Re: [VOTE] Struts 2.3.26

2016-03-19 Thread Lukasz Lenart 
2016-03-16 18:05 GMT+01:00 Lukasz Lenart :
> [ ] Leave at test build
> [ ] Alpha
> [ ] Beta
> [X] General Availability (GA)

+1 (binding)


Regards
-- 
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/

-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org

Re: [VOTE] Struts 2.3.26

2016-03-19 Thread Christoph Nenning 
>The Apache Struts 2.3.26 test build is now available. 

[ ] Leave at test build
[ ] Alpha
[ ] Beta
[X] General Availability (GA)
 
+1, binding



Regards,
Christoph

This Email was scanned by Sophos Anti Virus

Re: [VOTE] Struts 2.3.26

2016-03-19 Thread Greg Huber 
[ ] Leave at test build
[ ] Alpha
[ ] Beta
[x] General Availability (GA)

+1 binding

Thanks.

On 16 March 2016 at 17:05, Lukasz Lenart  wrote:

> The Apache Struts 2.3.26 test build is now available. With this release:
> - Possible XSS vulnerability in pages not using UTF-8 was fixed, read
> more details in S2-028
> - Prevents possible RCE when reusing user input in tag's attributes,
> see more details in S2-029
> - I18NInterceptor narrows selected locale to those available in JVM to
> reduce possibility of another XSS vulnerability, see more details in
> S2-030
> - New Configurationprovider type was introduced -
> ServletContextAwareConfigurationProvider, see WW-4410
> - Setting status code in HttpHeaders isn't ignored anymore, see WW-4545
> - Spring BeanPostProcessor(s) are called only once to constructed
> objects., see WW-4554
> - OGNL was upgraded to version 3.0.13, see WW-4562
> - Tiles 2 Plugin was upgraded to latest available Tiles 2 version, see
> WW-4568
> - A dedicated assembly with minimal set of jars was defined, see WW-4570
> - Struts2 Rest plugin properly handles JSESSIONID with DMI, see WW-4585
> - Improved the Struts2 Rest plugin to honor Accept header, see WW-4588
> - MessageStoreInterceptor was refactored to use PreResultListener to
> store messages, see WW-4605
> - A new annotation was added to support configuring Tiles -
> @TilesDefinition, see WW-4606
>
> and few other small improvements, please see the release notes
>
> Security note:
> This release fixes three potential security vulnerabilities as
> mentioned in the Version Notes
>
> Release notes:
> * https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.3.26
>
> Distribution:
> * https://dist.apache.org/repos/dist/dev/struts/2.3.26/
>
> Maven 2 staging repository:
> * https://repository.apache.org/content/repositories/staging/
>
> Once you have had a chance to review the test build, please respond
> with a vote on its quality:
>
> [ ] Leave at test build
> [ ] Alpha
> [ ] Beta
> [ ] General Availability (GA)
>
> Everyone who has tested the build is invited to vote. Votes by PMC
> members are considered binding. A vote passes if there are at least
> three binding +1s and more +1s than -1s.
>
> The vote will remain open for at least 72 hours, longer upon request.
> A vote can be amended at any time to upgrade or downgrade the quality
> of the release based on future experience. If an initial vote
> designates the build as "Beta", the release will be submitted for
> mirroring and announced to the user list. Once released as a public
> beta, subsequent quality votes on a build may be held on the user
> list.
>
> As always, the act of voting carries certain obligations. A binding
> vote not only states an opinion, but means that the voter is agreeing
> to help do the work.
>
>
> Kind regards
> --
> Łukasz
> + 48 606 323 122 http://www.lenart.org.pl/
>
> PS. I will close the vote sooner if there be at least 3x +1 binding votes
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
> For additional commands, e-mail: dev-h...@struts.apache.org
>
>

[CANCELED ]Re: [VOTE] Struts 2.3.26

2016-03-19 Thread Lukasz Lenart 
New call for vote will start soon

2016-03-16 18:05 GMT+01:00 Lukasz Lenart :
> The Apache Struts 2.3.26 test build is now available. With this release:
> - Possible XSS vulnerability in pages not using UTF-8 was fixed, read
> more details in S2-028
> - Prevents possible RCE when reusing user input in tag's attributes,
> see more details in S2-029
> - I18NInterceptor narrows selected locale to those available in JVM to
> reduce possibility of another XSS vulnerability, see more details in
> S2-030
> - New Configurationprovider type was introduced -
> ServletContextAwareConfigurationProvider, see WW-4410
> - Setting status code in HttpHeaders isn't ignored anymore, see WW-4545
> - Spring BeanPostProcessor(s) are called only once to constructed
> objects., see WW-4554
> - OGNL was upgraded to version 3.0.13, see WW-4562
> - Tiles 2 Plugin was upgraded to latest available Tiles 2 version, see WW-4568
> - A dedicated assembly with minimal set of jars was defined, see WW-4570
> - Struts2 Rest plugin properly handles JSESSIONID with DMI, see WW-4585
> - Improved the Struts2 Rest plugin to honor Accept header, see WW-4588
> - MessageStoreInterceptor was refactored to use PreResultListener to
> store messages, see WW-4605
> - A new annotation was added to support configuring Tiles -
> @TilesDefinition, see WW-4606
>
> and few other small improvements, please see the release notes
>
> Security note:
> This release fixes three potential security vulnerabilities as
> mentioned in the Version Notes
>
> Release notes:
> * https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.3.26
>
> Distribution:
> * https://dist.apache.org/repos/dist/dev/struts/2.3.26/
>
> Maven 2 staging repository:
> * https://repository.apache.org/content/repositories/staging/
>
> Once you have had a chance to review the test build, please respond
> with a vote on its quality:
>
> [ ] Leave at test build
> [ ] Alpha
> [ ] Beta
> [ ] General Availability (GA)
>
> Everyone who has tested the build is invited to vote. Votes by PMC
> members are considered binding. A vote passes if there are at least
> three binding +1s and more +1s than -1s.
>
> The vote will remain open for at least 72 hours, longer upon request.
> A vote can be amended at any time to upgrade or downgrade the quality
> of the release based on future experience. If an initial vote
> designates the build as "Beta", the release will be submitted for
> mirroring and announced to the user list. Once released as a public
> beta, subsequent quality votes on a build may be held on the user
> list.
>
> As always, the act of voting carries certain obligations. A binding
> vote not only states an opinion, but means that the voter is agreeing
> to help do the work.
>
>
> Kind regards
> --
> Łukasz
> + 48 606 323 122 http://www.lenart.org.pl/
>
> PS. I will close the vote sooner if there be at least 3x +1 binding votes

