Adds more detailed readme with explanation how to use the plugin
Project: http://git-wip-us.apache.org/repos/asf/struts-extras/repo Commit: http://git-wip-us.apache.org/repos/asf/struts-extras/commit/29f42319 Tree: http://git-wip-us.apache.org/repos/asf/struts-extras/tree/29f42319 Diff: http://git-wip-us.apache.org/repos/asf/struts-extras/diff/29f42319 Branch: refs/heads/master Commit: 29f423199d19f52aad8f4241a34eae418fff6667 Parents: 1cd42a6 Author: Lukasz Lenart <lukasz.len...@gmail.com> Authored: Sat Mar 18 14:54:58 2017 +0100 Committer: Lukasz Lenart <lukasz.len...@gmail.com> Committed: Sat Mar 18 14:54:58 2017 +0100 ---------------------------------------------------------------------- .../README.md | 30 ++++++++++++++++++++ 1 file changed, 30 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/struts-extras/blob/29f42319/struts2-secure-jakarta-stream-multipart-parser-plugin/README.md ---------------------------------------------------------------------- diff --git a/struts2-secure-jakarta-stream-multipart-parser-plugin/README.md b/struts2-secure-jakarta-stream-multipart-parser-plugin/README.md new file mode 100644 index 0000000..c37e0a8 --- /dev/null +++ b/struts2-secure-jakarta-stream-multipart-parser-plugin/README.md @@ -0,0 +1,30 @@ +# Apache Struts 2 Extras - Secure Jakarta Stream Multipart parser plugin + +This plugin provides a safe implementation of the Jakarta Stream Multipart parser from the Struts Core. It can be used +to mitigate vulnerability described in the [S2-045](http://struts.apache.org/docs/s2-045.html) Security Bulletin. + +You should use this plugin in case you are not able to migrated to the latest Struts version. + +## Supported versions + +This plugins can be used with the Apache Struts versions 2.5.20 till 2.5.5, if you are running the Apache Struts 2.5.8+ +you must migrate to the latest version which is [Struts 2.5.10.1](http://struts.apache.org/announce.html#a20170307). + +## How to use it + +Just drop the jar into `WEB-INF/libs` folder and restart your application, you can use on of the existing PoCs +to test if everything is ok. + +If you are using Maven to build your project, please add the following dependency into your pom: + +```xml +<dependency> + <groupId>org.apache.struts</groupId> + <artifactId>struts2-secure-jakarta-multipart-parser-plugin</artifactId> + <version>[VERSION]</version> +</dependency> +``` + +## Remarks + +Please be aware that this is just a temporary solution, you should consider migration to the latest version anyway.
