11:20 2017 +0300 Committer: Aleksandr Mashchenko Committed: Fri Jul 14 20:11:20 2017 +0300 -- .../src/main/resources/archetype-resources/pom.xml | 4 ++-- .../src/main/resources/archetype-resources/pom.xml | 4 ++-- .../src/main/resources/archetype-resources/pom.xml | 4 ++-- .../src/main/resources/archetype-resources/pom.xml | 4 ++-- .../src/main/resources/archetype-resources/pom.xml | 4 ++-- 5 files changed, 10 insertions(+), 10 deletions(-) -- http://git-wip-us.apache.org/repos/asf/struts-archetypes/blob/7cfced21/struts2-archetype-blank/src/main/resources/archetype-resources/pom.xml -- diff --git a/struts2-archetype-blank/src/main/resources/archetype-resources/pom.xml b/struts2-archetype-blank/src/main/resources/archetype-resources/pom.xml index 7694190..408abcf 100644 --- a/struts2-archetype-blank/src/main/resources/archetype-resources/pom.xml +++ b/struts2-archetype-blank/src/main/resources/archetype-resources/pom.xml @@ -64,8 +64,8 @@ 3.3 UTF-8 -1.5 -1.5 +1.7 +1.7 http://git-wip-us.apache.org/repos/asf/struts-archetypes/blob/7cfced21/struts2-archetype-convention/src/main/resources/archetype-resources/pom.xml -- diff --git a/struts2-archetype-convention/src/main/resources/archetype-resources/pom.xml b/struts2-archetype-convention/src/main/resources/archetype-resources/pom.xml index ffbfd61..703ac3e 100644 --- a/struts2-archetype-convention/src/main/resources/archetype-resources/pom.xml +++ b/struts2-archetype-convention/src/main/resources/archetype-resources/pom.xml @@ -71,8 +71,8 @@ 3.3 UTF-8 -1.5 -1.5 +1.7 +1.7 http://git-wip-us.apache.org/repos/asf/struts-archetypes/blob/7cfced21/struts2-archetype-dbportlet/src/main/resources/archetype-resources/pom.xml -- diff --git a/struts2-archetype-dbportlet/src/main/resources/archetype-resources/pom.xml b/struts2-archetype-dbportlet/src/main/resources/archetype-resources/pom.xml index 8fa84a7..0439fcb 100644 --- a/struts2-archetype-dbportlet/src/main/resources/archetype-resources/pom.xml +++ b/struts2-archetype-dbportlet/src/main/resources/archetype-resources/pom.xml @@ -100,8 +100,8 @@ maven-compiler-plugin -1.5 -1.5 +1.7 +1.7 http://git-wip-us.apache.org/repos/asf/struts-archetypes/blob/7cfced21/struts2-archetype-portlet/src/main/resources/archetype-resources/pom.xml -- diff --git a/struts2-archetype-portlet/src/main/resources/archetype-resources/pom.xml b/struts2-archetype-portlet/src/main/resources/archetype-resources/pom.xml index ece9bca..30263ba 100644 --- a/struts2-archetype-portlet/src/main/resources/archetype-resources/pom.xml +++ b/struts2-archetype-portlet/src/main/resources/archetype-resources/pom.xml @@ -50,8 +50,8 @@ maven-compiler-plugin ${plugin.compiler.version} -1.6 -1.6 +1.7 +1.7 http://git-wip-us.apache.org/repos/asf/struts-archetypes/blob/7cfced21/struts2-archetype-starter/src/main/resources/archetype-resources/pom.xml -- diff --git a/struts2-archetype-starter/src/main/resources/archetype-resources/pom.xml b/struts2-archetype-starter/src/main/resources/archetype-resources/pom.xml index f0f8f24..89b5905 100644 ---
[4/5] struts-archetypes git commit: update junit dependency
update junit dependency Project: http://git-wip-us.apache.org/repos/asf/struts-archetypes/repo Commit: http://git-wip-us.apache.org/repos/asf/struts-archetypes/commit/ebb8df05 Tree: http://git-wip-us.apache.org/repos/asf/struts-archetypes/tree/ebb8df05 Diff: http://git-wip-us.apache.org/repos/asf/struts-archetypes/diff/ebb8df05 Branch: refs/heads/master Commit: ebb8df05033cc202cf4d9510e3d4f10ee420ebe7 Parents: 1f4282e Author: Aleksandr MashchenkoAuthored: Fri Jul 14 20:15:42 2017 +0300 Committer: Aleksandr Mashchenko Committed: Fri Jul 14 20:15:42 2017 +0300 -- .../src/main/resources/archetype-resources/pom.xml | 2 +- .../src/main/resources/archetype-resources/pom.xml | 2 +- .../src/main/resources/archetype-resources/pom.xml | 2 +- .../src/main/resources/archetype-resources/pom.xml | 2 +- .../src/main/resources/archetype-resources/pom.xml | 2 +- .../src/main/resources/archetype-resources/pom.xml | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) -- http://git-wip-us.apache.org/repos/asf/struts-archetypes/blob/ebb8df05/struts2-archetype-angularjs/src/main/resources/archetype-resources/pom.xml -- diff --git a/struts2-archetype-angularjs/src/main/resources/archetype-resources/pom.xml b/struts2-archetype-angularjs/src/main/resources/archetype-resources/pom.xml index da81dbd..b8150f5 100644 --- a/struts2-archetype-angularjs/src/main/resources/archetype-resources/pom.xml +++ b/struts2-archetype-angularjs/src/main/resources/archetype-resources/pom.xml @@ -49,7 +49,7 @@ junit junit -4.5 +4.12 test http://git-wip-us.apache.org/repos/asf/struts-archetypes/blob/ebb8df05/struts2-archetype-blank/src/main/resources/archetype-resources/pom.xml -- diff --git a/struts2-archetype-blank/src/main/resources/archetype-resources/pom.xml b/struts2-archetype-blank/src/main/resources/archetype-resources/pom.xml index 408abcf..add4191 100644 --- a/struts2-archetype-blank/src/main/resources/archetype-resources/pom.xml +++ b/struts2-archetype-blank/src/main/resources/archetype-resources/pom.xml @@ -37,7 +37,7 @@ junit junit -4.5 +4.12 test http://git-wip-us.apache.org/repos/asf/struts-archetypes/blob/ebb8df05/struts2-archetype-convention/src/main/resources/archetype-resources/pom.xml -- diff --git a/struts2-archetype-convention/src/main/resources/archetype-resources/pom.xml b/struts2-archetype-convention/src/main/resources/archetype-resources/pom.xml index 703ac3e..39c73dd 100644 --- a/struts2-archetype-convention/src/main/resources/archetype-resources/pom.xml +++ b/struts2-archetype-convention/src/main/resources/archetype-resources/pom.xml @@ -43,7 +43,7 @@ junit junit -4.5 +4.12 test http://git-wip-us.apache.org/repos/asf/struts-archetypes/blob/ebb8df05/struts2-archetype-dbportlet/src/main/resources/archetype-resources/pom.xml -- diff --git a/struts2-archetype-dbportlet/src/main/resources/archetype-resources/pom.xml b/struts2-archetype-dbportlet/src/main/resources/archetype-resources/pom.xml index 0439fcb..159c452 100644 --- a/struts2-archetype-dbportlet/src/main/resources/archetype-resources/pom.xml +++ b/struts2-archetype-dbportlet/src/main/resources/archetype-resources/pom.xml @@ -21,7 +21,7 @@ junit junit -3.8.1 +4.12 test http://git-wip-us.apache.org/repos/asf/struts-archetypes/blob/ebb8df05/struts2-archetype-plugin/src/main/resources/archetype-resources/pom.xml -- diff --git a/struts2-archetype-plugin/src/main/resources/archetype-resources/pom.xml b/struts2-archetype-plugin/src/main/resources/archetype-resources/pom.xml index d3f78c6..65b71da 100644 --- a/struts2-archetype-plugin/src/main/resources/archetype-resources/pom.xml +++ b/struts2-archetype-plugin/src/main/resources/archetype-resources/pom.xml @@ -27,7 +27,7 @@ junit junit -3.8.1 +4.12 test http://git-wip-us.apache.org/repos/asf/struts-archetypes/blob/ebb8df05/struts2-archetype-starter/src/main/resources/archetype-resources/pom.xml --
[3/5] struts-archetypes git commit: update archetype-starter pom
update archetype-starter pom Project: http://git-wip-us.apache.org/repos/asf/struts-archetypes/repo Commit: http://git-wip-us.apache.org/repos/asf/struts-archetypes/commit/1f4282e0 Tree: http://git-wip-us.apache.org/repos/asf/struts-archetypes/tree/1f4282e0 Diff: http://git-wip-us.apache.org/repos/asf/struts-archetypes/diff/1f4282e0 Branch: refs/heads/master Commit: 1f4282e051468b24c7b5abbfd643492a8cfe89e2 Parents: de51ed9 Author: Aleksandr MashchenkoAuthored: Fri Jul 14 20:12:15 2017 +0300 Committer: Aleksandr Mashchenko Committed: Fri Jul 14 20:12:15 2017 +0300 -- .../src/main/resources/archetype-resources/pom.xml| 10 ++ 1 file changed, 2 insertions(+), 8 deletions(-) -- http://git-wip-us.apache.org/repos/asf/struts-archetypes/blob/1f4282e0/struts2-archetype-starter/src/main/resources/archetype-resources/pom.xml -- diff --git a/struts2-archetype-starter/src/main/resources/archetype-resources/pom.xml b/struts2-archetype-starter/src/main/resources/archetype-resources/pom.xml index 89b5905..e68062e 100644 --- a/struts2-archetype-starter/src/main/resources/archetype-resources/pom.xml +++ b/struts2-archetype-starter/src/main/resources/archetype-resources/pom.xml @@ -1,6 +1,7 @@ - +http://maven.apache.org/POM/4.0.0; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance; + xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd;> 4.0.0 \${groupId} \${artifactId} @@ -113,13 +114,6 @@ \${basedir}/src/main/webapp/WEB-INF/web.xml - - -log4j -log4j -1.2.17 - -
