|Apache Struts 2 Documentation > Home > Guides > Migration Guide > Release Notes 220.127.116.11|
These are the notes for the Struts 18.104.22.168 distribution.
Struts 22.214.171.124 corrected two serious security flaws in the Struts 2 <s:url> and <s:a> tags where a missing URL encoding handling for <script> HTML tag can lead to a reflected XSS (cross site scripting) exploit. All users are strongly encouraged to upgrade to Struts 126.96.36.199.
For prior notes in this release series, see Release Notes 2.0.11