struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Adam Brin <ab...@digitalantiquity.org>
Subject Re: 2.5.12 & security fix protocol
Date Fri, 14 Jul 2017 13:18:28 GMT
thanks for the clarification.

On Fri, Jul 14, 2017 at 5:53 AM, Lukasz Lenart <lukaszlenart@apache.org>
wrote:

> 2017-07-14 14:40 GMT+02:00 Adam Brin <abrin@digitalantiquity.org>:
> > Hi Lukasz,
> >   Out of curiosity, I'm wondering, what the protocol or choice was about
> > including the security patches for struts2 in a "new" release as opposed
> to
> > a point release for 2.5.10 (eg. 2.5.10.1)?  It would seem like the
> smallest
> > change possible should be included, but this version seemed to have
> quite a
> > few more changes.
>
> We assumed that the vulnerabilities are not so critical and the new
> version is almost ready. Also workarounds exist so you can apply them
> to be safe if you are not able to migrate to the latest version.
>
> https://cwiki.apache.org/confluence/display/WW/S2-047
> https://cwiki.apache.org/confluence/display/WW/S2-049
>
>
> Regards
> --
> Ɓukasz
> + 48 606 323 122 http://www.lenart.org.pl/
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> For additional commands, e-mail: user-help@struts.apache.org
>
>


-- 
_________________________________________________________
Adam Brin
Director of Technology, Digital Antiquity
480.965.1278 <(480)%20965-1278>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message