svn commit: r1015458 - /websites/production/struts/content/download.cgi
Author: lukaszlenart Date: Fri Jul 14 08:21:37 2017 New Revision: 1015458 Log: Updates production Modified: websites/production/struts/content/download.cgi Modified: websites/production/struts/content/download.cgi == --- websites/production/struts/content/download.cgi (original) +++ websites/production/struts/content/download.cgi Fri Jul 14 08:21:37 2017 @@ -3,4 +3,4 @@ # (we must change to that directory in order for python to pick up the # python includes correctly) cd /www/www.apache.org/dyn/mirrors -mirrors.cgi $* +/www/www.apache.org/dyn/mirrors/mirrors.cgi $*
svn commit: r1015457 - /websites/production/struts/content/download.cgi
Author: lukaszlenart Date: Fri Jul 14 08:19:11 2017 New Revision: 1015457 Log: Updates production Modified: websites/production/struts/content/download.cgi Modified: websites/production/struts/content/download.cgi == --- websites/production/struts/content/download.cgi (original) +++ websites/production/struts/content/download.cgi Fri Jul 14 08:19:11 2017 @@ -3,4 +3,4 @@ # (we must change to that directory in order for python to pick up the # python includes correctly) cd /www/www.apache.org/dyn/mirrors -/www/www.apache.org/dyn/mirrors/mirrors.cgi $* +mirrors.cgi $*
struts-site git commit: Drops execute flag
Repository: struts-site Updated Branches: refs/heads/master c23856043 -> eac286200 Drops execute flag Project: http://git-wip-us.apache.org/repos/asf/struts-site/repo Commit: http://git-wip-us.apache.org/repos/asf/struts-site/commit/eac28620 Tree: http://git-wip-us.apache.org/repos/asf/struts-site/tree/eac28620 Diff: http://git-wip-us.apache.org/repos/asf/struts-site/diff/eac28620 Branch: refs/heads/master Commit: eac2862002c48a5b33c1536ea9f90482f417b9d2 Parents: c238560 Author: Lukasz LenartAuthored: Fri Jul 14 09:21:28 2017 +0200 Committer: Lukasz Lenart Committed: Fri Jul 14 09:21:28 2017 +0200 -- source/robots.txt | 0 1 file changed, 0 insertions(+), 0 deletions(-) -- http://git-wip-us.apache.org/repos/asf/struts-site/blob/eac28620/source/robots.txt -- diff --git a/source/robots.txt b/source/robots.txt old mode 100755 new mode 100644
[2/2] struts-site git commit: Updates info for robots
Updates info for robots Project: http://git-wip-us.apache.org/repos/asf/struts-site/repo Commit: http://git-wip-us.apache.org/repos/asf/struts-site/commit/c2385604 Tree: http://git-wip-us.apache.org/repos/asf/struts-site/tree/c2385604 Diff: http://git-wip-us.apache.org/repos/asf/struts-site/diff/c2385604 Branch: refs/heads/master Commit: c23856043fcd172a050ed5724ba1077d9acc1454 Parents: eca04da Author: Lukasz LenartAuthored: Fri Jul 14 09:19:17 2017 +0200 Committer: Lukasz Lenart Committed: Fri Jul 14 09:19:17 2017 +0200 -- source/robots.txt | 1 - 1 file changed, 1 deletion(-) -- http://git-wip-us.apache.org/repos/asf/struts-site/blob/c2385604/source/robots.txt -- diff --git a/source/robots.txt b/source/robots.txt index 9746b26..8c827cd 100755 --- a/source/robots.txt +++ b/source/robots.txt @@ -1,2 +1 @@ User-agent: * -Disallow: /2.x
[1/2] struts-site git commit: Updates info about the latest 2.3.x release
