[struts-master] branch bumps-parent updated: Fixes rebase issue

[lukaszlenart]

This is an automated email from the ASF dual-hosted git repository.

lukaszlenart pushed a commit to branch bumps-parent
in repository https://gitbox.apache.org/repos/asf/struts-master.git


The following commit(s) were added to refs/heads/bumps-parent by this push:
 new 2f03c04  Fixes rebase issue
2f03c04 is described below

commit 2f03c0486e23a386b7209585aa489e55ece2fc3d
Author: Lukasz Lenart 
AuthorDate: Thu Aug 23 08:49:55 2018 +0200

Fixes rebase issue
---
 pom.xml | 14 +++---
 1 file changed, 11 insertions(+), 3 deletions(-)

diff --git a/pom.xml b/pom.xml
index df804dd..acb8995 100755
--- a/pom.xml
+++ b/pom.xml
@@ -307,9 +307,9 @@
 
 
 
-Yasser Zamani
-yasserzamani
-yasserzamani at apache.org
+Aleksandr Mashchenko
+amashchenko
+amashchenko at apache.org
 
 PMC Member
 
@@ -322,6 +322,14 @@
 PMC Member
 
 
+
+Yasser Zamani
+yasserzamani
+yasserzamani at apache.org
+
+PMC Member
+
+
 
 
 

[struts-master] branch bumps-parent created (now 22855ec)

[lukaszlenart]

This is an automated email from the ASF dual-hosted git repository.

lukaszlenart pushed a change to branch bumps-parent
in repository https://gitbox.apache.org/repos/asf/struts-master.git.


  at 22855ec  Drops duplicated developer entry

This branch includes the following new commits:

 new b61e986  Upgrades apache parent to version 21
 new e8e8471  Adds Yasser to the developer's list
 new e2b59df  Cleans up urls
 new 22855ec  Drops duplicated developer entry

The 4 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.

[struts-master] 03/04: Cleans up urls

[lukaszlenart]

This is an automated email from the ASF dual-hosted git repository.

lukaszlenart pushed a commit to branch bumps-parent
in repository https://gitbox.apache.org/repos/asf/struts-master.git

commit e2b59df2720a6b7723ca2f79e14bedbd3d4068ca
Author: Lukasz Lenart 
AuthorDate: Thu Aug 23 08:37:55 2018 +0200

Cleans up urls
---
 pom.xml | 26 +++---
 1 file changed, 7 insertions(+), 19 deletions(-)

diff --git a/pom.xml b/pom.xml
index aeda6b3..d32a79a 100755
--- a/pom.xml
+++ b/pom.xml
@@ -12,9 +12,9 @@
 Apache Struts
 
 
-scm:git:git://git.apache.org/struts-master.git
-
scm:git:https://git-wip-us.apache.org/repos/asf/struts-master.git
-http://git.apache.org/struts-master.git
+
scm:git:https://gitbox.apache.org/repos/asf/struts-master.git
+
scm:git:https://gitbox.apache.org/repos/asf/struts-master.git
+https://github.com/apache/struts-master/
 HEAD
 
 
@@ -34,38 +34,26 @@
 user-subscr...@struts.apache.org
 user-unsubscr...@struts.apache.org
 u...@struts.apache.org
-
http://mail-archives.apache.org/mod_mbox/struts-user/
-
-
http://struts.apache.org/mail.html#Archives
-
+
https://lists.apache.org/list.html?u...@struts.apache.org
 
 
 Struts Developer List
 dev-subscr...@struts.apache.org
 dev-unsubscr...@struts.apache.org
 d...@struts.apache.org
-
http://mail-archives.apache.org/mod_mbox/struts-dev/
-
-
http://struts.apache.org/dev/dev-mail.html#Archives
-
+
https://lists.apache.org/list.html?d...@struts.apache.org
 
 
 Struts Commits List
 commits-subscr...@struts.apache.org
 commits-unsubscr...@struts.apache.org
-
http://mail-archives.apache.org/mod_mbox/struts-commits/
-
-
http://struts.apache.org/dev/dev-mail.html#Archives
-
+
https://lists.apache.org/list.html?commits@struts.apache.org
 
