This is an automated email from the ASF dual-hosted git repository.
git-site-role pushed a commit to branch asf-site
in repository https://gitbox.apache.org/repos/asf/struts-site.git
The following commit(s) were added to refs/heads/asf-site by this push:
new 871b9b4 Updates production by Jenkins
871b9b4 is described below
commit 871b9b498d6baefe7f8991bb0c86dd0b8c2ad502
Author: jenkins <bui...@apache.org>
AuthorDate: Wed Aug 22 07:30:53 2018 +0000
Updates production by Jenkins
---
content/announce.html | 72 +++++++++++++++++++++
content/core-developers/interceptors.html | 2 +
content/core-developers/struts-default-xml.html | 2 +
content/download.html | 84 ++++++++++++-------------
content/index.html | 22 +++----
content/releases.html | 15 ++++-
6 files changed, 143 insertions(+), 54 deletions(-)
diff --git a/content/announce.html b/content/announce.html
index 32f7605..5faaddd 100644
--- a/content/announce.html
+++ b/content/announce.html
@@ -130,6 +130,9 @@
<h1 class="no_toc" id="announcements-2018">Announcements 2018</h1>
<ul id="markdown-toc">
+ <li><a href="#a20180822-0" id="markdown-toc-a20180822-0">22 August 2018 -
CVE-2018-11776 Apache Struts 2.3 to 2.3.34 and 2.5 to 2.5.16</a></li>
+ <li><a href="#a20180822-1" id="markdown-toc-a20180822-1">22 August 2018 -
Struts 2.5.17 General Availability</a></li>
+ <li><a href="#a20180822-2" id="markdown-toc-a20180822-2">22 August 2018 -
Struts 2.3.35 General Availability</a></li>
<li><a href="#a20180327" id="markdown-toc-a20180327">27 March 2018 - A
crafted XML request can be used to perform a DoS attack when using the Struts
REST plugin</a></li>
<li><a href="#a20180323" id="markdown-toc-a20180323">23 March 2018 -
Immediately upgrade commons-fileupload to version 1.3.3</a></li>
<li><a href="#a20180316" id="markdown-toc-a20180316">16 March 2018 - Struts
2.5.16 General Availability</a></li>
@@ -139,6 +142,75 @@
Skip to: <a href="announce-2017.html">Announcements - 2017</a>
</p>
+<h4 id="a20180822-0">22 August 2018 - CVE-2018-11776 Apache Struts 2.3 to
2.3.34 and 2.5 to 2.5.16</h4>
+
+<p>CVEID:CVE-2018-11776</p>
+
+<p>PRODUCT:Apache Struts</p>
+
+<p>VERSION:Apache Struts 2.3 to 2.3.34 and 2.5 to 2.5.16</p>
+
+<p>PROBLEMTYPE:Remote Code Execution</p>
+
+<p>REFERENCES:<a
href="https://cwiki.apache.org/confluence/display/WW/S2-057";>S2-057</a></p>
+
+<p>DESCRIPTION:Man Yue Mo from the Semmle Security Research team was noticed
that Apache Struts versions 2.3 to 2.3.34 and
+2.5 to 2.5.16 suffer from possible Remote Code Execution when using results
with no namespace and in same time, its
+upper action(s) have no or wildcard namespace. Same possibility when using url
tag which doesn’t have value and action
+set and in same time, its upper action(s) have no or wildcard namespace.</p>
+
+<h4 id="a20180822-1">22 August 2018 - Struts 2.5.17 General Availability</h4>
+
+<p>The Apache Struts group is pleased to announce that Struts 2.5.17 is
available as a “General Availability”
+release. The GA designation is our highest quality grade.</p>
+
+<p>In addition to critical overall proactive security improvements, this
release addresses one potential security vulnerability:</p>
+
+<ul>
+ <li>Possible Remote Code Execution when using results with no namespace and
in same time, its upper action(s) have no or
+wildcard namespace. Same possibility when using url tag which doesn’t have
value and action set. - <a
href="https://cwiki.apache.org/confluence/display/WW/S2-057";>S2-057</a></li>
+</ul>
+
+<p>Apache Struts 2 is an elegant, extensible framework for creating
enterprise-ready Java web applications.
