The Apache Project

6.1 Release Notes - Version 1.2.8


The main motivation for releasing Struts 1.2.8 is to fix a Cross Site Scripting (XSS) vulnerability which has been identified by More details available on the Wiki.

This section contains release notes for changes that have taken place since Version 1.2.7. To keep up-to-date on all changes to Struts, subscribe to the dev@ list.

Notes on upgrading are maintained in the Wiki Upgrade pages. The wiki is a community maintained resource - please feel free to add your input so that everyone can benefit from the collective experience.

For the version requirements of each library, see the Installation chapter.

Version 1.2.8

After Version 1.2.6 was tagged the 1.2 Branch was created and work started on the next version (1.3.x series). Work has continued on both versions and Revision numbers shown in brackets are where a change has been ported from the current development version into the 1.2 Branch.

Modification Revision Bugzilla Description
2005-11-07 331261 (331265) 37131 Escape newlines in Validator variables.
2005-11-05 191272 and 192949 (331056) 35127 Changing rendering of the form name to use the 'id' attribute when in XHTML strict mode.
2005-11-05 331060 (331055) n/a Fix for Struts XSS Vulnerability - remove uri from error messages.
2005-08-31 265661 (265658) n/a Remove I18nFactorySet copied code.
2005-08-29 264694 (264684) 32584 Provide config option to turn off MessageResources escape processing.
2005-08-29 226545 (264662) 35833 Fix bug where non-resource action messages only work for the first message in the messages list.
2005-06-20 191474 (191475) 35421 Correct link on the acquiring page to the maven generated nightly builds.
2005-06-17 190794 (191170) n/a Update TagUtils to provide a more specific error message where properties on a formbean are not found.
2005-06-16 191011 34460 Update to the HTML tag library docs.
2005-06-16 191001 (191002) 32313 Update tag library configuration docs for Servlet 2.4.
2005-06-15 190634 (190779) 23864 Filter html sensitive characters in the <html:radio> tag's value.
2005-06-15 190804 (190807) 3202 <html:options> tag logic updated to be more efficient with use of iterators.
2005-06-15 190631 (190780) 27861 Add better error reporting to <bean:define> tag.
2005-06-04 180002 (180001) n/a Add warning to ActionMapping.findForward() method if not found.
2005-05-27 178799 35108 Add comment regarding jdbc20ext.jar and JDK to
2005-05-18 170859 (170858) 34949 Add no-arg constructor to ModuleConfigImpl.

Next: Installation