You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@struts.apache.org by Niall Pemberton <ni...@blueyonder.co.uk> on 2005/11/26 04:57:11 UTC

[ANNOUNCE] Struts 1.2.8 (General Availability)

The Struts team is pleased to announce the release of Struts 1.2.8 for
General Availability. This release is primarily to fix a Cross Site
Scripting (XSS) vulnerability identified in Struts by www.hacktics.com and
supersedes the earlier 1.2.7 version as the latest official release of
Struts from The Apache Software Foundation.

For more information on the XSS Vulnerability and solutions please see the
following pages:
http://wiki.apache.org/struts/StrutsXssVulnerability
http://www.hacktics.com/AdvStrutsNov05.html

The binary, source and library distributions are available from the Struts
download page:
http://struts.apache.org/download.cgi

The Release Notes are available on the Struts web site at:
http://struts.apache.org/struts-doc-1.2.8/userGuide/release-notes.html

Please check the wiki for the latest information on upgrading:
http://wiki.apache.org/struts/StrutsUpgrade

--
Niall Pemberton



---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org