Author: kkolinko Date: Fri Feb 27 11:38:13 2015 New Revision: 1662662 URL: http://svn.apache.org/r1662662 Log: Announcement for Standard Taglib 1.2.3.
I do not like the CVE link (goes to announce@a.o mail archive) and CHANGES link (goes to SVN), as I noted in a FIXME comment in index.xml. Any better ideas? Modified: tomcat/site/trunk/docs/index.html tomcat/site/trunk/docs/oldnews-2014.html tomcat/site/trunk/xdocs/index.xml tomcat/site/trunk/xdocs/oldnews-2014.xml Modified: tomcat/site/trunk/docs/index.html URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/index.html?rev=1662662&r1=1662661&r2=1662662&view=diff ============================================================================== --- tomcat/site/trunk/docs/index.html (original) +++ tomcat/site/trunk/docs/index.html Fri Feb 27 11:38:13 2015 @@ -224,6 +224,36 @@ project logo are trademarks of the Apach </div> +<h3 id="Apache_Standard_Taglib_1.2.3_Released"> +<span style="float: right;">2015-02-20</span> Apache Standard Taglib 1.2.3 Released</h3> +<div class="text"> + + +<p> +The Apache Tomcat Project is proud to announce the release of version 1.2.3 of +the Standard Taglib. This tag library provides Apache's implementation +of the JSTL 1.2 specification. +</p> + +<p> +Version 1.2.3 is a security and bug fix release. It fixes a few bugs found +in Standard Taglib 1.2.1 and provides protection against +<a href="http://mail-archives.apache.org/mod_mbox/www-announce/201502.mbox/%3C82207A16-6348-4DEE-877E-F7B87292576A%40apache.org%3E">CVE-2015-0254</a> +vulnerability (XXE and RCE via XSL extension in JSTL XML tags). +</p> + +<p> +Please see the <a href="taglibs/standard/">Standard Taglib site</a> for more details. +</p> + +<p style="text-align: center;"> + +<a href="download-taglibs.cgi">Download</a> | +<a href="http://svn.apache.org/repos/asf/tomcat/taglibs/standard/trunk/CHANGES.txt">Changes</a> + +</p> + +</div> <h3 id="Tomcat_8.0.20_Released"> <span style="float: right;">2015-02-20</span> Tomcat 8.0.20 Released</h3> <div class="text"> @@ -368,27 +398,6 @@ This version fixes few bugs found in pre </p> -</div> -<h3 id="Apache_Standard_Taglib_1.2.1_Released"> -<span style="float: right;">2014-01-02</span> Apache Standard Taglib 1.2.1 Released</h3> -<div class="text"> - -<p> -The Apache Tomcat Project is proud to announce the release of version 1.2.1 of -the Standard Taglib. This is the first official release of Apache's implementation -of the JSTL 1.2 specification. -</p> - -<p> -Please see the <a href="taglibs/standard/">Standard Taglib site</a> for more details. -</p> - -<p style="text-align: center;"> - -<a href="download-taglibs.cgi">Download</a> - -</p> - </div> <h3 id="Tomcat_Maven_Plugin_2.2_Released"> <span style="float: right;">2013-11-11</span> Tomcat Maven Plugin 2.2 Released</h3> Modified: tomcat/site/trunk/docs/oldnews-2014.html URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/oldnews-2014.html?rev=1662662&r1=1662661&r2=1662662&view=diff ============================================================================== --- tomcat/site/trunk/docs/oldnews-2014.html (original) +++ tomcat/site/trunk/docs/oldnews-2014.html Fri Feb 27 11:38:13 2015 @@ -1047,6 +1047,27 @@ Full details of these changes, and all t </p> </div> +<h3 id="Apache_Standard_Taglib_1.2.1_Released"> +<span style="float: right;">2014-01-02</span> Apache Standard Taglib 1.2.1 Released</h3> +<div class="text"> + +<p> +The Apache Tomcat Project is proud to announce the release of version 1.2.1 of +the Standard Taglib. This is the first official release of Apache's implementation +of the JSTL 1.2 specification. +</p> + +<p> +Please see the <a href="taglibs/standard/">Standard Taglib site</a> for more details. +</p> + +<p style="text-align: