Upgrading Struts 1.2.7 to Struts 1.2.8
N.B. The primary motivation for Struts 1.2.8 was to fix a Cross Site Scripting (XSS) vulnerability. See StrutsXssVulnerability for more details.
1. jars
Only the struts.jar needs to be upgraded - all Struts dependencies remain the same as Struts 1.2.7.
2. Commons Validator 1.2.0
Struts 1.2.8 is distributed with Commons Validator 1.1.4. However you may wish to upgrade to Commons Validator 1.2.0 which was recently released either because of the XHTML & JavaScript Validation Issue or because of the Validator 1.2.0 Features...
2.1 XHTML & JavaScript Validation Issue
The problem of JavaScript Validation not working in XHTML mode (see Bug 35127) can be resolved by upgrading to Struts 1.2.8 and Commons Validator 1.2.0.
2.2 Validator 1.2.0 Features
For details of Commons Validator 1.2.0 see ...
- Changes Report - for a full list of changes in Validator 1.2.0
- Wiki Release Notes -for a summary of changes in Validator 1.2.0 and notes on upgrading.