(tick) These are the notes for the Struts distribution.

(warning) Struts corrected two serious security flaws in the Struts 2 <s:url> and <s:a> tags where a missing URL encoding handling for <script> HTML tag can lead to a reflected XSS (cross site scripting) exploit. All users are strongly encouraged to upgrade to Struts

(tick) For prior notes in this release series, see Release Notes 2.0.11


Issue Detail

Issue List

Other resources

Release Plan

  • Struts is a security fix for the prior Struts 2.0.11 GA release.
  • The Release Manager is Rene Gielen.
  • The tag date for the release is 02 Mar 2008.
  • No labels