Adds info about Struts Extras plugins 1.1 versions
Project: http://git-wip-us.apache.org/repos/asf/struts-site/repo Commit: http://git-wip-us.apache.org/repos/asf/struts-site/commit/33f33df1 Tree: http://git-wip-us.apache.org/repos/asf/struts-site/tree/33f33df1 Diff: http://git-wip-us.apache.org/repos/asf/struts-site/diff/33f33df1 Branch: refs/heads/master Commit: 33f33df1cc2f27c9cecaddaf082b478829fb8416 Parents: 53daf9d Author: Lukasz Lenart <lukasz.len...@gmail.com> Authored: Thu Mar 23 09:10:47 2017 +0100 Committer: Lukasz Lenart <lukasz.len...@gmail.com> Committed: Thu Mar 23 09:10:47 2017 +0100 ---------------------------------------------------------------------- source/announce.md | 24 ++++++++++++++++++++++++ source/download.html | 40 ++++++++++++++++++++-------------------- source/index.html | 4 ++-- 3 files changed, 46 insertions(+), 22 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/struts-site/blob/33f33df1/source/announce.md ---------------------------------------------------------------------- diff --git a/source/announce.md b/source/announce.md index 789d122..5d72517 100644 --- a/source/announce.md +++ b/source/announce.md @@ -8,6 +8,30 @@ title: Announcements Skip to: <a href="announce-2016.html">Announcements - 2016</a> </p> +#### 23 march 2017 - Struts Extras secure Multipart plugins General Availability - versions 1.1 {#a20170323} + +The Apache Struts group is pleased to announce that the Apache Struts 2 Secure Jakarta Multipart parser plugin 1.1 +and Apache Struts 2 Secure Jakarta Stream Multipart parser plugin 1.1 are available as a "General Availability" +release. The GA designation is our highest quality grade. + +These releases address one critical security vulnerability: + +- Possible Remote Code Execution when performing file upload based on Jakarta Multipart parser + [S2-045](/docs/s2-045.html), [S2-046](/docs/s2-046.html) + +Those plugins were released to allow users running older versions of the Apache Struts secure their applications +in an easy way. You don't have to migrate to the latest version (which is still preferable) but by applying one of those +plugins, your application won't be vulnerable anymore. + +Please read the [README](https://github.com/apache/struts-extras) for more details and supported Apache Struts versions. + +**All developers are strongly advised to perform this action.** + +Should any issues arise with your use of any version of the Struts framework, please post your comments +to the user list, and, if appropriate, file a tracking ticket. + +You can download those plugins from our [download](download.cgi#struts-extras) page. + #### 20 march 2017 - Struts Extras secure Multipart plugins General Availability {#a20170320} The Apache Struts group is pleased to announce that the Apache Struts 2 Secure Jakarta Multipart parser plugin http://git-wip-us.apache.org/repos/asf/struts-site/blob/33f33df1/source/download.html ---------------------------------------------------------------------- diff --git a/source/download.html b/source/download.html index 1292f5d..5dbc7e5 100644 --- a/source/download.html +++ b/source/download.html @@ -220,12 +220,12 @@ title: Download a Release <li>Apache Struts 2 Secure Jakarta Multipart parser plugin: <ul> <li> - <a href="[preferred]struts/struts-extras/struts2-secure-jakarta-multipart-parser-plugin/1.0/struts2-secure-jakarta-multipart-parser-plugin-1.0.jar"> - struts2-secure-jakarta-multipart-parser-plugin-1.0.jar + <a href="[preferred]struts/struts-extras/struts2-secure-jakarta-multipart-parser-plugin/1.1/struts2-secure-jakarta-multipart-parser-plugin-1.1.jar"> + struts2-secure-jakarta-multipart-parser-plugin-1.1.jar </a> - [<a