The Apache Struts group is pleased to announce that Apache Struts
version 6.4.0 is available as a “General Availability” release. The GA
designation is our highest quality grade.
The Apache Struts is an elegant, extensible framework for creating
enterprise-ready Java web applications. The
Severity: moderate
Affected versions:
- Apache Struts 2.0.0 through 2.5.31
- Apache Struts 6.1.2.1 through 6.3.0
Description:
When a Multipart request is performed but some of the fields exceed the
maxStringLength limit, the upload files will remain in
struts.multipart.saveDir even if the
The Apache Struts group is pleased to announce that Apache Struts
versions 6.3.0.2 & 2.5.33 are available as “General Availability”
releases. The GA designation is our highest quality grade.
The Apache Struts is an elegant, extensible framework for creating
enterprise-ready Java web applications.
Severity: critical
Affected versions:
- Apache Struts 2.0.0 through 2.5.32
- Apache Struts 6.0.0 through 6.3.0.1
Description:
An attacker can manipulate file upload params to enable paths traversal and
under some circumstances this can lead to uploading a malicious file which can
be used to
The Apache Struts Project Team would like to inform you that the
Struts 2.5.x web framework will reach its end of life in 6 months and
won’t be officially supported.
Please check the following reading to find more details.
https://struts.apache.org/struts25-eol-announcement
Apache Struts 2.5.x
The Apache Struts group is pleased to announce that Apache Struts
versions 6.3.0.1, 6.1.2.2 & 2.5.32 are available as “General
Availability” releases. The GA designation is our highest quality
grade.
The Apache Struts is an elegant, extensible framework for creating
enterprise-ready Java web
The Apache Struts group is pleased to announce that Apache Struts
version 6.3.0 is available as a “General Availability” release. The GA
designation is our highest quality grade.
The Apache Struts is an elegant, extensible framework for creating
enterprise-ready Java web applications. The
The Apache Struts group is pleased to announce that Apache Struts
6.2.0 is available as a “General Availability” release. The GA
designation is our highest quality grade.
https://struts.apache.org/announce-2023#a20230710
Below is a full list of all changes.
Bug
WW-4434 - datetextfield.ftl is
The Apache Struts group is pleased to announce that Apache Struts
version 6.1.2.1 is available as a “General Availability” release. The
GA designation is our highest quality grade.
The Apache Struts is an elegant, extensible framework for creating
enterprise-ready Java web applications. The
The Apache Struts group is pleased to announce that Apache Struts
version 2.5.31 is available as a “General Availability” release. The
GA designation is our highest quality grade.
The Apache Struts is an elegant, extensible framework for creating
enterprise-ready Java web applications. The
The Apache Struts group is pleased to announce that Apache Struts
6.1.2 is available as a “General Availability” release. The GA
designation is our highest quality grade.
https://struts.apache.org/announce-2023#a20230310
Below is a full list of all changes.
Improvement
WW-5285 - Upgrade
The Apache Struts group is pleased to announce that Apache Struts
6.1.1 is available as a “General Availability” release. The GA
designation is our highest quality grade.
https://struts.apache.org/announce-2022#a20221128
Below is a full list of all changes.
Bug
WW-3529 -
Please ignore this announcement, it contains a wrong set of addressed
issues. I will prepare a new one with a proper set of addressed
tickets.
Sorry for inconvenience
--
Łukasz
pon., 28 lis 2022 o 15:33 Lukasz Lenart napisał(a):
>
> The Apache Struts group is pleased to announce that
The Apache Struts group is pleased to announce that Apache Struts
6.1.1 is available as a “General Availability” release. The GA
designation is our highest quality grade.
https://struts.apache.org/announce-2022#a20220915
Below is a full list of all changes.
Bug
WW-5185 - TilesDefinition is not
The Apache Struts group is pleased to announce that Apache Struts
6.0.3 is available as a “General Availability” release. The GA
designation is our highest quality grade.
https://struts.apache.org/announce-2022#a20220915
Below is a full list of all changes.
Bug:
WW-5185 - TilesDefinition is not
The Apache Struts group is pleased to announce that Apache Struts 2
ver. 6.0.0 is available as a "General Availability"
release. The GA designation is our highest quality grade.
