A follow on question. When would we expect 2.3 to become EOL?
Thx Mike On 14 September 2017 at 08:13, Lukasz Lenart <lukaszlen...@apache.org> wrote: > 2017-09-13 18:57 GMT+02:00 Lehmer, Jason <jason.leh...@capella.edu>: > > In cases where the Struts community is notified or discovers a security > vulnerability in a supported version, does the evaluation process include > identifying unsupported versions that may be impacted as well? I realize > the recommendation will likely be to upgrade to a supported version but I > just wanted to confirm that even EOL versions are taken into account when > identifying potential impacts. > > We support two lines now: > - 2.3.x where you can expect only security fixes and small > improvements (mostly incorporated from the main line) > - 2.5.x our main line, with security fixes and new features > > When verifying a vulnerability report we try to investigate which > versions are affected down the line but we omit EOLed versions (in > this case Struts 1). > > > Regards > -- > Ćukasz > + 48 606 323 122 http://www.lenart.org.pl/ > > --------------------------------------------------------------------- > To unsubscribe, e-mail: user-unsubscr...@struts.apache.org > For additional commands, e-mail: user-h...@struts.apache.org > >