struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Lukasz Lenart <lukaszlen...@apache.org>
Subject Re: FW: Apache Struts Upgrade to version 2.3.31
Date Wed, 21 Dec 2016 14:06:59 GMT
Hi,

It looks like you want to upgrade from Struts 1 to Struts 2 which are two
totally different beasts. In such case replacing JARs won't work, you must
rewrite the web layer part.

Read these
http://struts.apache.org/docs/migration-guide.html#MigrationGuide-Struts1toStruts2
http://stackoverflow.com/questions/7817323/migration-from-struts1-to-struts2


Regards
-- 
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/

2016-12-21 6:11 GMT+01:00 Muthiraparambil Somasundaram, Jeril <
Jeril.Somasundaram@cba.com.au>:

> Hi Lukasz/Team,
>
>
>
> We do not use Maven. Do you think replacing struts jar file in the below
> location should suffice?
>
>
>
>
>
>
>
>
>
> Below is from version 2.3.31 package. Would you be able to advise which of
> these jar files needs to be used to replace the current one for an upgrade?
>
>
>
>
>
>
>
> Thanks,
>
> Jeril
>
> +61450204750 <+61%20450%20204%20750>
>
>
>
>
>
> *From:* Lukasz Lenart [mailto:lukaszlenart@apache.org
> <lukaszlenart@apache.org>]
> *Sent:* Friday, 2 December 2016 7:42 PM
> *To:* Davis, Geethu <Geethu.Davis@cba.com.au>
> *Cc:* security@struts.apache.org; Muthiraparambil Somasundaram, Jeril <
> Jeril.Somasundaram@cba.com.au>; Kannoly, Arathy <Arathy.Kannoly@cba.com.au
> >
> *Subject:* Re: Apache Struts Upgrade to version 2.3.31
>
>
>
> Hi,
>
>
>
> It all depends how do you manage dependencies, do you use Maven or
> manually by putting jars in WEB-INF/lib? In most cases replacing jars
> should be enough. And please ask such common questions via Struts Users
> Mailing List <user@struts.apache.org> as this list is used to report and
> discuss security vulnerabilities.
>
>
>
>
>
> Regards
>
> --
>
> Łukasz
> + 48 606 323 122 <606%20323%20122> http://www.lenart.org.pl/
>
>
>
> 2016-12-02 7:01 GMT+01:00 Davis, Geethu <Geethu.Davis@cba.com.au>:
>
> Hi team,
>
>
>
> Could you please help with this request?
>
>
>
> Thanks,
>
> Geethu
>
> *Commonwealth* Bank
>
> [image: ITSMO_Logo]
>
> *ITSMO, driving an Always Available Bank*
>
>
>
> *Geethu Davis*
>
> *TCS Equities Support*
>
> IT Service Management and Operations
>
> Enterprise Services
>
> P: +91 484 6189534 <+91%20484%20618%209534>
>
> E  Geethu.Davis@cba.com.au
>
>
>
> *Our vision is **to excel at securing and enhancing the financial
> wellbeing of people, businesses and communities*
>
>
>
> *From:* Davis, Geethu
> *Sent:* Wednesday, 30 November 2016 12:40 AM
> *To:* 'Johannes Geppert' <jogep@apache.org>; security@struts.apache.org
> *Cc:* Muthiraparambil Somasundaram, Jeril <Jeril.Somasundaram@cba.com.au>
> *Subject:* RE: Apache Struts Upgrade to version 2.3.31
>
>
>
> Hi Johannes,
>
>
>
> Thanks for the link. However, could you please provide step wise
> instructions for the installation?
>
>
>
> Thanks,
>
> Geethu
>
> *Commonwealth* Bank
>
> [image: ITSMO_Logo]
>
> *ITSMO, driving an Always Available Bank*
>
>
>
> *Geethu Davis*
>
> *TCS Equities Support*
>
> IT Service Management and Operations
>
> Enterprise Services
>
> P: +91 484 6189534 <+91%20484%20618%209534>
>
> E  Geethu.Davis@cba.com.au
>
>
>
> *Our vision is **to excel at securing and enhancing the financial
> wellbeing of people, businesses and communities*
>
>
>
> *From:* Johannes Geppert [mailto:jogep@apache.org <jogep@apache.org>]
> *Sent:* Tuesday, 15 November 2016 8:04 PM
> *To:* security@struts.apache.org; Davis, Geethu <Geethu.Davis@cba.com.au>
> *Subject:* Re: Apache Struts Upgrade to version 2.3.31
>
>
>
> Hi Geethu,
>
>
>
> Just click on the link "Version Notes" to see the release notes for this
> special release.
>
>
>
> http://struts.apache.org/docs/version-notes-2331.html
>
>
>
> Best Regards
>
>
>
> Johannes
>
>
> #################################################
>