-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org

Re: [VOTE] Struts 2.3.26

2016-03-19 Thread Lukasz Lenart 
2016-03-17 9:58 GMT+01:00 Greg Huber :
> From page
>
> https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.3.26
>
> These cannot be read as it wants a login?

Greg
I've added your username - ghuber - to struts-committers group in
Confluence so you should be able to access those pages.


Regards
-- 
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/

-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org

Re: [VOTE] Struts 2.3.26

2016-03-19 Thread Aleksandr Mashchenko 

+1 not binding

[ ] Leave at test build
[ ] Alpha
[ ] Beta
[X] General Availability (GA)

---
Regards,
Aleksandr

-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org

Re: [VOTE] Struts 2.3.26

2016-03-19 Thread Greg Huber 
>From page

https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.3.26

These cannot be read as it wants a login?

S2-029

and S2-030


On 16 March 2016 at 17:05, Lukasz Lenart  wrote:

> The Apache Struts 2.3.26 test build is now available. With this release:
> - Possible XSS vulnerability in pages not using UTF-8 was fixed, read
> more details in S2-028
> - Prevents possible RCE when reusing user input in tag's attributes,
> see more details in S2-029
> - I18NInterceptor narrows selected locale to those available in JVM to
> reduce possibility of another XSS vulnerability, see more details in
> S2-030
> - New Configurationprovider type was introduced -
> ServletContextAwareConfigurationProvider, see WW-4410
> - Setting status code in HttpHeaders isn't ignored anymore, see WW-4545
> - Spring BeanPostProcessor(s) are called only once to constructed
> objects., see WW-4554
> - OGNL was upgraded to version 3.0.13, see WW-4562
> - Tiles 2 Plugin was upgraded to latest available Tiles 2 version, see
> WW-4568
> - A dedicated assembly with minimal set of jars was defined, see WW-4570
> - Struts2 Rest plugin properly handles JSESSIONID with DMI, see WW-4585
> - Improved the Struts2 Rest plugin to honor Accept header, see WW-4588
> - MessageStoreInterceptor was refactored to use PreResultListener to
> store messages, see WW-4605
> - A new annotation was added to support configuring Tiles -
> @TilesDefinition, see WW-4606
>
> and few other small improvements, please see the release notes
>
> Security note:
> This release fixes three potential security vulnerabilities as
> mentioned in the Version Notes
>
> Release notes:
> * https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.3.26
>
> Distribution:
> * https://dist.apache.org/repos/dist/dev/struts/2.3.26/
>
> Maven 2 staging repository:
> * https://repository.apache.org/content/repositories/staging/
>
> Once you have had a chance to review the test build, please respond
> with a vote on its quality:
>
> [ ] Leave at test build
> [ ] Alpha
> [ ] Beta
> [ ] General Availability (GA)
>
> Everyone who has tested the build is invited to vote. Votes by PMC
> members are considered binding. A vote passes if there are at least
> three binding +1s and more +1s than -1s.
>
> The vote will remain open for at least 72 hours, longer upon request.
> A vote can be amended at any time to upgrade or downgrade the quality
> of the release based on future experience. If an initial vote
> designates the build as "Beta", the release will be submitted for
> mirroring and announced to the user list. Once released as a public
> beta, subsequent quality votes on a build may be held on the user
> list.
>
> As always, the act of voting carries certain obligations. A binding
> vote not only states an opinion, but means that the voter is agreeing
> to help do the work.
>
>
> Kind regards
> --
> Łukasz
> + 48 606 323 122 http://www.lenart.org.pl/
>
> PS. I will close the vote sooner if there be at least 3x +1 binding votes
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
> For additional commands, e-mail: dev-h...@struts.apache.org
>
>

Re: [VOTE] Struts 2.3.26

2016-03-19 Thread Johannes Geppert 
> [ ] Leave at test build
> [ ] Alpha
> [ ] Beta
> [X] General Availability (GA)

+1 (binding)

Best Regards

Johannes

#
web: http://www.jgeppert.com
twitter: http://twitter.com/jogep


2016-03-17 18:28 GMT+01:00 Lukasz Lenart :

> 2016-03-16 18:05 GMT+01:00 Lukasz Lenart :
> > [ ] Leave at test build
> > [ ] Alpha
> > [ ] Beta
> > [X] General Availability (GA)
>
> +1 (binding)
>
>
> Regards
> --
> Łukasz
> + 48 606 323 122 http://www.lenart.org.pl/
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
> For additional commands, e-mail: dev-h...@struts.apache.org
>
>