--- | |
layout: default | |
title: Announcements 2012 | |
--- | |
<h1>Announcements - 2012</h1> | |
<p class="pull-right"> | |
Skip to: | |
<a href="announce-2011.html">Announcements - 2011</a> | |
</p> | |
<h4 id="a20121222">22 December 2012 - Struts 2.3.8 General Availability Release</h4> | |
<p> | |
The Apache Struts group is pleased to announce that Struts 2.3.8 is | |
available as a "General Availability" release. The GA designation is our | |
highest quality grade. | |
</p> | |
<p> | |
Apache Struts 2 is an elegant, extensible framework for creating | |
enterprise-ready Java web applications. The framework is designed to | |
streamline the full development cycle, from building, to deploying, to | |
maintaining applications over time. | |
</p> | |
<p> | |
It's a mostly maintenance release which improves overall performance which should be significant | |
better than in version 2.3.7 and slightly better than in version 2.3.4.1. This version depends on new OGNL | |
version 3.0.6 - thanks to Pelladi Gabor and Johno Crawford for their contribution! | |
Please check the Version Notes to see more details. | |
</p> | |
<p> | |
All developers are strongly advised to update existing Struts 2 applications | |
to Struts 2.3.8. | |
</p> | |
<p> | |
Struts 2.3.8 is available in a full distribution or as separate library, source, example and documentation | |
distributions, from the | |
<a href="http://struts.apache.org/download.cgi#struts238">releases page</a>. | |
The release is also available through the central Maven repository under Group ID "org.apache.struts". The | |
<a href="http://struts.apache.org/docs/version-notes-238.html">release notes</a> | |
are available online. | |
</p> | |
<p> | |
The 2.3.x series of the Apache Struts framework has a minimum | |
requirement of the following specification versions: Servlet API 2.4, | |
JSP API 2.0, and Java 5. | |
</p> | |
<p> | |
Should any issues arise with your use of any version of the Struts | |
framework, please post your comments to the user list, and, if | |
appropriate, file a tracking ticket. | |
</p> | |
<h4 id="a20121119">19 November 2012 - Struts 2.3.7 General Availability Release</h4> | |
<p> | |
The Apache Struts group is pleased to announce that Struts 2.3.7 is | |
available as a "General Availability" release. The GA designation is our | |
highest quality grade. | |
</p> | |
<p> | |
Apache Struts 2 is an elegant, extensible framework for creating | |
enterprise-ready Java web applications. The framework is designed to | |
streamline the full development cycle, from building, to deploying, to | |
maintaining applications over time. | |
</p> | |
<p> | |
It's a mostly maintenance release where many bugs were solved and many improvements were added. | |
Please check the Version Notes to see more details, also performance was improved. | |
</p> | |
<p> | |
All developers are strongly advised to update existing Struts 2 applications | |
to Struts 2.3.7. | |
</p> | |
<p> | |
Struts 2.3.7 is available in a full distribution, | |
or as separate library, source, example and documentation | |
distributions, from the | |
<a href="http://struts.apache.org/download.cgi#struts237">releases page</a>. | |
The release is also available through the central Maven repository under Group ID | |
"org.apache.struts". The | |
<a href="http://struts.apache.org/docs/version-notes-237.html">release notes</a> | |
are available online. | |
</p> | |
<p> | |
The 2.3.x series of the Apache Struts framework has a minimum | |
requirement of the following specification versions: Servlet API 2.4, | |
JSP API 2.0, and Java 5. | |
</p> | |
<p> | |
Should any issues arise with your use of any version of the Struts | |
framework, please post your comments to the user list, and, if | |
appropriate, file a tracking ticket. | |
</p> | |
<h4 id="a20120813">13 August 2012 - Struts 2.3.4.1 General Availability Release</h4> | |
<p> | |
The Apache Struts group is pleased to announce that Struts 2.3.4.1 is | |
available as a "General Availability" release. The GA designation is our | |
highest quality grade. | |
</p> | |
<p> | |
Apache Struts 2 is an elegant, extensible framework for creating | |
enterprise-ready Java web applications. The framework is designed to | |
streamline the full development cycle, from building, to deploying, to | |
maintaining applications over time. | |
</p> | |
<p> | |
Two security issues were solved with this release: | |
<ul> | |
<li> | |
Decoupling of session attribute and parameter naming for Struts 2 token mechanism, | |
to improve security when used for CSRF-attack protection | |
</li> | |
<li> | |
Parameter name length is now by default restricted to 100 characters to diminish possible DOS | |
attack effectiveness | |
</li> | |
</ul> | |
</p> | |
<p> | |
All developers are strongly advised to update existing Struts 2 applications | |
to Struts 2.3.4.1. | |
</p> | |
<p> | |
Struts 2.3.4.1 is available in a full distribution, | |
or as separate library, source, example and documentation | |
distributions, from the | |
<a href="http://struts.apache.org/download.cgi#struts2341">releases page</a>. | |
The release is also available through the central Maven repository under Group ID | |
"org.apache.struts". The | |
<a href="http://struts.apache.org/docs/version-notes-2341.html">release notes</a> | |
and the | |
<a href="https://cwiki.apache.org/confluence/display/WW/S2-010">token mechanism security bulletin</a> | |
as well as the | |
<a href="https://cwiki.apache.org/confluence/display/WW/S2-011">parameter name length security bulletin</a> | |
are available online. | |
</p> | |
<p> | |
The 2.3.x series of the Apache Struts framework has a minimum | |
requirement of the following specification versions: Servlet API 2.4, | |
