Upgrading Struts 1.2.7 to Struts 1.2.8

N.B. The primary motivation for Struts 1.2.8 was to fix a Cross Site Scripting (XSS) vulnerability. See StrutsXssVulnerability for more details.

1. jars

Only the struts.jar needs to be upgraded - all Struts dependencies remain the same as Struts 1.2.7.

2. Commons Validator 1.2.0

Struts 1.2.8 is distributed with Commons Validator 1.1.4. However you may wish to upgrade to Commons Validator 1.2.0 which was recently released either because of the XHTML & JavaScript Validation Issue or because of the Validator 1.2.0 Features...

2.1 XHTML & JavaScript Validation Issue

The problem of JavaScript Validation not working in XHTML mode (see Bug 35127) can be resolved by upgrading to Struts 1.2.8 and Commons Validator 1.2.0.

2.2 Validator 1.2.0 Features

For details of Commons Validator 1.2.0 see ...

  • No labels