This is fantastic news! And also shows how serious and thoughtful your work is. -- Pozdrawiam, Paweł Wielgus. tel: +48 604 603 546
2017-03-20 14:38 GMT+01:00 Lukasz Lenart <lukaszlen...@apache.org>: > The Apache Struts group is pleased to announce that the Apache Struts > 2 Secure Jakarta Multipart parser plugin and Apache Struts 2 Secure > Jakarta Stream Multipart parser plugin are available as a “General > Availability” release. The GA designation is our highest quality > grade. > > These releases address one critical security vulnerability: > > - Possible Remote Code Execution when performing file upload based on > Jakarta Multipart parser S2-045, S2-046 (CVE-2017-5638) > > http://struts.apache.org/docs/s2-045.html > http://struts.apache.org/docs/s2-046.html > > Those plugins were released to allow users running older versions of > the Apache Struts secure their applications in easy way. You don’t > have to migrate to the latest version (which is still preferable) but > by applying one of those plugins, your application won’t be vulnerable > anymore. > > It is a drop-in installation, just select a proper jar file and copy > it to WEB-INF/lib folder. Please read the README > (https://github.com/apache/struts-extras) for more details and > supported Apache Struts versions. > > All developers are strongly advised to perform this action. > > Should any issues arise with your use of any version of the Struts > framework, please post your comments to the user list, and, if > appropriate, file a tracking ticket. > > You can download those plugins from our download page. > http://struts.apache.org/download.cgi#struts-extras > > > Kind regards > -- > Łukasz > + 48 606 323 122 http://www.lenart.org.pl/ > > --------------------------------------------------------------------- > To unsubscribe, e-mail: user-unsubscr...@struts.apache.org > For additional commands, e-mail: user-h...@struts.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