Repository: struts-site Updated Branches: refs/heads/master 6b268e76b -> c23856043 Updates info about the latest 2.3.x release Project: http://git-wip-us.apache.org/repos/asf/struts-site/repo Commit: http://git-wip-us.apache.org/repos/asf/struts-site/commit/eca04da9 Tree: http://git-wip-us.apache.org/repos/asf/struts-site/tree/eca04da9 Diff: http://git-wip-us.apache.org/repos/asf/struts-site/diff/eca04da9 Branch: refs/heads/master Commit: eca04da9e1464d174fbdb54e1ea0718e0ddbee88 Parents: 6b268e7 Author: Lukasz LenartAuthored: Fri Jul 14 07:46:38 2017 +0200 Committer: Lukasz Lenart Committed: Fri Jul 14 07:46:38 2017 +0200 -- source/announce.md | 34 +- source/index.html | 6 +++--- 2 files changed, 36 insertions(+), 4 deletions(-) -- http://git-wip-us.apache.org/repos/asf/struts-site/blob/eca04da9/source/announce.md -- diff --git a/source/announce.md b/source/announce.md index 3de40b3..0cfa31e 100644 --- a/source/announce.md +++ b/source/announce.md @@ -26,7 +26,7 @@ This release contains fixes for the following potential security vulnerabilities - [S2-047](/docs/s2-047.html) Possible DoS attack when using URLValidator - [S2-049](/docs/s2-049.html) - A DoS attack is available for Spring secured actions, + A DoS attack is available for Spring secured actions Except the above this release also contains several improvements just to mention few of them: @@ -85,6 +85,38 @@ to the user list, and, if appropriate, file a tracking ticket. You can download this version from our [download](download.cgi#struts-ga) page. + 17 July 2017 - Struts 2.3.33 General Availability {#a20170717-2} + +The Apache Struts group is pleased to announce that Struts 2.3.32 is available as a "General Availability" +release. The GA designation is our highest quality grade. + +This release addresses two potential security vulnerabilities: + + - [S2-049](/docs/s2-049.html) + A DoS attack is available for Spring secured actions + - [S2-048](/docs/s2-048.html) + Possible RCE in the Struts Showcase app in the Struts 1 plugin example in Struts 2.3.x series + +Also this version resolves the following issues: + + - `EmailValidator` does not accept new domain suffixes + - Revision number still missing from `dojo.js` and `dojo.js.uncompressed.js` + - Strange Behavior Parsing Action Requests + +Apache Struts 2 is an elegant, extensible framework for creating enterprise-ready Java web applications. +The framework is designed to streamline the full development cycle, from building, to deploying, +to maintaining applications over time. + +**All developers are strongly advised to perform this action.** + +The 2.3.x series of the Apache Struts framework has a minimum requirement of the following specification versions: +Servlet API 2.4, JSP API 2.0, and Java 6. + +Should any issues arise with your use of any version of the Struts framework, please post your comments +to the user list, and, if appropriate, file a tracking ticket. + +You can download this version from our [download](download.cgi#struts-23x) page. + 9 July 2017 - Possible RCE in the Struts Showcase app in the Struts 1 plugin example in the Struts 2.3.x series {#a20170707} A potential security vulnerability was reported in the Struts 1 plugin used in the Struts 2.3.x series. http://git-wip-us.apache.org/repos/asf/struts-site/blob/eca04da9/source/index.html -- diff --git a/source/index.html b/source/index.html index 97593b0..7699683 100644 --- a/source/index.html +++ b/source/index.html @@ -39,11 +39,11 @@ title: Welcome to the Apache Struts project Version notes -Apache Struts 2.3.32 GA +Apache Struts 2.3.33 GA It's the latest release of Struts 2.3.x which contains the latest security fix, - read more in Announcement or in - Version notes + read more in Announcement or in + Version notes
svn commit: r1015450 - in /websites/production/struts/content: announce.html docs/s2-049.html index.html
Author: lukaszlenart Date: Fri Jul 14 06:24:31 2017 New Revision: 1015450 Log: Updates production Modified: websites/production/struts/content/announce.html websites/production/struts/content/docs/s2-049.html websites/production/struts/content/index.html Modified: websites/production/struts/content/announce.html == --- websites/production/struts/content/announce.html (original) +++ websites/production/struts/content/announce.html Fri Jul 14 06:24:31 2017 @@ -127,6 +127,7 @@ 17 July 2017 - Struts 2.5.12 General Availability + 17 July 2017 - Struts 2.3.33 General Availability 9 July 2017 - Possible RCE in the Struts Showcase app in the Struts 1 