Apache Struts 2 Documentation > Home > Guides > Migration Guide > Release Notes 2.0.11.1
#editReport()

These are the notes for the Struts 2.0.11.1 distribution.

Struts 2.0.11.1 corrected two serious security flaws in the Struts 2 <s:url> and <s:a> tags where a missing URL encoding handling for <script> HTML tag can lead to a reflected XSS (cross site scripting) exploit. All users are strongly encouraged to upgrade to Struts 2.0.11.1.

For prior notes in this release series, see Release Notes 2.0.11

Changelog

Issue Detail

Issue List

Other resources

Release Plan

  • Struts 2.0.11.1 is a security fix for the prior Struts 2.0.11 GA release.
  • The Release Manager is Rene Gielen.
  • The tag date for the release is 02 Mar 2008.