The Apache Struts 2.3.33 test build is now available. With this release the following security vulnerability was addressed:
- Possible RCE in the Struts Showcase app in the Struts 1 plugin example in Struts 2.3.x series, see https://cwiki.apache.org/confluence/display/WW/S2-048 - A DoS attack is available for Spring secured actions, see https://cwiki.apache.org/confluence/display/WW/S2-048 Except that, the following issues were also addressed: Bug [WW-4735] - EmailValidator does not accept new domain suffixes [WW-4770] - Revision number still missing from dojo.js and dojo.js.uncompressed.js [WW-4802] - Strange Behavior Parsing Action Requests Release notes: * https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.3.33 Distribution: * https://dist.apache.org/repos/dist/dev/struts/2.3.33/ Maven 2 staging repository: * https://repository.apache.org/content/repositories/staging/ Once you have had a chance to review the test build, please respond with a vote on its quality: [ ] Leave at test build [ ] Alpha [ ] Beta [ ] General Availability (GA) Everyone who has tested the build is invited to vote. Votes by PMC members are considered binding. A vote passes if there are at least three binding +1s and more +1s than -1s. The vote will remain open for at least 24 hours, longer upon request. A vote can be amended at any time to upgrade or downgrade the quality of the release based on future experience. If an initial vote designates the build as "Beta", the release will be submitted for mirroring and announced to the user list. Once released as a public beta, subsequent quality votes on a build may be held on the user list. As always, the act of voting carries certain obligations. A binding vote not only states an opinion, but means that the voter is agreeing to help do the work. Kind regards -- Ćukasz + 48 606 323 122 http://www.lenart.org.pl/ --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
