This is an automated email from the ASF dual-hosted git repository.
lukaszlenart pushed a commit to branch asf-staging
in repository https://gitbox.apache.org/repos/asf/struts-site.git
The following commit(s) were added to refs/heads/asf-staging by this push:
new 56f3b08 Removes unused page
56f3b08 is described below
commit 56f3b08bc7780019c769eed45d9d80050018f567
Author: Lukasz Lenart <lukaszlen...@apache.org>
AuthorDate: Sat Feb 20 08:47:01 2021 +0100
Removes unused page
---
.gitignore | 1 +
content/announce.html | 315 --------------------------------------------------
2 files changed, 1 insertion(+), 315 deletions(-)
diff --git a/.gitignore b/.gitignore
index dfe463f..cac0220 100644
--- a/.gitignore
+++ b/.gitignore
@@ -13,3 +13,4 @@ PLACEHOLDER
README.md
_config.yml
.bundle
+_site
diff --git a/content/announce.html b/content/announce.html
deleted file mode 100644
index 9dcb38d..0000000
--- a/content/announce.html
+++ /dev/null
@@ -1,315 +0,0 @@
-<!DOCTYPE html>
-<html lang="en">
-<head>
- <meta charset="UTF-8"/>
- <meta name="viewport" content="width=device-width, initial-scale=1.0"/>
- <meta name="Date-Revision-yyyymmdd" content="20140918"/>
- <meta http-equiv="Content-Language" content="en"/>
- <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
-
- <title>Announcements 2020</title>
-
- <link
href="//fonts.googleapis.com/css?family=Source+Sans+Pro:300,400,600,700,400italic,600italic,700italic"
rel="stylesheet" type="text/css">
- <link
href="//netdna.bootstrapcdn.com/font-awesome/4.0.3/css/font-awesome.css"
rel="stylesheet">
- <link href="/css/main.css" rel="stylesheet">
- <link href="/css/custom.css" rel="stylesheet">
- <link href="/highlighter/github-theme.css" rel="stylesheet">
-
- <script src="//code.jquery.com/jquery-1.11.0.min.js"></script>
- <script type="text/javascript" src="/bootstrap/js/bootstrap.js"></script>
- <script type="text/javascript" src="/js/community.js"></script>
-</head>
-<body>
-
-<a href="http://github.com/apache/struts"; class="github-ribbon">
- <img style="position: absolute; right: 0; border: 0;"
src="https://s3.amazonaws.com/github/ribbons/forkme_right_red_aa0000.png";
alt="Fork me on GitHub">
-</a>
-
-<header>
- <nav>
- <div role="navigation" class="navbar navbar-default navbar-fixed-top">
- <div class="container">
- <div class="navbar-header">
- <button type="button" data-toggle="collapse"
data-target="#struts-menu" class="navbar-toggle">
- Menu
- <span class="sr-only">Toggle navigation</span>
- <span class="icon-bar"></span>
- <span class="icon-bar"></span>
- <span class="icon-bar"></span>
- </button>
- <a href="/index.html" class="navbar-brand logo"><img
src="/img/struts-logo.svg"></a>
- </div>
- <div id="struts-menu" class="navbar-collapse collapse">
- <ul class="nav navbar-nav">
- <li class="dropdown">
- <a data-toggle="dropdown" href="#" class="dropdown-toggle">
- Home<b class="caret"></b>
- </a>
- <ul class="dropdown-menu">
- <li><a href="/index.html">Welcome</a></li>
- <li><a href="/download.cgi">Download</a></li>
- <li><a href="/releases.html">Releases</a></li>
- <li><a href="/announce.html">Announcements</a></li>
- <li><a href="http://www.apache.org/licenses/";>License</a></li>
- <li><a
href="https://www.apache.org/foundation/thanks.html";>Thanks!</a></li>
- <li><a
href="https://www.apache.org/foundation/sponsorship.html";>Sponsorship</a></li>
- </ul>
- </li>
- <li class="dropdown">
- <a data-toggle="dropdown" href="#" class="dropdown-toggle">
- Support<b class="caret"></b>
- </a>
- <ul class="dropdown-menu">
- <li><a href="/mail.html">User Mailing List</a></li>
- <li><a href="https://issues.apache.org/jira/browse/WW";>Issue
Tracker</a></li>
- <li><a href="/security.html">Reporting Security Issues</a></li>
- <li class="divider"></li>
- <li><a
href="https://cwiki.apache.org/confluence/display/WW/Migration+Guide";>Version
Notes</a></li>
- <li><a
href="https://cwiki.apache.org/confluence/display/WW/Security+Bulletins";>Security
Bulletins</a></li>
- <li class="divider"></li>
- <li><a href="/maven/project-info.html">Maven Project
Info</a></li>
- <li><a href="/maven/struts2-core/dependencies.html">Struts
Core Dependencies</a></li>
- <li><a href="/maven/struts2-plugins/modules.html">Plugin
Dependencies</a></li>
- </ul>
- </li>
- <li class="dropdown">
- <a data-toggle="dropdown" href="#" class="dropdown-toggle">
- Documentation<b class="caret"></b>
- </a>
- <ul class="dropdown-menu">
- <li><a href="/birdseye.html">Birds Eye</a></li>
- <li><a href="/primer.html">Key Technologies</a></li>
- <li><a href="/kickstart.html">Kickstart FAQ</a></li>
- <li><a
