date:20160617

[1/2] struts-examples git commit: Uses the latest Struts version

2016-06-17 Thread lukaszlenart

Repository: struts-examples
Updated Branches:
  refs/heads/master 880889720 -> f59d7baa2


Uses the latest Struts version


Project: http://git-wip-us.apache.org/repos/asf/struts-examples/repo
Commit: http://git-wip-us.apache.org/repos/asf/struts-examples/commit/e6c39f79
Tree: http://git-wip-us.apache.org/repos/asf/struts-examples/tree/e6c39f79
Diff: http://git-wip-us.apache.org/repos/asf/struts-examples/diff/e6c39f79

Branch: refs/heads/master
Commit: e6c39f7937a2ec130a9a5e7898c8cb91456e2d07
Parents: 8808897
Author: Lukasz Lenart 
Authored: Fri Jun 17 10:38:30 2016 +0200
Committer: Lukasz Lenart 
Committed: Fri Jun 17 10:38:30 2016 +0200

--
 pom.xml   | 4 ++--
 tiles/pom.xml | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/struts-examples/blob/e6c39f79/pom.xml
--
diff --git a/pom.xml b/pom.xml
index 1f2e00a..5719847 100644
--- a/pom.xml
+++ b/pom.xml
@@ -40,8 +40,8 @@
 
 
 UTF-8
-2.5
-2.5
+2.5.1
+2.6
 
 
 

http://git-wip-us.apache.org/repos/asf/struts-examples/blob/e6c39f79/tiles/pom.xml
--
diff --git a/tiles/pom.xml b/tiles/pom.xml
index 0329054..ce8a87c 100644
--- a/tiles/pom.xml
+++ b/tiles/pom.xml
@@ -16,7 +16,7 @@
 
 org.apache.logging.log4j
 log4j-slf4j-impl
-2.4
+${log4j2.version}

[2/2] struts-examples git commit: Defines default action

2016-06-17 Thread lukaszlenart

Defines default action


Project: http://git-wip-us.apache.org/repos/asf/struts-examples/repo
Commit: http://git-wip-us.apache.org/repos/asf/struts-examples/commit/f59d7baa
Tree: http://git-wip-us.apache.org/repos/asf/struts-examples/tree/f59d7baa
Diff: http://git-wip-us.apache.org/repos/asf/struts-examples/diff/f59d7baa

Branch: refs/heads/master
Commit: f59d7baa25fc33fad679f132f83822b0c3d5f5bd
Parents: e6c39f7
Author: Lukasz Lenart 
Authored: Fri Jun 17 10:38:35 2016 +0200
Committer: Lukasz Lenart 
Committed: Fri Jun 17 10:38:35 2016 +0200

--
 tiles/src/main/resources/struts.xml | 11 +++
 1 file changed, 11 insertions(+)
--


http://git-wip-us.apache.org/repos/asf/struts-examples/blob/f59d7baa/tiles/src/main/resources/struts.xml
--
diff --git a/tiles/src/main/resources/struts.xml 
b/tiles/src/main/resources/struts.xml
index f3e463c..cd7f487 100644
--- a/tiles/src/main/resources/struts.xml
+++ b/tiles/src/main/resources/struts.xml
@@ -9,4 +9,15 @@
   
   
   
+
+  
+
+
+  
+example
+HelloWorld
+  
+
+
+

[3/6] struts-site git commit: Uses proper version series

2016-06-17 Thread lukaszlenart

Uses proper version series


Project: http://git-wip-us.apache.org/repos/asf/struts-site/repo
Commit: http://git-wip-us.apache.org/repos/asf/struts-site/commit/b6a4c5ec
Tree: http://git-wip-us.apache.org/repos/asf/struts-site/tree/b6a4c5ec
Diff: http://git-wip-us.apache.org/repos/asf/struts-site/diff/b6a4c5ec

Branch: refs/heads/master
Commit: b6a4c5ec7b15fd6158f455ef82ec55e134d1616b
Parents: 3997ae6
Author: Lukasz Lenart 
Authored: Thu May 12 14:46:39 2016 +0200
Committer: Lukasz Lenart 
Committed: Fri Jun 17 14:25:04 2016 +0200

--
 source/download.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
--


http://git-wip-us.apache.org/repos/asf/struts-site/blob/b6a4c5ec/source/download.html
--
diff --git a/source/download.html b/source/download.html
index a99f854..36d03d1 100644
--- a/source/download.html
+++ b/source/download.html
@@ -69,7 +69,7 @@ title: Download a Release
   http://struts.apache.org/";>Apache Struts {{ site.current_version 
}} is an elegant, extensible
   framework for creating enterprise-ready Java web applications. It is 
available in a full distribution,
   or as separate library, source, example and documentation distributions.
-  Struts {{ site.current_version }} is the "best available" version of Struts 
in the 2.3 series.
+  Struts {{ site.current_version }} is the "best available" version of Struts 
in the 2.5 series.

[4/6] struts-site git commit: Adds announcement about latest security vulnerabilities

2016-06-17 Thread lukaszlenart

Adds announcement about latest security vulnerabilities


Project: http://git-wip-us.apache.org/repos/asf/struts-site/repo
Commit: http://git-wip-us.apache.org/repos/asf/struts-site/commit/88e6a4a3
Tree: http://git-wip-us.apache.org/repos/asf/struts-site/tree/88e6a4a3
Diff: http://git-wip-us.apache.org/repos/asf/struts-site/diff/88e6a4a3

Branch: refs/heads/master
Commit: 88e6a4a3a38e20e3296e2ffbc605110023376a2b
Parents: b6a4c5e
Author: Lukasz Lenart 
Authored: Wed Jun 1 11:57:13 2016 +0200
Committer: Lukasz Lenart 
Committed: Fri Jun 17 14:25:04 2016 +0200

--
 source/announce.md | 16 
 1 file changed, 16 insertions(+)
--


http://git-wip-us.apache.org/repos/asf/struts-site/blob/88e6a4a3/source/announce.md
--
diff --git a/source/announce.md b/source/announce.md
index 6b0668a..70fa7a7 100644
--- a/source/announce.md
+++ b/source/announce.md
@@ -8,6 +8,22 @@ title: Announcements
   Skip to: Announcements - 2015
 
 
+ 1 June 2016 - Two security vulnerabilities reported {#a20160601}
+
+Two potential security vulnerabilities were reported which were already 
addressed in the latest Apache Struts 2 versions.
+Those reports just added other vectors of attack.
+
+ - [S2-033](/docs/s2-033.html)
+   Remote Code Execution can be performed when using REST Plugin with ! 
operator when Dynamic Method Invocation is enabled
+
+ - [S2-034](/docs/s2-034.html)
+   OGNL cache poisoning can lead to DoS vulnerability
+
+Please read carefully the Security Bulletins and take suggested actions. The 
simplest way to avoid those vulnerabilities
+in your application is to upgrade the Apache Struts to latest available 
version in 2.3.x series or to the Apache Struts 2.5.
+
+You can download those versions from our [download](download.html#struts-ga) 
page.
+
  9 May 2016 - Struts 2.5 General Availability {#a20160509}
 
