Quantcast

FW: Apache Struts Upgrade to version 2.3.31

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

FW: Apache Struts Upgrade to version 2.3.31

Muthiraparambil Somasundaram, Jeril

Hi Lukasz/Team,

 

We do not use Maven. Do you think replacing struts jar file in the below location should suffice?

 

 

 

 

Below is from version 2.3.31 package. Would you be able to advise which of these jar files needs to be used to replace the current one for an upgrade?

 

 

 

Thanks,

Jeril

+61450204750

 

 

From: Lukasz Lenart [[hidden email]]
Sent: Friday, 2 December 2016 7:42 PM
To: Davis, Geethu <[hidden email]>
Cc: [hidden email]; Muthiraparambil Somasundaram, Jeril <[hidden email]>; Kannoly, Arathy <[hidden email]>
Subject: Re: Apache Struts Upgrade to version 2.3.31

 

Hi,

 

It all depends how do you manage dependencies, do you use Maven or manually by putting jars in WEB-INF/lib? In most cases replacing jars should be enough. And please ask such common questions via Struts Users Mailing List <[hidden email]> as this list is used to report and discuss security vulnerabilities.

 

 

Regards

--

Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/

 

2016-12-02 7:01 GMT+01:00 Davis, Geethu <[hidden email]>:

Hi team,

 

Could you please help with this request?

 

Thanks,

Geethu

Commonwealth Bank

ITSMO_Logo  

ITSMO, driving an Always Available Bank

 

Geethu Davis

TCS Equities Support

IT Service Management and Operations

Enterprise Services

P: <a href="tel:&#43;91%20484%20618%209534" target="_blank">+91 484 6189534 

[hidden email]

 

Our vision is to excel at securing and enhancing the financial wellbeing of people, businesses and communities

 

From: Davis, Geethu
Sent: Wednesday, 30 November 2016 12:40 AM
To: 'Johannes Geppert' <
[hidden email]>; [hidden email]
Cc: Muthiraparambil Somasundaram, Jeril <
[hidden email]>
Subject: RE: Apache Struts Upgrade to version 2.3.31

 

Hi Johannes,

 

Thanks for the link. However, could you please provide step wise instructions for the installation?

 

Thanks,

Geethu

Commonwealth Bank

ITSMO_Logo  

ITSMO, driving an Always Available Bank

 

Geethu Davis

TCS Equities Support

IT Service Management and Operations

Enterprise Services

P: <a href="tel:&#43;91%20484%20618%209534" target="_blank">+91 484 6189534 

[hidden email]

 

Our vision is to excel at securing and enhancing the financial wellbeing of people, businesses and communities

 

From: Johannes Geppert [[hidden email]]
Sent: Tuesday, 15 November 2016 8:04 PM
To:
[hidden email]; Davis, Geethu <[hidden email]>
Subject: Re: Apache Struts Upgrade to version 2.3.31

 

Hi Geethu,

 

Just click on the link "Version Notes" to see the release notes for this special release.

 

 

Best Regards

 

Johannes


#################################################

 

 

2016-11-15 15:18 GMT+01:00 Davis, Geethu <[hidden email]>:

Hi Team,

 

One of the Windows 2008 R2 servers managed by our team has been found to have Apache Struts version 2.3.16.3 installed in it. As our security team has informed that this version has multiple security remote code execution vulnerabilities, we are planning to upgrade this to version 2.3.31.


We have downloaded the zip file from the below page. Could you please provide us with any release notes/instructions on re-installation so that we could prepare a runsheet for the same? This is to be handed over to the server support team. Any assistance is appreciated.

