[ANN] Apache Struts 2.3.29 General Availability with Security Fixes Release

2016-06-17 Thread Lukasz Lenart
The Apache Struts group is pleased to announce that Struts 2.3.29 is available as a “General Availability” release. The GA designation is our highest quality grade. Apache Struts 2 is an elegant, extensible framework for creating enterprise-ready Java web applications. The framework is designed

[ANN] Struts 2.5.1 General Availability

2016-06-17 Thread Lukasz Lenart
The Apache Struts group is pleased to announce that Struts 2.5.1 is available as a “General Availability” release. The GA designation is our highest quality grade. Apache Struts 2 is an elegant, extensible framework for creating enterprise-ready Java web applications. The framework is designed to

[ANN] Struts 2.5-BETA3 Beta release available

2016-01-27 Thread Lukasz Lenart
The Apache Struts group is pleased to announce that Struts 2.5-BETA3 is available as a "Beta" release. The Beta designation indicates that we believe the distribution needs wider testing before being upgraded to a "General Availability" release. Your input is essential. Apache Struts 2 is an

[ANN] Apache Struts 2.3.28 GA

2016-03-22 Thread Lukasz Lenart
The Apache Struts group is pleased to announce that Struts 2.3.28 is available as a “General Availability” release. The GA designation is our highest quality grade. Apache Struts 2 is an elegant, extensible framework for creating enterprise-ready Java web applications. The framework is designed

[ANN] Apache Struts 2.3.28.1 GA

2016-04-21 Thread Lukasz Lenart
The Apache Struts group is pleased to announce that Struts 2.3.28.1 is available as a “General Availability” release. The GA designation is our highest quality grade. Apache Struts 2 is an elegant, extensible framework for creating enterprise-ready Java web applications. The framework is designed

[ANN] Apache Struts 2.3.20.3 GA & Apache Struts 2.3.24.3 GA

2016-04-21 Thread Lukasz Lenart
The Apache Struts group is pleased to announce that Struts 2.3.20.3 and Struts 2.3.24.3 are available as a “General Availability” release. The GA designation is our highest quality grade. Apache Struts 2 is an elegant, extensible framework for creating enterprise-ready Java web applications. The

[ANN] Apache Struts 2.5.2 GA

2016-07-15 Thread Lukasz Lenart
The Apache Struts group is pleased to announce that Struts 2.5.2 is available as a “General Availability” release. The GA designation is our highest quality grade. Apache Struts 2 is an elegant, extensible framework for creating enterprise-ready Java web applications. The framework is designed to

[ANN] Apache Struts 2.3.30 GA

2016-07-15 Thread Lukasz Lenart
The Apache Struts group is pleased to announce that Struts 2.3.30 is available as a “General Availability” release. The GA designation is our highest quality grade. Apache Struts 2 is an elegant, extensible framework for creating enterprise-ready Java web applications. The framework is designed

[ANN] Apache Struts 2.5.10 GA

2017-02-03 Thread Lukasz Lenart
The Apache Struts group is pleased to announce that Struts 2.5.10 is available as a “General Availability” release. The GA designation is our highest quality grade. Apache Struts 2 is an elegant, extensible framework for creating enterprise-ready Java web applications. The framework is designed to

[ANN] Apache Struts 2.5.5 GA

2016-10-21 Thread Lukasz Lenart
The Apache Struts group is pleased to announce that Struts 2.5.5 is available as a “General Availability” release. The GA designation is our highest quality grade. Apache Struts 2 is an elegant, extensible framework for creating enterprise-ready Java web applications. The framework is designed to

[ANN] Apache Struts 2.3.31 General Availability with Security Fixes Release

2016-10-18 Thread Lukasz Lenart
The Apache Struts group is pleased to announce that Struts 2.3.31 is available as a “General Availability” release. The GA designation is our highest quality grade. Apache Struts 2 is an elegant, extensible framework for creating enterprise-ready Java web applications. The framework is designed

[ANN] [SECURITY] Struts Extras secure Multipart plugins GA - versions 1.1

2017-03-23 Thread Lukasz Lenart
The Apache Struts group is pleased to announce that the Apache Struts 2 Secure Jakarta Multipart parser plugin 1.1 and Apache Struts 2 Secure Jakarta Stream Multipart parser plugin 1.1 are available as a “General Availability” release. The GA designation is our highest quality grade. These