 The Apache Struts group is pleased to announce that Struts 2.5 is available as 
a "General Availability"

[1/6] struts-site git commit: Adds info about vulnerabilities

2016-06-17 Thread lukaszlenart

Repository: struts-site
Updated Branches:
  refs/heads/master 3997ae6c9 -> 4eb769b07


Adds info about vulnerabilities


Project: http://git-wip-us.apache.org/repos/asf/struts-site/repo
Commit: http://git-wip-us.apache.org/repos/asf/struts-site/commit/4eb769b0
Tree: http://git-wip-us.apache.org/repos/asf/struts-site/tree/4eb769b0
Diff: http://git-wip-us.apache.org/repos/asf/struts-site/diff/4eb769b0

Branch: refs/heads/master
Commit: 4eb769b07a5210ebea212798c2ab2ca88bda9c22
Parents: e4de1bb
Author: Lukasz Lenart 
Authored: Fri Jun 17 14:23:51 2016 +0200
Committer: Lukasz Lenart 
Committed: Fri Jun 17 14:25:04 2016 +0200

--
 source/downloads.html | 69 ++
 1 file changed, 69 insertions(+)
--


http://git-wip-us.apache.org/repos/asf/struts-site/blob/4eb769b0/source/downloads.html
--
diff --git a/source/downloads.html b/source/downloads.html
index ca0c36c..f2bad5a 100644
--- a/source/downloads.html
+++ b/source/downloads.html
@@ -107,10 +107,37 @@ title: Releases
   
   
 
+  Struts 2.3.28.1
+
+19 April 2016
+
+  S2-041,
+  S2-040,
+  S2-039,
+  S2-038,
+  S2-037,
+  S2-036,
+  S2-035,
+  S2-032,
+  S2-031
+
+
+  Version notes
+
+  
+  
+
   Struts 2.3.28
 
 18 March 2016
 
+  S2-041,
+  S2-040,
+  S2-039,
+  S2-038,
+  S2-037,
+  S2-036,
+  S2-035,
   S2-032,
   S2-031
 
@@ -124,6 +151,13 @@ title: Releases
 
 19 April 2016
 
+  S2-041,
+  S2-040,
+  S2-039,
+  S2-038,
+  S2-037,
+  S2-036,
+  S2-035,
   S2-030,
   S2-028
 
@@ -137,6 +171,13 @@ title: Releases
 
 19 April 2016
 
+  S2-041,
+  S2-040,
+  S2-039,
+  S2-038,
+  S2-037,
+  S2-036,
+  S2-035,
   S2-030,
   S2-028
 
@@ -150,6 +191,13 @@ title: Releases
 
 24 September 2015
 
+  S2-041,
+  S2-040,
+  S2-039,
+  S2-038,
+  S2-037,
+  S2-036,
+  S2-035,
   S2-032,
   S2-031,
   S2-030,
@@ -166,6 +214,13 @@ title: Releases
 
 7 May 2015
 
+  S2-041,
+  S2-040,
+  S2-039,
+  S2-038,
+  S2-037,
+  S2-036,
+  S2-035,
   S2-032,
   S2-031,
   S2-030,
@@ -183,6 +238,13 @@ title: Releases
 
 6 May 2015
 
+  S2-041,
+  S2-040,
+  S2-039,
+  S2-038,
+  S2-037,
+  S2-036,
+  S2-035,
   S2-032,
   S2-031,
   S2-030,
@@ -200,6 +262,13 @@ title: Releases
 
 7 December 2014
 
+  S2-041,
+  S2-040,
+  S2-039,
+  S2-038,
+  S2-037,
+  S2-036,
+  S2-035,
   S2-032,
   S2-031,
   S2-030,

[6/6] struts-site git commit: Adds announcement to main page

2016-06-17 Thread lukaszlenart

Adds announcement to main page


Project: http://git-wip-us.apache.org/repos/asf/struts-site/repo
Commit: http://git-wip-us.apache.org/repos/asf/struts-site/commit/4cc16c64
Tree: http://git-wip-us.apache.org/repos/asf/struts-site/tree/4cc16c64
Diff: http://git-wip-us.apache.org/repos/asf/struts-site/diff/4cc16c64

Branch: refs/heads/master
Commit: 4cc16c645639bf8b5c4cfd14633b89bd88cd1a35
Parents: 88e6a4a
Author: Lukasz Lenart 
Authored: Wed Jun 1 12:20:12 2016 +0200
Committer: Lukasz Lenart 
Committed: Fri Jun 17 14:25:04 2016 +0200

--
 source/index.html | 8 
 1 file changed, 4 insertions(+), 4 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/struts-site/blob/4cc16c64/source/index.html
--
diff --git a/source/index.html b/source/index.html
index bb454b1..97d15d5 100644
--- a/source/index.html
+++ b/source/index.html
@@ -58,17 +58,17 @@ title: Welcome to the Apache Struts project
 
   
   
-Security Bulletin S2-031
+Security Bulletin S2-033 & S2-034
 
-  A new security bulletin was published, please carefully read the
-  Announcement
+  Two new Security Bulletins were published, please read more in the
+  Announcement.
 
   
   
 Security Bulletin S2-032
 
   A new security bulletin was published, please carefully read the
-  Announcement
+  S2-032 bulletin.

[2/6] struts-site git commit: Adds notes about 2.3.29

2016-06-17 Thread lukaszlenart

Adds notes about 2.3.29


Project: http://git-wip-us.apache.org/repos/asf/struts-site/repo
Commit: http://git-wip-us.apache.org/repos/asf/struts-site/commit/a6afc275
Tree: http://git-wip-us.apache.org/repos/asf/struts-site/tree/a6afc275
Diff: http://git-wip-us.apache.org/repos/asf/struts-site/diff/a6afc275

Branch: refs/heads/master
Commit: a6afc2751a92ee69e8e0d4a68731847f42abd09d
Parents: 4cc16c6
Author: Lukasz Lenart 
Authored: Fri Jun 17 14:16:11 2016 +0200
Committer: Lukasz Lenart 
Committed: Fri Jun 17 14:25:04 2016 +0200

--
 source/announce.md   |  56 +++-
 source/download.html | 162 ++
 source/index.html|  33 +++---
 3 files changed, 84 insertions(+), 167 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/struts-site/blob/a6afc275/source/announce.md
--
diff --git a/source/announce.md b/source/announce.md
index 70fa7a7..e4c62c8 100644
--- a/source/announce.md
+++ b/source/announce.md
@@ -8,6 +8,61 @@ title: Announcements
   Skip to: Announcements - 2015
 
