Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.

(tick) These are the notes for the Struts 3 distribution.

(tick) For prior notes in this release series, see Version Notes


Code Block
titleMaven Dependency

You can also use Struts Archetype Catalog like below


Code Block
titleStaging Repository
    <name>ASF Nexus Staging</name>

Internal Changes

  • (warning) Forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution, read more details in S2-029
  • (warning) Possible RCE vulnerability in XSLTResult was fixed, read more details in S2-031
  • (warning) Prevents execution of chained expressions based on new isSequence flag introduce in appropriated OGNL versions, it's related to S2-032


This release contains fixes related to S2-029, S2-031 and S2-032 security bulletins, please read them carefully!

Issue Detail

Issue List

Other resources