<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"> <head> <title>Struts Release Notes (since 1.2.7)</title> <meta content="text/html; charset=utf-8" http-equiv="Content-Type" /> <link href="../struts.css" type="text/css" rel="stylesheet" /> </head> <body> <div id="heading"> <a href="http://apache.org/"> <img id="asf_logo_wide" alt="The Apache Project" src="../images/asf_logo_wide.gif" /> </a> <a href="http://struts.apache.org/"> <img id="struts-logo" alt="Struts Framework" src="../images/struts.gif" /> </a> </div> <!--end heading--> <div id="content"> <div id="menu"> <p>User Guide</p> <ul> <li> <a href="index.html">Table of Contents</a> </li> <li> <a href="preface.html">Preface</a> </li> <li> <a href="introduction.html">Introduction</a> </li> <li> <a href="building_model.html">Model Components</a> </li> <li> <a href="building_view.html">View Components</a> </li> <li> <a href="building_controller.html">Controller Components</a> </li> <li> <a href="configuration.html">Configuration</a> </li> <li> <a href="release-notes.html">Release Notes</a> </li> <li> <a href="installation.html">Installation</a> </li> </ul> <p>Developer Guides</p> <ul> <li> <a href="dev_bean.html">Bean Tags</a> </li> <li> <a href="dev_html.html">HTML Tags</a> </li> <li> <a href="dev_logic.html">Logic Tags</a> </li> <li> <a href="dev_nested.html">Nested Tags</a> </li> <li> <a href="dev_tiles.html">Tiles Tags</a> </li> <li> <a href="dev_util.html">Utilities</a> </li> <li> <a href="dev_validator.html">Validator</a> </li> </ul> <p>Quick Links</p> <ul> <li> <a href="../index.html">Welcome</a> </li> <li> <a href="index.html">User and Developer Guides *</a> </li> <li> <a href="../faqs/index.html">FAQs and HowTos</a> </li> </ul> </div> <!--end menu--> <div id="main"> <h1 id="release_notes">6.1 Release Notes - Version 1.2.8</h1> <h2 id="Introduction">Introduction</h2> <div class="indent"> <p> The main motivation for releasing Struts 1.2.8 is to fix a <i>Cross Site Scripting</i> (XSS) vulnerability which has been identified by Hacktics.com. More details available on the <a href="http://wiki.apache.org/struts/StrutsXssVulnerability">Wiki</a>. </p> <p> This section contains release notes for changes that have taken place since <a href="release-notes-1.2.7.html">Version 1.2.7</a>. To keep up-to-date on all changes to Struts, subscribe to the dev@ list. </p> <p> <b>Notes on upgrading</b> are maintained in the <a href="http://wiki.apache.org/struts/StrutsUpgrade">Wiki Upgrade pages</a>. The wiki is a community maintained resource - please feel free to add your input so that everyone can benefit from the collective experience. </p> <p> For the version requirements of each library, see the <a href="installation.html">Installation chapter</a>. </p> <h3 id="STRUTS_1_2_8">Version 1.2.8</h3> <p> After <a href="http://svn.apache.org/viewcvs.cgi/struts/core/tags/STRUTS_1_2_6/">Version 1.2.6 was tagged</a> the <a href="http://svn.apache.org/viewcvs.cgi/struts/core/branches/STRUTS_1_2_BRANCH/">1.2 Branch</a> was created and work started on the next version (<i>1.3.x series</i>). Work has continued on both versions and <i>Revision</i> numbers shown in brackets are where a change has been ported from the current development version into the <i>1.2 Branch</i>. </p> <table> <thead> <tr> <th>Modification</th> <th>Revision</th> <th>Bugzilla</th> <th>Description</th> </tr> </thead> <tr> <td align="center">2005-11-07</td> <td align="center"> <a href="http://svn.apache.org/viewcvs?rev=331261&view=rev">331261</a> (<a href="http://svn.apache.org/viewcvs.cgi?rev=331265&view=rev">331265</a>)</td> <td align="center"> <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=37131">37131</a> </td> <td>Escape newlines in Validator variables.</td> </tr> <tr> <td align="center">2005-11-05</td> <td align="center"> <a href="http://svn.apache.org/viewcvs?rev=191272&view=rev">191272</a> and <a href="http://svn.apache.org/viewcvs?rev=192949&view=rev">192949</a> (<a href="http://svn.apache.org/viewcvs.cgi?rev=331056&view=rev">331056</a>)</td> <td align="center"> <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=35127">35127</a> </td> <td>Changing rendering of the form name to use the 'id' attribute when in XHTML strict mode.</td> </tr> <tr> <td align="center">2005-11-05</td> <td align="center"> <a href="http://svn.apache.org/viewcvs?rev=331060&view=rev">331060</a> (<a href="http://svn.apache.org/viewcvs.cgi?rev=331055&view=rev">331055</a>)</td> <td align="center"> <i>n/a</i> </td> <td>Fix for Struts XSS Vulnerability - remove uri from error messages.</td> </tr> <tr> <td align="center">2005-08-31</td> <td align="center"> <a href="http://svn.apache.org/viewcvs?rev=265661&view=rev">265661</a> (<a href="http://svn.apache.org/viewcvs.cgi?rev=265658&view=rev">265658</a>)</td> <td align="center"> <i>n/a</i> </td> <td>Remove I18nFactorySet copied code.