 
+ 17 June 2016 - Struts 2.3.29 General Availability with Security Fixes 
Release {#a20160617}
+
+The Apache Struts group is pleased to announce that Struts 2.3.29 is available 
as a "General Availability"
+release. The GA designation is our highest quality grade.
+
+Apache Struts 2 is an elegant, extensible framework for creating 
enterprise-ready Java web applications.
+The framework is designed to streamline the full development cycle, from 
building, to deploying,
+to maintaining applications over time.
+
+This release addresses two potential security vulnerabilities:
+
+  - [S2-035](/docs/s2-035.html)
+Action name clean up is error prone
+
+  - [S2-036](/docs/s2-036.html)
+Forced double OGNL evaluation, when evaluated on raw user input in tag 
attributes,
+may lead to remote code execution (similar to S2-029)
+
+  - [S2-037](/docs/s2-037.html)
+Remote Code Execution can be performed when using REST Plugin.
+
+  - [S2-038](/docs/s2-038.html)
+It is possible to bypass token validation and perform a CSRF attack
+
+  - [S2-039](/docs/s2-039.html)
+Getter as action method leads to security bypass
+
+  - [S2-040](/docs/s2-040.html)
+Input validation bypass using existing default action method.
+
+  - [S2-041](/docs/s2-041.html)
+Possible DoS attack when using URLValidator
+
+This release contains several breaking changes and improvements just to 
mention few of them:
+
+ - Json result type breaks
+ - MessageStorePreResultListener doesn't store messages for 3rd-party 
RedirectResult subclasses
+ - Multiple tiles.xml in web.xml
+ - New Tiles version can not find tiles*.xml files in sub-directories
+ - EmailValidator flags .cat emails as invalid
+ - Struts2 JSON Plugin: messages in fieldsErrors are serialized twice since 
jdk1.7_80
+ - Tile definition Inheritance/overriding is broken in Struts2 tiles plugin 
2.3.28+
+ - `` generates a value attribute for type=image which violates W3C
+ - ClassCastException while generating report using Struts 2.3.28 and 
jasperreports 4.5.1
+
+**All developers are strongly advised to perform this action.**
+
+The 2.3.x series of the Apache Struts framework has a minimum requirement of 
the following specification versions:
+Servlet API 2.4, JSP API 2.0, and Java 6.
+
+Should any issues arise with your use of any version of the Struts framework, 
please post your comments
+to the user list, and, if appropriate, file a tracking ticket.
+
+You can download this version from our [download](download.html#struts-ga) 
page.
+
  1 June 2016 - Two security vulnerabilities reported {#a20160601}
 
 Two potential security vulnerabilities were reported which were already 
addressed in the latest Apache Struts 2 versions.
@@ -146,7 +201,6 @@ This release addresses three potential security 
vulnerabilities:
 
 **All developers are strongly advised to perform this action.**
 
-
 This release contains several breaking changes and improvements just to 
mention few of them:
 
  - New Configurationprovider type was introduced - 
ServletContextAwareConfigurationProvider, see WW-4410

http://git-wip-us.apache.org/repos/asf/struts-site/blob/a6afc275/source/download.html
--
diff --git a/source/download.html b/source/download.html
index 36d03d1..e00d546 100644
--- a/source/download.html
+++ b/source/download.html
@@ -139,20 +139,20 @@ title: Download a Release
 
 
 
-
-Struts 2.3.28.1
+
+Struts 2.3.29
 
 
   
-http://struts.apache.org/docs/version-notes-23281.html";>Version 
Notes
+http://struts.apache.org/docs/version-notes-2329.html";>Version 
Notes
   
 
   Full Distribution:
 
   
-struts-2.3.28.1-all.zip
 (65MB)
-[http://www.apache

[5/6] struts-site git commit: Improves indentation

2016-06-17 Thread lukaszlenart

Improves indentation


Project: http://git-wip-us.apache.org/repos/asf/struts-site/repo
Commit: http://git-wip-us.apache.org/repos/asf/struts-site/commit/e4de1bb0
Tree: http://git-wip-us.apache.org/repos/asf/struts-site/tree/e4de1bb0
Diff: http://git-wip-us.apache.org/repos/asf/struts-site/diff/e4de1bb0

Branch: refs/heads/master
Commit: e4de1bb0165eeaad689e2b89bd86bdfcf7c964b4
Parents: a6afc27
Author: Lukasz Lenart 
Authored: Fri Jun 17 14:18:26 2016 +0200
Committer: Lukasz Lenart 
Committed: Fri Jun 17 14:25:04 2016 +0200

--
 source/downloads.html | 2004 ++--
 1 file changed, 1002 insertions(+), 1002 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/struts-site/blob/e4de1bb0/source/downloads.html
--
diff --git a/source/downloads.html b/source/downloads.html
index 2955c95..ca0c36c 100644
--- a/source/downloads.html
+++ b/source/downloads.html
@@ -32,7 +32,7 @@ title: Releases
 
   
 http://struts.apache.org/download.cgi#struts-beta";>
-  Struts 2.5 BETA 2
+  Struts 2.5 BETA 3
  (second BETA release of new backward compatibility breaking 
version 2.5)
   
 
@@ -96,1007 +96,1007 @@ title: Releases
 
 
 