href="https://cwiki.apache.org/confluence/display/WW/Home";>Wiki</a></li>
- <li class="divider"></li>
- <li><a href="/getting-started/">Getting Started</a></li>
- <li><a href="/security/">Security Guide</a></li>
- <li><a href="/core-developers/">Core Developers Guide</a></li>
- <li><a href="/tag-developers/">Tag Developers Guide</a></li>
- <li><a href="/maven-archetypes/">Maven Archetypes</a></li>
- <li><a href="/plugins/">Plugins</a></li>
- <li><a href="/maven/struts2-core/apidocs/index.html">Struts
Core API</a></li>
- <li><a href="/tag-developers/tag-reference.html">Tag
reference</a></li>
- <li><a
href="https://cwiki.apache.org/confluence/display/WW/FAQs";>FAQs</a></li>
- <li><a
href="http://cwiki.apache.org/S2PLUGINS/home.html";>Plugin registry</a></li>
- </ul>
- </li>
- <li class="dropdown">
- <a data-toggle="dropdown" href="#" class="dropdown-toggle">
- Contributing<b class="caret"></b>
- </a>
- <ul class="dropdown-menu">
- <li><a href="/youatstruts.html">You at Struts</a></li>
- <li><a href="/helping.html">How to Help FAQ</a></li>
- <li><a href="/dev-mail.html">Development Lists</a></li>
- <li><a href="/contributors/">Contributors Guide</a></li>
- <li class="divider"></li>
- <li><a href="/submitting-patches.html">Submitting
patches</a></li>
- <li><a href="/builds.html">Source Code and Builds</a></li>
- <li><a href="/coding-standards.html">Coding standards</a></li>
- <li><a
href="https://cwiki.apache.org/confluence/display/WW/Contributors+Guide";>Contributors
Guide</a></li>
- <li class="divider"></li>
- <li><a href="/release-guidelines.html">Release
Guidelines</a></li>
- <li><a href="/bylaws.html">PMC Charter</a></li>
- <li><a href="/volunteers.html">Volunteers</a></li>
- <li><a
href="https://gitbox.apache.org/repos/asf?p=struts.git";>Source
Repository</a></li>
- <li><a href="/updating-website.html">Updating the
website</a></li>
- </ul>
- </li>
- <li class="apache"><a href="http://www.apache.org/";><img
src="/img/apache.png"></a></li>
- </ul>
- </div>
- </div>
- </div>
- </nav>
-</header>
-
-
-<article class="container">
- <section class="col-md-12">
- <a class="edit-on-gh"
href="https://github.com/apache/struts-site/edit/master/source/announce.md";
title="Edit this page on GitHub">Edit on GitHub</a>
-
- <h1 class="no_toc" id="announcements-2020">Announcements 2020</h1>
-
-<ul id="markdown-toc">
- <li><a href="#a20201208" id="markdown-toc-a20201208">08 December 2020 -
Potential RCE when using forced evaluation - CVE-2020-17530</a></li>
- <li><a href="#a20201206" id="markdown-toc-a20201206">06 December 2020 -
Struts 2.5.26 General Availability</a></li>
- <li><a href="#a20200928" id="markdown-toc-a20200928">28 September 2020 -
Struts 2.5.25 General Availability</a></li>
- <li><a href="#a20200813" id="markdown-toc-a20200813">13 August 2020 -
Security Advice: Announcing CVE-2019-0230 (Possible RCE) and CVE-2019-0233
(DoS) security issues</a></li>
-</ul>
-
-<p class="pull-right">
- Skip to: <a href="announce-2019.html">Announcements - 2019</a>
-</p>
-
-<h4 id="a20201208">08 December 2020 - Potential RCE when using forced
evaluation - CVE-2020-17530</h4>
-
-<p>The Apache Struts Security team would like to announce that forced OGNL
evaluation, when evaluated on raw user input
-in tag attributes, may lead to remote code execution.</p>
-
-<p><strong>Problem</strong></p>
-
-<p>Some of the tag’s attributes could perform a double evaluation if a
developer applied forced OGNL evaluation
-by using the <code class="highlighter-rouge">%{...}</code> syntax. Using
forced OGNL evaluation on untrusted user input can lead to a Remote Code
Execution
-and security degradation.</p>
-
-<p><strong>Solution</strong></p>
-
-<p>Avoid using forced OGNL evaluation on untrusted user input, and/or upgrade
to Struts 2.5.26 which checks if expression
-evaluation won’t lead to the double evaluation.</p>
-
-<p>Please read our Security Bulletin <a
href="https://cwiki.apache.org/confluence/display/WW/S2-061";>S2-061</a> for
more details.</p>
-
-<p>This vulnerability was identified by:</p>
-<ul>
- <li>Alvaro Munoz - pwntester at github dot com</li>
- <li>Masato Anzai of Aeye Security Lab, inc.</li>
-</ul>
-
-<p><strong>All developers are strongly advised to perform this
action.</strong></p>
-
-<h4 id="a20201206">06 December 2020 - Struts 2.5.26 General Availability</h4>
-
-<p>The Apache Struts group is pleased to announce that Struts 2.5.26 is
available as a “General Availability”
-release. The GA designation is our highest quality grade.</p>
-
-<p>Apache Struts 2 is an elegant, extensible framework for creating
enterprise-ready Java web applications.
