struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Lukasz Lenart <lukaszlen...@apache.org>
Subject Re: 2.5.12 & security fix protocol
Date Fri, 14 Jul 2017 12:53:22 GMT
2017-07-14 14:40 GMT+02:00 Adam Brin <abrin@digitalantiquity.org>:
> Hi Lukasz,
>   Out of curiosity, I'm wondering, what the protocol or choice was about
> including the security patches for struts2 in a "new" release as opposed to
> a point release for 2.5.10 (eg. 2.5.10.1)?  It would seem like the smallest
> change possible should be included, but this version seemed to have quite a
> few more changes.

We assumed that the vulnerabilities are not so critical and the new
version is almost ready. Also workarounds exist so you can apply them
to be safe if you are not able to migrate to the latest version.

https://cwiki.apache.org/confluence/display/WW/S2-047
https://cwiki.apache.org/confluence/display/WW/S2-049


Regards
-- 
Ɓukasz
+ 48 606 323 122 http://www.lenart.org.pl/

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org


Mime
View raw message