You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@struts.apache.org by lu...@apache.org on 2011/05/06 18:49:01 UTC
svn commit: r1100280 - /struts/site/src/site/xdoc/announce.xml
Author: lukaszlenart
Date: Fri May 6 16:49:01 2011
New Revision: 1100280
URL: http://svn.apache.org/viewvc?rev=1100280&view=rev
Log:
Adds new announcement page for 2011
Modified:
struts/site/src/site/xdoc/announce.xml
Modified: struts/site/src/site/xdoc/announce.xml
URL: http://svn.apache.org/viewvc/struts/site/src/site/xdoc/announce.xml?rev=1100280&r1=1100279&r2=1100280&view=diff
==============================================================================
--- struts/site/src/site/xdoc/announce.xml (original)
+++ struts/site/src/site/xdoc/announce.xml Fri May 6 16:49:01 2011
@@ -26,12 +26,12 @@ limitations under the License.
<section name="Announcements">
<p class="right">
- Skip to: <a href="announce-2009.html">Announcements - 2009</a>
+ Skip to: <a href="announce-2010.html">Announcements - 2010</a>
</p>
- <h4 id="a20101220">20 December 2010 - Struts 2.2.1.1 General Availability Release</h4>
+ <h4 id="a20100505">5 May 2011 - Struts 2.2.3 General Availability Release</h4>
<p>
- The Apache Struts group is pleased to announce that Struts 2.2.1.1 is
+ The Apache Struts group is pleased to announce that Struts 2.2.3 is
available as a "General Availability" release. The GA designation is our
highest quality grade.
</p>
@@ -42,23 +42,36 @@ limitations under the License.
maintaining applications over time.
</p>
<p>
- This release includes one important security fix regarding Dynamic Method
- Invocation in the REST Plugin. In the previous versions DMI wasn't under control
- in the REST Plugin and even setting struts.enable.DynamicMethodInvocation to false
- didn't block DMI in the REST Plugin.
+ Two important vulnerability were solved with this release:
+ <ul>
+ <li>Two important vulnerability were solved with this release:
+ <ul>
+ <li>XSS vulnerability in javatemplates plugin</li>
+ <li>XSS vulnerability regarding DMI and dynamic action names</li>
+ </ul>
+ </li>
+ <li>
+ OGNL was upgraded to version 3.0.1 which includes Javassist library,
+ so you don't have to specify it as a separated dependency in your project
+ </li>
+ <li>Shade of Commons library using maven-shade-plugin was removed from Struts 2 Core and other modules</li>
+ <li>The whole project was adjusted to Maven 3 requirements</li>
+ <li>Add ability to control devMode per request</li>
+ <li>Many fixes and extensions to JSON plugin and REST plugin</li>
+ </ul>
</p>
<p>
All developers are strongly advised to update existing Struts 2 applications
- to Struts 2.2.1.1.
+ to Struts 2.2.3.
</p>
<p>
- Struts 2.2.1.1 is available in a full distribution,
+ Struts 2.2.3 is available in a full distribution,
or as separate library, source, example and documentation
distributions, from the
- <a href="http://struts.apache.org/download.cgi#struts2211">releases page</a>.
+ <a href="http://struts.apache.org/download.cgi#struts223">releases page</a>.
The release is also available through the central Maven repository under Group ID
"org.apache.struts". The
- <a href="http://struts.apache.org/2.2.1.1/docs/version-notes-2211.html">release notes</a>
+ <a href="http://struts.apache.org/2.2.3/docs/version-notes-223.html">release notes</a>
are available online.
</p>
<p>
@@ -71,54 +84,10 @@ limitations under the License.
framework, please post your comments to the user list, and, if
appropriate, file a tracking ticket.
</p>
-
- <h4 id="a20100816">16 August 2010 - Struts 2.2.1 General Availability Release</h4>
- <p>
- The Apache Struts group is pleased to announce that Struts 2.2.1 is
- available as a "General Availability" release. The GA designation is our
- highest quality grade.
- </p>
- <p>
- Apache Struts 2 is an elegant, extensible framework for creating
- enterprise-ready Java web applications. The framework is designed to
- streamline the full development cycle, from building, to deploying, to
- maintaining applications over time.
- </p>
- <p>
- This release includes a number of new features and bug fixes since the
- 2.1.8.1 GA release, including important security fixes regarding remote
- server context manipulation by injecting OGNL expressions in request parameters.
- For more information about the exploits, see the corresponding
- security bulletins <a href="http://struts.apache.org/2.2.1/docs/s2-005.html">S2-005</a>.
- </p>
- <p>
- All developers are strongly advised to update existing Struts 2 applications
- to Struts 2.2.1.
- </p>
- <p>
- Struts 2.2.1 is available in a full distribution,
- or as separate library, source, example and documentation
- distributions, from the
- <a href="http://struts.apache.org/download.cgi#struts221">releases page</a>.
- The release is also available through the central Maven repository under Group ID
- "org.apache.struts". The
- <a href="http://struts.apache.org/2.2.1/docs/version-notes-221.html">release notes</a>
- are available online.
- </p>
- <p>
- The 2.2.x series of the Apache Struts framework has a minimum
- requirement of the following specification versions: Servlet API 2.4,
- JSP API 2.0, and Java 5.
- </p>
- <p>
- Should any issues arise with your use of any version of the Struts
- framework, please post your comments to the user list, and, if
- appropriate, file a tracking ticket.
- </p>
</section>
<section>
<p class="right">
- Skip to: <a href="announce-2009.html">Announcements - 2009</a>
+ Skip to: <a href="announce-2010.html">Announcements - 2010</a>
</p>
<p class="right">