href="http://www.apache.org/dist/struts/struts-extras/struts2-secure-jakarta-multipart-parser-plugin/1.0/struts2-secure-jakarta-multipart-parser-plugin-1.0.jar.asc";>PGP</a>] - [<a href="http://www.apache.org/dist/struts/struts-extras/struts2-secure-jakarta-multipart-parser-plugin/1.0/struts2-secure-jakarta-multipart-parser-plugin-1.0.jar.md5";>MD5</a>] - [<a href="http://www.apache.org/dist/struts/struts-extras/struts2-secure-jakarta-multipart-parser-plugin/1.0/struts2-secure-jakarta-multipart-parser-plugin-1.0.jar.sha1";>SHA1</a>] + [<a href="http://www.apache.org/dist/struts/struts-extras/struts2-secure-jakarta-multipart-parser-plugin/1.1/struts2-secure-jakarta-multipart-parser-plugin-1.1.jar.asc";>PGP</a>] + [<a href="http://www.apache.org/dist/struts/struts-extras/struts2-secure-jakarta-multipart-parser-plugin/1.1/struts2-secure-jakarta-multipart-parser-plugin-1.1.jar.md5";>MD5</a>] + [<a href="http://www.apache.org/dist/struts/struts-extras/struts2-secure-jakarta-multipart-parser-plugin/1.1/struts2-secure-jakarta-multipart-parser-plugin-1.1.jar.sha1";>SHA1</a>] </li> </ul> </li> @@ -233,12 +233,12 @@ title: Download a Release <li>Source: <ul> <li> - <a href="[preferred]struts/struts-extras/struts2-secure-jakarta-multipart-parser-plugin/1.0/struts2-secure-jakarta-multipart-parser-plugin-1.0-source-release.zip"> - struts2-secure-jakarta-multipart-parser-plugin-1.0-source-release.zip + <a href="[preferred]struts/struts-extras/struts2-secure-jakarta-multipart-parser-plugin/1.1/struts2-secure-jakarta-multipart-parser-plugin-1.1-source-release.zip"> + struts2-secure-jakarta-multipart-parser-plugin-1.1-source-release.zip </a> - [<a href="http://www.apache.org/dist/struts/struts-extras/struts2-secure-jakarta-multipart-parser-plugin/1.0/struts2-secure-jakarta-multipart-parser-plugin-1.0-source-release.zip.md5";>PGP</a>] - [<a href="http://www.apache.org/dist/struts/struts-extras/struts2-secure-jakarta-multipart-parser-plugin/1.0/struts2-secure-jakarta-multipart-parser-plugin-1.0-source-release.zip.asc";>MD5</a>] - [<a href="http://www.apache.org/dist/struts/struts-extras/struts2-secure-jakarta-multipart-parser-plugin/1.0/struts2-secure-jakarta-multipart-parser-plugin-1.0-source-release.zip.sha1";>SHA1</a>] + [<a href="http://www.apache.org/dist/struts/struts-extras/struts2-secure-jakarta-multipart-parser-plugin/1.1/struts2-secure-jakarta-multipart-parser-plugin-1.1-source-release.zip.md5";>PGP</a>] + [<a href="http://www.apache.org/dist/struts/struts-extras/struts2-secure-jakarta-multipart-parser-plugin/1.1/struts2-secure-jakarta-multipart-parser-plugin-1.1-source-release.zip.asc";>MD5</a>] + [<a href="http://www.apache.org/dist/struts/struts-extras/struts2-secure-jakarta-multipart-parser-plugin/1.1/struts2-secure-jakarta-multipart-parser-plugin-1.1-source-release.zip.sha1";>SHA1</a>] </li> </ul> </li> @@ -246,12 +246,12 @@ title: Download a Release <li>Apache Struts 2 Secure Jakarta Stream Multipart parser plugin: <ul> <li> - <a href="[preferred]struts/struts-extras/struts2-secure-jakarta-stream-multipart-parser-plugin/1.0/struts2-secure-jakarta-stream-multipart-parser-plugin-1.0.jar"> - struts2-secure-jakarta-multipart-parser-plugin-1.0.jar + <a href="[preferred]struts/struts-extras/struts2-secure-jakarta-stream-multipart-parser-plugin/1.1/struts2-secure-jakarta-stream-multipart-parser-plugin-1.1.jar"> + struts2-secure-jakarta-multipart-parser-plugin-1.1.jar </a> - [<a href="http://www.apache.org/dist/struts/struts-extras/struts2-secure-jakarta-stream-multipart-parser-plugin/1.0/struts2-secure-jakarta-stream-multipart-parser-plugin-1.0.jar.asc";>PGP</a>] - [<a href="http://www.apache.org/dist/struts/struts-extras/struts2-secure-jakarta-stream-multipart-parser-plugin/1.0/struts2-secure-jakarta-stream-multipart-parser-plugin-1.0.jar.md5";>MD5</a>] - [<a