This is an automated email from the ASF dual-hosted git repository. git-site-role pushed a commit to branch asf-site in repository https://gitbox.apache.org/repos/asf/struts-site.git
The following commit(s) were added to refs/heads/asf-site by this push: new 8d4f5a5 Updates production by Jenkins 8d4f5a5 is described below commit 8d4f5a5f0693580d28b7168139e2b344009c020c Author: jenkins <bui...@apache.org> AuthorDate: Tue Mar 27 10:30:45 2018 +0000 Updates production by Jenkins --- content/announce.html | 11 +++++++++++ content/index.html | 7 ++++++- 2 files changed, 17 insertions(+), 1 deletion(-) diff --git a/content/announce.html b/content/announce.html index 18a3ebe..ad5b1ee 100644 --- a/content/announce.html +++ b/content/announce.html @@ -130,6 +130,7 @@ <h1 class="no_toc" id="announcements-2018">Announcements 2018</h1> <ul id="markdown-toc"> + <li><a href="#a20180327" id="markdown-toc-a20180327">27 March 2018 - A crafted XML request can be used to perform a DoS attack when using the Struts REST plugin</a></li> <li><a href="#a20180323" id="markdown-toc-a20180323">23 March 2018 - Immediately upgrade commons-fileupload to version 1.3.3</a></li> <li><a href="#a20180316" id="markdown-toc-a20180316">16 March 2018 - Struts 2.5.16 General Availability</a></li> </ul> @@ -138,6 +139,16 @@ Skip to: <a href="announce-2017.html">Announcements - 2017</a> </p> +<h4 id="a20180327">27 March 2018 - A crafted XML request can be used to perform a DoS attack when using the Struts REST plugin</h4> + +<p>The Apache Security Struts Team recommends to immediately upgrade your Struts 2 based projects to use the latest released +version of the Apache Struts. This is necessary to prevent your publicly accessible web site, which is using the Struts +REST plugin and performing XML serialisation, from being exposed to possible DoS attack.</p> + +<p>You can find more details in a Security Bulletin <a href="https://cwiki.apache.org/confluence/display/WW/S2-056">S2-056</a></p> + +<p>All developers are strongly advised to perform this action.</p> + <h4 id="a20180323">23 March 2018 - Immediately upgrade commons-fileupload to version 1.3.3</h4> <p>The Apache Struts Team recommends to immediately upgrade your Struts 2 diff --git a/content/index.html b/content/index.html index 08e39a7..6eadc78 100644 --- a/content/index.html +++ b/content/index.html @@ -187,7 +187,12 @@ </p> </div> <div class="column col-md-4"> - <br/> + <h2>A crafted XML request can be used to perform a DoS attack when using the Struts REST plugin</h2> + <p> + The Apache Security Struts Team recommends to immediately upgrade your Struts 2 based projects to use + the latest released version of the Apache Struts to prevent possible DoS attack when using the REST plugin. + <a href="announce.html#a20180327">Announcement</a> + </p> </div> </div> </div> -- To stop receiving notification emails like this one, please contact git-site-r...@apache.org.