Agreed. How should we put it better?
Don Brown schrieb:
> Good point. This pales in comparison to, say, the OGNL remote code
> exploit. XSS exploits, while important, just aren't anywhere near as
> big of deal.
>
> Don
>
> On Tue, Mar 4, 2008 at 12:43 PM, Jeromy Evans
> <[EMAIL PROTECTED]> wro
Good point. This pales in comparison to, say, the OGNL remote code
exploit. XSS exploits, while important, just aren't anywhere near as
big of deal.
Don
On Tue, Mar 4, 2008 at 12:43 PM, Jeromy Evans
<[EMAIL PROTECTED]> wrote:
> My opinion is that the criticality is overstated.
> However it is
My opinion is that the criticality is overstated.
However it is useful to draw attention to the vulnerability.
Don Brown wrote:
Looks good. Thanks for creating a security bulletin as well.
Don
On 3/4/08, Rene Gielen <[EMAIL PROTECTED]> wrote:
The release has been submitted for mirroring.
Good point.
How about
ALL DEVELOPERS USING STRUTS 2 ARE STRONGLY ADVISED TO UPDATE TO STRUTS
2.0.11.1 IMMEDIATELY!
Wendy Smoak schrieb:
> On Mon, Mar 3, 2008 at 6:24 PM, Rene Gielen <[EMAIL PROTECTED]> wrote:
>> The release has been submitted for mirroring. Here's a draft
>> announcement that we
Wendy Smoak wrote:
* ALL DEVELOPERS ARE STRONGLY ADVISED TO UPDATE TO STRUTS 2.0.11.1
IMMEDIATELY!
All developers using Struts 2 are ... ?
I think we need to make it clear that Struts 1 apps are not affected.
That's true, but since there may be people that see this notice and then
update
On Mon, Mar 3, 2008 at 6:24 PM, Rene Gielen <[EMAIL PROTECTED]> wrote:
> The release has been submitted for mirroring. Here's a draft
> announcement that we could post tomorrow morning, including a link to a
> corresponding security bulletin announcement in the wiki. Comments and
> corrections t
Looks good. Thanks for creating a security bulletin as well.
Don
On 3/4/08, Rene Gielen <[EMAIL PROTECTED]> wrote:
> The release has been submitted for mirroring. Here's a draft
> announcement that we could post tomorrow morning, including a link to a
> corresponding security bulletin announce
The release has been submitted for mirroring. Here's a draft
announcement that we could post tomorrow morning, including a link to a
corresponding security bulletin announcement in the wiki. Comments and
corrections to both texts are highly appreciated.
Apache Struts 2.0.11.1 is now availabl
+1 GA binding
* Rene Gielen
* Rainer Hermanns
* Antonio Petrelli
* James Mitchell
+1 GA supporting
* Al Sutton
Struts 2.0.11.1 is now rated at GA, and I will proceed to copying the
files for mirroring and post a draft announcement to the devel list.
After another 24 hours, I'll post the an
Gary,
Thanks for your question. The answer is simple: support. The burden of using
1.8 in 1.3.x will be on those developers who solely opt to upgrade the
dependency. If they have problems, they can log a JIRA issue and we'll try
to address any incompatibility (if any), but we can always say it's n
+1 GA
On Mon, Mar 3, 2008 at 2:16 PM, Antonio Petrelli
<[EMAIL PROTECTED]> wrote:
> 2008/3/3, Rene Gielen <[EMAIL PROTECTED]>:
> > [X] General Availability (GA)
>
> +1 to GA for security reasons but with a note:
> the source distribution has no source code for plugins, just like
> 2.0.11.
2008/3/3, Rene Gielen <[EMAIL PROTECTED]>:
> [X] General Availability (GA)
+1 to GA for security reasons but with a note:
the source distribution has no source code for plugins, just like
2.0.11. This issue has been resolved for 2.1.x branch:
https://issues.apache.org/struts/browse/WW-2313
An
Thanks to those who answered my original question. The gist of the
responses seemed to be that, no, Struts 1.3.9 will not move up to
BeanUtils 1.8.0 (will stay at 1.7.0). So now I'm wondering why not. Is
it mostly just a timing issue (i.e., don't want to delay Struts 1.3.9
release until Bean
[X] General Availability (GA)
cheers,
Rainer
> The Struts 2.0.11.1 security release test build is now available.
>
> Release notes:
>
> * http://struts.apache.org/2.x/docs/release-notes-20111.html
>
> Distribution:
>
> * http://people.apache.org/builds/struts/2.0.11.1/
>
> Maven 2 staging re
On 3/3/08, Venkat Guru <[EMAIL PROTECTED]> wrote:
>
> Hi,
>This is Venkat. Iam new to struts2 framework. Iam struck up with a
> small problem using tag.
>
> I have a page which contains a select tag . on page load i will populate its
> list values from server. Its a search form. when i
Hi,
This is Venkat. Iam new to struts2 framework. Iam struck up with a
small problem using tag.
I have a page which contains a select tag . on page load i will populate its
list values from server. Its a search form. when i perform the search the
results are displayed in the same page.
+1 GA
Al.
- Original Message -
From: "Rene Gielen" <[EMAIL PROTECTED]>
To: "Struts Developers List"
Sent: Monday, March 03, 2008 8:16 AM
Subject: Re: [VOTE] Struts 2.0.11.1 Quality (fast track)
+1 GA
Rene
Rene Gielen schrieb:
The Struts 2.0.11.1 security release test build is no
I've now looked at all the issues and put up the results at
http://www.alsutton.com/s21-closer-200802.shtml.
There are some differences from Wes's list, so I'm going to hold off until
Wednesday morning before asking Wes for the PayPal account he would the
money transferred to in order to allow
Thanks for the comments. I've taken them into account.
Al.
- Original Message -
From: "Rene Gielen" <[EMAIL PROTECTED]>
To: "Struts Developers List"
Sent: Sunday, March 02, 2008 4:39 PM
Subject: Re: The "Closer" award... The finalists
Guys,
thank you for having me on the list, but
It's more a measure to stop casual viewers saying "Hold up, he's counting
the scores & playing the game, thats not fair".
Al.
P.S. I had no chance of winning anyway :).
- Original Message -
From: "Dave Newton" <[EMAIL PROTECTED]>
To: "Struts Developers List"
Sent: Sunday, March 02,
+1 GA
Rene
Rene Gielen schrieb:
> The Struts 2.0.11.1 security release test build is now available.
>
> Release notes:
>
> * http://struts.apache.org/2.x/docs/release-notes-20111.html
>
> Distribution:
>
> * http://people.apache.org/builds/struts/2.0.11.1/
>
> Maven 2 staging repository:
>
21 matches
Mail list logo
