Child pages
  • Version Notes 2.5.17

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: fix vuln description

(tick) (tick) These are the notes for the Struts 2.5.17 distribution.

(tick) (tick) For prior notes in this release series, see Version Notes 2.5.16

...

Code Block
xml
xml
titleStaging Repository
<repositories>
  <repository>
    <id>apache.nexus</id>
    <name>ASF Nexus Staging</name>
    <url>https://repository.apache.org/content/groups/staging/</url>
  </repository>
</repositories>

Internal Changes

  • (warning) (warning) Possible Remote Code Execution when using results with no namespace and in same time, its upper action(s) have no or wildcard namespace. Same possibility when using url tag which doesn’t have value and action set, see S2-057
  • (warning) (warning) Critical overall proactive security improvements

...