Struts 2.0.9 Released
July, 24, 2007
Apache foundation is pleased to announce the release of Struts 2.0.9 with many
bug fixes and enhancements. Struts 2 is one of the leading framework for
developing enterprise web application of any size.
New features in enhancements in Struts 2.0.9
- Remote code exploit bug fixed:
In the earlier versions of Struts 2 there was a bug "Remote code execution",
now this bug has been fixed. It is recommended to upgrade the struts 2.0.x
application to Struts 2.0.9.
- Serious security flaw fixed:
Now Struts 2.0.9 is much better then from previous versions. This version of
struts is released with a correction in one of dependencies to fix a serious
security flaw. It is recommend to upgrade to Struts 2.0.9.
- This release utilizes XWork 2.0.4 which prevents OGNL evaluations of user input.
- Experimental bundled with Struts 2.0.9 plugins are:
- Experimental Features in Struts 2.0.9 are:
Java 1.4 support
- Struts 2.0.9 is released with many bug fixes:
Struts 2.0 DTD missing "default-class-ref" element
HTTP Status 404 - result 'null' not found
bug in struts.xml of the portlet demo (bad result URL)
More at https://issues.apache.org/struts/secure/ReleaseNote.jspa?projectId=10030&styleName=Html&version=21832
for more information about this release.
Download Struts 2.0.9 from http://struts.apache.org/download.cgi