This is an automated email from the ASF dual-hosted git repository.
git-site-role pushed a commit to branch asf-site
in repository https://gitbox.apache.org/repos/asf/struts-site.git
The following commit(s) were added to refs/heads/asf-site by this push:
new 8d4f5a5 Updates production by Jenkins
8d4f5a5 is described below
commit 8d4f5a5f0693580d28b7168139e2b344009c020c
Author: jenkins <[email protected]>
AuthorDate: Tue Mar 27 10:30:45 2018 +0000
Updates production by Jenkins
---
content/announce.html | 11 +++++++++++
content/index.html | 7 ++++++-
2 files changed, 17 insertions(+), 1 deletion(-)
diff --git a/content/announce.html b/content/announce.html
index 18a3ebe..ad5b1ee 100644
--- a/content/announce.html
+++ b/content/announce.html
@@ -130,6 +130,7 @@
<h1 class="no_toc" id="announcements-2018">Announcements 2018</h1>
<ul id="markdown-toc">
+ <li><a href="#a20180327" id="markdown-toc-a20180327">27 March 2018 - A
crafted XML request can be used to perform a DoS attack when using the Struts
REST plugin</a></li>
<li><a href="#a20180323" id="markdown-toc-a20180323">23 March 2018 -
Immediately upgrade commons-fileupload to version 1.3.3</a></li>
<li><a href="#a20180316" id="markdown-toc-a20180316">16 March 2018 - Struts
2.5.16 General Availability</a></li>
</ul>
@@ -138,6 +139,16 @@
Skip to: <a href="announce-2017.html">Announcements - 2017</a>
</p>
+<h4 id="a20180327">27 March 2018 - A crafted XML request can be used to
perform a DoS attack when using the Struts REST plugin</h4>
+
+<p>The Apache Security Struts Team recommends to immediately upgrade your
Struts 2 based projects to use the latest released
+version of the Apache Struts. This is necessary to prevent your publicly
accessible web site, which is using the Struts
+REST plugin and performing XML serialisation, from being exposed to possible
DoS attack.</p>
+
+<p>You can find more details in a Security Bulletin <a
href="https://cwiki.apache.org/confluence/display/WW/S2-056";>S2-056</a></p>
+
+<p>All developers are strongly advised to perform this action.</p>
+
<h4 id="a20180323">23 March 2018 - Immediately upgrade commons-fileupload to
version 1.3.3</h4>
<p>The Apache Struts Team recommends to immediately upgrade your Struts 2
diff --git a/content/index.html b/content/index.html
index 08e39a7..6eadc78 100644
--- a/content/index.html
+++ b/content/index.html
@@ -187,7 +187,12 @@
</p>
</div>
<div class="column col-md-4">
- <br/>
+ <h2>A crafted XML request can be used to perform a DoS attack when
using the Struts REST plugin</h2>
+ <p>
+ The Apache Security Struts Team recommends to immediately upgrade
your Struts 2 based projects to use
+ the latest released version of the Apache Struts to prevent possible
DoS attack when using the REST plugin.
+ <a href="announce.html#a20180327">Announcement</a>
+ </p>
</div>
</div>
</div>
--
To stop receiving notification emails like this one, please contact
[email protected].