</td> </tr> <tr> <td align="center">2005-08-29</td> <td align="center"> <a href="http://svn.apache.org/viewcvs?rev=264694&view=rev">264694</a> (<a href="http://svn.apache.org/viewcvs.cgi?rev=264684&view=rev">264684</a>)</td> <td align="center"> <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=32584">32584</a> </td> <td>Provide config option to turn off MessageResources escape processing.</td> </tr> <tr> <td align="center">2005-08-29</td> <td align="center"> <a href="http://svn.apache.org/viewcvs?rev=226545&view=rev">226545</a> (<a href="http://svn.apache.org/viewcvs.cgi?rev=264662&view=rev">264662</a>)</td> <td align="center"> <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=35833">35833</a> </td> <td>Fix bug where non-resource action messages only work for the first message in the messages list.</td> </tr> <tr> <td align="center">2005-06-20</td> <td align="center"> <a href="http://svn.apache.org/viewcvs?rev=191474&view=rev">191474</a> (<a href="http://svn.apache.org/viewcvs.cgi?rev=191475&view=rev">191475</a>)</td> <td align="center"> <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=35421">35421</a> </td> <td>Correct link on the acquiring page to the maven generated nightly builds.</td> </tr> <tr> <td align="center">2005-06-17</td> <td align="center"> <a href="http://svn.apache.org/viewcvs?rev=190794&view=rev">190794</a> (<a href="http://svn.apache.org/viewcvs.cgi?rev=191170&view=rev">191170</a>)</td> <td align="center"> <i>n/a</i> </td> <td>Update TagUtils to provide a more specific error message where properties on a formbean are not found.</td> </tr> <tr> <td align="center">2005-06-16</td> <td align="center"> <a href="http://svn.apache.org/viewcvs.cgi?rev=191011&view=rev">191011</a> </td> <td align="center"> <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=34460">34460</a> </td> <td>Update to the HTML tag library docs.</td> </tr> <tr> <td align="center">2005-06-16</td> <td align="center"> <a href="http://svn.apache.org/viewcvs?rev=191001&view=rev">191001</a> (<a href="http://svn.apache.org/viewcvs.cgi?rev=191002&view=rev">191002</a>)</td> <td align="center"> <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=32313">32313</a> </td> <td>Update tag library configuration docs for Servlet 2.4.</td> </tr> <tr> <td align="center">2005-06-15</td> <td align="center"> <a href="http://svn.apache.org/viewcvs?rev=190634&view=rev">190634</a> (<a href="http://svn.apache.org/viewcvs.cgi?rev=190779&view=rev">190779</a>)</td> <td align="center"> <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=23864">23864</a> </td> <td>Filter html sensitive characters in the <html:radio> tag's value.</td> </tr> <tr> <td align="center">2005-06-15</td> <td align="center"> <a href="http://svn.apache.org/viewcvs?rev=190804&view=rev">190804</a> (<a href="http://svn.apache.org/viewcvs.cgi?rev=190807&view=rev">190807</a>)</td> <td align="center"> <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=3202">3202</a> </td> <td><html:options> tag logic updated to be more efficient with use of iterators.</td> </tr> <tr> <td align="center">2005-06-15</td> <td align="center"> <a href="http://svn.apache.org/viewcvs?rev=190631&view=rev">190631</a> (<a href="http://svn.apache.org/viewcvs.cgi?rev=190780&view=rev">190780</a>)</td> <td align="center"> <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=27861">27861</a> </td> <td>Add better error reporting to <bean:define> tag.</td> </tr> <tr> <td align="center">2005-06-04</td> <td align="center"> <a href="http://svn.apache.org/viewcvs?rev=180002&view=rev">180002</a> (<a href="http://svn.apache.org/viewcvs.cgi?rev=180001&view=rev">180001</a>)</td> <td align="center"> <i>n/a</i> </td> <td>Add warning to ActionMapping.findForward() method if not found.</td> </tr> <tr> <td align="center">2005-05-27</td> <td align="center"> <a href="http://svn.apache.org/viewcvs.cgi?rev=178799&view=rev">178799</a> </td> <td align="center"> <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=35108">35108</a> </td> <td>Add comment regarding jdbc20ext.jar and JDK to build.properties.sample.</td> </tr> <tr> <td align="center">2005-05-18</td> <td align="center"> <a href="http://svn.apache.org/viewcvs?rev=170859&view=rev">170859</a> (<a href="http://svn.apache.org/viewcvs.cgi?rev=170858&view=rev">170858</a>)</td> <td align="center"> <a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=34949">34949</a> </td> <td>Add no-arg constructor to ModuleConfigImpl.</td> </tr> </table> </div> <hr class="section" /> <div class="indent"> <p class="right">Next: <a href="installation.html">Installation</a> </p> </div> </div> <!--end main--> </div> <!--end content--> <div id="footer"> <img id="powered-logo" alt="Powered by Struts" src="../images/struts-power.gif" /> Copyright (c) 2000-2005, The Apache Software Foundation <span class="noprint">- <a href="http://wiki.apache.org/struts/StrutsDocComments">Comments?</a> </span> </div> <!--end footer--> </body> </html>