Hi, I have added a dedicated section with link Prior releases page http://struts.apache.org/download.html#prior-releases
Regards -- Łukasz + 48 606 323 122 http://www.lenart.org.pl/ 2016-04-21 17:04 GMT+02:00 Blasdel, Jerry <jerry.blas...@csra.com>: > I'm looking for the 2.3.24.3 download and I cannot find it. The link > http://struts.apache.org/docs/version-notes-23243.html takes me to the > 2.3.28.1 version. > > Any suggestions? > > Thanks, > > Jerry > ________________________________________ > From: Lukasz Lenart <lukaszlen...@apache.org> > Sent: Thursday, April 21, 2016 9:45 AM > To: Struts Users Mailing List; announceme...@struts.apache.org; > annou...@apache.org > Subject: [ANN] Apache Struts 2.3.20.3 GA & Apache Struts 2.3.24.3 GA > > The Apache Struts group is pleased to announce that Struts 2.3.20.3 > and Struts 2.3.24.3 are > available as a “General Availability” release. The GA designation is > our highest quality grade. > > Apache Struts 2 is an elegant, extensible framework for creating > enterprise-ready Java web applications. The framework is designed to > streamline the full development cycle, from building, to deploying, to > maintaining applications over time. > > These releases address three potential security vulnerabilities: > - S2-029 Forced double OGNL evaluation, when evaluated on raw user > input in tag attributes, may lead to remote code execution. > - S2-031 Possible RCE vulnerability in XSLTResult was fixed. > - S2-032 Prevents execution of chained expressions based on new > isSequence flag introduce in appropriated OGNL versions. > > All developers are strongly advised to perform this action. > > The 2.3.x series of the Apache Struts framework has a minimum > requirement of the following specification versions: Servlet API 2.4, > JSP API 2.0, and Java 6. > > Struts 2.3.20.3 & 2.3.24.3 are available in a full distribution, or as > separate > library, source, example and documentation distributions, from the > releases page > * http://struts.apache.org/download.cgi#struts23203 > * http://struts.apache.org/download.cgi#struts23243 > > The release is also available from the central Maven repository under > Group ID "org.apache.struts". > > The 2.3.20.3 & 2.3.24.3 versions of the Apache Struts framework have a minimum > requirement of the following specification versions: > * Java Servlet 2.4 and JavaServer Pages (JSP) 2.0 > * Java 2 Standard Platform Edition (J2SE) 6 > > The release notes are available online at: > * http://struts.apache.org/docs/version-notes-23203.html > * http://struts.apache.org/docs/version-notes-23243.html > > Should any issues arise with your use of any version of the Struts > framework, please post your comments to the user list, and, if > appropriate, file a tracking ticket.appropriate, file a tracking > ticket: > * https://issues.apache.org/jira/browse/WW > > > Regards > -- > Łukasz > + 48 606 323 122 http://www.lenart.org.pl/ > > This electronic message transmission contains information from CSRA that may > be attorney-client privileged, proprietary or confidential. The information > in this message is intended only for use by the individual(s) to whom it is > addressed. If you believe you have received this message in error, please > contact me immediately and be aware that any use, disclosure, copying or > distribution of the contents of this message is strictly prohibited. NOTE: > Regardless of content, this email shall not operate to bind CSRA to any order > or other contract unless pursuant to explicit written agreement or government > initiative expressly permitting the use of email for such purpose. --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
