It is http://search.maven.org/#artifactdetails%7Corg.apache.struts%7Cstruts2-core%7C2.3.16.1%7Cjar
2014-03-07 17:41 GMT+01:00 JOSE L MARTINEZ-AVIAL <jlm...@gmail.com>: > Hi Lukasz, > The version 2.3.16.1 is not available yet in Maven repository. When do you > think it will be available? > > Thanks > > JL > > > 2014-03-06 12:27 GMT-05:00 Lukasz Lenart <lukaszlen...@apache.org>: > >> Ok, thanks! >> >> 2014-03-06 18:23 GMT+01:00 Mark Thomas <ma...@apache.org>: >> > On 06/03/2014 17:08, Lukasz Lenart wrote: >> >> So who's the reporter? >> > >> > We (the ASF) know who discovered CVE-2014-0050 but they have not given >> > permission to be named. The only public credit information is that which >> > was published for CVE-2014-0050. >> > >> > Mark >> > >> >> >> >> 2014-03-06 16:54 GMT+01:00 Mark Thomas <ma...@apache.org>: >> >>> On 06/03/2014 09:04, Lukasz Lenart wrote: >> >>>> This release includes important security fixes: >> >>>> - S2-020 - ClassLoader manipulation via request parameters >> >>>> - upgraded Commons FileUpload library to prevent DoS attacks >> >>>> >> >>>> * http://struts.apache.org/release/2.3.x/docs/s2-020.html >> >>> >> >>> Please remove my name from the reporters. I just forwarded the e-mail >> >>> that the security team received. I do not deserve any of the credit for >> >>> discovering this issue. >> >>> >> >>> Mark >> >>> >> >> >> >> --------------------------------------------------------------------- >> >> To unsubscribe, e-mail: security-unsubscr...@apache.org >> >> For additional commands, e-mail: security-h...@apache.org >> >> >> > >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org >> For additional commands, e-mail: dev-h...@struts.apache.org >> >> --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
