Apache Struts 2.3.28.1 GA / 2.3.20.3 GA / 2.3.24.3 GA 发布了。
Struts 是 Apache软件基金会(ASF)赞助的一个开源项目。它最初是 Jakarta项目中的一个子项目,并在2004年3月成为ASF的顶级项目。它通过采用 Java Servlet/JSP 技术,实现了基于Java EE Web应用的MVC设计模式的应用框架,是MVC经典设计模式中的一个经典产品。
Apache Struts 2.3.28.1
更新内容:
S2-031 Possible RCE vulnerability in XSLTResult was fixed.
S2-032 Prevents execution of chained expressions based on new is Sequence flag introduce in appropriated OGNL versions.
Apache Struts 2.3.20.3 & 2.3.24.3
更新内容:
S2-029 Forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution.
S2-031 Possible RCE vulnerability in XSLTResult was fixed.
S2-032 Prevents execution of chained expressions based on new is Sequence flag introduce in appropriated OGNL versions.
下载地址:
http://struts.apache.org/download.cgi#struts23203
http://struts.apache.org/download.cgi#struts23243
软件详情:http://struts.apache.org/docs/version-notes-23281.html
下载地址:http://apache.opencas.org//struts/2.3.28.1/struts-2.3.28.1-all.zip
来自:开源中国社区