+The framework is designed to streamline the full development cycle, from
building, to deploying,
+to maintaining applications over time.</p>
+
+<p><strong>All developers are strongly advised to perform this
action.</strong></p>
+
+<p>The 2.5.x series of the Apache Struts framework has a minimum requirement
of the following specification versions:
+Servlet API 2.4, JSP API 2.0, and Java 7.</p>
+
+<p>Should any issues arise with your use of any version of the Struts
framework, please post your comments
+to the user list, and, if appropriate, file a tracking ticket.</p>
+
+<p>You can download this version from our <a
href="download.cgi#struts-ga">download</a> page.</p>
+
+<h4 id="a20180822-2">22 August 2018 - Struts 2.3.35 General Availability</h4>
+
+<p>The Apache Struts group is pleased to announce that Struts 2.3.35 is
available as a “General Availability”
+release. The GA designation is our highest quality grade.</p>
+
+<p>In addition to critical overall proactive security improvements, this
release addresses one potential security vulnerability:</p>
+
+<ul>
+ <li>Possible Remote Code Execution when using results with no namespace and
in same time, its upper action(s) have no or
+wildcard namespace. Same possibility when using url tag which doesn’t have
value and action set. - <a
href="https://cwiki.apache.org/confluence/display/WW/S2-057";>S2-057</a></li>
+</ul>
+
+<p>Apache Struts 2 is an elegant, extensible framework for creating
enterprise-ready Java web applications.
+The framework is designed to streamline the full development cycle, from
building, to deploying,
+to maintaining applications over time.</p>
+
+<p><strong>All developers are strongly advised to perform this
action.</strong></p>
+
+<p>The 2.3.x series of the Apache Struts framework has a minimum requirement
of the following specification versions:
+Servlet API 2.4, JSP API 2.0, and Java 6.</p>
+
+<p>Should any issues arise with your use of any version of the Struts
framework, please post your comments
+to the user list, and, if appropriate, file a tracking ticket.</p>
+
+<p>You can download this version from our <a
href="download.cgi#struts-23x">download</a> page.</p>
+
<h4 id="a20180327">27 March 2018 - A crafted XML request can be used to
perform a DoS attack when using the Struts REST plugin</h4>
<p>The Apache Security Struts Team recommends to immediately upgrade your
Struts 2 based projects to use the latest released
diff --git a/content/core-developers/interceptors.html
b/content/core-developers/interceptors.html
index 91095e6..5409037 100644
--- a/content/core-developers/interceptors.html
+++ b/content/core-developers/interceptors.html
@@ -286,6 +286,7 @@ than reiterate the same list of Interceptors, we can bundle
these Interceptors t
<span class="c"><!-- this is simpler version of the above used with
string comparison --></span>
<span class="nt"><constant</span> <span class="na">name=</span><span
class="s">"struts.excludedPackageNames"</span>
<span class="na">value=</span><span class="s">"</span>
+ <span class="err">com.opensymphony.xwork2.ognl.,</span>
<span class="err">java.lang.,</span>
<span class="err">ognl.,</span>
<span class="err">javax,</span>
@@ -293,6 +294,7 @@ than reiterate the same list of Interceptors, we can bundle
these Interceptors t
<span class="err">freemarker.template.,</span>
<span class="err">freemarker.ext.rhino.,</span>
<span class="err">freemarker.ext.beans.,</span>
+ <span class="err">sun.misc.,</span>
<span class="err">sun.reflect.,</span>
<span class="err">javassist."</span> <span
class="nt">/></span>
diff --git a/content/core-developers/struts-default-xml.html
b/content/core-developers/struts-default-xml.html
index 0c0ab39..fab4f27 100644
--- a/content/core-developers/struts-default-xml.html
+++ b/content/core-developers/struts-default-xml.html
@@ -201,6 +201,7 @@ setting in <a
href="struts-properties.html">struts.properties</a>.</p>
<span class="c"><!-- this is simpler version of the above used with
string comparison --></span>
<span class="nt"><constant</span> <span class="na">name=</span><span
class="s">"struts.excludedPackageNames"</span>
<span class="na">value=</span><span class="s">"</span>
+ <span class="err">com.opensymphony.xwork2.ognl.,</span>
<span class="err">java.lang.,</span>
<span class="err">ognl.,</span>
<span class="err">javax,</span>
@@ -208,6 +209,7 @@ setting in <a
href="struts-properties.html">struts.properties</a>.</p>
<span class="err">freemarker.template.,</span>
<span class="err">freemarker.ext.rhino.,</span>
<span class="err">freemarker.ext.beans.,</span>
+ <span class="err">sun.misc.,</span>
<span class="err">sun.reflect.,</span>
<span class="err">javassist."</span> <span
class="nt">/></span>
diff --git a/content/download.html b/content/download.html
index 73b1735..715ed20 100644
--- a/content/download.html
+++ b/content/download.html
@@ -189,26 +189,26 @@
<h2 id="struts-ga">Full Releases</h2>
-<h3 id="struts2516">Struts 2.5.16</h3>
+<h3 id="struts2517">Struts 2.5.17</h3>
<p>
- <a href="https://struts.apache.org/";>Apache Struts 2.5.16</a> is an elegant,
extensible
+ <a href="https://struts.apache.org/";>Apache Struts 2.5.17</a> is an elegant,
extensible
framework for creating enterprise-ready Java web applications. It is
available in a full distribution,
or as separate library, source, example and documentation distributions.
