THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
These are the notes for the Struts 2.0.12 distribution.
Struts 2.0.12 comes with a security fixed version 2.0.5 of XWork, which corrects a serious vulnerability provides important security and bug fixes. Among others, it corrects two serious vulnerabilities:
- in ParametersInterceptor allowing malicious users to remotely change server side context objects - S2-003
- in FilterDispatcher allowing read access to server filesystem resources in certain application server environments - S2-004
. All users are strongly encouraged to upgrade to Struts 2.0.11.212.
For prior notes in this release series, see Release Notes 2.0.11.2
...