<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Struts Release Notes (since 1.2.7)</title>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type" />
<link href="../struts.css" type="text/css" rel="stylesheet" />
</head>
<body>
<div id="heading">
<a href="http://apache.org/">
<img id="asf_logo_wide" alt="The Apache Project" src="../images/asf_logo_wide.gif" />
</a>
<a href="http://struts.apache.org/">
<img id="struts-logo" alt="Struts Framework" src="../images/struts.gif" />
</a>
</div>
<!--end heading-->
<div id="content">
<div id="menu">
<p>User Guide</p>
<ul>
<li>
<a href="index.html">Table of Contents</a>
</li>
<li>
<a href="preface.html">Preface</a>
</li>
<li>
<a href="introduction.html">Introduction</a>
</li>
<li>
<a href="building_model.html">Model Components</a>
</li>
<li>
<a href="building_view.html">View Components</a>
</li>
<li>
<a href="building_controller.html">Controller Components</a>
</li>
<li>
<a href="configuration.html">Configuration</a>
</li>
<li>
<a href="release-notes.html">Release Notes</a>
</li>
<li>
<a href="installation.html">Installation</a>
</li>
</ul>
<p>Developer Guides</p>
<ul>
<li>
<a href="dev_bean.html">Bean Tags</a>
</li>
<li>
<a href="dev_html.html">HTML Tags</a>
</li>
<li>
<a href="dev_logic.html">Logic Tags</a>
</li>
<li>
<a href="dev_nested.html">Nested Tags</a>
</li>
<li>
<a href="dev_tiles.html">Tiles Tags</a>
</li>
<li>
<a href="dev_util.html">Utilities</a>
</li>
<li>
<a href="dev_validator.html">Validator</a>
</li>
</ul>
<p>Quick Links</p>
<ul>
<li>
<a href="../index.html">Welcome</a>
</li>
<li>
<a href="index.html">User and Developer Guides *</a>
</li>
<li>
<a href="../faqs/index.html">FAQs and HowTos</a>
</li>
</ul>
</div>
<!--end menu-->
<div id="main">
<h1 id="release_notes">6.1 Release Notes - Version 1.2.8</h1>
<h2 id="Introduction">Introduction</h2>
<div class="indent">
<p>
The main motivation for releasing Struts 1.2.8 is to fix a
<i>Cross Site Scripting</i> (XSS) vulnerability which has
been identified by Hacktics.com. More details available on the
<a href="http://wiki.apache.org/struts/StrutsXssVulnerability">Wiki</a>.
</p>
<p>
This section contains release notes for changes that have taken
place since
<a href="release-notes-1.2.7.html">Version 1.2.7</a>.
To keep up-to-date on all changes to Struts, subscribe to the
dev@ list.
</p>
<p>
<b>Notes on upgrading</b> are maintained in the
<a href="http://wiki.apache.org/struts/StrutsUpgrade">Wiki Upgrade pages</a>.
The wiki is a community maintained resource - please feel free to add your
input so that everyone can benefit from the collective experience.
</p>
<p>
For the version requirements of each library, see the
<a href="installation.html">Installation chapter</a>.
</p>
<h3 id="STRUTS_1_2_8">Version 1.2.8</h3>
<p>
After <a href="http://svn.apache.org/viewcvs.cgi/struts/core/tags/STRUTS_1_2_6/">Version 1.2.6 was tagged</a>
the <a href="http://svn.apache.org/viewcvs.cgi/struts/core/branches/STRUTS_1_2_BRANCH/">1.2 Branch</a>
was created and work started on the next version (<i>1.3.x series</i>). Work has continued on
both versions and <i>Revision</i> numbers shown in brackets are where a change has been ported
from the current development version into the <i>1.2 Branch</i>.
</p>
<table>
<thead>
<tr>
<th>Modification</th>
<th>Revision</th>
<th>Bugzilla</th>
<th>Description</th>
</tr>
</thead>
<tr>
<td align="center">2005-11-07</td>
<td align="center">
<a href="http://svn.apache.org/viewcvs?rev=331261&view=rev">331261</a>
(<a href="http://svn.apache.org/viewcvs.cgi?rev=331265&view=rev">331265</a>)</td>
<td align="center">
<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=37131">37131</a>
</td>
<td>Escape newlines in Validator variables.</td>
</tr>
<tr>
<td align="center">2005-11-05</td>
<td align="center">
<a href="http://svn.apache.org/viewcvs?rev=191272&view=rev">191272</a>
and <a href="http://svn.apache.org/viewcvs?rev=192949&view=rev">192949</a>
(<a href="http://svn.apache.org/viewcvs.cgi?rev=331056&view=rev">331056</a>)</td>
<td align="center">
<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=35127">35127</a>
</td>
<td>Changing rendering of the form name to use the 'id' attribute when in XHTML strict mode.</td>
</tr>
<tr>
<td align="center">2005-11-05</td>
<td align="center">
<a href="http://svn.apache.org/viewcvs?rev=331060&view=rev">331060</a>
(<a href="http://svn.apache.org/viewcvs.cgi?rev=331055&view=rev">331055</a>)</td>
<td align="center">
<i>n/a</i>
</td>
<td>Fix for Struts XSS Vulnerability - remove uri from error messages.</td>
</tr>
<tr>
<td align="center">2005-08-31</td>
<td align="center">
<a href="http://svn.apache.org/viewcvs?rev=265661&view=rev">265661</a>
(<a href="http://svn.apache.org/viewcvs.cgi?rev=265658&view=rev">265658</a>)</td>
<td align="center">
<i>n/a</i>
</td>
<td>Remove I18nFactorySet copied code.</td>
</tr>
<tr>
<td align="center">2005-08-29</td>