- Struts 2.5.16 is the "best available" version of Struts in the 2.5 series.
+ Struts 2.5.17 is the "best available" version of Struts in the 2.5 series.
</p>
<ul>
<li>
- <a
href="https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.5.16";>Version
Notes</a>
+ <a
href="https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.5.17";>Version
Notes</a>
</li>
<li>Full Distribution:
<ul>
<li>
- <a
href="[preferred]struts/2.5.16/struts-2.5.16-all.zip">struts-2.5.16-all.zip</a>
(65MB)
- [<a
href="https://www.apache.org/dist/struts/2.5.16/struts-2.5.16-all.zip.asc";>PGP</a>]
- [<a
href="https://www.apache.org/dist/struts/2.5.16/struts-2.5.16-all.zip.md5";>MD5</a>]
+ <a
href="[preferred]struts/2.5.17/struts-2.5.17-all.zip">struts-2.5.17-all.zip</a>
(65MB)
+ [<a
href="https://www.apache.org/dist/struts/2.5.17/struts-2.5.17-all.zip.asc";>PGP</a>]
+ [<a
href="https://www.apache.org/dist/struts/2.5.17/struts-2.5.17-all.zip.md5";>MD5</a>]
</li>
</ul>
</li>
@@ -216,9 +216,9 @@
<li>Example Applications:
<ul>
<li>
- <a
href="[preferred]struts/2.5.16/struts-2.5.16-apps.zip">struts-2.5.16-apps.zip</a>
(35MB)
- [<a
href="https://www.apache.org/dist/struts/2.5.16/struts-2.5.16-apps.zip.asc";>PGP</a>]
- [<a
href="https://www.apache.org/dist/struts/2.5.16/struts-2.5.16-apps.zip.md5";>MD5</a>]
+ <a
href="[preferred]struts/2.5.17/struts-2.5.17-apps.zip">struts-2.5.17-apps.zip</a>
(35MB)
+ [<a
href="https://www.apache.org/dist/struts/2.5.17/struts-2.5.17-apps.zip.asc";>PGP</a>]
+ [<a
href="https://www.apache.org/dist/struts/2.5.17/struts-2.5.17-apps.zip.md5";>MD5</a>]
</li>
</ul>
</li>
@@ -226,9 +226,9 @@
<li>Essential Dependencies Only:
<ul>
<li>
- <a
href="[preferred]struts/2.5.16/struts-2.5.16-min-lib.zip">struts-2.5.16-min-lib.zip</a>
(4MB)
- [<a
href="https://www.apache.org/dist/struts/2.5.16/struts-2.5.16-min-lib.zip.asc";>PGP</a>]
- [<a
href="https://www.apache.org/dist/struts/2.5.16/struts-2.5.16-min-lib.zip.md5";>MD5</a>]
+ <a
href="[preferred]struts/2.5.17/struts-2.5.17-min-lib.zip">struts-2.5.17-min-lib.zip</a>
(4MB)
+ [<a
href="https://www.apache.org/dist/struts/2.5.17/struts-2.5.17-min-lib.zip.asc";>PGP</a>]
+ [<a
href="https://www.apache.org/dist/struts/2.5.17/struts-2.5.17-min-lib.zip.md5";>MD5</a>]
</li>
</ul>
</li>
@@ -236,9 +236,9 @@
<li>All Dependencies:
<ul>
<li>
- <a
href="[preferred]struts/2.5.16/struts-2.5.16-lib.zip">struts-2.5.16-lib.zip</a>
(19MB)
- [<a
href="https://www.apache.org/dist/struts/2.5.16/struts-2.5.16-lib.zip.asc";>PGP</a>]
- [<a
href="https://www.apache.org/dist/struts/2.5.16/struts-2.5.16-lib.zip.md5";>MD5</a>]
+ <a
href="[preferred]struts/2.5.17/struts-2.5.17-lib.zip">struts-2.5.17-lib.zip</a>
(19MB)
+ [<a
href="https://www.apache.org/dist/struts/2.5.17/struts-2.5.17-lib.zip.asc";>PGP</a>]
+ [<a
href="https://www.apache.org/dist/struts/2.5.17/struts-2.5.17-lib.zip.md5";>MD5</a>]
</li>
</ul>
</li>
@@ -246,9 +246,9 @@
<li>Documentation:
<ul>
<li>
- <a
href="[preferred]struts/2.5.16/struts-2.5.16-docs.zip">struts-2.5.16-docs.zip</a>
(13MB)
- [<a
href="https://www.apache.org/dist/struts/2.5.16/struts-2.5.16-docs.zip.asc";>PGP</a>]
- [<a
href="https://www.apache.org/dist/struts/2.5.16/struts-2.5.16-docs.zip.md5";>MD5</a>]
+ <a
href="[preferred]struts/2.5.17/struts-2.5.17-docs.zip">struts-2.5.17-docs.zip</a>
(13MB)
+ [<a
href="https://www.apache.org/dist/struts/2.5.17/struts-2.5.17-docs.zip.asc";>PGP</a>]
+ [<a
href="https://www.apache.org/dist/struts/2.5.17/struts-2.5.17-docs.zip.md5";>MD5</a>]
</li>
</ul>
</li>
@@ -256,28 +256,28 @@
<li>Source:
<ul>
<li>
- <a
href="[preferred]struts/2.5.16/struts-2.5.16-src.zip">struts-2.5.16-src.zip</a>
(7MB)
- [<a
href="https://www.apache.org/dist/struts/2.5.16/struts-2.5.16-src.zip.asc";>PGP</a>]
- [<a
href="https://www.apache.org/dist/struts/2.5.16/struts-2.5.16-src.zip.md5";>MD5</a>]
+ <a
href="[preferred]struts/2.5.17/struts-2.5.17-src.zip">struts-2.5.17-src.zip</a>
(7MB)
+ [<a
href="https://www.apache.org/dist/struts/2.5.17/struts-2.5.17-src.zip.asc";>PGP</a>]
+ [<a
href="https://www.apache.org/dist/struts/2.5.17/struts-2.5.17-src.zip.md5";>MD5</a>]
</li>
</ul>
</li>
</ul>
-<h3 id="struts-23x">Struts 2.3.34</h3>
+<h3 id="struts-23x">Struts 2.3.35</h3>
<ul>
<li>
- <a href="https://struts.apache.org/docs/version-notes-2334.html";>Version
Notes</a>
+ <a
href="https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.3.35";>Version
Notes</a>
</li>
<li>Full Distribution:
<ul>
<li>
- <a
href="[preferred]struts/2.3.34/struts-2.3.34-all.zip">struts-2.3.34-all.zip</a>
(65MB)
- [<a
href="https://www.apache.org/dist/struts/2.3.34/struts-2.3.34-all.zip.asc";>PGP</a>]
- [<a
href="https://www.apache.org/dist/struts/2.3.34/struts-2.3.34-all.zip.md5";>MD5</a>]
+ <a
href="[preferred]struts/2.3.35/struts-2.3.35-all.zip">struts-2.3.35-all.zip</a>
(65MB)
+ [<a
href="https://www.apache.org/dist/struts/2.3.35/struts-2.3.35-all.zip.asc";>PGP</a>]
+ [<a
href="https://www.apache.org/dist/struts/2.3.35/struts-2.3.35-all.zip.md5";>MD5</a>]
</li>
</ul>
</li>
@@ -285,9 +285,9 @@
<li>Example Applications:
<ul>
<li>
- <a
href="[preferred]struts/2.3.34/struts-2.3.34-apps.zip">struts-2.3.34-apps.zip</a>
(35MB)
- [<a
href="https://www.apache.org/dist/struts/2.3.34/struts-2.3.34-apps.zip.asc";>PGP</a>]
- [<a
href="https://www.apache.org/dist/struts/2.3.34/struts-2.3.34-apps.zip.md5";>MD5</a>]
+ <a
href="[preferred]struts/2.3.35/struts-2.3.35-apps.zip">struts-2.3.35-apps.zip</a>
(35MB)
+ [<a
href="https://www.apache.org/dist/struts/2.3.35/struts-2.3.35-apps.zip.asc";>PGP</a>]
+ [<a
href="https://www.apache.org/dist/struts/2.3.35/struts-2.3.35-apps.zip.md5";>MD5</a>]
</li>
</ul>
</li>
@@ -295,9 +295,9 @@
<li>Essential Dependencies Only:
<ul>
<li>
- <a
href="[preferred]struts/2.3.34/struts-2.3.34-min-lib.zip">struts-2.3.34-min-lib.zip</a>
(4MB)
- [<a
href="https://www.apache.org/dist/struts/2.3.34/struts-2.3.34-min-lib.zip.asc";>PGP</a>]
- [<a
href="https://www.apache.org/dist/struts/2.3.34/struts-2.3.34-min-lib.zip.md5";>MD5</a>]
+ <a
href="[preferred]struts/2.3.35/struts-2.3.35-min-lib.zip">struts-2.3.35-min-lib.zip</a>
(4MB)
+ [<a
href="https://www.apache.org/dist/struts/2.3.35/struts-2.3.35-min-lib.zip.asc";>PGP</a>]
+ [<a
href="https://www.apache.org/dist/struts/2.3.35/struts-2.3.35-min-lib.zip.md5";>MD5</a>]
</li>
</ul>
</li>
@@ -305,9 +305,9 @@
<li>All Dependencies:
<ul>
<li>
- <a
href="[preferred]struts/2.3.34/struts-2.3.34-lib.zip">struts-2.3.34-lib.zip</a>
(19MB)
- [<a
href="https://www.apache.org/dist/struts/2.3.34/struts-2.3.34-lib.zip.asc";>PGP</a>]
- [<a
href="https://www.apache.org/dist/struts/2.3.34/struts-2.3.34-lib.zip.md5";>MD5</a>]
+ <a
href="[preferred]struts/2.3.35/struts-2.3.35-lib.zip">struts-2.3.35-lib.zip</a>
(19MB)
+ [<a
href="https://www.apache.org/dist/struts/2.3.35/struts-2.3.35-lib.zip.asc";>PGP</a>]
+ [<a
href="https://www.apache.org/dist/struts/2.3.35/struts-2.3.35-lib.zip.md5";>MD5</a>]
</li>
</ul>
</li>
@@ -315,9 +315,9 @@
<li>Documentation:
<ul>
<li>
- <a
href="[preferred]struts/2.3.34/struts-2.3.34-docs.zip">struts-2.3.34-docs.zip</a>
(13MB)
- [<a
href="https://www.apache.org/dist/struts/2.3.34/struts-2.3.34-docs.zip.asc";>PGP</a>]
- [<a
href="https://www.apache.org/dist/struts/2.3.34/struts-2.3.34-docs.zip.md5";>MD5</a>]
+ <a
href="[preferred]struts/2.3.35/struts-2.3.35-docs.zip">struts-2.3.35-docs.zip</a>
(13MB)
+ [<a
href="https://www.apache.org/dist/struts/2.3.35/struts-2.3.35-docs.zip.asc";>PGP</a>]
+ [<a
href="https://www.apache.org/dist/struts/2.3.35/struts-2.3.35-docs.zip.md5";>MD5</a>]
</li>
</ul>
</li>
@@ -325,9 +325,9 @@
<li>Source:
<ul>
<li>
- <a
href="[preferred]struts/2.3.34/struts-2.3.34-src.zip">struts-2.3.34-src.zip</a>
(7MB)
- [<a
href="https://www.apache.org/dist/struts/2.3.34/struts-2.3.34-src.zip.asc";>PGP</a>]
- [<a
href="https://www.apache.org/dist/struts/2.3.34/struts-2.3.34-src.zip.md5";>MD5</a>]
+ <a
href="[preferred]struts/2.3.35/struts-2.3.35-src.zip">struts-2.3.35-src.zip</a>
(7MB)
+ [<a
href="https://www.apache.org/dist/struts/2.3.35/struts-2.3.35-src.zip.asc";>PGP</a>]
+ [<a
href="https://www.apache.org/dist/struts/2.3.35/struts-2.3.35-src.zip.md5";>MD5</a>]
</li>
</ul>
</li>
diff --git a/content/index.html b/content/index.html
index ec24232..4479be6 100644
--- a/content/index.html
+++ b/content/index.html
@@ -131,7 +131,7 @@
extensible using a plugin architecture, and ships with plugins to support
REST, AJAX and JSON.
