These are the notes for the Struts 2.0.12 distribution.
Struts 2.0.12 provides important security and bug fixes. Among others, it corrects two serious vulnerabilities:
- in ParametersInterceptor allowing malicious users to remotely change server side context objects - S2-003
- in FilterDispatcher allowing read access to server filesystem resources in certain application server environments - S2-004
All users are strongly encouraged to upgrade to Struts 2.0.12.
For prior notes in this release series, see Release Notes 2.0.11.2
Changelog
Issue Detail
Issue List
Other resources
Release Plan
- Struts 2.0.12 is a security and bug fix release for the prior Struts 2.0.11.2 GA release.
- The Release Manager is Rene Gielen.
- The tag date for the release is 16 Oct 2008.