These are the notes for the Struts 2.0.11.1 distribution.
Struts 2.0.11.1 corrected two serious security flaws in the Struts 2 <s:url> and <s:a> tags where a missing URL encoding handling for <script> HTML tag can lead to a reflected XSS (cross site scripting) exploit. All users are strongly encouraged to upgrade to Struts 2.0.11.1.
For prior notes in this release series, see Release Notes 2.0.11
Changelog
Issue Detail
- JIRA Release Notes 2.0.11.1
- JIRA Release Notes 2.0.11
- JIRA Release Notes 2.0.10
- JIRA Release Notes 2.0.9
- JIRA Release Notes 2.0.8
- JIRA Release Notes 2.0.7
- JIRA Release Notes 2.0.6
- JIRA Release Notes 2.0.5
- JIRA Release Notes 2.0.4
- JIRA Release Notes 2.0.3
- JIRA Release Notes 2.0.2
- JIRA Release Notes 2.0.1
- JIRA Release Notes 2.0.0
Issue List
Other resources
Release Plan
- Struts 2.0.11.1 is a security fix for the prior Struts 2.0.11 GA release.
- The Release Manager is Rene Gielen.
- The tag date for the release is 02 Mar 2008.