center;"> + +<a href="download-taglibs.cgi">Download</a> + +</p> + +</div> </div> </div> </div> Modified: tomcat/site/trunk/xdocs/index.xml URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/index.xml?rev=1662662&r1=1662661&r2=1662662&view=diff ============================================================================== --- tomcat/site/trunk/xdocs/index.xml (original) +++ tomcat/site/trunk/xdocs/index.xml Fri Feb 27 11:38:13 2015 @@ -37,6 +37,37 @@ project logo are trademarks of the Apach </section> +<section name="Apache Standard Taglib 1.2.3 Released" rtext="2015-02-20"> +<!-- + FIXME: + 1. CVE link goes to accounce@a.o mail archive. + It cannot go to cve.mitre.org, as they have not published this CVE number. + It cannot go to announce@tomcat.a.o archive, as announcement is not there. Stuck in moderation? + There is no taglibs page at http://tomcat.apache.org/security.html + 2. Changelog link goes to SVN repository. + Is the CHANGES file published on the site? + Maybe upload it to the download ares? +--> +<p> +The Apache Tomcat Project is proud to announce the release of version 1.2.3 of +the Standard Taglib. This tag library provides Apache's implementation +of the JSTL 1.2 specification. +</p> +<p> +Version 1.2.3 is a security and bug fix release. It fixes a few bugs found +in Standard Taglib 1.2.1 and provides protection against +<a href="http://mail-archives.apache.org/mod_mbox/www-announce/201502.mbox/%3C82207A16-6348-4DEE-877E-F7B87292576A%40apache.org%3E">CVE-2015-0254</a> +vulnerability (XXE and RCE via XSL extension in JSTL XML tags). +</p> +<p> +Please see the <a href="taglibs/standard/">Standard Taglib site</a> for more details. +</p> +<p style="text-align: center;"> +<a href="download-taglibs.cgi">Download</a> | +<a href="http://svn.apache.org/repos/asf/tomcat/taglibs/standard/trunk/CHANGES.txt">Changes</a> +</p> +</section> + <section name="Tomcat 8.0.20 Released" rtext="2015-02-20"> <p> The Apache Tomcat Project is proud to announce the release of version 8.0.20 @@ -133,20 +164,6 @@ This version fixes few bugs found in pre </p> </section> -<section name="Apache Standard Taglib 1.2.1 Released" rtext="2014-01-02"> -<p> -The Apache Tomcat Project is proud to announce the release of version 1.2.1 of -the Standard Taglib. This is the first official release of Apache's implementation -of the JSTL 1.2 specification. -</p> -<p> -Please see the <a href="taglibs/standard/">Standard Taglib site</a> for more details. -</p> -<p style="text-align: center;"> -<a href="download-taglibs.cgi">Download</a> -</p> -</section> - <section name="Tomcat Maven Plugin 2.2 Released" rtext="2013-11-11"> <p> The Apache Tomcat team is pleased to announce the release of Tomcat Maven Plugin 2.2. Modified: tomcat/site/trunk/xdocs/oldnews-2014.xml URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/oldnews-2014.xml?rev=1662662&r1=1662661&r2=1662662&view=diff ============================================================================== --- tomcat/site/trunk/xdocs/oldnews-2014.xml (original) +++ tomcat/site/trunk/xdocs/oldnews-2014.xml Fri Feb 27 11:38:13 2015 @@ -595,5 +595,19 @@ Full details of these changes, and all t </p> </section> +<section name="Apache Standard Taglib 1.2.1 Released" rtext="2014-01-02"> +<p> +The Apache Tomcat Project is proud to announce the release of version 1.2.1 of +the Standard Taglib. This is the first official release of Apache's implementation +of the JSTL 1.2 specification. +</p> +<p> +Please see the <a href="taglibs/standard/">Standard Taglib site</a> for more details. +</p> +<p style="text-align: center;"> +<a href="download-taglibs.cgi">Download</a> +</p> +</section> + </body> </document> --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org