JSP API 2.0, and Java 5. | |
</p> | |
<p> | |
Should any issues arise with your use of any version of the Struts | |
framework, please post your comments to the user list, and, if | |
appropriate, file a tracking ticket. | |
</p> | |
<h4 id="a20120511">12 May 2012 - Struts 2.3.4 General Availability Release</h4> | |
<p> | |
The Apache Struts group is pleased to announce that Struts 2.3.4 is | |
available as a "General Availability" release. The GA designation is our | |
highest quality grade. | |
</p> | |
<p> | |
Apache Struts 2 is an elegant, extensible framework for creating | |
enterprise-ready Java web applications. The framework is designed to | |
streamline the full development cycle, from building, to deploying, to | |
maintaining applications over time. | |
</p> | |
<p> | |
It's a mostly maintenance release where many bugs were solved and many improvements were added. | |
Please check the Version Notes to see more details. | |
</p> | |
<p> | |
All developers are strongly advised to update existing Struts 2 applications | |
to Struts 2.3.4. | |
</p> | |
<p> | |
Struts 2.3.4 is available in a full distribution, or as separate library, source, | |
example and documentation distributions, from the | |
<a href="http://struts.apache.org/download.cgi#struts234">releases page</a>. | |
The release is also available through the central Maven repository under Group ID | |
"org.apache.struts". The | |
<a href="http://struts.apache.org/docs/version-notes-234.html">version notes</a> | |
are available online. | |
</p> | |
<p> | |
The 2.3.x series of the Apache Struts framework has a minimum | |
requirement of the following specification versions: Servlet API 2.4, | |
JSP API 2.0, and Java 5. | |
</p> | |
<p> | |
Should any issues arise with your use of any version of the Struts | |
framework, please post your comments to the user list, and, if | |
appropriate, file a tracking ticket. | |
</p> | |
<h4 id="a20120416">16 April 2012 - Struts 2.3.3 General Availability Release</h4> | |
<p> | |
The Apache Struts group is pleased to announce that Struts 2.3.3 is | |
available as a "General Availability" release. The GA designation is our | |
highest quality grade. | |
</p> | |
<p> | |
Apache Struts 2 is an elegant, extensible framework for creating | |
enterprise-ready Java web applications. The framework is designed to | |
streamline the full development cycle, from building, to deploying, to | |
maintaining applications over time. | |
</p> | |
<p> | |
It's a mostly maintenance release where many bugs were solved and many improvements were added. | |
Please check the Version Notes to see more details. | |
</p> | |
<p> | |
All developers are strongly advised to update existing Struts 2 applications | |
to Struts 2.3.3. | |
</p> | |
<p> | |
Struts 2.3.3 is available in a full distribution, or as separate library, source, | |
example and documentation distributions, from the | |
<a href="http://struts.apache.org/download.cgi#struts233">releases page</a>. | |
The release is also available through the central Maven repository under Group ID | |
"org.apache.struts". The | |
<a href="http://struts.apache.org/docs/version-notes-233.html">version notes</a> | |
are available online. | |
</p> | |
<p> | |
The 2.3.x series of the Apache Struts framework has a minimum | |
requirement of the following specification versions: Servlet API 2.4, | |
JSP API 2.0, and Java 5. | |
</p> | |
<p> | |
Should any issues arise with your use of any version of the Struts | |
framework, please post your comments to the user list, and, if | |
appropriate, file a tracking ticket. | |
</p> | |
<h4 id="a20120122">22 January 2012 - Struts 2.3.1.2 General Availability Release</h4> | |
<p> | |
The Apache Struts group is pleased to announce that Struts 2.3.1.2 is | |
available as a "General Availability" release. The GA designation is our | |
highest quality grade. | |
</p> | |
<p> | |
Apache Struts 2 is an elegant, extensible framework for creating | |
enterprise-ready Java web applications. The framework is designed to | |
streamline the full development cycle, from building, to deploying, to | |
maintaining applications over time. | |
</p> | |
<p> | |
An important vulnerability were solved with this release: | |
<ul> | |
<li> | |
ParameterInterceptor vulnerability allowed remote command execution | |
</li> | |
<li> | |
Default acceptedParamNames has been updated to more restrictive values | |
</li> | |
</ul> | |
</p> | |
<p> | |
All developers are strongly advised to update existing Struts 2 applications | |
to Struts 2.3.1.2. | |
</p> | |
<p> | |
Struts 2.3.1.2 is available in a full distribution, | |
or as separate library, source, example and documentation | |
distributions, from the | |
<a href="http://struts.apache.org/download.cgi#struts2312">releases page</a>. | |
The release is also available through the central Maven repository under Group ID | |
"org.apache.struts". The | |
<a href="http://struts.apache.org/docs/version-notes-2312.html">release notes</a> | |
and the | |
<a href="https://cwiki.apache.org/confluence/display/WW/S2-009">security bulletin</a> | |
are available online. | |
</p> | |
<p> | |
The 2.3.x series of the Apache Struts framework has a minimum | |
requirement of the following specification versions: Servlet API 2.4, | |
JSP API 2.0, and Java 5. | |
</p> | |
<p> | |
Should any issues arise with your use of any version of the Struts | |
framework, please post your comments to the user list, and, if | |
appropriate, file a tracking ticket. | |
</p> | |
<p class="pull-right"> | |
Skip to: <a href="announce-2011.html">Announcements - 2011</a> | |
</p> | |
<p class="pull-left"> | |
<strong>Next:</strong> | |
<a href="kickstart.html">Kickstart FAQ</a> | |
</p> |