 
 Struts Issues List
 issues-subscr...@struts.apache.org
 issues-unsubscr...@struts.apache.org
-
http://mail-archives.apache.org/mod_mbox/struts-issues/
-
-
http://struts.apache.org/dev/dev-mail.html#Archives
-
+
https://lists.apache.org/list.html?iss...@struts.apache.org
 
 
 

[struts-master] 02/04: Adds Yasser to the developer's list

[lukaszlenart]

This is an automated email from the ASF dual-hosted git repository.

lukaszlenart pushed a commit to branch bumps-parent
in repository https://gitbox.apache.org/repos/asf/struts-master.git

commit e8e847167a9e8d385f2de878c3905ec9c6cc1596
Author: Lukasz Lenart 
AuthorDate: Thu Aug 23 08:31:43 2018 +0200

Adds Yasser to the developer's list
---
 pom.xml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/pom.xml b/pom.xml
index ca4726b..aeda6b3 100755
--- a/pom.xml
+++ b/pom.xml
@@ -319,9 +319,9 @@
 
 
 
-Aleksandr Mashchenko
-amashchenko
-amashchenko at apache.org
+Yasser Zamani
+yasserzamani
+yasserzamani at apache.org
 
 PMC Member
 

[struts-master] 01/04: Upgrades apache parent to version 21

[lukaszlenart]

This is an automated email from the ASF dual-hosted git repository.

lukaszlenart pushed a commit to branch bumps-parent
in repository https://gitbox.apache.org/repos/asf/struts-master.git

commit b61e986c3ec40a007d614c7304de9ca904598e44
Author: Lukasz Lenart 
AuthorDate: Thu Aug 23 08:28:45 2018 +0200

Upgrades apache parent to version 21
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index bc8cf6a..ca4726b 100755
--- a/pom.xml
+++ b/pom.xml
@@ -3,7 +3,7 @@
 
 org.apache
 apache
-18
+21
 
 org.apache.struts
 struts-master

[struts-master] 04/04: Drops duplicated developer entry

[lukaszlenart]

This is an automated email from the ASF dual-hosted git repository.

lukaszlenart pushed a commit to branch bumps-parent
in repository https://gitbox.apache.org/repos/asf/struts-master.git

commit 22855ec3b34b96bc103c52d1dae2e9db1856e890
Author: Lukasz Lenart 
AuthorDate: Thu Aug 23 08:39:40 2018 +0200

Drops duplicated developer entry
---
 pom.xml | 8 
 1 file changed, 8 deletions(-)

diff --git a/pom.xml b/pom.xml
index d32a79a..df804dd 100755
--- a/pom.xml
+++ b/pom.xml
@@ -322,14 +322,6 @@
 PMC Member
 
 
-
-Yasser Zamani
-yasserzamani
-yasserzamani at apache.org
-
-Committer
-
-
 
 
 

[struts-site] branch asf-site updated: Updates production by Jenkins

[git-site-role]

This is an automated email from the ASF dual-hosted git repository.

git-site-role pushed a commit to branch asf-site
in repository https://gitbox.apache.org/repos/asf/struts-site.git


The following commit(s) were added to refs/heads/asf-site by this push:
 new 871b9b4  Updates production by Jenkins
871b9b4 is described below

commit 871b9b498d6baefe7f8991bb0c86dd0b8c2ad502
Author: jenkins 
AuthorDate: Wed Aug 22 07:30:53 2018 +

Updates production by Jenkins
---
 content/announce.html   | 72 +
 content/core-developers/interceptors.html   |  2 +
 content/core-developers/struts-default-xml.html |  2 +
 content/download.html   | 84 -
 content/index.html  | 22 +++
 content/releases.html   | 15 -
 6 files changed, 143 insertions(+), 54 deletions(-)

diff --git a/content/announce.html b/content/announce.html
index 32f7605..5faaddd 100644
--- a/content/announce.html
+++ b/content/announce.html
@@ -130,6 +130,9 @@
 Announcements 2018
 
 
+  22 August 2018 - 
CVE-2018-11776 Apache Struts 2.3 to 2.3.34 and 2.5 to 2.5.16
+  22 August 2018 - 
Struts 2.5.17 General Availability
+  22 August 2018 - 
Struts 2.3.35 General Availability
   27 March 2018 - A 
crafted XML request can be used to perform a DoS attack when using the Struts 
REST plugin
   23 March 2018 - 
Immediately upgrade commons-fileupload to version 1.3.3
   16 March 2018 - Struts 
2.5.16 General Availability
@@ -139,6 +142,75 @@
   Skip to: Announcements - 2017
 
