struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Muthiraparambil Somasundaram, Jeril" <Jeril.Somasunda...@cba.com.au>
Subject FW: Apache Struts Upgrade to version 2.3.31
Date Wed, 21 Dec 2016 05:11:05 GMT
Hi Lukasz/Team,

We do not use Maven. Do you think replacing struts jar file in the below location should suffice?

[cid:image004.png@01D25BA4.D2653D20]



Below is from version 2.3.31 package. Would you be able to advise which of these jar files
needs to be used to replace the current one for an upgrade?

[cid:image005.png@01D25BA4.D2653D20]


Thanks,
Jeril
+61450204750


From: Lukasz Lenart [mailto:lukaszlenart@apache.org]
Sent: Friday, 2 December 2016 7:42 PM
To: Davis, Geethu <Geethu.Davis@cba.com.au<mailto:Geethu.Davis@cba.com.au>>
Cc: security@struts.apache.org<mailto:security@struts.apache.org>; Muthiraparambil Somasundaram,
Jeril <Jeril.Somasundaram@cba.com.au<mailto:Jeril.Somasundaram@cba.com.au>>; Kannoly,
Arathy <Arathy.Kannoly@cba.com.au<mailto:Arathy.Kannoly@cba.com.au>>
Subject: Re: Apache Struts Upgrade to version 2.3.31

Hi,

It all depends how do you manage dependencies, do you use Maven or manually by putting jars
in WEB-INF/lib? In most cases replacing jars should be enough. And please ask such common
questions via Struts Users Mailing List <user@struts.apache.org<mailto:user@struts.apache.org>>
as this list is used to report and discuss security vulnerabilities.


Regards
--
Ɓukasz
+ 48 606 323 122 http://www.lenart.org.pl/

2016-12-02 7:01 GMT+01:00 Davis, Geethu <Geethu.Davis@cba.com.au<mailto:Geethu.Davis@cba.com.au>>:
Hi team,

Could you please help with this request?

Thanks,
Geethu
Commonwealth Bank
[ITSMO_Logo]
ITSMO, driving an Always Available Bank

Geethu Davis
TCS Equities Support
IT Service Management and Operations
Enterprise Services
P: +91 484 6189534<tel:+91%20484%20618%209534>
E  Geethu.Davis@cba.com.au<mailto:Geethu.Davis@cba.com.au>

Our vision is to excel at securing and enhancing the financial wellbeing of people, businesses
and communities

From: Davis, Geethu
Sent: Wednesday, 30 November 2016 12:40 AM
To: 'Johannes Geppert' <jogep@apache.org<mailto:jogep@apache.org>>; security@struts.apache.org<mailto:security@struts.apache.org>
Cc: Muthiraparambil Somasundaram, Jeril <Jeril.Somasundaram@cba.com.au<mailto:Jeril.Somasundaram@cba.com.au>>
Subject: RE: Apache Struts Upgrade to version 2.3.31

Hi Johannes,

Thanks for the link. However, could you please provide step wise instructions for the installation?

Thanks,
Geethu
Commonwealth Bank
[ITSMO_Logo]
ITSMO, driving an Always Available Bank

Geethu Davis
TCS Equities Support
IT Service Management and Operations
Enterprise Services
P: +91 484 6189534<tel:+91%20484%20618%209534>
E  Geethu.Davis@cba.com.au<mailto:Geethu.Davis@cba.com.au>

Our vision is to excel at securing and enhancing the financial wellbeing of people, businesses
and communities

From: Johannes Geppert [mailto:jogep@apache.org]
Sent: Tuesday, 15 November 2016 8:04 PM
To: security@struts.apache.org<mailto:security@struts.apache.org>; Davis, Geethu <Geethu.Davis@cba.com.au<mailto:Geethu.Davis@cba.com.au>>
Subject: Re: Apache Struts Upgrade to version 2.3.31

Hi Geethu,

Just click on the link "Version Notes" to see the release notes for this special release.

http://struts.apache.org/docs/version-notes-2331.html

Best Regards

Johannes

#################################################
web: http://www.jgeppert.com
twitter: http://twitter.com/jogep


2016-11-15 15:18 GMT+01:00 Davis, Geethu <Geethu.Davis@cba.com.au<mailto:Geethu.Davis@cba.com.au>>:
Hi Team,

One of the Windows 2008 R2 servers managed by our team has been found to have Apache Struts
version 2.3.16.3 installed in it. As our security team has informed that this version has
multiple security remote code execution vulnerabilities, we are planning to upgrade this to
version 2.3.31.

We have downloaded the zip file from the below page. Could you please provide us with any
release notes/instructions on re-installation so that we could prepare a runsheet for the
same? This is to be handed over to the server support team. Any assistance is appreciated.

http://struts.apache.org/download.cgi
[cid:image002.jpg@01D24CBD.B50D8DE0]

Thanks,
Geethu
Commonwealth Bank
[ITSMO_Logo]
ITSMO, driving an Always Available Bank

Geethu Davis
TCS Equities Support
IT Service Management and Operations
Enterprise Services
P: +91 484 6189534<tel:+91%20484%20618%209534>
E  Geethu.Davis@cba.com.au<mailto:Geethu.Davis@cba.com.au>

Our vision is to excel at securing and enhancing the financial wellbeing of people, businesses
and communities


************** IMPORTANT MESSAGE *****************************
This e-mail message is intended only for the addressee(s) and contains information which may
be
confidential.
If you are not the intended recipient please advise the sender by return email, do not use
or
disclose the contents, and delete the message and any attachments from your system. Unless
specifically indicated, this email does not constitute formal advice or commitment by the
sender
or the Commonwealth Bank of Australia (ABN 48 123 123 124) or its subsidiaries.
We can be contacted through our web site: commbank.com.au<http://commbank.com.au>.
If you no longer wish to receive commercial electronic messages from us, please reply to this
e-mail by typing Unsubscribe in the subject line.
**************************************************************


************** IMPORTANT MESSAGE *****************************
This e-mail message is intended only for the addressee(s) and contains information which may
be
confidential.
If you are not the intended recipient please advise the sender by return email, do not use
or
disclose the contents, and delete the message and any attachments from your system. Unless
specifically indicated, this email does not constitute formal advice or commitment by the
sender
or the Commonwealth Bank of Australia (ABN 48 123 123 124) or its subsidiaries.
We can be contacted through our web site: commbank.com.au<http://commbank.com.au>.
If you no longer wish to receive commercial electronic messages from us, please reply to this
e-mail by typing Unsubscribe in the subject line.
**************************************************************


************** IMPORTANT MESSAGE *****************************       
This e-mail message is intended only for the addressee(s) and contains information which may
be
confidential. 
If you are not the intended recipient please advise the sender by return email, do not use
or
disclose the contents, and delete the message and any attachments from your system. Unless
specifically indicated, this email does not constitute formal advice or commitment by the
sender
or the Commonwealth Bank of Australia (ABN 48 123 123 124) or its subsidiaries. 
We can be contacted through our web site: commbank.com.au. 
If you no longer wish to receive commercial electronic messages from us, please reply to this
e-mail by typing Unsubscribe in the subject line. 
**************************************************************


Mime
View raw message