-
-
-  Release
-  Release Date
-  Vulnerability
-  Version Notes
-
-
-
-
-  
-Struts 2.3.28
-  
-  18 March 2016
-  
-S2-032,
-S2-031
-  
-  
-Version notes
-  
-
-
-  
-Struts 2.3.24.3
-  
-  19 April 2016
-  
-S2-030,
-S2-028
-  
-  
-Version notes
-  
-
-
-  
-Struts 2.3.20.3
-  
-  19 April 2016
-  
-S2-030,
-S2-028
-  
-  
-Version notes
-  
-
-
-  
-Struts 2.3.24.1
-  
-  24 September 2015
-  
-S2-032,
-S2-031,
-S2-030,
-S2-029,
-S2-028
-  
-  
-Version notes
-  
-
-
-  
-Struts 2.3.24
-  
-  7 May 2015
-  
-S2-032,
-S2-031,
-S2-030,
-S2-029,
-S2-028,
-S2-026
-  
-  
-Version notes
-  
-
-
-  
-Struts 2.3.20.1
-  
-  6 May 2015
-  
-S2-032,
-S2-031,
-S2-030,
-S2-029,
-S2-028,
-S2-026
-  
-  
-Version notes
-  
-
-
-  
-Struts 2.3.20
-  
-  7 December 2014
-  
-S2-032,
-S2-031,
-S2-030,
-S2-029,
-S2-028,
-S2-026,
-S2-024
-  
-  
-Version notes
-  
-
-
-  
-Struts 2.3.16.3
-  
-  2 May 2014
-  
-http://struts.apache.org/docs/s2-026.html";>S2-026,
-http://struts.apache.org/docs/s2-023.html";>S2-023
-  
-  
-http://struts.apache.org/docs/version-notes-23163.html";>Version 
notes
-  
-
-
-  
-Struts 2.3.16.2
-  
-  24 March 2014
-  
-http://struts.apache.org/docs/s2-023.html";>S2-023,
-http://struts.apache.org/docs/s2-022.html";>S2-022
-  
-  
-http://struts.apache.org/docs/version-notes-23162.html";>Version 
notes
-  
-
-
-  
-Struts 2.3.16.1
-  
-  2 March 2014
-  
-http://struts.apache.org/docs/s2-023.html";>S2-023,
-http://struts.apache.org/docs/s2-022.html";>S2-022,
-http://struts.apache.org/docs/s2-021.html";>S2-021
-  
-  
-http://struts.apache.org/docs/version-notes-23161.html";>Version 
notes
-  
-
-
-  
-Struts 2.3.16
-  
-  8 December 2013
-  
-http://struts.apache.org/docs/s2-023.html";>S2-023,
-http://struts.apache.org/docs/s2-022.html";>S2-022,
-http://struts.apache.org/docs/s2-021.html";>S2-021,
-http://struts.apache.org/docs/s2-020.html";>S2-020,
-http://struts.apache.org/docs/s2-019.html";>S2-019
-  
-  
-http://struts.apache.org/docs/version-notes-2316.html";>Version 
notes
-  
-
-
-  
-Struts 2.3.15.3
-  
-  15 October 2013
-  
-http://struts.apache.org/docs/s2-023.html";>S2-023,
-http://struts.apache.org/docs/s2-022.html";>S2-022,
-http://struts.apache.org/docs/s2-021.html";>S2-021,
-http://struts.apache.org/docs/s2-020.html";>S2-020,
-http://struts.apache.org/docs/s2-019.html";>S2-019
-  
-  
-http://struts.apache.org/docs/version-notes-23153.html";>Version 
notes
-  
-
-
-  
-Struts 2.3.15.2
-  
-  16 July 2013
-  
-http://struts.apache.org/docs/s2-023.html";>S2-023,
-http://struts.apache.org/docs/s2-022.html";>S2-022,
-http://struts.apache.org/docs/s2-021.html";>S2-021,
-http://struts.apache.org/docs/s2-020.html";>S2-020,
-http://struts.apache.org/docs/s2-019.html";>S2-019
-  
-  
-http://struts.apache.org/docs/version-notes-23152.html";>Version 
notes
-  
-
-
-  
-Struts 2.3.15.1
-  
-  16 July 2013
-  
-http://struts.apache.org/docs/s2-023.html";>S2-023,
-http://struts.apache.org/docs/s2-022.html";>S2-022,
-http://struts.apache.org/docs/s2-021.html";>S2-021,
-http://struts.apache.org/docs/s2-020.html";>S2-020,
-http://struts.apache.org/docs/s2-019.html";>S2-019
-  
-  
-http://struts.apache.org/docs/version-notes-23151.html";>Version 
notes
-  
-
-
-  
-

svn commit: r990786 [2/4] - in /websites/production/struts/content: ./ docs/

2016-06-17 Thread lukaszlenart

Modified: websites/production/struts/content/docs/security-bulletins.html
==
--- websites/production/struts/content/docs/security-bulletins.html (original)
+++ websites/production/struts/content/docs/security-bulletins.html Fri Jun 17 
12:26:19 2016
@@ -126,7 +126,7 @@ under the License.
 
 
 The following security bulletins 
are available:
-S2-001 
— Remote code exploit on form validation 
errorS2-002 — 
Cross site scripting (XSS) vulnerability on 
 and  tagsS2-003 — XWork 
ParameterInterceptors bypass allows OGNL statement executionS2-004 — Directory traversal vulnerability while serving static 
contentS2-005 — 
XWork ParameterInterceptors bypass allows remote 
command executionS2-006 
— Multiple Cross-Site Scripting (XSS) in XWork 
generated error pagesS2-007 — User input is 
evaluated as an OGNL expression when there's a conversion 
errorS2-008 — 
Multiple critical vulnerabilities in 
Struts2S2-009 — 
ParameterInterceptor vulnerability allows remote 
command executionS2-010 
— When using Struts 2 token mechanism for CSRF 
protection, token check may be bypassed by misusing known session 
attributesS2-011 — 
Long request parameter names might significantly 
promote the effectiveness of DOS attacksS2-012 — Showcase app 
vulnerability allows remote command execution
 S2-013 — A vulnerability, present in the includeParams attribute of 
the URL and Anchor Tag, allows remote command executionS2-014 — A 
vulnerability introduced by forcing parameter inclusion in the URL and Anchor 
Tag allows remote command execution, session access and manipulation and XSS 
attacksS2-015 — 
A vulnerability introduced by wildcard matching 
mechanism or double evaluation of OGNL Expression allows remote command 
execution.S2-016 — 
A vulnerability introduced by manipulating parameters 
prefixed with "action:"/"redirect:"/"redirectAction:" allows remote command 
executionS2-017 — 
A vulnerability introduced by manipulating parameters prefixed with 
"redirect:"/"redirectAction:" allows for open redirectsS2-018 — Broken Access Control Vulnerability in Apache 
Struts2S2-019 — 
Dynamic Method Invocation disabled by 
defaultS2-020 — 
Upgrade Commons FileUpload to version 1.3.1 (avoids DoS 
attacks) and adds 'class' to exclude params in ParametersInterceptor (avoid 
ClassLoader manipulation)S2-021 — Improves excluded 
params in ParametersInterceptor and CookieInterceptor to avoid ClassLoader 
manipulationS2-022 
— Extends excluded params in CookieInt
 erceptor to avoid manipulation of Struts' internalsS2-023 — Generated value of token can be predictableS2-024 — Wrong excludeParams overrides those defined in 
DefaultExcludedPatternsCheckerS2-025 — Cross-Site 
Scripting Vulnerability in Debug Mode and in exposed JSP 
filesS2-026 — 
Special top object can be used to access Struts' 
internalsS2-027 — 
TextParseUtil.translateVariables does not filter 
malicious OGNL expressionsS2-028 — Use of a JRE with 
broken URLDecoder implementation may l
 ead to XSS vulnerability in Struts 2 based web applications.S2-029 — Forced double OGNL evaluation, when evaluated on raw user 
input in tag attributes, may lead to remote code execution.S2-030 — Possible XSS vulnerability in 
I18NInterceptorS2-031 
— XSLTResult can be used to parse arbitrary 
stylesheetS2-032 — 
Remote Code Execution can be performed via method: 
prefix when Dynamic Method Invocation is enabled.S2-033 — Remote Code Execution can be performed when using REST Plugin 
with ! operator when Dynamic Method Invocation is enabled.S2-034 — OGNL cache 
poisoning can lead to DoS vulnerability
+S2-001 
— Remote code exploit on form validation 
errorS2-002 — 
Cross site scripting (XSS) vulnerability on 
 and  tagsS2-003 — XWork 
ParameterInterceptors bypass allows OGNL statement executionS2-004 — Directory traversal vulnerability while serving static 
contentS2-005 — 
XWork ParameterInterceptors bypass allows remote 
command executionS2-006 
— Multiple Cross-Site Scripting (XSS) in XWork 
generated error pagesS2-007 — User input is 
evaluated as an OGNL expression when there's a conversion 
errorS2-008 — 
Multiple critical vulnerabilities in 
Struts2S2-009 — 
ParameterInterceptor vulnerability allows remote 
command executionS2-010 
— When using Struts 2 token mechanism for CSRF 
protection, token check may be bypassed by misusing known session 
attributesS2-011 — 
Long request parameter names might significantly 
promote the effectiveness of DOS attacksS2-012 — Showcase app 
vulnerability allows remote command execution
 S2-013 — A vulnerability, present in the includeParams attribute of 
the URL and Anchor Tag, allows remote command executionS2-014 — A 
vulnerability introduced by forcing parameter inclusion in the URL and Anchor 
Tag allows remote command execution, session access and manipulation and XSS 
attacksS2-015 — 
A vulnerability introduced by wildcard matching

svn commit: r990786 [4/4] - in /websites/production/struts/content: ./ docs/

2016-06-17 Thread lukaszlenart

Modified: websites/production/struts/content/index.html
==
--- websites/production/struts/content/index.html (original)
+++ websites/production/struts/content/index.html Fri Jun 17 12:26:19 2016
@@ -145,45 +145,28 @@
 