 

http://struts.apache.org/download.cgi

cid:image002.jpg@01D24CBD.B50D8DE0

 

Thanks,
Geethu

Commonwealth Bank

ITSMO_Logo  

ITSMO, driving an Always Available Bank

 

Geethu Davis

TCS Equities Support

IT Service Management and Operations

Enterprise Services

P: <a href="tel:&#43;91%20484%20618%209534" target="_blank">+91 484 6189534 

[hidden email]

 

Our vision is to excel at securing and enhancing the financial wellbeing of people, businesses and communities

 


************** IMPORTANT MESSAGE *****************************     
This e-mail message is intended only for the addressee(s) and contains information which may be
confidential.
If you are not the intended recipient please advise the sender by return email, do not use or
disclose the contents, and delete the message and any attachments from your system. Unless
specifically indicated, this email does not constitute formal advice or commitment by the sender
or the Commonwealth Bank of Australia (ABN 48 123 123 124) or its subsidiaries.
We can be contacted through our web site: commbank.com.au.
If you no longer wish to receive commercial electronic messages from us, please reply to this
e-mail by typing Unsubscribe in the subject line.
**************************************************************

 


************** IMPORTANT MESSAGE *****************************     
This e-mail message is intended only for the addressee(s) and contains information which may be
confidential.
If you are not the intended recipient please advise the sender by return email, do not use or
disclose the contents, and delete the message and any attachments from your system. Unless
specifically indicated, this email does not constitute formal advice or commitment by the sender
or the Commonwealth Bank of Australia (ABN 48 123 123 124) or its subsidiaries.
We can be contacted through our web site: commbank.com.au.
If you no longer wish to receive commercial electronic messages from us, please reply to this
e-mail by typing Unsubscribe in the subject line.
**************************************************************

 


************** IMPORTANT MESSAGE *****************************     
This e-mail message is intended only for the addressee(s) and contains information which may be
confidential.
If you are not the intended recipient please advise the sender by return email, do not use or
disclose the contents, and delete the message and any attachments from your system. Unless
specifically indicated, this email does not constitute formal advice or commitment by the sender
or the Commonwealth Bank of Australia (ABN 48 123 123 124) or its subsidiaries.
We can be contacted through our web site: commbank.com.au.
If you no longer wish to receive commercial electronic messages from us, please reply to this
e-mail by typing Unsubscribe in the subject line.
**************************************************************



---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Apache Struts.docx (134K) Download Attachment
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: FW: Apache Struts Upgrade to version 2.3.31

Lukasz Lenart
Hi,

It looks like you want to upgrade from Struts 1 to Struts 2 which are two totally different beasts. In such case replacing JARs won't work, you must rewrite the web layer part.

Read these


Regards
-- 
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/

2016-12-21 6:11 GMT+01:00 Muthiraparambil Somasundaram, Jeril <[hidden email]>:

Hi Lukasz/Team,

 

We do not use Maven. Do you think replacing struts jar file in the below location should suffice?

 

 

 

 

Below is from version 2.3.31 package. Would you be able to advise which of these jar files needs to be used to replace the current one for an upgrade?

 

 

 

Thanks,

Jeril

<a href="tel:+61%20450%20204%20750" value="+61450204750" target="_blank">+61450204750

 

 

From: Lukasz Lenart [[hidden email]]
Sent: Friday, 2 December 2016 7:42 PM
To: Davis, Geethu <[hidden email]>
Cc: [hidden email]; Muthiraparambil Somasundaram, Jeril <[hidden email]>; Kannoly, Arathy <[hidden email]>
Subject: Re: Apache Struts Upgrade to version 2.3.31

 

Hi,

 

It all depends how do you manage dependencies, do you use Maven or manually by putting jars in WEB-INF/lib? In most cases replacing jars should be enough. And please ask such common questions via Struts Users Mailing List <[hidden email]> as this list is used to report and discuss security vulnerabilities.

 

 

Regards

--

Łukasz
<a href="tel:606%20323%20122" value="+48606323122" target="_blank">+ 48 606 323 122 http://www.lenart.org.pl/

 

2016-12-02 7:01 GMT+01:00 Davis, Geethu <[hidden email]>:

Hi team,

 

Could you please help with this request?

