THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
Struts 2.0.10 corrects a serious security flaw in one of our dependenciesthe Struts 2 tags where using JSP EL expressions could allow malicious OGNL expressions through. All users are encouraged to update to Struts 2.0.10 or to utilize the XWork 2.0.4 JAR with a prior release of Struts 2. Note that existing pages that utilize JSP EL expressions with Struts 2 tags will no longer work as of this release.
For prior notes in this release series, see Release Notes 2.0.9
...
| Code Block | ||
|---|---|---|
| ||
<dependency> <groupId>org.apache.struts</groupId> <artifactId>struts2-core</artifactId> <version>2.0.10</version> </dependency> |
| Code Block | ||
|---|---|---|
| ||
<repositories> <repository> <id>apache.snapshots</id> <name>ASF Maven 2 Snapshot</name> <url>http://people.apache.org/repo/m2-snapshot-repository</url> </repository> </repositories> |
Significant Fixes
- This release utilizes XWork 2.0.4 which prevents OGNL evaluations of user inputfixes a security flaw in the Struts 2 tags where using JSP EL expressions could allow malicious OGNL expressions through.
- Portlet support has been significantly improved in this release to fix issues related to using several of the pre-bundled Struts 2 interceptors.
- For other changes, see the JIRA release notes.
API changes
- The org.apache.struts2.components.Component.determineActionURL signature has changed: now it has two more parameters. Extension developers are invited to modify their code accordingly.
Experimental Features and Plugins
...
- Struts 2.0.10 is a milestone version in the 2.0.x series. Struts 2.0.9 is the prior GA release.
- The Release Managers are James Holmes and Ted Husted.
- The tag date for the release is 23 July 9 Sep 2007. (need to update date)