This is an automated email from the ASF dual-hosted git repository.
lukaszlenart pushed a commit to branch feature/ann-s2-067
in repository https://gitbox.apache.org/repos/asf/struts-site.git
commit 5ed952ba2d3e80010b113ebb28836e27b015d511
Author: Lukasz Lenart <lukaszlen...@apache.org>
AuthorDate: Wed Dec 11 07:43:21 2024 +0100
S2-067 Announcement
---
docker-arm64-serve.sh | 0
source/announce-2024.md | 16 ++++++++++++++++
source/index.html | 11 +++++++----
source/releases.html | 11 +++++++++++
4 files changed, 34 insertions(+), 4 deletions(-)
diff --git a/docker-arm64-serve.sh b/docker-arm64-serve.sh
old mode 100644
new mode 100755
diff --git a/source/announce-2024.md b/source/announce-2024.md
index 60b98ef1e..8364630ca 100644
--- a/source/announce-2024.md
+++ b/source/announce-2024.md
@@ -13,6 +13,22 @@ title: Announcements 2024
Skip to: <a href="announce-2023">Announcements - 2023</a>
</p>
+#### 10 December 2024 - CVE-2024-53677 File upload logic is flawed {#a20241210}
+
+The Apache Struts group recommends upgrading to Apache Struts version 6.4.0 at
least and migrating to
+the [new file upload](core-developers/action-file-upload) mechanism to
mitigate potential security
+vulnerability when using deprecated
[FileUploadInterceptor](core-developers/file-upload-interceptor).
+
+> Please read the Security Bulletin
[S2-067](https://cwiki.apache.org/confluence/display/WW/S2-067) to find more
+> details about this security vulnerability
+
+**All developers are strongly advised to perform this upgrade.**
+
+Should any issues arise with your use of any version of the Struts framework,
please post your comments to the user list,
+and, if appropriate, file [a tracking ticket]({{ site.jira_url }}).
+
+You can download the latest version from our
[download](download.cgi#struts-ga) page.
+
#### 17 November 2024 - Apache Struts version 6.7.0 General Availability
{#a20241117}
The Apache Struts group is pleased to announce that Apache Struts version
6.6.7 is available as a "General Availability"
diff --git a/source/index.html b/source/index.html
index c9410e252..7f639ba8f 100644
--- a/source/index.html
+++ b/source/index.html
@@ -39,12 +39,15 @@ title: Welcome to the Apache Struts project
<a href="{{ site.wiki_url }}/Version+Notes+{{ site.prev_version
}}">Version notes</a>
</div>
<div class="column col-md-4">
- <h2>Apache Struts {{ site.prev_25_version }} GA</h2>
+ <h2>CVE-2024-53677 File upload logic is flawed</h2>
<p>
- Apache Struts {{ site.prev_25_version }} GA has been released<br/>on
{{ site.prev_25_release_date }}.
+ Upgrade to Apache Struts 6.4.0 at least and migrate to
+ the new <a href="core-developers/action-file-upload">Action File
Upload</a> mechanism.