-The framework has been designed to streamline the full development cycle, from
building, to deploying,
-to maintaining applications over time.</p>
-
-<p>Below is a full list of all changes:</p>
-
-<ul>
- <li>Junit plugin does not push ACTION_MAPPING into the context resulting in
NPE</li>
- <li>Struts2 StaticParametersInterceptor’s addParametersToContext method is
not working as expected</li>
-</ul>
-
-<blockquote>
- <p>Please read the <a
href="https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.5.26";>Version
Notes</a> to find more details about performed
-bug fixes and improvements.</p>
-</blockquote>
-
-<p><strong>All developers are strongly advised to perform this
action.</strong></p>
-
-<p>The 2.5.x series of the Apache Struts framework has a minimum requirement
of the following specification versions:
-Servlet API 2.4, JSP API 2.0, and Java 7.</p>
-
-<p>Should any issues arise with your use of any version of the Struts
framework, please post your comments to the user list,
-and, if appropriate, file <a
href="https://issues.apache.org/jira/projects/WW/";>a tracking ticket</a>.</p>
-
-<p>You can download this version from our <a
href="download.cgi#struts-ga">download</a> page.</p>
-
-<h4 id="a20200928">28 September 2020 - Struts 2.5.25 General Availability</h4>
-
-<p>The Apache Struts group is pleased to announce that Struts 2.5.25 is
available as a “General Availability”
-release. The GA designation is our highest quality grade.</p>
-
-<p>Apache Struts 2 is an elegant, extensible framework for creating
enterprise-ready Java web applications.
-The framework has been designed to streamline the full development cycle, from
building, to deploying,
-to maintaining applications over time.</p>
-
-<p>Below is a full list of all changes:</p>
-
-<ul>
- <li>Package Level Properties in Global Results</li>
- <li>AbstractMatcher adds values to the map passed into replaceParameters</li>
- <li>Minor bug in single file upload example of the Showcase application</li>
- <li>Unable to set long pathname variables</li>
- <li>s:set with empty body</li>
- <li>AliasInterceptor doesn’t properly handle Parameter.Empty</li>
- <li>Improve build behaviour on JDK9+</li>
- <li>Update multiple Struts 2.5.x libraries / Maven build plugin versions</li>
- <li>Upgrade OSGi to the latest version</li>
-</ul>
-
-<blockquote>
- <p>Please read the <a
href="https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.5.25";>Version
Notes</a> to find more details about performed
-bug fixes and improvements.</p>
-</blockquote>
-
-<p><strong>All developers are strongly advised to perform this
action.</strong></p>
-
-<p>The 2.5.x series of the Apache Struts framework has a minimum requirement
of the following specification versions:
-Servlet API 2.4, JSP API 2.0, and Java 7.</p>
-
-<p>Should any issues arise with your use of any version of the Struts
framework, please post your comments to the user list,
-and, if appropriate, file <a
href="https://issues.apache.org/jira/projects/WW/";>a tracking ticket</a>.</p>
-
-<p>You can download this version from our <a
href="download.cgi#struts-ga">download</a> page.</p>
-
-<h4 id="a20200813">13 August 2020 - Security Advice: Announcing CVE-2019-0230
(Possible RCE) and CVE-2019-0233 (DoS) security issues</h4>
-
-<p>Two new <a
href="https://cwiki.apache.org/confluence/display/WW/Security+Bulletin";>Struts
Security Bulletins</a> have been issued for Struts 2 by the Apache Struts
Security Team:</p>
-
-<ul>
- <li><a
href="https://cwiki.apache.org/confluence/display/ww/s2-059";>S2-059</a> -
Forced double OGNL evaluation, when evaluated on raw user input in tag
attributes, may lead to remote code execution (CVE-2019-0230)</li>
- <li><a
href="https://cwiki.apache.org/confluence/display/ww/s2-060";>S2-060</a> -
Access permission override causing a Denial of Service when performing a file
upload (CVE-2019-0233)</li>
-</ul>
-
-<p>Both issues affect Apache Struts in the version range 2.0.0 - 2.5.20. The
current version 2.5.22, which was released in November 2019, is not
affected.</p>
-
-<p><a
href="https://cwiki.apache.org/confluence/display/ww/s2-059";>CVE-2019-0230</a>
has been reported by Matthias Kaiser, Apple Information Security.
