The main motivation for releasing Struts 1.2.8 is to fix a Cross Site Scripting (XSS) vulnerability which has been identified by Hacktics.com. More details available on the Wiki .
This section contains release notes for changes that have taken place since Version 1.2.7 . To keep up-to-date on all changes to Struts, subscribe to the dev@ list.
Notes on upgrading are maintained in the Wiki Upgrade pages . The wiki is a community maintained resource - please feel free to add your input so that everyone can benefit from the collective experience.
For the version requirements of each library, see the Installation chapter .
After Version 1.2.6 was tagged the 1.2 Branch was created and work started on the next version ( 1.3.x series ). Work has continued on both versions and Revision numbers shown in brackets are where a change has been ported from the current development version into the 1.2 Branch .
| Modification | Revision | Bugzilla | Description |
|---|---|---|---|
| 2005-11-07 | 331261 ( 331265 ) | 37131 | Escape newlines in Validator variables. |
| 2005-11-05 | 191272 and 192949 ( 331056 ) | 35127 | Changing rendering of the form name to use the 'id' attribute when in XHTML strict mode. |
| 2005-11-05 | 331060 ( 331055 ) | n/a | Fix for Struts XSS Vulnerability - remove uri from error messages. |
| 2005-08-31 | 265661 ( 265658 ) | n/a | Remove I18nFactorySet copied code. |
| 2005-08-29 | 264694 ( 264684 ) | 32584 | Provide config option to turn off MessageResources escape processing. |
| 2005-08-29 | 226545 ( 264662 ) | 35833 | Fix bug where non-resource action messages only work for the first message in the messages list. |
| 2005-06-20 | 191474 ( 191475 ) | 35421 | Correct link on the acquiring page to the maven generated nightly builds. |
| 2005-06-17 | 190794 ( 191170 ) | n/a | Update TagUtils to provide a more specific error message where properties on a formbean are not found. |
| 2005-06-16 | 191011 | 34460 | Update to the HTML tag library docs. |
| 2005-06-16 | 191001 ( 191002 ) | 32313 | Update tag library configuration docs for Servlet 2.4. |
| 2005-06-15 | 190634 ( 190779 ) | 23864 | Filter html sensitive characters in the <html:radio> tag's value. |
| 2005-06-15 | 190804 ( 190807 ) | 3202 | <html:options> tag logic updated to be more efficient with use of iterators. |
| 2005-06-15 | 190631 ( 190780 ) | 27861 | Add better error reporting to <bean:define> tag. |
| 2005-06-04 | 180002 ( 180001 ) | n/a | Add warning to ActionMapping.findForward() method if not found. |
| 2005-05-27 | 178799 | 35108 | Add comment regarding jdbc20ext.jar and JDK to build.properties.sample. |
| 2005-05-18 | 170859 ( 170858 ) | 34949 | Add no-arg constructor to ModuleConfigImpl. |
Next: Installation