+ </p>
+ <p>
+ Read more in <a href="announce-2024#a20241210">Announcement</a> or in
+ the Security Bulletin <a href="{{ site.wiki_url }}/S2-067">S2-067</a>
</p>
- Read more in <a href="announce-2023#a{{
site.prev_25_release_date_short }}">Announcement</a> or in
- <a href="{{ site.wiki_url }}/Version+Notes+{{ site.prev_25_version
}}">Version notes</a>
</div>
</div>
<div class="row">
diff --git a/source/releases.html b/source/releases.html
index 8099daa40..f40fd645c 100644
--- a/source/releases.html
+++ b/source/releases.html
@@ -139,6 +139,7 @@ title: Releases
</td>
<td class="no-wrap">7 December 2023</td>
<td>
+ <a href="{{ site.wiki_url }}/S2-066">S2-067</a>
</td>
<td>
<a href="{{ site.wiki_url }}/Version+Notes+6.3.0.2">Version notes</a>
@@ -150,6 +151,7 @@ title: Releases
</td>
<td class="no-wrap">13 September 2023</td>
<td>
+ <a href="{{ site.wiki_url }}/S2-066">S2-067</a>,
<a href="{{ site.wiki_url }}/S2-066">S2-066</a>
</td>
<td>
@@ -162,6 +164,7 @@ title: Releases
</td>
<td class="no-wrap">4 September 2023</td>
<td>
+ <a href="{{ site.wiki_url }}/S2-066">S2-067</a>,
<a href="{{ site.wiki_url }}/S2-066">S2-066</a>,
<a href="{{ site.wiki_url }}/S2-065">S2-065</a>
</td>
@@ -175,6 +178,7 @@ title: Releases
</td>
<td class="no-wrap">10 July 2023</td>
<td>
+ <a href="{{ site.wiki_url }}/S2-066">S2-067</a>,
<a href="{{ site.wiki_url }}/S2-066">S2-066</a>,
<a href="{{ site.wiki_url }}/S2-065">S2-065</a>
</td>
@@ -188,6 +192,7 @@ title: Releases
</td>
<td class="no-wrap">13 June 2023</td>
<td>
+ <a href="{{ site.wiki_url }}/S2-066">S2-067</a>,
<a href="{{ site.wiki_url }}/S2-066">S2-066</a>,
<a href="{{ site.wiki_url }}/S2-065">S2-065</a>
</td>
@@ -201,6 +206,7 @@ title: Releases
</td>
<td class="no-wrap">13 June 2023</td>
<td>
+ <a href="{{ site.wiki_url }}/S2-066">S2-067</a>,
<a href="{{ site.wiki_url }}/S2-066">S2-066</a>,
<a href="{{ site.wiki_url }}/S2-065">S2-065</a>
</td>
@@ -214,6 +220,7 @@ title: Releases
</td>
<td class="no-wrap">10 March 2023</td>
<td>
+ <a href="{{ site.wiki_url }}/S2-066">S2-067</a>,
<a href="{{ site.wiki_url }}/S2-066">S2-066</a>,
<a href="{{ site.wiki_url }}/S2-065">S2-065</a>,
<a href="{{ site.wiki_url }}/S2-064">S2-064</a>,
@@ -229,6 +236,7 @@ title: Releases
</td>
<td class="no-wrap">28 November 2022</td>
<td>
+ <a href="{{ site.wiki_url }}/S2-066">S2-067</a>,
<a href="{{ site.wiki_url }}/S2-066">S2-066</a>,
<a href="{{ site.wiki_url }}/S2-065">S2-065</a>,
<a href="{{ site.wiki_url }}/S2-064">S2-064</a>,
@@ -244,6 +252,7 @@ title: Releases
</td>
<td class="no-wrap">15 September 2022</td>
<td>
+ <a href="{{ site.wiki_url }}/S2-066">S2-067</a>,
<a href="{{ site.wiki_url }}/S2-066">S2-066</a>,
<a href="{{ site.wiki_url }}/S2-065">S2-065</a>,
<a href="{{ site.wiki_url }}/S2-064">S2-064</a>,
@@ -259,6 +268,7 @@ title: Releases
</td>
<td class="no-wrap">6 June 2022</td>
<td>
+ <a href="{{ site.wiki_url }}/S2-066">S2-067</a>,
<a href="{{ site.wiki_url }}/S2-066">S2-066</a>,
<a href="{{ site.wiki_url }}/S2-065">S2-065</a>,
<a href="{{ site.wiki_url }}/S2-064">S2-064</a>,
@@ -274,6 +284,7 @@ title: Releases
</td>
<td class="no-wrap">4 April 2022</td>
<td>
+ <a href="{{ site.wiki_url }}/S2-066">S2-067</a>,
<a href="{{ site.wiki_url }}/S2-066">S2-066</a>,
<a href="{{ site.wiki_url }}/S2-065">S2-065</a>,
<a href="{{ site.wiki_url }}/S2-064">S2-064</a>,