**Version change**
You may be surprised by the version change, previously we have been
using Struts 2.5.x versioning
The Apache Struts group is pleased to announce that Struts 2.5.30 is
available as a “General Availability” release. The GA designation is
our highest quality grade.
https://struts.apache.org/announce-2022#a20220404
Apache Struts 2 is an elegant, extensible framework for creating
enterprise-ready
The Apache Struts group is pleased to announce that Struts 2.5.29 is
available as a “General Availability” release. The GA designation is
our highest quality grade.
https://struts.apache.org/announce-2022#a20220122
Apache Struts 2 is an elegant, extensible framework for creating
enterprise-ready
The Apache Struts group is pleased to announce that Struts 2.5.28.3 is
available as a “General Availability” release. The GA designation is
our highest quality grade.
https://struts.apache.org/announce-2022#a20220102
This release addresses the Log4j vulnerability CVE-2021-44832 by using
the
The Apache Struts group is pleased to announce that Struts 2.5.28.2 is
available as a “General Availability” release. The GA designation is
our highest quality grade.
https://struts.apache.org/announce-2021.html#a20211223
This release addresses the Log4j vulnerability CVE-2021-45105 by using
the
The Apache Struts group is pleased to announce that Struts 2.5.28.1 is
available as a “General Availability” release. The GA designation is
our highest quality grade.
https://struts.apache.org/announce-2021.html#a20211217
This release addresses the Log4j vulnerability CVE-2021-45046 by using
the
The Apache Struts group is pleased to announce that Struts 2.5.28 is
available as a “General Availability” release. The GA designation is
our highest quality grade.
https://struts.apache.org/announce-2021.html#a20211212
Apache Struts 2 is an elegant, extensible framework for creating
The Apache Struts group is pleased to announce that Struts 2.5.27 is
available as a “General Availability” release. The GA designation is
our highest quality grade.
https://struts.apache.org/announce-2021.html#a2026
Apache Struts 2 is an elegant, extensible framework for creating
The Apache Struts Security team would like to announce that forced
OGNL evaluation, when evaluated on raw user input in tag attributes,
may lead to remote code execution.
Affected products
Apache Struts 2.0.0 - 2.5.25
Problem
Some of the tag's attributes could perform a double evaluation if a
The Apache Struts group is pleased to announce that Struts 2.5.26 is
available as a “General Availability” release. The GA designation is
our highest quality grade.
https://struts.apache.org/announce.html#a20201206
Apache Struts 2 is an elegant, extensible framework for creating
enterprise-ready
The Apache Struts group is pleased to announce that Struts 2.5.25 is
available as a “General Availability” release. The GA designation is
our highest quality grade.
https://struts.apache.org/announce.html#a20200928
Apache Struts 2 is an elegant, extensible framework for creating
enterprise-ready
The Apache Struts group is pleased to announce that Struts 2.5.22 is
available as a “General Availability” release. The GA designation is
our highest quality grade.
https://struts.apache.org/announce.html#a20191129
Apache Struts 2 is an elegant, extensible framework for creating
enterprise-ready
As announced over 6 months ago, Apache Struts 2.3.x web framework
series reached its end of life and won’t be longer officially
supported. Please check the following reading to find more details:
https://struts.apache.org/struts23-eol-announcement
https://struts.apache.org/announce#a20190912
The Apache Struts group is pleased to announce that Struts 2.3.37 is
available as a “General Availability” release. The GA designation is
our highest quality grade.
Apache Struts 2 is an elegant, extensible framework for creating
enterprise-ready Java web applications. The framework is designed
The Apache Struts group is pleased to announce that Struts 2.5.20 is
available as a “General Availability” release. The GA designation is
our highest quality grade.
Apache Struts 2 is an elegant, extensible framework for creating
enterprise-ready Java web applications. The framework is designed
The Apache Struts Project Team would like to inform you that the
Struts 2.3.x web framework will reach its end of life in 6 months and
won’t be longer officially supported.
https://struts.apache.org/announce#a20181114
This announcement takes place on 2018-11-14 and starting from that
date we
The Apache Struts Team recommends to immediately upgrade your Struts
2.3.36 based projects to use the latest released version of Commons
FileUpload library, which is currently 1.3.3. This is necessary to
prevent your publicly accessible web site from being exposed to
possible Remote Code Execution
I meant commons-fileupload version 1.3.3, sorry for that.