[ANN] [SECURITY] Struts Extras secure Multipart plugins GA

2017-03-20 Thread Lukasz Lenart
The Apache Struts group is pleased to announce that the Apache Struts 2 Secure Jakarta Multipart parser plugin and Apache Struts 2 Secure Jakarta Stream Multipart parser plugin are available as a “General Availability” release. The GA designation is our highest quality grade. These releases

[ANN] Apache Struts 2.3.32 GA with Security Fixe Release

2017-03-10 Thread Lukasz Lenart
The Apache Struts group is pleased to announce that Struts 2.3.32 is available as a “General Availability” release. The GA designation is our highest quality grade. This release addresses one potential security vulnerability: - Possible Remote Code Execution when performing file upload based on

[ANN] Apache Struts 2.5.10.1 GA with Security Fixe Release

2017-03-08 Thread Lukasz Lenart
The Apache Struts group is pleased to announce that Struts 2.5.10.1 is available as a “General Availability” release. The GA designation is our highest quality grade. This release addresses one potential security vulnerability: - Possible Remote Code Execution when performing file upload based on

[ANN] Apache Struts: S2-049 Security Bulletin update

2017-08-10 Thread Lukasz Lenart
This is an update of the recently announced Security Bulletin S2-049 - http://struts.apache.org/docs/s2-049.html The bulletin was extended with an additional information when the potential vulnerability can be present in your application. Please re-read the mentioned bulletin and apply required

[ANN] Apache Struts 2: possible RCE in the Struts Showcase app in the Struts 1 plugin example in the Struts 2.3.x series

2017-07-07 Thread Lukasz Lenart
A potential security vulnerability was reported in the Struts 1 plugin used in the Struts 2.3.x series. It is possible to perform a Remote Code Execution attack if given construction exists in the vulnerable application. Please read the security bulletin for more details and inspect your

[ANN] Apache Struts 2.5.12 GA with Security Fixes Release

2017-07-13 Thread Lukasz Lenart
The Apache Struts group is pleased to announce that Struts 2.5.12 is available as a “General Availability” release. The GA designation is our highest quality grade. Apache Struts 2 is an elegant, extensible framework for creating enterprise-ready Java web applications. The framework is designed

[ANN] Apache Struts 2.3.34 General Availability with Security Fixes Release

2017-09-07 Thread Lukasz Lenart
The Apache Struts group is pleased to announce that Struts 2.3.34 is available as a “General Availability” release. The GA designation is our highest quality grade. This release addresses these potential security vulnerabilities: - S2-050 A regular expression Denial of Service when using

[ANN] Apache Struts 2.5.13 GA with Security Fixes Release

2017-09-05 Thread Lukasz Lenart
The Apache Struts group is pleased to announce that Struts 2.5.13 is available as a “General Availability” release. The GA designation is our highest quality grade. Apache Struts 2 is an elegant, extensible framework for creating enterprise-ready Java web applications. The framework is designed

Re: [ANN] Apache Struts 2.5.13 GA with Security Fixes Release

2017-09-05 Thread Lukasz Lenart
2017-09-05 15:17 GMT+02:00 Lukasz Lenart <lukaszlen...@apache.org>: > - S2-052 Possible Remote Code Execution attack when using the Struts REST > plugin with XStream handler to handle XML payloads > http://struts.apache.org/docs/s2-050.html It's supposed to be http://struts.

[ANN] Apache Struts 2.5.14 GA

2017-11-27 Thread Lukasz Lenart
The Apache Struts group is pleased to announce that Struts 2.5.14 is available as a “General Availability” release. The GA designation is our highest quality grade. Apache Struts 2 is an elegant, extensible framework for creating enterprise-ready Java web applications. The framework is designed

[ANN] Apache Struts 2.5.14.1 GA with Security Fixes Release

2017-12-01 Thread Lukasz Lenart
The Apache Struts group is pleased to announce that Struts 2.5.14.1 is available as a “General Availability” release. The GA designation is our highest quality grade. Apache Struts 2 is an elegant, extensible framework for creating enterprise-ready Java web applications. The framework is designed

[ANN] [APACHE STRUTS] Security Bulletin S2-055: impact increased to High (related to CVE-2017-7525 - JSON Jackson library)

