Page History

These are the notes for the Struts 2.0.10 distribution.

Struts 2.0.10 corrects a serious security flaw in the Struts 2 tags where using JSP EL expressions could allow malicious OGNL expressions through. All users are encouraged to update to Struts 2.0.10. Note that existing pages that utilize JSP EL expressions with Struts 2 tags will no longer work as of this release.

For prior notes in this release series, see Release Notes 2.0.9

...

Code Block

title	Maven Dependency


<dependency>
  <groupId>org.apache.struts</groupId>
  <artifactId>struts2-core</artifactId>
  <version>2.0.10</version>
</dependency>

Code Block

title	Snapshot Repository


<repositories>
  <repository>
    <id>apache.snapshots</id>
    <name>ASF Maven 2 Snapshot</name>
    <url>http://people.apache.org/repo/m2-snapshot-repository</url>
  </repository>
</repositories>

Significant Fixes

This release utilizes XWork 2.0.4 which prevents OGNL evaluations of user inputfixes a security flaw in the Struts 2 tags where using JSP EL expressions could allow malicious OGNL expressions through.
Portlet support has been significantly improved in this release to fix issues related to using several of the pre-bundled Struts 2 interceptors.
For other changes, see the JIRA release notes.

API changes

The org.apache.struts2.components.Component.determineActionURL signature has changed: now it has two more parameters. Extension developers are invited to modify their code accordingly.

Experimental Features and Plugins

...

Issue List

Other resources

Release Plan

Struts 2.0.10 is a milestone version in the 2.0.x series. Struts 2.0.9 is the prior GA release.
The Release Managers are James Holmes and Ted Husted.
The tag date for the release is 23 July 9 Sep 2007.

Child pages

Versions Compared

Old Version 5

New Version Current

Key