Repository: struts-site Updated Branches: refs/heads/master f685a9238 -> 521832ef0
Adds information about latest release of Apache Extras Project: http://git-wip-us.apache.org/repos/asf/struts-site/repo Commit: http://git-wip-us.apache.org/repos/asf/struts-site/commit/b9c63151 Tree: http://git-wip-us.apache.org/repos/asf/struts-site/tree/b9c63151 Diff: http://git-wip-us.apache.org/repos/asf/struts-site/diff/b9c63151 Branch: refs/heads/master Commit: b9c631510501fb6317fbc6f2359180b33c73ba0e Parents: f685a92 Author: Lukasz Lenart <lukasz.len...@gmail.com> Authored: Mon Mar 20 14:32:15 2017 +0100 Committer: Lukasz Lenart <lukasz.len...@gmail.com> Committed: Mon Mar 20 14:32:15 2017 +0100 ---------------------------------------------------------------------- source/announce.md | 25 +++++++++++++++++++ source/download.html | 62 +++++++++++++++++++++++++++++++++++++++++++++++ source/index.html | 7 ++++++ 3 files changed, 94 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/struts-site/blob/b9c63151/source/announce.md ---------------------------------------------------------------------- diff --git a/source/announce.md b/source/announce.md index d7a5c81..6a571d3 100644 --- a/source/announce.md +++ b/source/announce.md @@ -8,6 +8,31 @@ title: Announcements Skip to: <a href="announce-2016.html">Announcements - 2016</a> </p> +#### 20 march 2017 - Struts Extras secure Multipart plugins General Availability {#a20170320} + +The Apache Struts group is pleased to announce that the Apache Struts 2 Secure Jakarta Multipart parser plugin +and Apache Struts 2 Secure Jakarta Stream Multipart parser plugin are available as a "General Availability" +release. The GA designation is our highest quality grade. + +These releases address one critical security vulnerability: + +- Possible Remote Code Execution when performing file upload based on Jakarta Multipart parser + [S2-045](/docs/s2-045.html), [S2-046](/docs/s2-046.html) + +Those plugins were released to allow users running older versions of the Apache Struts secure their applications in easy way. +You don't have to migrate to the latest version (which is still preferable) but by applying one of those plugins, +your application won't be vulnerable anymore. + +It is a drop-in installation, just select a proper jar gile and copy it to `WEB-INF/lib` folder. +Please read the [README](https://github.com/apache/struts-extras) for more details and supported Apache Struts versions. + +**All developers are strongly advised to perform this action.** + +Should any issues arise with your use of any version of the Struts framework, please post your comments +to the user list, and, if appropriate, file a tracking ticket. + +You can download those plugins from our [download](download.cgi#struts-extras) page. + #### 7 march 2017 - Struts 2.5.10.1 General Availability {#a20170307} The Apache Struts group is pleased to announce that Struts 2.5.10.1 is available as a "General Availability" http://git-wip-us.apache.org/repos/asf/struts-site/blob/b9c63151/source/download.html ---------------------------------------------------------------------- diff --git a/source/download.html b/source/download.html index 2f2ef77..720a3b4 100644 --- a/source/download.html +++ b/source/download.html @@ -209,6 +209,68 @@ title: Download a Release </ul> +<a class="anchor" name="struts-extras"></a> +<h2>Struts Extras</h2> + +<ul> + <li> + <a href="https://github.com/apache/struts-extras";>README</a> + </li> + + <li>Apache Struts 2 Secure Jakarta Multipart parser plugin: + <ul> + <li> + <a href="[preferred]struts/struts-extras/struts2-secure-jakarta-multipart-parser-plugin/1.0/struts2-secure-jakarta-multipart-parser-plugin-1.0.jar"> + struts2-secure-jakarta-multipart-parser-plugin-1.0.jar + </a> + [<a href="http://www.apache.org/dist/struts/struts-extras/struts2-secure-jakarta-multipart-parser-plugin/1.0/struts2-secure-jakarta-multipart-parser-plugin-1.0.jar.asc";>PGP</a>] + [<a