 
+22 August 2018 - CVE-2018-11776 Apache Struts 2.3 to 
2.3.34 and 2.5 to 2.5.16
+
+CVEID:CVE-2018-11776
+
+PRODUCT:Apache Struts
+
+VERSION:Apache Struts 2.3 to 2.3.34 and 2.5 to 2.5.16
+
+PROBLEMTYPE:Remote Code Execution
+
+REFERENCES:https://cwiki.apache.org/confluence/display/WW/S2-057";>S2-057
+
+DESCRIPTION:Man Yue Mo from the Semmle Security Research team was noticed 
that Apache Struts versions 2.3 to 2.3.34 and
+2.5 to 2.5.16 suffer from possible Remote Code Execution when using results 
with no namespace and in same time, its 
+upper action(s) have no or wildcard namespace. Same possibility when using url 
tag which doesn’t have value and action
+set and in same time, its upper action(s) have no or wildcard namespace.
+
+22 August 2018 - Struts 2.5.17 General Availability
+
+The Apache Struts group is pleased to announce that Struts 2.5.17 is 
available as a “General Availability”
+release. The GA designation is our highest quality grade.
+
+In addition to critical overall proactive security improvements, this 
release addresses one potential security vulnerability:
+
+
+  Possible Remote Code Execution when using results with no namespace and 
in same time, its upper action(s) have no or 
+wildcard namespace. Same possibility when using url tag which doesn’t have 
value and action set. - https://cwiki.apache.org/confluence/display/WW/S2-057";>S2-057
+
+
+Apache Struts 2 is an elegant, extensible framework for creating 
enterprise-ready Java web applications.
+The framework is designed to streamline the full development cycle, from 
building, to deploying,
+to maintaining applications over time.
+
+All developers are strongly advised to perform this 
action.
+
+The 2.5.x series of the Apache Struts framework has a minimum requirement 
of the following specification versions:
+Servlet API 2.4, JSP API 2.0, and Java 7.
+
+Should any issues arise with your use of any version of the Struts 
framework, please post your comments
+to the user list, and, if appropriate, file a tracking ticket.
+
+You can download this version from our download page.
+
+22 August 2018 - Struts 2.3.35 General Availability
+
+The Apache Struts group is pleased to announce that Struts 2.3.35 is 
available as a “General Availability”
+release. The GA designation is our highest quality grade.
+
+In addition to critical overall proactive security improvements, this 
release addresses one potential security vulnerability:
+
+
+  Possible Remote Code Execution when using results with no namespace and 
in same time, its upper action(s) have no or 
+wildcard namespace. Same possibility when using url tag which doesn’t have 
value and action set. - https://cwiki.apache.org/confluence/display/WW/S2-057";>S2-057
+
+
+Apache Struts 2 is an elegant, extensible framework for creating 
enterprise-ready Java web applications.
+The framework is designed to streamline the full development cycle, from 
building, to deploying,
+to maintaining applications over time.
+
+All developers are strongly advised to perform this 
action.
+
+The 2.3.x series of the Apache Struts framework has a minimum requirement 
of the following specification versions:
+Servlet API 2.4, JSP API 2.0, and Java 6.
+
+Should any issues arise with your use of any version of the Struts 
framework, please post your comments
+to the user list, and, if appropriate, file a tracking ticket.
+
+Y

[struts-site] branch master updated: release 2.5.17 and 2.3.35

[yasserzamani]

This is an automated email from the ASF dual-hosted git repository.

yasserzamani pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/struts-site.git


The following commit(s) were added to refs/heads/master by this push:
 new 1f66ba6  release 2.5.17 and 2.3.35
1f66ba6 is described below

commit 1f66ba6028734438164834675cb7d11be4e75b9c
Author: Yasser Zamani 
AuthorDate: Wed Aug 22 11:44:37 2018 +0430

release 2.5.17 and 2.3.35
---
 _config.yml  | 12 ++
 source/announce.md   | 65 
 source/download.html | 40 
 source/index.html| 14 +--
 source/releases.html | 13 +++
 5 files changed, 113 insertions(+), 31 deletions(-)

diff --git a/_config.yml b/_config.yml
index d69c392..dca449a 100644
--- a/_config.yml
+++ b/_config.yml
@@ -10,13 +10,17 @@ kramdown:
   syntax_highlighter: rouge
 
