This is an automated email from the ASF dual-hosted git repository.
git-site-role pushed a commit to branch asf-site
in repository https://gitbox.apache.org/repos/asf/struts-site.git
The following commit(s) were added to refs/heads/asf-site by this push:
new 8e3e373 Updates production by Jenkins
8e3e373 is described below
commit 8e3e3731e8608898e3abf600c1e431dc31f57aff
Author: jenkins <[email protected]>
AuthorDate: Wed Nov 14 19:31:06 2018 +0000
Updates production by Jenkins
---
content/index.html | 9 +-
.../{index.html => struts23-eol-announcement.html} | 146 +++++++--------------
2 files changed, 54 insertions(+), 101 deletions(-)
diff --git a/content/index.html b/content/index.html
index f88e773..916f0ac 100644
--- a/content/index.html
+++ b/content/index.html
@@ -178,12 +178,11 @@
</p>
</div>
<div class="column col-md-4">
- <h2>Apache Struts Extras GA</h2>
+ <h2>Apache Struts 2.3.x EOL</h2>
<p>
- The Struts Extras secure Multipart plugins General Availability -
versions 1.1, use them to secure your
- application against critical security vulnerability reported in <a
href="/docs/s2-045.html">S2-045</a>,
- <a href="/docs/s2-046.html">S2-046</a>, read more in <a
href="announce-2017.html#a20170323">Announcement</a>
- or in <a href="https://github.com/apache/struts-extras";>README</a>
+ The Apache Struts Team informs about discontinuing support for
Struts 2.3.x branch in 6 months, you can expect only support
+ in case of security issues and we recommend migration to the latest
version of Struts, read more in
+ <a href="struts23-eol-announcement.md">Announcement</a>
</p>
</div>
<div class="column col-md-4">
diff --git a/content/index.html b/content/struts23-eol-announcement.html
similarity index 62%
copy from content/index.html
copy to content/struts23-eol-announcement.html
index f88e773..ee10646 100644
--- a/content/index.html
+++ b/content/struts23-eol-announcement.html
@@ -7,11 +7,13 @@
<meta http-equiv="Content-Language" content="en"/>
<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
- <title>Welcome to the Apache Struts project</title>
+ <title>Apache Struts 2.3.x EOL Announcement</title>
<link
href="//fonts.googleapis.com/css?family=Source+Sans+Pro:300,400,600,700,400italic,600italic,700italic"
rel="stylesheet" type="text/css">
<link
href="//netdna.bootstrapcdn.com/font-awesome/4.0.3/css/font-awesome.css"
rel="stylesheet">
<link href="/css/main.css" rel="stylesheet">
+ <link href="/css/custom.css" rel="stylesheet">
+ <link href="/highlighter/github-theme.css" rel="stylesheet">
<script src="//code.jquery.com/jquery-1.11.0.min.js"></script>
<script type="text/javascript" src="/bootstrap/js/bootstrap.js"></script>
@@ -121,101 +123,53 @@
</header>
-<article class="container index">
- <section>
- <div class="container hero">
- <div class="jumbotron col-md-12">
- <h1>Apache Struts</h1>
- <p>Apache Struts is a free, open-source, MVC framework for creating
elegant,
- modern Java web applications. It favors convention over configuration, is
- extensible using a plugin architecture, and ships with plugins to support
- REST, AJAX and JSON.
- </p>
- <a href="download.cgi#struts2518" class="btn btn-primary btn-large">
- <img src="img/download-icon.svg"> Download
- </a>
- <a href="primer.html" class="btn btn-info btn-large">
- <img src="img/primer-icon.svg"> Technology Primer
- </a>
- </div>
-</div>
-<div class="container important-notes">
- <div class="col-md-12">
- <div class="row">
- <div class="column col-md-4">
- <h2>Google's Patch Reward program</h2>
- <p>During <a href="http://www.meetup.com/sfhtml5/";>SFHTML5</a> Google
announced that
- they extend their program to cover the Apache Struts project as
well. Now you can earn
- money preparing patches for us!
- <a href="submitting-patches.html#googles-patch-reward-program">read
more</a>
- </p>
- </div>
- <div class="column col-md-4">
- <h2>Apache Struts 2.5.18 GA</h2>
- <p>
- Apache Struts 2.5.18 GA has been released<br/>on 15 October 2018.
- </p>
- Read more in <a href="announce.html#a20181015-1">Announcement</a> or in
- <a
href="https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.5.18";>Version
notes</a>
- </div>
- <div class="column col-md-4">
- <h2>Apache Struts 2.3.36 GA</h2>
- <p>
- It's the latest release of Struts 2.3.x which contains the latest
security fixes,
- released on 15 October 2018.<br/> Read more in <a
href="announce.html#a20181015-2">Announcement</a> or in
- <a
href="https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.3.36";>Version
notes</a>
- </p>
- </div>
- </div>
- <div class="row">
- <div class="column col-md-4">
- <h2>Immediately upgrade commons-fileupload to version 1.3.3</h2>
- <p>
- The Apache Struts Team recommends to immediately upgrade your Struts
2
- based projects to use the latest released version of Commons
- FileUpload library, which is currently 1.3.3.