href="http://www.apache.org/dist/struts/struts-extras/struts2-secure-jakarta-multipart-parser-plugin/1.0/struts2-secure-jakarta-multipart-parser-plugin-1.0.jar.md5";>MD5</a>] + [<a href="http://www.apache.org/dist/struts/struts-extras/struts2-secure-jakarta-multipart-parser-plugin/1.0/struts2-secure-jakarta-multipart-parser-plugin-1.0.jar.sha1";>SHA1</a>] + </li> + </ul> + </li> + + <li>Source: + <ul> + <li> + <a href="[preferred]struts/struts-extras/struts2-secure-jakarta-multipart-parser-plugin/1.0/struts2-secure-jakarta-multipart-parser-plugin-1.0-source-release.zip"> + struts2-secure-jakarta-multipart-parser-plugin-1.0-source-release.zip + </a> + [<a href="http://www.apache.org/dist/struts/struts-extras/struts2-secure-jakarta-multipart-parser-plugin/1.0/struts2-secure-jakarta-multipart-parser-plugin-1.0-source-release.zip.md5";>PGP</a>] + [<a href="http://www.apache.org/dist/struts/struts-extras/struts2-secure-jakarta-multipart-parser-plugin/1.0/struts2-secure-jakarta-multipart-parser-plugin-1.0-source-release.zip.asc";>MD5</a>] + [<a href="http://www.apache.org/dist/struts/struts-extras/struts2-secure-jakarta-multipart-parser-plugin/1.0/struts2-secure-jakarta-multipart-parser-plugin-1.0-source-release.zip.sha1";>SHA1</a>] + </li> + </ul> + </li> + + <li>Apache Struts 2 Secure Jakarta Stream Multipart parser plugin: + <ul> + <li> + <a href="[preferred]struts/struts-extras/struts2-secure-jakarta-stream-multipart-parser-plugin/1.0/struts2-secure-jakarta-stream-multipart-parser-plugin-1.0.jar"> + struts2-secure-jakarta-multipart-parser-plugin-1.0.jar + </a> + [<a href="http://www.apache.org/dist/struts/struts-extras/struts2-secure-jakarta-stream-multipart-parser-plugin/1.0/struts2-secure-jakarta-stream-multipart-parser-plugin-1.0.jar.asc";>PGP</a>] + [<a href="http://www.apache.org/dist/struts/struts-extras/struts2-secure-jakarta-stream-multipart-parser-plugin/1.0/struts2-secure-jakarta-stream-multipart-parser-plugin-1.0.jar.md5";>MD5</a>] + [<a href="http://www.apache.org/dist/struts/struts-extras/struts2-secure-jakarta-stream-multipart-parser-plugin/1.0/struts2-secure-jakarta-stream-multipart-parser-plugin-1.0.jar.sha1";>SHA1</a>] + </li> + </ul> + </li> + + <li>Source: + <ul> + <li> + <a href="[preferred]struts/struts-extras/struts2-secure-jakarta-stream-multipart-parser-plugin/1.0/struts2-secure-jakarta-stream-multipart-parser-plugin-1.0-source-release.zip"> + struts2-secure-jakarta-multipart-parser-plugin-1.0-source-release.zip + </a> + [<a href="http://www.apache.org/dist/struts/struts-extras/struts2-secure-jakarta-stream-multipart-parser-plugin/1.0/struts2-secure-jakarta-stream-multipart-parser-plugin-1.0-source-release.zip.md5";>PGP</a>] + [<a href="http://www.apache.org/dist/struts/struts-extras/struts2-secure-jakarta-stream-multipart-parser-plugin/1.0/struts2-secure-jakarta-stream-multipart-parser-plugin-1.0-source-release.zip.asc";>MD5</a>] + [<a href="http://www.apache.org/dist/struts/struts-extras/struts2-secure-jakarta-stream-multipart-parser-plugin/1.0/struts2-secure-jakarta-stream-multipart-parser-plugin-1.0-source-release.zip.sha1";>SHA1</a>] + </li> + </ul> + </li> + +</ul> + <a class="anchor" name="prior-releases"></a> <h2>Prior releases</h2> <p> http://git-wip-us.apache.org/repos/asf/struts-site/blob/b9c63151/source/index.html ---------------------------------------------------------------------- diff --git a/source/index.html b/source/index.html index 1b6b2b6..3b868f2 100644 --- a/source/index.html +++ b/source/index.html @@ -51,6 +51,13 @@ title: Welcome to the Apache Struts project <div class="column col-md-4"> </div> <div class="column col-md-4"> + <h2>Apache Struts Extras GA</h2> + <p> + The Struts Extras secure Multipart plugins General Availability, use them to secure your application against critical security + vulnerability reported in <a href="/docs/s2-045.html">S2-045</a>, <a href="/docs/s2-046.html">S2-046</a>, + read more in <a href="announce.html#a20170320">Announcement</a> or in + <a href="https://github.com/apache/struts-extras";>README</a> + </p> </div> <div class="column col-md-4"> </div>
