6.1 Release Notes - Version 1.2.9
Introduction
The main motivation for releasing Struts 1.2.9 is to fix three security issues which have been identified:
- Bug 38374 - Validation always skipped with Globals.CANCEL_KEY.
- Bug 38534 - DOS attack, application hack.
- Bug 38749 - XSS vulnerability in LookupDispatchAction.
This section contains release notes for changes that have taken place since Version 1.2.8. To keep up-to-date on all changes to Struts, subscribe to the dev@ list.
Notes on upgrading are maintained in the Wiki Upgrade pages. The wiki is a community maintained resource - please feel free to add your input so that everyone can benefit from the collective experience.
For the version requirements of each library, see the Installation chapter.
Version 1.2.9
After Version 1.2.6 was tagged the 1.2 Branch was created and work started on the next version (1.3.x series). Work has continued on both versions and Revision numbers shown in brackets are where a change has been ported from the current development version into the 1.2 Branch.
Modification | Revision | Bugzilla | Description |
---|---|---|---|
2006-03-08 | 384234 (384235) | 37817 | TagUtils doesn't create XHTML compliant URLs using forwards defined with redirect="true". |
2006-03-08 | 384090 (384092) | 38343 | Add EventDispatchAction and EventActionDispatcher. |
2006-03-07 | 383907 (383908) | 37685 | Javascript tag does not work on Mozilla. |
2006-03-07 | 383718 (383720) | 38749 | XSS vulnerability in LookupDispatchAction. |
2006-02-15 | 379661 (377929) | 38534 | DOS attack, application hack. |
2006-02-14 | 377562 (377805) | 38374 | Validation always skipped with Globals.CANCEL_KEY. |
2006-01-31 | 373798 (373801) | 38461 | struts-el html tag library errorKey not using documented default value. |
Next: Installation