2017-12-11 Thread Lukasz Lenart
Hi, After further clarification we increased impact of a vulnerability reported to us and described as S2-055 to High. The vulnerability exists in a JSON Jackson library and it's registered under CVE-2017-7525. Please read the bulletin [1] and apply possible solutions. This vulnerability impacts

[ANN] New version of the Apache Struts Maven Archetypes

2018-02-06 Thread Lukasz Lenart
The Apache Struts group is pleased to announce that the Apache Struts Maven Archetypes are available as a “General Availability” release. The GA designation is our highest quality grade. The Apache Struts 2 is an elegant, extensible framework for creating enterprise-ready Java web applications.

[ANN] A crafted XML request can be used to perform a DoS attack when using the Struts REST plugin

2018-03-27 Thread Lukasz Lenart
The Apache Security Struts Team recommends to immediately upgrade your Struts 2 based projects to use the latest released version of the Apache Struts. This is necessary to prevent your publicly accessible web site, which is using the Struts REST plugin and performing XML serialisation, from being

[ANN] Immediately upgrade commons-fileupload to version 1.3.3

2018-03-27 Thread Lukasz Lenart
The Apache Struts Team recommends to immediately upgrade your Struts 2 based projects to use the latest released version of Commons FileUpload library, which is currently 1.3.3. This is necessary to prevent your publicly accessible web site from being exposed to possible Remote Code Execution

[ANN] Apache Struts 2.5.16 GA

2018-03-16 Thread Lukasz Lenart
The Apache Struts group is pleased to announce that Struts 2.5.16 is available as a “General Availability” release. The GA designation is our highest quality grade. Apache Struts 2 is an elegant, extensible framework for creating enterprise-ready Java web applications. The framework is designed

[ANN] Apache Struts 2.5.18 GA

2018-10-15 Thread Lukasz Lenart
The Apache Struts group is pleased to announce that Struts 2.5.18 is available as a “General Availability” release. The GA designation is our highest quality grade. Apache Struts 2 is an elegant, extensible framework for creating enterprise-ready Java web applications. The framework is designed

[ANN] [SECURITY] Immediately upgrade commons-fileupload to version 1.3.3 when running Struts 2.3.36 or prior

2018-11-05 Thread Lukasz Lenart
The Apache Struts Team recommends to immediately upgrade your Struts 2.3.36 based projects to use the latest released version of Commons FileUpload library, which is currently 1.3.3. This is necessary to prevent your publicly accessible web site from being exposed to possible Remote Code Execution

[ANN] Apache Struts 2.3.x End-Of-Life (EOL) Announcement

2018-11-14 Thread Lukasz Lenart
The Apache Struts Project Team would like to inform you that the Struts 2.3.x web framework will reach its end of life in 6 months and won’t be longer officially supported. https://struts.apache.org/announce#a20181114 This announcement takes place on 2018-11-14 and starting from that date we

[ANN] [SECURITY] Immediately upgrade commons-fileupload to version 1.3.1 when running Struts 2.3.36

2018-11-04 Thread Lukasz Lenart
The Apache Struts Team recommends to immediately upgrade your Struts 2.3.36 based projects to use the latest released version of Commons FileUpload library, which is currently 1.3.1. This is necessary to prevent your publicly accessible web site from being exposed to possible DoS attacks [1] [2].

Re: [ANN] [SECURITY] Immediately upgrade commons-fileupload to version 1.3.1 when running Struts 2.3.36

2018-11-04 Thread Lukasz Lenart
I meant commons-fileupload version 1.3.3, sorry for that. Kind regards -- Łukasz + 48 606 323 122 http://www.lenart.org.pl/ niedz., 4 lis 2018 o 10:30 Lukasz Lenart napisał(a): > > The Apache Struts Team recommends to immediately upgrade your Struts 2.3.36 > based projects to use t

[ANN] Extended list of Struts version affected by CVE-2018-11776 - RCE when using alwaysSelectFullNamespace

2018-09-24 Thread Lukasz Lenart
Hello, We received an additional information about possible affected versions of Struts. Please read the bulletin [1] to find more details about the vulnerability and upgrade to the latest version of Struts if you are running one of those versions: - Struts 2.0.4 - Struts 2.3.34 - Struts 2.5.0 -