Kind regards
--
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/
niedz., 4 lis 2018 o 10:30 Lukasz Lenart napisał(a):
>
> The Apache Struts Team recommends to immediately upgrade your Struts 2.3.36
> based projects to use t
The Apache Struts Team recommends to immediately upgrade your Struts 2.3.36
based projects to use the latest released version of Commons
FileUpload library, which is currently 1.3.1. This is necessary to
prevent your publicly accessible web site from being exposed to
possible DoS attacks [1] [2].
The Apache Struts group is pleased to announce that Struts 2.5.18 is
available as a “General Availability” release. The GA designation is
our highest quality grade.
Apache Struts 2 is an elegant, extensible framework for creating
enterprise-ready Java web applications. The framework is designed
Hello,
We received an additional information about possible affected versions
of Struts. Please read the bulletin [1] to find more details about the
vulnerability and upgrade to the latest version of Struts if you are
running one of those versions:
- Struts 2.0.4 - Struts 2.3.34
- Struts 2.5.0 -
The Apache Security Struts Team recommends to immediately upgrade your
Struts 2 based projects to use the latest released version of the
Apache Struts. This is necessary to prevent your publicly accessible
web site, which is using the Struts REST plugin and performing XML
serialisation, from being
The Apache Struts Team recommends to immediately upgrade your Struts 2
based projects to use the latest released version of Commons
FileUpload library, which is currently 1.3.3. This is necessary to
prevent your publicly accessible web site from being exposed to
possible Remote Code Execution
The Apache Struts group is pleased to announce that Struts 2.5.16 is
available as a “General Availability” release. The GA designation is
our highest quality grade.
Apache Struts 2 is an elegant, extensible framework for creating
enterprise-ready Java web applications. The framework is designed
The Apache Struts group is pleased to announce that the Apache Struts
Maven Archetypes are available as a “General Availability” release.
The GA designation is our highest quality grade.
The Apache Struts 2 is an elegant, extensible framework for creating
enterprise-ready Java web applications.
Hi,
After further clarification we increased impact of a vulnerability
reported to us and described as S2-055 to High. The vulnerability
exists in a JSON Jackson library and it's registered under
CVE-2017-7525. Please read the bulletin [1] and apply possible
solutions. This vulnerability impacts
The Apache Struts group is pleased to announce that Struts 2.5.14.1 is
available as a “General Availability” release. The GA designation is
our highest quality grade.
Apache Struts 2 is an elegant, extensible framework for creating
enterprise-ready Java web applications. The framework is designed
The Apache Struts group is pleased to announce that Struts 2.5.14 is
available as a “General Availability” release. The GA designation is
our highest quality grade.
Apache Struts 2 is an elegant, extensible framework for creating
enterprise-ready Java web applications. The framework is designed
The Apache Struts group is pleased to announce that Struts 2.3.34 is
available as a “General Availability” release. The GA designation is
our highest quality grade.
This release addresses these potential security vulnerabilities:
- S2-050 A regular expression Denial of Service when using
2017-09-05 15:17 GMT+02:00 Lukasz Lenart <lukaszlen...@apache.org>:
> - S2-052 Possible Remote Code Execution attack when using the Struts REST
> plugin with XStream handler to handle XML payloads
> http://struts.apache.org/docs/s2-050.html
It's supposed to be http://struts.
The Apache Struts group is pleased to announce that Struts 2.5.13 is
available as a “General Availability” release. The GA designation is
our highest quality grade.
Apache Struts 2 is an elegant, extensible framework for creating
enterprise-ready Java web applications. The framework is designed
This is an update of the recently announced Security Bulletin S2-049 -
http://struts.apache.org/docs/s2-049.html
The bulletin was extended with an additional information when the
potential vulnerability can be present in your application. Please
re-read the mentioned bulletin and apply required
The Apache Struts group is pleased to announce that Struts 2.5.12 is
available as a “General Availability” release. The GA designation is
our highest quality grade.