-By design, Struts 2 allows developers to utilize forced double evaluation for
certain tag attributes.
-When used with unvalidated, user modifiable input, malicious OGNL expressions
may be injected.
-In an ongoing effort, the Struts framework includes mitigations for limiting
the impact of injected expressions, but Struts before 2.5.22 left an attack
vector open which is addressed by this report.
-<strong>However, we continue to urge developers building upon Struts 2 to <a
href="https://struts.apache.org/security/#use-struts-tags-instead-of-raw-el-expressions";>not
use <code class="highlighter-rouge">%{...}</code> or <code
class="highlighter-rouge">${...}</code> syntax referencing unvalidated user
modifiable input in tag attributes </a>, since this is the ultimate fix for
this class of vulnerabilities.</strong></p>
-
-<p><a
href="https://cwiki.apache.org/confluence/display/ww/s2-060";>CVE-2019-0233</a>
has been reported by Takeshi Terada of Mitsui Bussan Secure Directions, Inc.
-In Struts before 2.5.22, when a file upload is performed to an Action that
exposes the file with a getter, an attacker may manipulate the request such
that the working copy of the uploaded file or even the container temporary
upload directory may be set to read-only access. As a result, subsequent
actions on the file or file uploads in general will fail with an error.</p>
-
-<p>Both issues are already fixed in Apache Struts <a
href="https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.5.22";>2.5.22</a>,
which was released in November 2019.</p>
-
-<p><strong>We strongly recommend all users to <a
href="download.cgi#struts-ga">upgrade</a> to Struts 2.5.22, if this has not
been done already.</strong></p>
-
-<p>The Apache Struts Security Team would like to thank the reporters for their
efforts and their practice of responsible disclosure, as well as their help
while investigating the report and coordinating public disclosure.</p>
-
-<p class="pull-right">
- Skip to: <a href="announce-2019.html">Announcements - 2019</a>
-</p>
-
-<p class="pull-left">
- <strong>Next:</strong>
- <a href="kickstart.html">Kickstart FAQ</a>
-</p>
-
- </section>
-</article>
-
-
-<footer class="container">
- <div class="col-md-12">
- Copyright © 2000-2018 <a href="http://www.apache.org/";>The Apache
Software Foundation </a>.
- All Rights Reserved.
- </div>
- <div class="col-md-12">
- Apache Struts, Struts, Apache, the Apache feather logo, and the Apache
Struts project logos are
- trademarks of The Apache Software Foundation.
- </div>
- <div class="col-md-12">Logo and website design donated by <a
href="https://softwaremill.com/";>SoftwareMill</a>.</div>
-</footer>
-
-<script>!function (d, s, id) {
- var js, fjs = d.getElementsByTagName(s)[0];
- if (!d.getElementById(id)) {
- js = d.createElement(s);
- js.id = id;
- js.src = "//platform.twitter.com/widgets.js";
- fjs.parentNode.insertBefore(js, fjs);
- }
-}(document, "script", "twitter-wjs");</script>
-<script src="https://apis.google.com/js/platform.js"; async="async"
defer="defer"></script>
-
-<div id="fb-root"></div>
-
-<script>(function (d, s, id) {
- var js, fjs = d.getElementsByTagName(s)[0];
- if (d.getElementById(id)) return;
- js = d.createElement(s);
- js.id = id;
- js.src = "//connect.facebook.net/en_GB/all.js#xfbml=1";
- fjs.parentNode.insertBefore(js, fjs);
-}(document, 'script', 'facebook-jssdk'));</script>
-
-
-</body>
-</html>
![https://s3.amazonaws.com/github/ribbons/forkme_right_red_aa0000.png"](https://s3.amazonaws.com/github/ribbons/forkme_right_red_aa0000.png"){kind=link}