[
https://issues.apache.org/jira/browse/WW-4917?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Lukasz Lenart updated WW-4917:
------------------------------
Fix Version/s: (was: 2.3.37)
2.5.x
> Clarification on security status and support for Struts 2.3
> -----------------------------------------------------------
>
> Key: WW-4917
> URL: https://issues.apache.org/jira/browse/WW-4917
> Project: Struts 2
> Issue Type: Task
> Components: Documentation
> Affects Versions: 2.3.34
> Reporter: Richard Taylor
> Priority: Minor
> Labels: security
> Fix For: 2.5.x
>
>
> Hi
>
> Can you kindly provide clarity as to the exact status of the 2.3 series in
> terms of ongoing support and security status.
>
>
> On the Struts web page [https://struts.apache.org/]
>
> I found the statement:
>
> "It's the latest release of Struts 2.3.x which contains the latest security
> fixes, read more in
> [Announcement|https://struts.apache.org/announce.html#a20170907] or in
> [Version notes|https://struts.apache.org/docs/version-notes-2334.html]";
>
> Yet, on the page at [https://struts.apache.org/releases.html] it is stated
> that :
>
> h2. "Prior Releases
> As a courtesy, we retain archival copies of the website for releases that
> initially were considered "General Availability" but which has been
> reclassified as "Not recommended" since they contain security issues
> "
> And version 2.3.34 is listed here.
>
>
> Lastly - I find no EOL announcement for 2.3.x
>
> So in summary the question is:
>
> *1 Is the 2.3 series EOL?*
> *2 Does 2.3.34 contain any known security bugs?*
>
>
> Thanking you in advance
>
> Richard
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
