You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@struts.apache.org by Rene Gielen <rg...@apache.org> on 2008/03/05 18:41:20 UTC
[ANN] Struts 2.0.11.1 General Availability Release with Important
Security Fix
Apache Struts 2.0.11.1 is now available from
<http://struts.apache.org/download.cgi#struts20111>.
This release is a fast track security fix release, including important
security fixes regarding possible cross site scripting exploits when
using the <s:url> or <s:a> Struts 2 tags. For more information about the
exploits, visit our security bulletins page at
<http://struts.apache.org/2.0.11.1/docs/s2-002.html>.
* All developers are strongly advised to update Struts 2 applications to
Struts 2.0.11.1 to prevent cross site scripting attacks through Struts 2
tags.
For the complete release notes for Struts 2.0.11.1, see
<http://struts.apache.org/2.0.11.1/docs/release-notes-20111.html>.
- The Apache Struts Team.
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org
Re: [ANN] Struts 2.0.11.1 General Availability Release with Important Security Fix
Posted by Dave Newton <ne...@yahoo.com>.
--- Othon Reyes Sanchez <ot...@gmail.com> wrote:
> Can somebody tell us what was the security problem fixed with this version?
Did you consider reading the links provided in the posting?
Dave
> On Wed, Mar 5, 2008 at 11:41 AM, Rene Gielen <rg...@apache.org> wrote:
>
> > Apache Struts 2.0.11.1 is now available from
> > <http://struts.apache.org/download.cgi#struts20111>.
> >
> > This release is a fast track security fix release, including important
> > security fixes regarding possible cross site scripting exploits when
> > using the <s:url> or <s:a> Struts 2 tags. For more information about the
> > exploits, visit our security bulletins page at
> > <http://struts.apache.org/2.0.11.1/docs/s2-002.html>.
> >
> > * All developers are strongly advised to update Struts 2 applications to
> > Struts 2.0.11.1 to prevent cross site scripting attacks through Struts 2
> > tags.
> >
> > For the complete release notes for Struts 2.0.11.1, see
> > <http://struts.apache.org/2.0.11.1/docs/release-notes-20111.html>.
> >
> >
> > - The Apache Struts Team.
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> > For additional commands, e-mail: user-help@struts.apache.org
> >
> >
>
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org
Re: [ANN] Struts 2.0.11.1 General Availability Release with Important Security Fix
Posted by Othon Reyes Sanchez <ot...@gmail.com>.
Can somebody tell us what was the security problem fixed with this version?
On Wed, Mar 5, 2008 at 11:41 AM, Rene Gielen <rg...@apache.org> wrote:
> Apache Struts 2.0.11.1 is now available from
> <http://struts.apache.org/download.cgi#struts20111>.
>
> This release is a fast track security fix release, including important
> security fixes regarding possible cross site scripting exploits when
> using the <s:url> or <s:a> Struts 2 tags. For more information about the
> exploits, visit our security bulletins page at
> <http://struts.apache.org/2.0.11.1/docs/s2-002.html>.
>
> * All developers are strongly advised to update Struts 2 applications to
> Struts 2.0.11.1 to prevent cross site scripting attacks through Struts 2
> tags.
>
> For the complete release notes for Struts 2.0.11.1, see
> <http://struts.apache.org/2.0.11.1/docs/release-notes-20111.html>.
>
>
> - The Apache Struts Team.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> For additional commands, e-mail: user-help@struts.apache.org
>
>