- <a href="announce.html#a20180323">Announcement</a>
- </p>
- </div>
- <div class="column col-md-4">
- <h2>Apache Struts Extras GA</h2>
- <p>
- The Struts Extras secure Multipart plugins General Availability -
versions 1.1, use them to secure your
- application against critical security vulnerability reported in <a
href="/docs/s2-045.html">S2-045</a>,
- <a href="/docs/s2-046.html">S2-046</a>, read more in <a
href="announce-2017.html#a20170323">Announcement</a>
- or in <a href="https://github.com/apache/struts-extras";>README</a>
- </p>
- </div>
- <div class="column col-md-4">
- <h2>Immediately upgrade to version 2.5.18 or 2.3.36</h2>
- <p>
- The Apache Security Struts Team recommends to immediately upgrade
your Struts 2 based projects to use
- the latest released version of the Apache Struts to prevent possible
RCE attack when using results with no namespace,
- reported in <a
href="https://cwiki.apache.org/confluence/display/WW/S2-057";>S2-057</a>. Read
more in <a href="announce.html#a20181015-0">Announcement</a>.
- </p>
- </div>
- </div>
- </div>
-</div>
-<div class="container contact-channels">
- <div class="col-md-12"><h5>Keep in touch: </h5>
-
- <div class="channels">
- <div class="irc-btn">IRC: <a
href="irc://irc.freenode.net/struts">#struts</a></div>
- <div class="facebook-btn">
- <div data-href="https://www.facebook.com/apachestruts";
data-width="250" data-layout="button_count"
- data-action="like" data-show-faces="false" data-share="true"
class="fb-like"></div>
- </div>
- <div class="gplus-btn">
- <div data-annotation="inline" data-size="medium" data-width="225"
data-href="http://struts.apache.org/";
- class="g-plusone"></div>
- </div>
- <div class="twitter-btn"><a href="https://twitter.com/TheApacheStruts";
data-show-count="false" data-lang="en"
- data-width="240px" data-align="left"
class="twitter-follow-button">Follow
- @TheApacheStruts</a></div>
- </div>
- </div>
-</div>
+<article class="container">
+ <section class="col-md-12">
+ <a class="edit-on-gh"
href="https://github.com/apache/struts-site/edit/master/source/struts23-eol-announcement.md";
title="Edit this page on GitHub">Edit on GitHub</a>
+
+ <h1 id="apache-struts-23x-end-of-life-eol-announcement">Apache Struts
2.3.x End-Of-Life (EOL) Announcement</h1>
+
+<p><strong>The Apache Struts Project Team would like to inform you that the
Struts 2.3.x web framework will reach its end of life in 6 months and won’t be
longer officially supported.</strong></p>
+
+<p>This announcement takes place on 2018-11-14 and starting from that date we
will only support Apache Struts 2.3.x in case of security vulnerabilities.
+Within those 6 months period you can expect that we do our best to keep Struts
2.3.x branch secure but some of the security related changes
+cannot happen without architectural changes that can affect backward
compatibility. This what happened to Struts 2.5.x, we introduced some
+internal changes to improve overall framework’s security.</p>
+
+<h2 id="questions-and-answers">Questions and Answers</h2>
+
+<ul>
+ <li>
+ <p><strong>With the announcement of Struts 2.3.x EOL, what happens to
Struts 2.3.x resources?</strong></p>
+
+ <p>All resources will stay where they are. The documentation will still be
accessible from the Apache Struts homepage, as well as the downloads
+for all released Struts 2.3.x versions. All of the Struts 2.3.x source code
can be found in the Apache Struts Git repository under branch
+<code class="highlighter-rouge">support-2-3</code>, now and in future. All
released Maven artifacts will still be accessible in Maven Central.</p>
+ </li>
+ <li>
+ <p><strong>Given a major security problem or a serious bug is reported for
Struts 2.3.x in near future, can we expect a new release with
fixes?</strong></p>
+
+ <p>Yes, we will continue to support Struts 2.3.x in case of security
issues for the next 6 months, after that time we won’t support this branch
+in any case.</p>
+ </li>
+ <li>
+ <p><strong>Is there an immediate need to eliminate Struts 2.3.x from my
projects?</strong></p>
+
+ <p>As far as the Struts team is currently aware of, there is no urgent
issue posing the immediate need to eliminate Struts 2.3.x usage from
+your projects. However, you should consider migration to the latest available
version as we stop supporting this version in 6 months.</p>
+ </li>
+ <li>
+ <p><strong>We plan to start a new project based on Struts 2.3.x. Can we
still do so?</strong></p>
+
+ <p>Basically yes, but we would not recommend doing so. As long as no code
line is written, it is very easy to conceptually select
+the latest version of Struts 2.</p>
+ </li>
+ <li>
+ <p><strong>My friends / colleagues and I would like to see Struts 2.3.x
being maintained again. What can we do?</strong></p>
+
+ <p>You are free to put effort in Struts 2.3.x. There are basically one
possibility: fork the existing source and support it on your own.</p>
+ </li>
+</ul>
</section>
</article>
