This Confluence has been LDAP enabled, if you are an ASF Committer, please use your LDAP Credentials to login. Any problems file an INFRA jira ticket please.

Child pages
  • StrutsUpgradeNotes127to128
Skip to end of metadata
Go to start of metadata

Upgrading Struts 1.2.7 to Struts 1.2.8

N.B. The primary motivation for Struts 1.2.8 was to fix a Cross Site Scripting (XSS) vulnerability. See StrutsXssVulnerability for more details.


1. jars

Only the struts.jar needs to be upgraded - all Struts dependencies remain the same as Struts 1.2.7.

2. Commons Validator 1.2.0

Struts 1.2.8 is distributed with Commons Validator 1.1.4. However you may wish to upgrade to Commons Validator 1.2.0 which was recently released either because of the XHTML & JavaScript Validation Issue or because of the Validator 1.2.0 Features...

2.1 XHTML & JavaScript Validation Issue

The problem of JavaScript Validation not working in XHTML mode (see Bug 35127) can be resolved by upgrading to Struts 1.2.8 and Commons Validator 1.2.0.

2.2 Validator 1.2.0 Features

For details of Commons Validator 1.2.0 see ...

  • No labels