   
   
-Apache Struts 2.5 GA
+Apache Struts 2.3.29 GA
 
-  Apache Struts 2.5 GA has been releasedon 9 may 2016.
+  It's the latest release of Struts 2.3.x,
+  read more in Announcement or in
+  Version notes
 
-Read more in Announcement or in
-Version notes
   
   
-Apache Struts 2.3.28.1 GA
+Apache Struts 2.5 GA
 
-  It's the latest release of Struts 2.3.x,
-  read more in Announcement or 
in
-  Version notes
+  Apache Struts 2.5 GA has been releasedon 9 may 2016.
 
+Read more in Announcement or in
+Version notes
   
 
 
   
-Apache Struts 2.3.20.3 & 2.3.24.3
-
-  We have released two older versions of Apache Struts which contain 
the latest security fixes.
-  Please read announcement for 2.3.20.3 & 2.3.24.3
-  and version notes for 2.3.20.3 and
-  2.3.24.3.
-
   
   
-Security Bulletin S2-033 & S2-034
-
-  Two new Security Bulletins were published, please read more in the
-  Announcement.
-
   
   
-Security Bulletin S2-032
-
-  A new security bulletin was published, please carefully read the
-  S2-032 bulletin.
-
   
 
   

Modified: websites/production/struts/content/mail.html
==
--- websites/production/struts/content/mail.html (original)
+++ websites/production/struts/content/mail.html Fri Jun 17 12:26:19 2016
@@ -150,29 +150,23 @@
   
 
   
-Struts-Announcements
-mailto:announcements-subscr...@struts.apache.org?subject=subscribe&body=subscribe";>announcements-subscr...@struts.apache.org
-
-mailto:announcements-unsubscr...@struts.apache.org?subject=unsubscribe&body=unsubscribe";>announcements-unsubscr...@struts.apache.org
-
+https://lists.apache.org/list.html?announceme...@struts.apache.org";>Struts-Announcements
+mailto:announcements-subscr...@struts.apache.org?subject=subscribe&body=subscribe";>announcements-subscr...@struts.apache.org
+mailto:announcements-unsubscr...@struts.apache.org?subject=unsubscribe&body=unsubscribe";>announcements-unsubscr...@struts.apache.org
 Major Announcements, low-volume, read only
   
 
   
-Struts-User
-mailto:user-subscr...@struts.apache.org?subject=subscribe&body=subscribe";>user-subscr...@struts.apache.org
-
-mailto:user-unsubscr...@struts.apache.org?subject=unsubscribe&body=unsubscribe";>user-unsubscr...@struts.apache.org
-
+https://lists.apache.org/list.html?u...@struts.apache.org";>Struts-User
+mailto:user-subscr...@struts.apache.org?subject=subscribe&body=subscribe";>user-subscr...@struts.apache.org
+mailto:user-unsubscr...@struts.apache.org?subject=unsubscribe&body=unsubscribe";>user-unsubscr...@struts.apache.org
 Contact to other Struts-users and ask questions on installation or 
features
   
 
   
 Users Digest
-mailto:user-digest-subscr...@struts.apache.org?subject=subscribe&body=subscribe";>user-digest-subscr...@struts.apache.org
-
-mailto:user-digest-unsubscr...@struts.apache.org?subject=unsubscribe&body=unsubscribe";>user-digest-unsubscr...@struts.apache.org
-
+mailto:user-digest-subscr...@struts.apache.org?subject=subscribe&body=subscribe";>user-digest-subscr...@struts.apache.org
+mailto:user-digest-unsubscr...@struts.apache.org?subject=unsubscribe&body=unsubscribe";>user-digest-unsubscr...@struts.apache.org
 Get a daily digest of the Struts Users list

svn commit: r990786 [3/4] - in /websites/production/struts/content: ./ docs/

2016-06-17 Thread lukaszlenart

Modified: websites/production/struts/content/downloads.html
==
--- websites/production/struts/content/downloads.html (original)
+++ websites/production/struts/content/downloads.html Fri Jun 17 12:26:19 2016
@@ -147,7 +147,7 @@
 
   
 http://struts.apache.org/download.cgi#struts-beta";>
-  Struts 2.5 BETA 2
+  Struts 2.5 BETA 3
  (second BETA release of new backward compatibility breaking 
version 2.5)
   
 
@@ -211,1007 +211,1076 @@
 
 
 
-
-
-  Release
-  Release Date
-  Vulnerability
-  Version Notes
-
-
-
-
-  
-Struts 2.3.28
-  
-  18 March 2016
-  
-S2-032,
-S2-031
-  
-  
-Version notes
-  
-
-
-  
-Struts 2.3.24.3
-  
-  19 April 2016
-  
-S2-030,
-S2-028
-  
-  
-Version notes
-  
-
-
-  
-Struts 2.3.20.3
-  
-  19 April 2016
-  
-S2-030,
-S2-028
-  
-  
-Version notes
-  
-
-
-  
-Struts 2.3.24.1
-  
-  24 September 2015
-  
-S2-032,
-S2-031,
-S2-030,
-S2-029,
-S2-028
-  
-  
-Version notes
-  
-
-
-  
-Struts 2.3.24
-  
-  7 May 2015
-  
-S2-032,
-S2-031,
-S2-030,
-S2-029,
-S2-028,
-S2-026
-  
-  
-Version notes
-  
-
-
-  
-Struts 2.3.20.1
-  
-  6 May 2015
-  
-S2-032,
-S2-031,
-S2-030,
-S2-029,
-S2-028,
-S2-026
-  
-  
-Version notes
-  
-
-
-  
-Struts 2.3.20
-  
-  7 December 2014
-  
-S2-032,
-S2-031,
-S2-030,
-S2-029,
-S2-028,
-S2-026,
-S2-024
-  
-  
-Version notes
-  
-
-
-  
-Struts 2.3.16.3
-  
-  2 May 2014
-  
-http://struts.apache.org/docs/s2-026.html";>S2-026,
-http://struts.apache.org/docs/s2-023.html";>S2-023
-  
-  
-http://struts.apache.org/docs/version-notes-23163.html";>Version 
notes
-  
-
-
-  
-Struts 2.3.16.2
-  
-  24 March 2014
-  
-http://struts.apache.org/docs/s2-023.html";>S2-023,
-http://struts.apache.org/docs/s2-022.html";>S2-022
-  
-  
-http://struts.apache.org/docs/version-notes-23162.html";>Version 
notes
-  
-
-
-  
-Struts 2.3.16.1
-  
-  2 March 2014
-  
-http://struts.apache.org/docs/s2-023.html";>S2-023,
-http://struts.apache.org/docs/s2-022.html";>S2-022,
-http://struts.apache.org/docs/s2-021.html";>S2-021
-  
-  
-http://struts.apache.org/docs/version-notes-23161.html";>Version 
notes
-  
-
-
-  
-Struts 2.3.16
-  
-  8 December 2013
-  
-http://struts.apache.org/docs/s2-023.html";>S2-023,
-http://struts.apache.org/docs/s2-022.html";>S2-022,
-http://struts.apache.org/docs/s2-021.html";>S2-021,
-http://struts.apache.org/docs/s2-020.html";>S2-020,
-http://struts.apache.org/docs/s2-019.html";>S2-019
-  
-  
-http://struts.apache.org/docs/version-notes-2316.html";>Version 
notes
-  
-
-
-  
-Struts 2.3.15.3
-  
-  15 October 2013
-  
-http://struts.apache.org/docs/s2-023.html";>S2-023,
-http://struts.apache.org/docs/s2-022.html";>S2-022,
-http://struts.apache.org/docs/s2-021.html";>S2-021,
-http://struts.apache.org/docs/s2-020.html";>S2-020,
-http://struts.apache.org/docs/s2-019.html";>S2-019
-  
-  
-http://struts.apache.org/docs/version-notes-23153.html";>Version 
notes
-  
-
-
-  
-Struts 2.3.15.2
-  
-  16 July 2013
-  
-http://struts.apache.org/docs/s2-023.html";>S2-023,
-http://struts.apache.org/docs/s2-022.html";>S2-022,
-http://struts.apache.org/docs/s2-021.html";>S2-021,
-http://struts.apache.org/docs/s2-020.html";>S2-020,
-http://struts.apache.org/docs/s2-019.html";>S2-019
-  
-  
-http://struts.apache.org/docs/version-notes-23152.html";>Version 
notes
-  
-
-
-  
-Struts 2.3.15.1
-  
-  16 July 2013
-  
-http://struts.apache.org/docs/s2-023.html";>S2-023,
-http://struts.apache.org/docs/s2-022.html";>S2-022,
-http://struts.apache.org/docs/s2-021.html";>S2-021,
-http://struts.apache.org/docs/s2-020.html";>S2-020,
-http://struts.apache.org/docs/s2-019.html";>S2-019
-  
-  
-http://struts.apache.org/docs/version-notes-23151.html";>Version 
notes
-  
-
-
-  
-Struts 2.3.15
-  
-  22 June 2013
-  
-http://struts.apache.org/docs/s2-016.html";>S2-016,
-http://struts.apache.org/docs/s2-017.html";>S2-017,
-http://struts.apache.org/docs/s2-018.html";>S2-018,
-http://struts.apache.org/docs/s2-019.html";>S2-019,
-http://struts.apache.org/docs/s2-020.html";>S2-020,
-http://struts.apache.org/docs/s2-021.html";>S2-021,
-http://struts.apache.org/docs/s2-022.html";>S2-022,
-http://struts.apache.org/docs/s2-023.html";>S2-023
-  
-  
-http://struts.apache.org/docs/version-notes-2315.html";>Version 
notes
-  
-
-
-  
-Struts 2.3.14.3
-  
-  3 June 2013
-  
-http://struts.apache.org/docs/s2-016.html";>S2-016,
-http://struts.apache.org/docs/s2-017.html";>S2-017,
-http://struts.apache.org/docs/s2-018.html";>S2-018,
-http://struts.apache.org/docs/s2-019.html

svn commit: r990786 [1/4] - in /websites/production/struts/content: ./ docs/

2016-06-17 Thread lukaszlenart

Author: lukaszlenart
Date: Fri Jun 17 12:26:19 2016
New Revision: 990786

Log:
Updates production

Added:
websites/production/struts/content/docs/s2-035.html
websites/production/struts/content/docs/s2-036.html
websites/production/struts/content/docs/s2-037.html
websites/production/struts/content/docs/s2-038.html
websites/production/struts/content/docs/s2-039.html
websites/production/struts/content/docs/s2-040.html
websites/production/struts/content/docs/s2-041.html
websites/production/struts/content/docs/version-notes-2329.html
websites/production/struts/content/docs/version-notes-251.html
Modified:
websites/production/struts/content/announce.html
websites/production/struts/content/dev-mail.html
websites/production/struts/content/docs/security-bulletins.html
websites/production/struts/content/download.html
websites/production/struts/content/downloads.html
websites/production/struts/content/index.html
websites/production/struts/content/mail.html

Modified: websites/production/struts/content/announce.html
==
--- websites/production/struts/content/announce.html (original)
+++ websites/production/struts/content/announce.html Fri Jun 17 12:26:19 2016
@@ -124,6 +124,73 @@
   Skip to: Announcements - 2015
 
 
+17 June 2016 - Struts 2.3.29 General Availability with 
Security Fixes Release
+
+The Apache Struts group is pleased to announce that Struts 2.3.29 is 
available as a âGeneral Availabilityâ
+release. The GA designation is our highest quality grade.
+
+Apache Struts 2 is an elegant, extensible framework for creating 
enterprise-ready Java web applications.
+The framework is designed to streamline the full development cycle, from 
building, to deploying,
+to maintaining applications over time.
+
+This release addresses two potential security vulnerabilities:
+
+
+  
+S2-035
+Action name clean up is error prone
+  
+  
+S2-036
+Forced double OGNL evaluation, when evaluated on raw user input in tag 
attributes,
+may lead to remote code execution (similar to S2-029)
+  
+  
+S2-037
+Remote Code Execution can be performed when using REST Plugin.
+  
+  
+S2-038
+It is possible to bypass token validation and perform a CSRF attack
+  
+  
+S2-039
+Getter as action method leads to security bypass
+  
+  
+S2-040
+Input validation bypass using existing default action method.
+  
+  
+S2-041
+Possible DoS attack when using URLValidator
+  
+
+
+This release contains several breaking changes and improvements just to 
mention few of them:
+
+
+  Json result type breaks
+  MessageStorePreResultListener doesnât store messages for 3rd-party 
RedirectResult subclasses
+  Multiple tiles.xml in web.xml
+  New Tiles version can not find tiles*.xml files in sub-directories
+  EmailValidator flags .cat emails as invalid
+  Struts2 JSON Plugin: messages in fieldsErrors are serialized twice since 
jdk1.7_80
+  Tile definition Inheritance/overriding is broken in Struts2 tiles plugin 
2.3.28+
+   generates a 
value attribute for type=image which violates W3C
+  ClassCastException while generating report using Struts 2.3.28 and 
jasperreports 4.5.1
+
+
+All developers are strongly advised to perform this 
action.
+
+The 2.3.x series of the Apache Struts framework has a minimum requirement 
of the following specification versions:
+Servlet API 2.4, JSP API 2.0, and Java 6.
+
+Should any issues arise with your use of any version of the Struts 
framework, please post your comments
+to the user list, and, if appropriate, file a tracking ticket.
+
+You can download this version from our download page.
+
 1 June 2016 - Two security vulnerabilities reported
 
 Two potential security vulnerabilities were reported which were already 
addressed in the latest Apache Struts 2 versions.

