This is an automated email from the ASF dual-hosted git repository.
git-site-role pushed a commit to branch asf-site
in repository https://gitbox.apache.org/repos/asf/struts-site.git
The following commit(s) were added to refs/heads/asf-site by this push:
new 56d5e52 Updates production by Jenkins
56d5e52 is described below
commit 56d5e5225758da621c7904ceddd0a1dbb69680c7
Author: jenkins <[email protected]>
AuthorDate: Thu Aug 15 07:57:54 2019 +0000
Updates production by Jenkins
---
content/announce.html | 19 +++++++++++++++++++
content/getting-started/message-resource-files.html | 4 ++--
content/index.html | 8 ++++++++
3 files changed, 29 insertions(+), 2 deletions(-)
diff --git a/content/announce.html b/content/announce.html
index 8514feb..62b9877 100644
--- a/content/announce.html
+++ b/content/announce.html
@@ -130,6 +130,7 @@
<h1 class="no_toc" id="announcements-2019">Announcements 2019</h1>
<ul id="markdown-toc">
+ <li><a href="#a20190815" id="markdown-toc-a20190815">15 August 2019 -
Security Advice: Announcing corrected affected version ranges in historic
Apache Struts security bulletins and CVE entries</a></li>
<li><a href="#a20190114" id="markdown-toc-a20190114">14 January 2019 -
Struts 2.5.20 General Availability</a></li>
<li><a href="#a20181230" id="markdown-toc-a20181230">30 December 2018 -
Struts 2.3.37 General Availability</a></li>
</ul>
@@ -138,6 +139,24 @@
Skip to: <a href="announce-2018.html">Announcements - 2018</a>
</p>
+<h4 id="a20190815">15 August 2019 - Security Advice: Announcing corrected
affected version ranges in historic Apache Struts security bulletins and CVE
entries</h4>
+
+<p>The Apache Struts Security team would like to announce that a number of
historic <a
href="https://cwiki.apache.org/confluence/display/WW/Security+Bulletin";>Struts
Security Bulletins</a> and related CVE database entries contained incorrect
affected release version ranges.</p>
+
+<p>The issue was reported by Christopher Fearon and the Black Duck Research
Team within the Synopsys Cybersecurity Research Center. The reporting entity
conducted thorough investigations on this matter, leading to a report to the
Apache Struts Security Team. The Apache Struts Security Team worked with the
reporters to cross-check said issues and map them to affected Apache Struts
General Availability (GA) releases.</p>
+
+<p>This effort led to the issue of Struts Security Bulletin S2-058,
referencing 15 historic Struts Security Bulletins and <a
href="https://github.com/CVEProject/cvelist/pull/2423/files";>respective CVE
entries</a> that have been updated to reflect corrections in affected GA
version ranges as well as minimum GA versions to contain appropriate fixes for
the issues at hand.</p>
+
+<p>The full Security Bulletin can be found here:</p>
+
+<p><a href="https://cwiki.apache.org/confluence/display/WW/S2-058";>Apache
Struts Security Buletin S2-058</a></p>
+
+<p>The Struts Security Team stresses that while the reporters reference more
affected issues and resulting affected version ranges, the Struts Security
Bulletins only cover GA versions designated for production use. This led to
less corrected Security Bulletins and CVE entries compared to the number of
covered issues in the original report.</p>
+
+<p>It is very important to understand that while the individual listed
bulletins contain updated minimum fix versions, it is strongly recommended to
update to the version recommended by the latest Security Bulletin, which is <a
href="https://cwiki.apache.org/confluence/display/WW/S2-057";>S2-057</a> by the
time of this announcement. Following this advice, the recommended minimum
Struts versions to operate in production are Struts 2.3.35 or Struts 2.5.17.</p>
+
+<p>The Apache Struts Security Team would like to thank the reporters for their
efforts and their practice of responsible disclosure, as well as their help
while investigating the report and coordinating public disclosure.</p>
+
<h4 id="a20190114">14 January 2019 - Struts 2.5.20 General Availability</h4>
<p>The Apache Struts group is pleased to announce that Struts 2.5.20 is
available as a “General Availability”
diff --git a/content/getting-started/message-resource-files.html
b/content/getting-started/message-resource-files.html
index 900d472..b5e57b3 100644
--- a/content/getting-started/message-resource-files.html
+++ b/content/getting-started/message-resource-files.html
@@ -226,7 +226,7 @@ this markup.</p>
<p><strong>link to Register Action class</strong></p>
<div class="highlighter-rouge"><pre class="highlight"><code><span
class="nt"><s:url</span> <span class="na">action=</span><span
class="s">"registerInput"</span> <span class="na">var=</span><span
class="s">"registerInputLink"</span> <span class="nt">/></span>
-<span class="nt"><p><a</span> <span class="na">href=</span><span
class="s">"${registerInputLink}"</span><span class="nt">></span>Please
register<span class="nt"></a></span> for our prize drawing.<span
class="nt"></p></span>
+<span class="nt"><p><s:a</span> <span class="na">href=</span><span
class="s">"%{registerInputLink}"</span><span class="nt">></span>Please
register<span class="nt"></s:a></span> for our prize drawing.<span
class="nt"></p></span>
</code></pre>
</div>
@@ -401,7 +401,7 @@ instead of the default locale value of our location (which
is en). Add the follo
<span class="nt"><s:url</span> <span class="na">action=</span><span
class="s">"registerInput"</span> <span class="na">var=</span><span
class="s">"registerInputLinkES"</span><span class="nt">></span>
<span class="nt"><s:param</span> <span class="na">name=</span><span
class="s">"request_locale"</span><span class="nt">></span>es<span
class="nt"></s:param></span>
<span class="nt"></s:url></span>
-<span class="nt"><p><a</span> <span class="na">href=</span><span
class="s">"${registerInputLinkES}"</span><span class="nt">></span>Por favor,
regístrese<span class="nt"></a></span> para nuestro sorteo<span
class="nt"></p></span>
+<span class="nt"><p><s:a</span> <span class="na">href=</span><span
class="s">"%{registerInputLinkES}"</span><span class="nt">></span>Por favor,
regístrese<span class="nt"></s:a></span> para nuestro sorteo<span
class="nt"></p></span>
</code></pre>
</div>
diff --git a/content/index.html b/content/index.html
index 8e09543..7650bac 100644
--- a/content/index.html
+++ b/content/index.html
@@ -186,6 +186,14 @@
</p>
</div>
<div class="column col-md-4">
+ <h2>Security Advice S2-058 released</h2>
+ <p>
+ A number of historic Struts Security Bulletins and related CVE
database entries contained incorrect affected release version ranges.
+ Read more in
+ <a href="announce#a20190815">Announcement</a>
+ </p>
+ </div>
+ <div class="column col-md-4">
</div>
</div>
</div>