 

Thanks,

Geethu

Commonwealth Bank

  

ITSMO, driving an Always Available Bank

 

Geethu Davis

TCS Equities Support

IT Service Management and Operations

Enterprise Services

P: <a href="tel:+91%20484%20618%209534" target="_blank">+91 484 6189534 

[hidden email]

 

Our vision is to excel at securing and enhancing the financial wellbeing of people, businesses and communities

 

From: Davis, Geethu
Sent: Wednesday, 30 November 2016 12:40 AM
To: 'Johannes Geppert' <
[hidden email]>; [hidden email]
Cc: Muthiraparambil Somasundaram, Jeril <
[hidden email]>
Subject: RE: Apache Struts Upgrade to version 2.3.31

 

Hi Johannes,

 

Thanks for the link. However, could you please provide step wise instructions for the installation?

 

Thanks,

Geethu

Commonwealth Bank

  

ITSMO, driving an Always Available Bank

 

Geethu Davis

TCS Equities Support

IT Service Management and Operations

Enterprise Services

P: <a href="tel:+91%20484%20618%209534" target="_blank">+91 484 6189534 

[hidden email]

 

Our vision is to excel at securing and enhancing the financial wellbeing of people, businesses and communities

 

From: Johannes Geppert [[hidden email]]
Sent: Tuesday, 15 November 2016 8:04 PM
To:
[hidden email]; Davis, Geethu <[hidden email]>
Subject: Re: Apache Struts Upgrade to version 2.3.31

 

Hi Geethu,

 

Just click on the link "Version Notes" to see the release notes for this special release.

 

 

Best Regards

 

Johannes


#################################################

 

 

2016-11-15 15:18 GMT+01:00 Davis, Geethu <[hidden email]>:

Hi Team,

 

One of the Windows 2008 R2 servers managed by our team has been found to have Apache Struts version 2.3.16.3 installed in it. As our security team has informed that this version has multiple security remote code execution vulnerabilities, we are planning to upgrade this to version 2.3.31.


We have downloaded the zip file from the below page. Could you please provide us with any release notes/instructions on re-installation so that we could prepare a runsheet for the same? This is to be handed over to the server support team. Any assistance is appreciated.

 

http://struts.apache.org/download.cgi

 

Thanks,
Geethu

Commonwealth Bank

  

ITSMO, driving an Always Available Bank

 

Geethu Davis

TCS Equities Support

IT Service Management and Operations

Enterprise Services

P: <a href="tel:+91%20484%20618%209534" target="_blank">+91 484 6189534 

[hidden email]

 

Our vision is to excel at securing and enhancing the financial wellbeing of people, businesses and communities

 


************** IMPORTANT MESSAGE *****************************     
This e-mail message is intended only for the addressee(s) and contains information which may be
confidential.
If you are not the intended recipient please advise the sender by return email, do not use or
disclose the contents, and delete the message and any attachments from your system. Unless
specifically indicated, this email does not constitute formal advice or commitment by the sender
or the Commonwealth Bank of Australia (ABN 48 123 123 124) or its subsidiaries.
We can be contacted through our web site: commbank.com.au.
If you no longer wish to receive commercial electronic messages from us, please reply to this
e-mail by typing Unsubscribe in the subject line.
**************************************************************

 


************** IMPORTANT MESSAGE *****************************     
This e-mail message is intended only for the addressee(s) and contains information which may be
confidential.
If you are not the intended recipient please advise the sender by return email, do not use or
disclose the contents, and delete the message and any attachments from your system. Unless
specifically indicated, this email does not constitute formal advice or commitment by the sender
or the Commonwealth Bank of Australia (ABN 48 123 123 124) or its subsidiaries.
We can be contacted through our web site: commbank.com.au.
If you no longer wish to receive commercial electronic messages from us, please reply to this
e-mail by typing Unsubscribe in the subject line.
**************************************************************

 


************** IMPORTANT MESSAGE *****************************     
This e-mail message is intended only for the addressee(s) and contains information which may be
confidential.
If you are not the intended recipient please advise the sender by return email, do not use or
disclose the contents, and delete the message and any attachments from your system. Unless
specifically indicated, this email does not constitute formal advice or commitment by the sender
or the Commonwealth Bank of Australia (ABN 48 123 123 124) or its subsidiaries.
We can be contacted through our web site: commbank.com.au.
If you no longer wish to receive commercial electronic messages from us, please reply to this
e-mail by typing Unsubscribe in the subject line.
**************************************************************


Loading...