Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 5.3

...

(warning) Struts 2.0.10 corrects a serious security flaw in the Struts 2 tags where using JSP EL expressions could allow malicious OGNL expressions through. All users are encouraged to update to Struts 2.0.10. Note that existing pages that utilize JSP EL expressions with Struts 2 tags will not no longer work with as of this release.

(tick) For prior notes in this release series, see Release Notes 2.0.9

...

Code Block
titleMaven Dependency

<dependency>
  <groupId>org.apache.struts</groupId>
  <artifactId>struts2-core</artifactId>
  <version>2.0.10</version>
</dependency>
Code Block
titleSnapshot Repository

<repositories>
  <repository>
    <id>apache.snapshots</id>
    <name>ASF Maven 2 Snapshot</name>
    <url>http://people.apache.org/repo/m2-snapshot-repository</url>
  </repository>
</repositories>

Significant Fixes

  • This release fixes a security flaw in the Struts 2 tags that XXXXXXXwhere using JSP EL expressions could allow malicious OGNL expressions through.
  • Portlet support has been significantly improved in this release to fix issues related to using several of the pre-bundled Struts 2 interceptors.
  • For other changes, see the JIRA release notes.

API changes

  • The org.apache.struts2.components.Component.determineActionURL signature has changed: now it has two more parameters. Extension developers are invited to modify their code accordingly.

Experimental Features and Plugins

...

  • Struts 2.0.10 is a milestone version in the 2.0.x series. Struts 2.0.9 is the prior GA release.
  • The Release Managers are James Holmes and Ted Husted.
  • The tag date for the release is 23 July 9 Sep 2007. (need to update date)