> web: http://www.jgeppert.com
>
> twitter: http://twitter.com/jogep
>
>
>
>
>
> 2016-11-15 15:18 GMT+01:00 Davis, Geethu <Geethu.Davis@cba.com.au>:
>
> Hi Team,
>
>
>
> One of the Windows 2008 R2 servers managed by our team has been found to
> have Apache Struts version 2.3.16.3 installed in it. As our security team
> has informed that this version has multiple security remote code execution
> vulnerabilities, we are planning to upgrade this to version 2.3.31.
>
>
> We have downloaded the zip file from the below page. Could you please
> provide us with any release notes/instructions on re-installation so that
> we could prepare a runsheet for the same? This is to be handed over to the
> server support team. Any assistance is appreciated.
>
>
>
> http://struts.apache.org/download.cgi
>
> [image: cid:image002.jpg@01D24CBD.B50D8DE0]
>
>
>
> Thanks,
> Geethu
>
> *Commonwealth* Bank
>
> [image: ITSMO_Logo]
>
> *ITSMO, driving an Always Available Bank*
>
>
>
> *Geethu Davis*
>
> *TCS Equities Support*
>
> IT Service Management and Operations
>
> Enterprise Services
>
> P: +91 484 6189534 <+91%20484%20618%209534>
>
> E  Geethu.Davis@cba.com.au
>
>
>
> *Our vision is **to excel at securing and enhancing the financial
> wellbeing of people, businesses and communities*
>
>
>
>
> ************** IMPORTANT MESSAGE *****************************
> This e-mail message is intended only for the addressee(s) and contains
> information which may be
> confidential.
> If you are not the intended recipient please advise the sender by return
> email, do not use or
> disclose the contents, and delete the message and any attachments from
> your system. Unless
> specifically indicated, this email does not constitute formal advice or
> commitment by the sender
> or the Commonwealth Bank of Australia (ABN 48 123 123 124) or its
> subsidiaries.
> We can be contacted through our web site: commbank.com.au.
> If you no longer wish to receive commercial electronic messages from us,
> please reply to this
> e-mail by typing Unsubscribe in the subject line.
> **************************************************************
>
>
>
>
> ************** IMPORTANT MESSAGE *****************************
> This e-mail message is intended only for the addressee(s) and contains
> information which may be
> confidential.
> If you are not the intended recipient please advise the sender by return
> email, do not use or
> disclose the contents, and delete the message and any attachments from
> your system. Unless
> specifically indicated, this email does not constitute formal advice or
> commitment by the sender
> or the Commonwealth Bank of Australia (ABN 48 123 123 124) or its
> subsidiaries.
> We can be contacted through our web site: commbank.com.au.
> If you no longer wish to receive commercial electronic messages from us,
> please reply to this
> e-mail by typing Unsubscribe in the subject line.
> **************************************************************
>
>
>
>
> ************** IMPORTANT MESSAGE *****************************
> This e-mail message is intended only for the addressee(s) and contains
> information which may be
> confidential.
> If you are not the intended recipient please advise the sender by return
> email, do not use or
> disclose the contents, and delete the message and any attachments from
> your system. Unless
> specifically indicated, this email does not constitute formal advice or
> commitment by the sender
> or the Commonwealth Bank of Australia (ABN 48 123 123 124) or its
> subsidiaries.
> We can be contacted through our web site: commbank.com.au.
> If you no longer wish to receive commercial electronic messages from us,
> please reply to this
> e-mail by typing Unsubscribe in the subject line.
> **************************************************************
>
>

Mime
  • Unnamed multipart/related (inline, None, 0 bytes)
View raw message