THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
These are the notes for the Struts 2.0.10 distribution.
Struts 2.0.10 corrects a serious security flaw in the Struts 2 tags where using JSP EL expressions could allow malicious OGNL expressions through. All users are encouraged to update to Struts 2.0.10. Note that existing pages that utilize JSP EL expressions with Struts 2 tags will no longer work as of this release.
For prior notes in this release series, see Release Notes 2.0.9
...
Code Block | ||
---|---|---|
| ||
<dependency> <groupId>org.apache.struts</groupId> <artifactId>struts2-core</artifactId> <version>2.0.10</version> </dependency> |
Code Block | ||
---|---|---|
| ||
<repositories> <repository> <id>apache.snapshots</id> <name>ASF Maven 2 Snapshot</name> <url>http://people.apache.org/repo/m2-snapshot-repository</url> </repository> </repositories> |
Significant Fixes
- This release utilizes XWork 2.0.4 which prevents OGNL evaluations of user inputfixes a security flaw in the Struts 2 tags where using JSP EL expressions could allow malicious OGNL expressions through.
- Portlet support has been significantly improved in this release to fix issues related to using several of the pre-bundled Struts 2 interceptors.
- For other changes, see the JIRA release notes.
API changes
- The org.apache.struts2.components.Component.determineActionURL signature has changed: now it has two more parameters. Extension developers are invited to modify their code accordingly.
Experimental Features and Plugins
...
- JIRA Release Notes 2.0.10
- JIRA Release Notes 2.0.9
- JIRA Release Notes 2.0.8
- JIRA Release Notes 2.0.7
- JIRA Release Notes 2.0.6
- JIRA Release Notes 2.0.5
- JIRA Release Notes 2.0.4
- JIRA Release Notes 2.0.3
- JIRA Release Notes 2.0.2
- JIRA Release Notes 2.0.1
- JIRA Release Notes 2.0.0
Issue List
Other resources
Release Plan
- Struts 2.0.10 is a milestone version in the 2.0.x series. Struts 2.0.9 is the prior GA release.
- The Release Managers are James Holmes and Ted Husted.
- The tag date for the release is 23 July 9 Sep 2007.