6.1 Release Notes - Version 1.2.8
Introduction
The main motivation for releasing Struts 1.2.8 is to fix a Cross Site Scripting (XSS) vulnerability which has been identified by Hacktics.com. More details available on the Wiki.
This section contains release notes for changes that have taken place since Version 1.2.7. To keep up-to-date on all changes to Struts, subscribe to the dev@ list.
Notes on upgrading are maintained in the Wiki Upgrade pages. The wiki is a community maintained resource - please feel free to add your input so that everyone can benefit from the collective experience.
For the version requirements of each library, see the Installation chapter.
Version 1.2.8
After Version 1.2.6 was tagged the 1.2 Branch was created and work started on the next version (1.3.x series). Work has continued on both versions and Revision numbers shown in brackets are where a change has been ported from the current development version into the 1.2 Branch.
| Modification | Revision | Bugzilla | Description |
|---|---|---|---|
| 2005-11-07 | 331261 (331265) | 37131 | Escape newlines in Validator variables. |
| 2005-11-05 | 191272 and 192949 (331056) | 35127 | Changing rendering of the form name to use the 'id' attribute when in XHTML strict mode. |
| 2005-11-05 | 331060 (331055) | n/a | Fix for Struts XSS Vulnerability - remove uri from error messages. |
| 2005-08-31 | 265661 (265658) | n/a | Remove I18nFactorySet copied code. |
| 2005-08-29 | 264694 (264684) | 32584 | Provide config option to turn off MessageResources escape processing. |
| 2005-08-29 | 226545 (264662) | 35833 | Fix bug where non-resource action messages only work for the first message in the messages list. |
| 2005-06-20 | 191474 (191475) | 35421 | Correct link on the acquiring page to the maven generated nightly builds. |
| 2005-06-17 | 190794 (191170) | n/a | Update TagUtils to provide a more specific error message where properties on a formbean are not found. |
| 2005-06-16 | 191011 | 34460 | Update to the HTML tag library docs. |
| 2005-06-16 | 191001 (191002) | 32313 | Update tag library configuration docs for Servlet 2.4. |
| 2005-06-15 | 190634 (190779) | 23864 | Filter html sensitive characters in the <html:radio> tag's value. |
| 2005-06-15 | 190804 (190807) | 3202 | <html:options> tag logic updated to be more efficient with use of iterators. |
| 2005-06-15 | 190631 (190780) | 27861 | Add better error reporting to <bean:define> tag. |
| 2005-06-04 | 180002 (180001) | n/a | Add warning to ActionMapping.findForward() method if not found. |
| 2005-05-27 | 178799 | 35108 | Add comment regarding jdbc20ext.jar and JDK to build.properties.sample. |
| 2005-05-18 | 170859 (170858) | 34949 | Add no-arg constructor to ModuleConfigImpl. |
Next: Installation
Copyright (c) 2000-2005, The Apache Software Foundation