href="http://www.apache.org/dist/struts/struts-extras/struts2-secure-jakarta-stream-multipart-parser-plugin/1.0/struts2-secure-jakarta-stream-multipart-parser-plugin-1.0.jar.sha1";>SHA1</a>] + [<a href="http://www.apache.org/dist/struts/struts-extras/struts2-secure-jakarta-stream-multipart-parser-plugin/1.1/struts2-secure-jakarta-stream-multipart-parser-plugin-1.1.jar.asc";>PGP</a>] + [<a href="http://www.apache.org/dist/struts/struts-extras/struts2-secure-jakarta-stream-multipart-parser-plugin/1.1/struts2-secure-jakarta-stream-multipart-parser-plugin-1.1.jar.md5";>MD5</a>] + [<a href="http://www.apache.org/dist/struts/struts-extras/struts2-secure-jakarta-stream-multipart-parser-plugin/1.1/struts2-secure-jakarta-stream-multipart-parser-plugin-1.1.jar.sha1";>SHA1</a>] </li> </ul> </li> @@ -259,12 +259,12 @@ title: Download a Release <li>Source: <ul> <li> - <a href="[preferred]struts/struts-extras/struts2-secure-jakarta-stream-multipart-parser-plugin/1.0/struts2-secure-jakarta-stream-multipart-parser-plugin-1.0-source-release.zip"> - struts2-secure-jakarta-multipart-parser-plugin-1.0-source-release.zip + <a href="[preferred]struts/struts-extras/struts2-secure-jakarta-stream-multipart-parser-plugin/1.1/struts2-secure-jakarta-stream-multipart-parser-plugin-1.1-source-release.zip"> + struts2-secure-jakarta-multipart-parser-plugin-1.1-source-release.zip </a> - [<a href="http://www.apache.org/dist/struts/struts-extras/struts2-secure-jakarta-stream-multipart-parser-plugin/1.0/struts2-secure-jakarta-stream-multipart-parser-plugin-1.0-source-release.zip.md5";>PGP</a>] - [<a href="http://www.apache.org/dist/struts/struts-extras/struts2-secure-jakarta-stream-multipart-parser-plugin/1.0/struts2-secure-jakarta-stream-multipart-parser-plugin-1.0-source-release.zip.asc";>MD5</a>] - [<a href="http://www.apache.org/dist/struts/struts-extras/struts2-secure-jakarta-stream-multipart-parser-plugin/1.0/struts2-secure-jakarta-stream-multipart-parser-plugin-1.0-source-release.zip.sha1";>SHA1</a>] + [<a href="http://www.apache.org/dist/struts/struts-extras/struts2-secure-jakarta-stream-multipart-parser-plugin/1.1/struts2-secure-jakarta-stream-multipart-parser-plugin-1.1-source-release.zip.md5";>PGP</a>] + [<a href="http://www.apache.org/dist/struts/struts-extras/struts2-secure-jakarta-stream-multipart-parser-plugin/1.1/struts2-secure-jakarta-stream-multipart-parser-plugin-1.1-source-release.zip.asc";>MD5</a>] + [<a href="http://www.apache.org/dist/struts/struts-extras/struts2-secure-jakarta-stream-multipart-parser-plugin/1.1/struts2-secure-jakarta-stream-multipart-parser-plugin-1.1-source-release.zip.sha1";>SHA1</a>] </li> </ul> </li> http://git-wip-us.apache.org/repos/asf/struts-site/blob/33f33df1/source/index.html ---------------------------------------------------------------------- diff --git a/source/index.html b/source/index.html index 3b868f2..7156908 100644 --- a/source/index.html +++ b/source/index.html @@ -53,9 +53,9 @@ title: Welcome to the Apache Struts project <div class="column col-md-4"> <h2>Apache Struts Extras GA</h2> <p> - The Struts Extras secure Multipart plugins General Availability, use them to secure your application against critical security + The Struts Extras secure Multipart plugins General Availability - versions 1.1, use them to secure your application against critical security vulnerability reported in <a href="/docs/s2-045.html">S2-045</a>, <a href="/docs/s2-046.html">S2-046</a>, - read more in <a href="announce.html#a20170320">Announcement</a> or in + read more in <a href="announce.html#a20170323">Announcement</a> or in <a href="https://github.com/apache/struts-extras";>README</a> </p> </div>
