..I have tried to get this working on my 2.5.x setup but failed, so I am unable to test this release now.
The dtd definition now seems mandatory in the struts.xml, so I would have to remove all my 2.5.x entries to get it to work. On 11 July 2017 at 08:17, Lukasz Lenart <lukaszlen...@apache.org> wrote: > The Apache Struts 2.3.33 test build is now available. With this > release the following security vulnerability was addressed: > > - Possible RCE in the Struts Showcase app in the Struts 1 plugin > example in Struts 2.3.x series, see > https://cwiki.apache.org/confluence/display/WW/S2-048 > - A DoS attack is available for Spring secured actions, see > https://cwiki.apache.org/confluence/display/WW/S2-048 > > Except that, the following issues were also addressed: > > Bug > [WW-4735] - EmailValidator does not accept new domain suffixes > [WW-4770] - Revision number still missing from dojo.js and > dojo.js.uncompressed.js > [WW-4802] - Strange Behavior Parsing Action Requests > > Release notes: > * https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.3.33 > > Distribution: > * https://dist.apache.org/repos/dist/dev/struts/2.3.33/ > > Maven 2 staging repository: > * https://repository.apache.org/content/repositories/staging/ > > Once you have had a chance to review the test build, please respond > with a vote on its quality: > > [ ] Leave at test build > [ ] Alpha > [ ] Beta > [ ] General Availability (GA) > > Everyone who has tested the build is invited to vote. Votes by PMC > members are considered binding. A vote passes if there are at least > three binding +1s and more +1s than -1s. > > The vote will remain open for at least 24 hours, longer upon request. > A vote can be amended at any time to upgrade or downgrade the quality > of the release based on future experience. If an initial vote > designates the build as "Beta", the release will be submitted for > mirroring and announced to the user list. Once released as a public > beta, subsequent quality votes on a build may be held on the user > list. > > As always, the act of voting carries certain obligations. A binding > vote not only states an opinion, but means that the voter is agreeing > to help do the work. > > > Kind regards > -- > Ćukasz > + 48 606 323 122 http://www.lenart.org.pl/ > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org > For additional commands, e-mail: dev-h...@struts.apache.org > >