plugin example in the Struts 2.3.x series 23 march 2017 - Struts Extras secure Multipart plugins General Availability - versions 1.1 20 march 2017 - Struts Extras secure Multipart plugins General Availability @@ -154,7 +155,7 @@ to maintaining applications over time.S2-047 Possible DoS attack when using URLValidator S2-049 -A DoS attack is available for Spring secured actions, +A DoS attack is available for Spring secured actions Except the above this release also contains several improvements just to mention few of them: @@ -218,6 +219,42 @@ to the user list, and, if appropriate, f You can download this version from our download page. +17 July 2017 - Struts 2.3.33 General Availability + +The Apache Struts group is pleased to announce that Struts 2.3.32 is available as a âGeneral Availabilityâ +release. The GA designation is our highest quality grade. + +This release addresses two potential security vulnerabilities: + + + S2-049 +A DoS attack is available for Spring secured actions + S2-048 +Possible RCE in the Struts Showcase app in the Struts 1 plugin example in Struts 2.3.x series + + +Also this version resolves the following issues: + + + EmailValidator does not accept new domain suffixes + Revision number still missing from dojo.js and dojo.js.uncompressed.js + Strange Behavior Parsing Action Requests + + +Apache Struts 2 is an elegant, extensible framework for creating enterprise-ready Java web applications. +The framework is designed to streamline the full development cycle, from building, to deploying, +to maintaining applications over time. + +All developers are strongly advised to perform this action. + +The 2.3.x series of the Apache Struts framework has a minimum requirement of the following specification versions: +Servlet API 2.4, JSP API 2.0, and Java 6. + +Should any issues arise with your use of any version of the Struts framework, please post your comments +to the user list, and, if appropriate, file a tracking ticket. + +You can download this version from our download page. + 9 July 2017 - Possible RCE in the Struts Showcase app in the Struts 1 plugin example in the Struts 2.3.x series A potential security vulnerability was reported in the Struts 1 plugin used in the Struts 2.3.x series. Modified: websites/production/struts/content/docs/s2-049.html == --- websites/production/struts/content/docs/s2-049.html (original) +++ websites/production/struts/content/docs/s2-049.html Fri Jul 14 06:24:31 2017 @@ -139,7 +139,7 @@ under the License. -SummaryA DoS attack is available for Spring secured actionsWho should read thisAll Struts 2 developers and usersImpact of vulnerabilityA DoS attack is available for Spring secured actionsMaximum security ratingMediumRecommendationUpgrade to Struts 2.5.12Affected SoftwareStruts 2.5 - Struts 2.5.10.1ReporterYasser Zamani yasser dot zamani at live dot comCVE IdentifierProblemWhen using a Spring AOP functionality to secure Struts actions it is possible to perform a DoS attack when user was properly authenticatedSolutionUpgrade to Apache Struts version 2.5.12.Backward compatibilityNo backward incompatibility issues are expected.WorkaroundPlease define the below constant in a struts.xmlfile: +SummaryA DoS attack is available for Spring secured actionsWho should read thisAll Struts 2 developers and usersImpact of vulnerabilityA DoS attack is available for Spring secured actionsMaximum security ratingMediumRecommendationUpgrade to Struts 2.5.12Affected SoftwareStruts 2.3.7 - Struts 2.3.32, Struts 2.5 - Struts 2.5.10.1ReporterYasser Zamani yasser dot zamani at live dot comCVE IdentifierCVE-2017-9787ProblemWhen using a Spring AOP functionality to secure Struts actions it is possible to perform a DoS attack when user was properly authenticatedSolutionUpgrade to Apache Struts version 2.5.12 or 2.3.33.Backward compatibilityNo backward incompatibility issues are expected.WorkaroundPlease define the below constant in a struts.xmlfile: constant name="struts.additional.excludedPatterns" value=".\.accessDecisionManager\.." / Modified: