This is an automated email from the ASF dual-hosted git repository.
lukaszlenart pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/struts-site.git
The following commit(s) were added to refs/heads/main by this push:
new aec47b65c Add Announcement of Security Bulletin S2-069 (#290)
aec47b65c is described below
commit aec47b65c6405dddfa80f14b3f6697d15a9289fa
Author: Indigo-Jones <[email protected]>
AuthorDate: Tue Mar 17 08:22:32 2026 +0000
Add Announcement of Security Bulletin S2-069 (#290)
* Create announcements for 2026 with security updates
Added announcements for 2026, including a security advisory for
CVE-2025-68493.
I've mirrored the style and content of the previous security announcements
as closely as possible.
Could do with review by an experienced contributor and potentially add more
detail about which users may be vulnerable.
* Rename announce-2026 to announce-2026.md
* Add announcement about S2-069 security bulletin
Added information about CVE-2025-68493 and mitigation steps.
* Update header to point to new 2026 announcements page
---
source/_includes/header.html | 2 +-
source/announce-2026.md | 35 +++++++++++++++++++++++++++++++++++
source/index.html | 8 ++++++++
3 files changed, 44 insertions(+), 1 deletion(-)
diff --git a/source/_includes/header.html b/source/_includes/header.html
index e5890ffc1..9285bec62 100644
--- a/source/_includes/header.html
+++ b/source/_includes/header.html
@@ -26,7 +26,7 @@
<li><a href="/index.html">Welcome</a></li>
<li><a href="/download.cgi">Download</a></li>
<li><a href="/releases.html">Releases</a></li>
- <li><a href="/announce-2025.html">Announcements</a></li>
+ <li><a href="/announce-2026.html">Announcements</a></li>
<li><a href="http://www.apache.org/licenses/";>License</a></li>
<li><a
href="https://www.apache.org/foundation/thanks.html";>Thanks!</a></li>
<li><a
href="https://www.apache.org/foundation/sponsorship.html";>Sponsorship</a></li>
diff --git a/source/announce-2026.md b/source/announce-2026.md
new file mode 100644
index 000000000..117f81ef1
--- /dev/null
+++ b/source/announce-2026.md
@@ -0,0 +1,35 @@
+---
+layout: default
+title: Announcements 2026
+---
+
+# Announcements 2026
+{:.no_toc}
+
+* Will be replaced with the ToC, excluding a header
+{:toc}
+
+<p class="pull-right">
+ Skip to: <a href="announce-2025">Announcements - 2025</a>
+</p>
+
+#### 11 January 2026 - CVE-2025-68493: XXE vulnerability in XWork component
{#a20260111}
+
+The Apache Struts group recommends upgrading to at least Apache Struts version
6.1.1 to mitigate potential security
+vulnerability.
+
+> Please read the Security Bulletin
[S2-069](https://cwiki.apache.org/confluence/display/WW/S2-069) to find more
+> details about this security vulnerability
+
+**All developers are strongly advised to perform this upgrade.**
+
+You can download the latest version from our
[download](download.cgi#struts-ga) page.
+
+<p class="pull-right">
+ Skip to: <a href="announce-2025">Announcements - 2025</a>
+</p>
+
+<p class="pull-left">
+ <strong>Next:</strong>
+ <a href="kickstart">Kickstart FAQ</a>
+</p>
diff --git a/source/index.html b/source/index.html
index 90dce9371..da570d2e9 100644
--- a/source/index.html
+++ b/source/index.html
@@ -51,6 +51,14 @@ title: Welcome to the Apache Struts project
</div>
<div class="row">
<div class="column col-md-4">
+ <h2>CVE-2025-68493: XXE vulnerability in XWork component</h2>
+ <p>
+ Upgrade to at least Apache Struts 6.1.1 to mitigate the
vulnerability.
+ </p>
+ <p>
+ Read more in the <a href="announce-2026#a20260111">Announcement</a>
or in
+ the Security Bulletin <a href="{{ site.wiki_url }}/S2-069">S2-069</a>
+ </p>
</div>
<div class="column col-md-4">
<h2>Google's Patch Reward program</h2>