Modified: websites/production/struts/content/dev-mail.html
==
--- websites/production/struts/content/dev-mail.html (original)
+++ websites/production/struts/content/dev-mail.html Fri Jun 17 12:26:19 2016
@@ -134,19 +134,19 @@ improvements and discussion on future St
 Description
 
 
-Struts-Dev
+https://lists.apache.org/list.html?d...@struts.apache.org";>Struts-Dev
 mailto:dev-subscr...@struts.apache.org?subject=subscribe&body=subscribe";>subscribe
 mailto:dev-unsubscr...@struts.apache.org?subject=unsubscribe&body=unsubscribe";>unsubscribe
 Contact other developers interested in expanding and improving 
Struts functionality.
 
 
-Struts-Commits
+https://lists.apache.org/list.html?commits@struts.apache.org";>Struts-Commits
 mailto:commits-subscr...@struts.apache.org?subject=subscribe&body=subscribe";>subscribe
 mailto:commits-unsubscr...@struts.apache.org?subject=unsubscribe&body=unsubscribe";>unsubscribe

svn commit: r14029 - /dev/struts/2.5.1/ /release/struts/2.5.1/

2016-06-17 Thread lukaszlenart

Author: lukaszlenart
Date: Fri Jun 17 12:45:44 2016
New Revision: 14029

Log:
Vote passed


Added:
release/struts/2.5.1/
  - copied from r14028, dev/struts/2.5.1/
Removed:
dev/struts/2.5.1/

svn commit: r990876 - in /websites/production/struts/content: ./ docs/

2016-06-17 Thread lukaszlenart

Author: lukaszlenart
Date: Sat Jun 18 05:21:09 2016
New Revision: 990876

Log:
Updates production

Modified:
websites/production/struts/content/announce-2002.html
websites/production/struts/content/announce-2003.html
websites/production/struts/content/announce-2004.html
websites/production/struts/content/announce-2005.html
websites/production/struts/content/announce-2006.html
websites/production/struts/content/announce-2007.html
websites/production/struts/content/announce-2008.html
websites/production/struts/content/announce-2009.html
websites/production/struts/content/announce-2010.html
websites/production/struts/content/announce-2011.html
websites/production/struts/content/announce-2012.html
websites/production/struts/content/announce-2013.html
websites/production/struts/content/announce-2014.html
websites/production/struts/content/announce-2015.html
websites/production/struts/content/announce.html
websites/production/struts/content/archetype-catalog.xml
websites/production/struts/content/birdseye.html
websites/production/struts/content/builds.html
websites/production/struts/content/bylaws.html
websites/production/struts/content/coding-standards.html
websites/production/struts/content/dev-mail.html
websites/production/struts/content/docs/security.html
websites/production/struts/content/download.html
websites/production/struts/content/downloads.html
websites/production/struts/content/helping.html
websites/production/struts/content/index.html
websites/production/struts/content/kickstart.html
websites/production/struts/content/mail.html
websites/production/struts/content/primer.html
websites/production/struts/content/releases.html
websites/production/struts/content/security.html
websites/production/struts/content/struts1eol-announcement.html
websites/production/struts/content/struts1eol-press.html
websites/production/struts/content/submitting-patches.html
websites/production/struts/content/volunteers.html
websites/production/struts/content/youatstruts.html

Modified: websites/production/struts/content/announce-2002.html
==
--- websites/production/struts/content/announce-2002.html (original)
+++ websites/production/struts/content/announce-2002.html Sat Jun 18 05:21:09 
2016
@@ -379,7 +379,7 @@
 
 
   
-Copyright © 2000-2015 http://www.apache.org/";>The Apache 
Software Foundation .
+Copyright © 2000-2016 http://www.apache.org/";>The Apache 
Software Foundation .
 All Rights Reserved.
   
   

Modified: websites/production/struts/content/announce-2003.html
==
--- websites/production/struts/content/announce-2003.html (original)
+++ websites/production/struts/content/announce-2003.html Sat Jun 18 05:21:09 
2016
@@ -226,7 +226,7 @@
 
 
   
-Copyright © 2000-2015 http://www.apache.org/";>The Apache 
Software Foundation .
+Copyright © 2000-2016 http://www.apache.org/";>The Apache 
Software Foundation .
 All Rights Reserved.
   
   

Modified: websites/production/struts/content/announce-2004.html
==
--- websites/production/struts/content/announce-2004.html (original)
+++ websites/production/struts/content/announce-2004.html Sat Jun 18 05:21:09 
2016
@@ -279,7 +279,7 @@
 
 
   
-Copyright © 2000-2015 http://www.apache.org/";>The Apache 
Software Foundation .
+Copyright © 2000-2016 http://www.apache.org/";>The Apache 
Software Foundation .
 All Rights Reserved.
   
   

Modified: websites/production/struts/content/announce-2005.html
==
--- websites/production/struts/content/announce-2005.html (original)
+++ websites/production/struts/content/announce-2005.html Sat Jun 18 05:21:09 
2016
@@ -724,7 +724,7 @@
 
 
   
-Copyright © 2000-2015 http://www.apache.org/";>The Apache 
Software Foundation .
+Copyright © 2000-2016 http://www.apache.org/";>The Apache 
Software Foundation .
 All Rights Reserved.
   
   

Modified: websites/production/struts/content/announce-2006.html
==
--- websites/production/struts/content/announce-2006.html (original)
+++ websites/production/struts/content/announce-2006.html Sat Jun 18 05:21:09 
2016
@@ -783,7 +783,7 @@
 
 
   
-Copyright © 2000-2015 http://www.apache.org/";>The Apache 
Software Foundation .
+Copyright © 2000-2016 http://www.apache.org/";>The Apache 
Software Foundation .
 All Rights Reserved.
   