 # Simplifies introducing changes related to the latest release
-current_version: 2.5.16
-current_version_short: 2516
+current_version: 2.5.17
+current_version_short: 2517
+prev_version: 2.3.35
+prev_version_short: 2335
 archetype_version: 2.5.14
 current_beta_version: 2.5-BETA3
 current_beta_version_short: 25B3
-release_date: 16 March 2018
-release_date_short: 20180316
+release_date: 22 August 2018
+release_date_short: 20180822
+prev_release_date: 22 August 2018
+prev_release_date_short: 20180822
 beta_release_date_short: 20160126
 
 # Allows directly edit pages on GitHub
diff --git a/source/announce.md b/source/announce.md
index e9b7f7e..805e44d 100644
--- a/source/announce.md
+++ b/source/announce.md
@@ -13,6 +13,71 @@ title: Announcements 2018
   Skip to: Announcements - 2017
 
 
+ 22 August 2018 - CVE-2018-11776 Apache Struts 2.3 to 2.3.34 and 2.5 to 
2.5.16 {#a20180822-0}
+
+CVEID:CVE-2018-11776
+
+PRODUCT:Apache Struts
+
+VERSION:Apache Struts 2.3 to 2.3.34 and 2.5 to 2.5.16
+
+PROBLEMTYPE:Remote Code Execution
+
+REFERENCES:[S2-057]({{ site.wiki_url }}/S2-057)
+
+DESCRIPTION:Man Yue Mo from the Semmle Security Research team was noticed that 
Apache Struts versions 2.3 to 2.3.34 and
+2.5 to 2.5.16 suffer from possible Remote Code Execution when using results 
with no namespace and in same time, its 
+upper action(s) have no or wildcard namespace. Same possibility when using url 
tag which doesn’t have value and action
+set and in same time, its upper action(s) have no or wildcard namespace.
+
+ 22 August 2018 - Struts 2.5.17 General Availability {#a20180822-1}
+
+The Apache Struts group is pleased to announce that Struts 2.5.17 is available 
as a "General Availability"
+release. The GA designation is our highest quality grade.
+
+In addition to critical overall proactive security improvements, this release 
addresses one potential security vulnerability:
+
+- Possible Remote Code Execution when using results with no namespace and in 
same time, its upper action(s) have no or 
+wildcard namespace. Same possibility when using url tag which doesn’t have 
value and action set. - [S2-057]({{ site.wiki_url }}/S2-057)
+
+Apache Struts 2 is an elegant, extensible framework for creating 
enterprise-ready Java web applications.
+The framework is designed to streamline the full development cycle, from 
building, to deploying,
+to maintaining applications over time.
+
+**All developers are strongly advised to perform this action.**
+
+The 2.5.x series of the Apache Struts framework has a minimum requirement of 
the following specification versions:
+Servlet API 2.4, JSP API 2.0, and Java 7.
+
+Should any issues arise with your use of any version of the Struts framework, 
please post your comments
+to the user list, and, if appropriate, file a tracking ticket.
+
+You can download this version from our [download](download.cgi#struts-ga) page.
+
+ 22 August 2018 - Struts 2.3.35 General Availability {#a20180822-2}
+
+The Apache Struts group is pleased to announce that Struts 2.3.35 is available 
as a "General Availability"
+release. The GA designation is our highest quality grade.
+
+In addition to critical overall proactive security improvements, this release 
addresses one potential security vulnerability:
+
+- Possible Remote Code Execution when using results with no namespace and in 
same time, its upper action(s) have no or 
+wildcard namespace. Same possibility when using url tag which doesn’t have 
value and action set. - [S2-057]({{ site.wiki_url }}/S2-057)
+
+Apache Struts 2 is an elegant, extensible framework for creating 
enterprise-ready Java web applications.
+The framework is designed to streamline the full development cycle, from 
building, to deploying,
+to maintaining applications over time.
+
+**All developers are strongly advised to perform this action.**
+
+The 2.3.x series of the Apache Struts framework has a minimum requirement of 
the following specification versions:
+Servlet API 2.4, JSP API 2.0, and Java 6.
+
+Should any is