</p>
- <a href="download.cgi#struts2516" class="btn btn-primary btn-large">
+ <a href="download.cgi#struts2517" class="btn btn-primary btn-large">
<img src="img/download-icon.svg"> Download
</a>
<a href="primer.html" class="btn btn-info btn-large">
@@ -156,19 +156,19 @@
</p>
</div>
<div class="column col-md-4">
- <h2>Apache Struts 2.5.16 GA</h2>
+ <h2>Apache Struts 2.5.17 GA</h2>
<p>
- Apache Struts 2.5.16 GA has been released<br/>on 16 March 2018.
+ Apache Struts 2.5.17 GA has been released<br/>on 22 August 2018.
</p>
- Read more in <a href="announce.html#a20180316">Announcement</a> or in
- <a
href="https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.5.16";>Version
notes</a>
+ Read more in <a href="announce.html#a20180822-1">Announcement</a> or in
+ <a
href="https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.5.17";>Version
notes</a>
</div>
<div class="column col-md-4">
- <h2>Apache Struts 2.3.34 GA</h2>
+ <h2>Apache Struts 2.3.35 GA</h2>
<p>
It's the latest release of Struts 2.3.x which contains the latest
security fixes,
- read more in <a href="announce-2017.html#a20170907">Announcement</a>
or in
- <a href="/docs/version-notes-2334.html">Version notes</a>
+ released on 22 August 2018.<br/> Read more in <a
href="announce.html#a20180822-2">Announcement</a> or in
+ <a
href="https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.3.35";>Version
notes</a>
</p>
</div>
</div>
@@ -192,11 +192,11 @@
</p>
</div>
<div class="column col-md-4">
- <h2>A crafted XML request can be used to perform a DoS attack when
using the Struts REST plugin</h2>
+ <h2>Immediately upgrade to version 2.5.17 or 2.3.35</h2>
<p>
The Apache Security Struts Team recommends to immediately upgrade
your Struts 2 based projects to use
- the latest released version of the Apache Struts to prevent possible
DoS attack when using the REST plugin.
- <a href="announce.html#a20180327">Announcement</a>
+ the latest released version of the Apache Struts to prevent possible
RCE attack when using results with no namespace,
+ reported in <a
href="https://cwiki.apache.org/confluence/display/WW/S2-057";>S2-057</a>. Read
more in <a href="announce.html#a20180822-0">Announcement</a>.
</p>
</div>
</div>
diff --git a/content/releases.html b/content/releases.html
index aec9fb7..f1bd7e4 100644
--- a/content/releases.html
+++ b/content/releases.html
@@ -147,7 +147,7 @@
<ul>
<li>
<a href="/download.cgi#struts-ga">
- Struts 2.5.16
+ Struts 2.5.17
</a> ("best available")
</li>
</ul>
@@ -231,6 +231,18 @@
<tbody>
<tr>
<td class="no-wrap">
+ Struts 2.5.16
+ </td>
+ <td class="no-wrap">16 March 2018</td>
+ <td>
+ <a
href="https://cwiki.apache.org/confluence/display/WW/S2-057";>S2-057</a>
+ </td>
+ <td>
+ <a
href="https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.5.16";>Version
notes</a>
+ </td>
+ </tr>
+ <tr>
+ <td class="no-wrap">
Struts 2.5.14.1
</td>
<td class="no-wrap">30 November 2017</td>
@@ -260,6 +272,7 @@
</td>
<td class="no-wrap">7 September 2017</td>
<td>
+ <a
href="https://cwiki.apache.org/confluence/display/WW/S2-057";>S2-057</a>
</td>
<td>
<a
href="https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.3.34";>Version
notes</a>
