[WW-4917] Clarification on security status and support for Struts 2.3 - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Task
Status: Closed
Priority: Minor
Resolution: Won't Fix
Affects Version/s: 2.3.34
Fix Version/s: None
Component/s: Documentation
Labels:
- security

Description

Hi

Can you kindly provide clarity as to the exact status of the 2.3 series in terms of ongoing support and security status.

On the Struts web page https://struts.apache.org/

I found the statement:

"It's the latest release of Struts 2.3.x which contains the latest security fixes, read more in Announcement or in Version notes"

Yet, on the page at https://struts.apache.org/releases.html it is stated that :

"Prior Releases

As a courtesy, we retain archival copies of the website for releases that initially were considered "General Availability" but which has been reclassified as "Not recommended" since they contain security issues
"
And version 2.3.34 is listed here.

Lastly - I find no EOL announcement for 2.3.x

So in summary the question is:

1 Is the 2.3 series EOL?
2 Does 2.3.34 contain any known security bugs?

Thanking you in advance

Richard

Attachments

Activity

People

Assignee:: Lukasz Lenart

Reporter:: Richard Taylor

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 10/Feb/18 14:05

Updated:: 17/Oct/22 05:25

Resolved:: 17/Oct/22 05:25