Apache Struts 2 is an elegant, extensible framework for creating
enterprise-ready Java web applications. The framework is designed
A potential security vulnerability was reported in the Struts 1 plugin
used in the Struts 2.3.x series. It is possible to perform a Remote
Code Execution attack if given construction exists in the vulnerable
application. Please read the security bulletin for more details and
inspect your
The Apache Struts group is pleased to announce that the Apache Struts
2 Secure Jakarta Multipart parser plugin 1.1 and Apache Struts 2
Secure Jakarta Stream Multipart parser plugin 1.1 are available as a
“General Availability” release. The GA designation is our highest
quality grade.
These
The Apache Struts group is pleased to announce that the Apache Struts
2 Secure Jakarta Multipart parser plugin and Apache Struts 2 Secure
Jakarta Stream Multipart parser plugin are available as a “General
Availability” release. The GA designation is our highest quality
grade.
These releases
The Apache Struts group is pleased to announce that Struts 2.3.32 is
available as a “General Availability” release. The GA designation is
our highest quality grade.
This release addresses one potential security vulnerability:
- Possible Remote Code Execution when performing file upload based on
The Apache Struts group is pleased to announce that Struts 2.5.10.1 is
available as a “General Availability” release. The GA designation is
our highest quality grade.
This release addresses one potential security vulnerability:
- Possible Remote Code Execution when performing file upload based on
The Apache Struts group is pleased to announce that Struts 2.5.10 is
available as a “General Availability” release. The GA designation is
our highest quality grade. Apache Struts 2 is an elegant, extensible
framework for creating enterprise-ready Java web applications. The
framework is designed to
The Apache Struts group is pleased to announce that Struts 2.5.5 is
available as a “General Availability” release. The GA designation is
our highest quality grade.
Apache Struts 2 is an elegant, extensible framework for creating
enterprise-ready Java web applications. The framework is designed to
The Apache Struts group is pleased to announce that Struts 2.3.31 is
available as a “General Availability” release. The GA designation is
our highest quality grade.
Apache Struts 2 is an elegant, extensible framework for creating
enterprise-ready Java web applications. The framework is designed
The Apache Struts group is pleased to announce that Struts 2.5.2 is
available as a “General Availability” release. The GA designation is
our highest quality grade.
Apache Struts 2 is an elegant, extensible framework for creating
enterprise-ready Java web applications. The framework is designed to
The Apache Struts group is pleased to announce that Struts 2.3.30 is
available as a “General Availability” release. The GA designation is
our highest quality grade.
Apache Struts 2 is an elegant, extensible framework for creating
enterprise-ready Java web applications. The framework is designed
The Apache Struts group is pleased to announce that Struts 2.5.1 is
available as a “General Availability” release. The GA designation is
our highest quality grade.
Apache Struts 2 is an elegant, extensible framework for creating
enterprise-ready Java web applications. The framework is designed to
The Apache Struts group is pleased to announce that Struts 2.3.29 is
available as a “General Availability” release. The GA designation is
our highest quality grade.
Apache Struts 2 is an elegant, extensible framework for creating
enterprise-ready Java web applications. The framework is designed
The Apache Struts group is pleased to announce that Struts 2.3.20.3
and Struts 2.3.24.3 are
available as a “General Availability” release. The GA designation is
our highest quality grade.
Apache Struts 2 is an elegant, extensible framework for creating
enterprise-ready Java web applications. The
The Apache Struts group is pleased to announce that Struts 2.3.28.1 is
available as a “General Availability” release. The GA designation is
our highest quality grade.
Apache Struts 2 is an elegant, extensible framework for creating
enterprise-ready Java web applications. The framework is designed
The Apache Struts group is pleased to announce that Struts 2.3.28 is
available as a “General Availability” release. The GA designation is
our highest quality grade.
Apache Struts 2 is an elegant, extensible framework for creating
enterprise-ready Java web applications. The framework is designed
The Apache Struts group is pleased to announce that Struts 2.5-BETA3
is available as a "Beta" release. The Beta designation indicates that
we believe the distribution needs wider testing before being upgraded
to a "General Availability" release. Your input is essential.
Apache Struts 2 is an
64 matches
Mail list logo