   

Modified: websites/production/struts/content/announce-2007.html
==
--- websites/production/struts/content/announce-2007.html (origina

[1/2] struts-site git commit: Adds info about 2.5.1

2016-06-17 Thread lukaszlenart

Repository: struts-site
Updated Branches:
  refs/heads/master 4eb769b07 -> 7f198004e


Adds info about 2.5.1


Project: http://git-wip-us.apache.org/repos/asf/struts-site/repo
Commit: http://git-wip-us.apache.org/repos/asf/struts-site/commit/eb5255dc
Tree: http://git-wip-us.apache.org/repos/asf/struts-site/tree/eb5255dc
Diff: http://git-wip-us.apache.org/repos/asf/struts-site/diff/eb5255dc

Branch: refs/heads/master
Commit: eb5255dca8583a72a555f2f9b53aa2be46b51f00
Parents: 4eb769b
Author: Lukasz Lenart 
Authored: Sat Jun 18 07:19:26 2016 +0200
Committer: Lukasz Lenart 
Committed: Sat Jun 18 07:19:26 2016 +0200

--
 _config.yml   |  8 
 source/announce.md| 40 +++-
 source/downloads.html | 12 
 source/index.html | 16 
 4 files changed, 63 insertions(+), 13 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/struts-site/blob/eb5255dc/_config.yml
--
diff --git a/_config.yml b/_config.yml
index 21c6d66..4162fd8 100644
--- a/_config.yml
+++ b/_config.yml
@@ -22,10 +22,10 @@ kramdown:
 root:
 
 # Simplifies introducing changes related to the latest release
-current_version: 2.5
-current_version_short: 25
+current_version: 2.5.1
+current_version_short: 251
 current_beta_version: 2.5-BETA3
 current_beta_version_short: 25B3
-release_date: 9 may 2016
-release_date_short: 20160509
+release_date: 18 june 2016
+release_date_short: 20160618
 beta_release_date_short: 20160126

http://git-wip-us.apache.org/repos/asf/struts-site/blob/eb5255dc/source/announce.md
--
diff --git a/source/announce.md b/source/announce.md
index e4c62c8..ec994b7 100644
--- a/source/announce.md
+++ b/source/announce.md
@@ -8,6 +8,44 @@ title: Announcements
   Skip to: Announcements - 2015
 
 
+ 18 June 2016 - Struts 2.5.1 General Availability {#a20160618}
+
+The Apache Struts group is pleased to announce that Struts 2.5.1 is available 
as a "General Availability"
+release. The GA designation is our highest quality grade.
+
+Apache Struts 2 is an elegant, extensible framework for creating 
enterprise-ready Java web applications.
+The framework is designed to streamline the full development cycle, from 
building, to deploying,
+to maintaining applications over time.
+
+This release addresses one potential security vulnerability:
+
+  - [S2-041](/docs/s2-041.html)
+Possible DoS attack when using URLValidator
+
+Also all security patches applied to version Struts 2.3.29 were also applied 
to this version (just in case).
+
+This release contains several improvements just to mention few of them:
+
+ - contentType override ignored for JSONInterceptor - see WW-4558
+ - MessageStorePreResultListener does not store messages for 3rd-party 
RedirectResult subclasses - see WW-4618
+ - EmailValidator flags .cat emails as invalid - see WW-4626
+ - SMI cannot be disabled - see WW-4632
+ - Centre alignment does not seem to work in Velocity tags - see WW-4634
+ - Unable to process Jar entry (javassist-3.20.0-GA.jar) - see WW-4637
+ - Strict Method Invocation breaks Action-Less Results - see WW-4643
+ - When method is not allowed throw exception with meaningful message - see 
WW-4640
+ - update struts2 bom - see WW-4644
+
+**All developers are strongly advised to perform this action.**
+
+The 2.5.x series of the Apache Struts framework has a minimum requirement of 
the following specification versions:
+Servlet API 2.4, JSP API 2.0, and Java 7.
+
+Should any issues arise with your use of any version of the Struts framework, 
please post your comments
+to the user list, and, if appropriate, file a tracking ticket.
+
+You can download this version from our [download](download.html#struts-ga) 
page.
+
  17 June 2016 - Struts 2.3.29 General Availability with Security Fixes 
Release {#a20160617}
 
 The Apache Struts group is pleased to announce that Struts 2.3.29 is available 
as a "General Availability"
@@ -17,7 +55,7 @@ Apache Struts 2 is an elegant, extensible framework for 
creating enterprise-read
 The framework is designed to streamline the full development cycle, from 
building, to deploying,
 to maintaining applications over time.
 
-This release addresses two potential security vulnerabilities:
+This release addresses these potential security vulnerabilities:
 
   - [S2-035](/docs/s2-035.html)
 Action name clean up is error prone

http://git-wip-us.apache.org/repos/asf/struts-site/blob/eb5255dc/source/downloads.html
--
diff --git a/source/downloads.html b/source/downloads.html
index f2bad5a..5eee992 100644
--- a/source/downloads.html
+++ b/source/downloads.html
@@ -107,6 +107,18 @@ title: Releases
   
   
 
+  Stru

[2/2] struts-site git commit: Updates year

2016-06-17 Thread lukaszlenart

Updates year


Project: http://git-wip-us.apache.org/repos/asf/struts-site/repo
Commit: http://git-wip-us.apache.org/repos/asf/struts-site/commit/7f198004
Tree: http://git-wip-us.apache.org/repos/asf/struts-site/tree/7f198004
Diff: http://git-wip-us.apache.org/repos/asf/struts-site/diff/7f198004

Branch: refs/heads/master
Commit: 7f198004ef3b0bcc934ba03079736c8719d6802f
Parents: eb5255d
Author: Lukasz Lenart 
Authored: Sat Jun 18 07:20:23 2016 +0200
Committer: Lukasz Lenart 
Committed: Sat Jun 18 07:20:23 2016 +0200

--
 source/_includes/footer.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
--


http://git-wip-us.apache.org/repos/asf/struts-site/blob/7f198004/source/_includes/footer.html
--
diff --git a/source/_includes/footer.html b/source/_includes/footer.html
index e34829c..c4b808c 100644
--- a/source/_includes/footer.html
+++ b/source/_includes/footer.html
@@ -1,7 +1,7 @@
 
 
   
-Copyright © 2000-2015 http://www.apache.org/";>The Apache 
Software Foundation .
+Copyright © 2000-2016 http://www.apache.org/";>The Apache 
Software Foundation .
 All Rights Reserved.

[1/2] struts-examples git commit: Uses the latest Struts version

[2/2] struts-examples git commit: Defines default action

[3/6] struts-site git commit: Uses proper version series

[4/6] struts-site git commit: Adds announcement about latest security vulnerabilities

[1/6] struts-site git commit: Adds info about vulnerabilities

[6/6] struts-site git commit: Adds announcement to main page

[2/6] struts-site git commit: Adds notes about 2.3.29

[5/6] struts-site git commit: Improves indentation

svn commit: r990786 [2/4] - in /websites/production/struts/content: ./ docs/

svn commit: r990786 [4/4] - in /websites/production/struts/content: ./ docs/

svn commit: r990786 [3/4] - in /websites/production/struts/content: ./ docs/

svn commit: r990786 [1/4] - in /websites/production/struts/content: ./ docs/

svn commit: r14029 - /dev/struts/2.5.1/ /release/struts/2.5.1/

svn commit: r990876 - in /websites/production/struts/content: ./ docs/

[1/2] struts-site git commit: Adds info about 2.5.1

[2/2] struts-site git commit: Updates year

16 matches

Site Navigation

Mail list logo

Footer information