<td align="center">
<a href="http://svn.apache.org/viewcvs?rev=264694&view=rev">264694</a>
(<a href="http://svn.apache.org/viewcvs.cgi?rev=264684&view=rev">264684</a>)</td>
<td align="center">
<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=32584">32584</a>
</td>
<td>Provide config option to turn off MessageResources escape processing.</td>
</tr>
<tr>
<td align="center">2005-08-29</td>
<td align="center">
<a href="http://svn.apache.org/viewcvs?rev=226545&view=rev">226545</a>
(<a href="http://svn.apache.org/viewcvs.cgi?rev=264662&view=rev">264662</a>)</td>
<td align="center">
<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=35833">35833</a>
</td>
<td>Fix bug where non-resource action messages only work for the first message in the messages list.</td>
</tr>
<tr>
<td align="center">2005-06-20</td>
<td align="center">
<a href="http://svn.apache.org/viewcvs?rev=191474&view=rev">191474</a>
(<a href="http://svn.apache.org/viewcvs.cgi?rev=191475&view=rev">191475</a>)</td>
<td align="center">
<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=35421">35421</a>
</td>
<td>Correct link on the acquiring page to the maven generated nightly builds.</td>
</tr>
<tr>
<td align="center">2005-06-17</td>
<td align="center">
<a href="http://svn.apache.org/viewcvs?rev=190794&view=rev">190794</a>
(<a href="http://svn.apache.org/viewcvs.cgi?rev=191170&view=rev">191170</a>)</td>
<td align="center">
<i>n/a</i>
</td>
<td>Update TagUtils to provide a more specific error message where properties on a formbean are not found.</td>
</tr>
<tr>
<td align="center">2005-06-16</td>
<td align="center">
<a href="http://svn.apache.org/viewcvs.cgi?rev=191011&view=rev">191011</a>
</td>
<td align="center">
<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=34460">34460</a>
</td>
<td>Update to the HTML tag library docs.</td>
</tr>
<tr>
<td align="center">2005-06-16</td>
<td align="center">
<a href="http://svn.apache.org/viewcvs?rev=191001&view=rev">191001</a>
(<a href="http://svn.apache.org/viewcvs.cgi?rev=191002&view=rev">191002</a>)</td>
<td align="center">
<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=32313">32313</a>
</td>
<td>Update tag library configuration docs for Servlet 2.4.</td>
</tr>
<tr>
<td align="center">2005-06-15</td>
<td align="center">
<a href="http://svn.apache.org/viewcvs?rev=190634&view=rev">190634</a>
(<a href="http://svn.apache.org/viewcvs.cgi?rev=190779&view=rev">190779</a>)</td>
<td align="center">
<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=23864">23864</a>
</td>
<td>Filter html sensitive characters in the <html:radio> tag's value.</td>
</tr>
<tr>
<td align="center">2005-06-15</td>
<td align="center">
<a href="http://svn.apache.org/viewcvs?rev=190804&view=rev">190804</a>
(<a href="http://svn.apache.org/viewcvs.cgi?rev=190807&view=rev">190807</a>)</td>
<td align="center">
<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=3202">3202</a>
</td>
<td><html:options> tag logic updated to be more efficient with use of iterators.</td>
</tr>
<tr>
<td align="center">2005-06-15</td>
<td align="center">
<a href="http://svn.apache.org/viewcvs?rev=190631&view=rev">190631</a>
(<a href="http://svn.apache.org/viewcvs.cgi?rev=190780&view=rev">190780</a>)</td>
<td align="center">
<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=27861">27861</a>
</td>
<td>Add better error reporting to <bean:define> tag.</td>
</tr>
<tr>
<td align="center">2005-06-04</td>
<td align="center">
<a href="http://svn.apache.org/viewcvs?rev=180002&view=rev">180002</a>
(<a href="http://svn.apache.org/viewcvs.cgi?rev=180001&view=rev">180001</a>)</td>
<td align="center">
<i>n/a</i>
</td>
<td>Add warning to ActionMapping.findForward() method if not found.</td>
</tr>
<tr>
<td align="center">2005-05-27</td>
<td align="center">
<a href="http://svn.apache.org/viewcvs.cgi?rev=178799&view=rev">178799</a>
</td>
<td align="center">
<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=35108">35108</a>
</td>
<td>Add comment regarding jdbc20ext.jar and JDK to build.properties.sample.</td>
</tr>
<tr>
<td align="center">2005-05-18</td>
<td align="center">
<a href="http://svn.apache.org/viewcvs?rev=170859&view=rev">170859</a>
(<a href="http://svn.apache.org/viewcvs.cgi?rev=170858&view=rev">170858</a>)</td>
<td align="center">
<a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=34949">34949</a>
</td>
<td>Add no-arg constructor to ModuleConfigImpl.</td>
</tr>
</table>
</div>
<hr class="section" />
<div class="indent">
<p class="right">Next:
<a href="installation.html">Installation</a>
</p>
</div>
</div>
<!--end main-->
</div>
<!--end content-->
<div id="footer">
<img id="powered-logo" alt="Powered by Struts" src="../images/struts-power.gif" />
Copyright (c) 2000-2005, The Apache Software Foundation <span class="noprint">-
<a href="http://wiki.apache.org/struts/StrutsDocComments">Comments?</a>
</span>
</div>
<!--end footer-->
</body>
</html>
