These are the notes for the Struts 2.0.12 distribution.
Struts 2.0.12 provides important security and bug fixes. Among others, it corrects two serious vulnerabilities:
- in ParametersInterceptor allowing malicious users to remotely change server side context objects - S2-003
- in FilterDispatcher allowing read access to server filesystem resources in certain application server environments - S2-004
All users are strongly encouraged to upgrade to Struts 2.0.12.
For prior notes in this release series, see Release Notes 126.96.36.199
- Struts 2.0.12 is a security and bug fix release for the prior Struts 188.8.131.52 GA release.
- The Release Manager is Rene Gielen.
- The tag date for the release is 16 Oct 2008.