THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
These are the notes for the Struts 2.0.11 distribution.
Struts 2.0.10 corrects corrected a serious security flaw in the Struts 2 tags where using JSP EL expressions could allow malicious OGNL expressions through. All users are encouraged to upgrade to Struts 2.0.11. Note that existing pages that utilize JSP EL expressions with Struts 2 tags will no longer work as of this release.
For prior notes in this release series, see Release Notes 2.0.10
- If you are a Maven user, you might want to get started using the Maven Archetype.
- Another quick-start entry point is the blank application. Rename and deploy the WAR as a starting point for your own development.
...
| title | Maven Dependency |
|---|
...
| Code Block | ||
|---|---|---|
| ||
<repositories>
<repository>
<id>apache.snapshots</id>
<name>ASF Maven 2 Snapshot</name>
<url>http://people.apache.org/repo/m2-snapshot-repository</url>
</repository>
</repositories>
|
Significant Fixes
- This release fixes a security flaw in the Struts 2 tags where using JSP EL expressions could allow malicious OGNL expressions through.
- Portlet support has been significantly improved in this release to fix issues related to using several of the pre-bundled Struts 2 interceptors.
- For other changes, see the JIRA release notes.
API changes
- The org.apache.struts2.components.Component.determineActionURL signature has changed: now it has two more parameters. The prior signature is available but deprecated. Extension developers are invited to modify their code accordingly.
...
- Struts 2.0.11 is a milestone version in the 2.0.x series. Struts 2.0.9 is the prior GA release.
- The Release Managers are James Holmes and Ted Husted.
- The tag date for the release is (need date here)20 Sep 2007.