thanks for the clarification. On Fri, Jul 14, 2017 at 5:53 AM, Lukasz Lenart <lukaszlen...@apache.org> wrote:
> 2017-07-14 14:40 GMT+02:00 Adam Brin <ab...@digitalantiquity.org>: > > Hi Lukasz, > > Out of curiosity, I'm wondering, what the protocol or choice was about > > including the security patches for struts2 in a "new" release as opposed > to > > a point release for 2.5.10 (eg. 2.5.10.1)? It would seem like the > smallest > > change possible should be included, but this version seemed to have > quite a > > few more changes. > > We assumed that the vulnerabilities are not so critical and the new > version is almost ready. Also workarounds exist so you can apply them > to be safe if you are not able to migrate to the latest version. > > https://cwiki.apache.org/confluence/display/WW/S2-047 > https://cwiki.apache.org/confluence/display/WW/S2-049 > > > Regards > -- > Ćukasz > + 48 606 323 122 http://www.lenart.org.pl/ > > --------------------------------------------------------------------- > To unsubscribe, e-mail: user-unsubscr...@struts.apache.org > For additional commands, e-mail: user-h...@struts.apache.org > > -- _________________________________________________________ Adam Brin Director of Technology, Digital Antiquity 480.965.1278 <(480)%20965-1278>