source/announce-2011.html - struts-site - Git at Google

 ---
 layout: default
 title: Announcements 2011
 ---

 <h1>Announcements - 2011</h1>

 <p class="pull-right">
   Skip to: <a href="announce-2010.html">Announcements - 2010</a>
 </p>

 <h4 id="a20111225">25 December 2011 - Struts 2.3.1.1 General Availability Release</h4>
 <p>
   The Apache Struts group is pleased to announce that Struts 2.3.1.1 is
   available as a "General Availability" release. The GA designation is our
   highest quality grade.
 </p>
 <p>
   Apache Struts 2 is an elegant, extensible framework for creating
   enterprise-ready Java web applications. The framework is designed to
   streamline the full development cycle, from building, to deploying, to
   maintaining applications over time.
 </p>
 <p>
   An important vulnerability were solved with this release:
 <ul>
   <li>
     Remote command execution and arbitrary file overwrite
   </li>
   <li>
     Strict DMI mode does not work correctly
   </li>
 </ul>
 </p>
 <p>
   All developers are strongly advised to update existing Struts 2 applications
   to Struts 2.3.1.1.
 </p>
 <p>
   Struts 2.3.1.1 is available in a full distribution,
   or as separate library, source, example and documentation
   distributions, from the
   <a href="http://struts.apache.org/download.cgi#struts2311">releases page</a>.
   The release is also available through the central Maven repository under Group ID
   "org.apache.struts". The
   <a href="http://struts.apache.org/docs/version-notes-2311.html">release notes</a>
   are available online.
 </p>
 <p>
   The 2.3.x series of the Apache Struts framework has a minimum
   requirement of the following specification versions: Servlet API 2.4,
   JSP API 2.0, and Java 5.
 </p>
 <p>
   Should any issues arise with your use of any version of the Struts
   framework, please post your comments to the user list, and, if
   appropriate, file a tracking ticket.
 </p>

 <h4 id="a20111218">18 December 2011 - Struts 2.0.14 End of Life Announcement</h4>
 <p>
   The Apache Struts Team likes to inform you that the Struts 2.0 branch has reached it's end of life
   and is no longer supported. All users of Struts 2.0.14 or earlier Struts 2 versions are strongly
   advised to update their existing applications to Struts 2.3.x.
 </p>
 <p>
   Struts 2.0.14 was for some time maintained in parallel to the 2.1 and 2.2 branches, since Struts 2.1
   introduced some API and plugin changes that were likely to break existing user code on top of Struts 2.
   However, the community interest in maintaining the Struts 2.0.x branch was not strong enough to
   keep it sufficiently up to date, especially in terms of security fixes. There are several serious
   security problems that, while being continuously addressed in later Struts 2 versions, did not make
   it into the 2.0.x branch. For that reason the Apache Struts PMC decided to remove 2.0.14 as a supported
   version.
 </p>
 <p>
   For more information on how to upgrade existing applications running on top of Struts 2.0.x to
   Struts 2.1 and later, please read the
   <a href="https://cwiki.apache.org/confluence/display/S2WIKI/Troubleshooting+guide+migrating+from+Struts+2.0.x+to+2.1.x">
     Guide to migrating from Struts 2.0.x to 2.1.x</a>.
 </p>


 <h4 id="a20111212">12 December 2011 - Struts 2.3.1 General Availability Release</h4>
 <p>
   The Apache Struts group is pleased to announce that Struts 2.3.1 is
   available as a "General Availability" release. The GA designation is our
   highest quality grade.
 </p>
 <p>
   Apache Struts 2 is an elegant, extensible framework for creating
   enterprise-ready Java web applications. The framework is designed to
   streamline the full development cycle, from building, to deploying, to
   maintaining applications over time.
 </p>
 <p>
   Some new futures are:
 <ul>
   <li>
     New Portlet 2.0 (JSR 286) plugin replaced the Portlet 1.0 (JSR 168) plugin
   </li>
   <li>
     New CDI plugin was added to allow use CDI (JavaEE 6) as an Object Factory in Struts 2
   </li>
   <li>
     The dependencies of the Struts2-Spring plugin were upgraded from Spring 2.5 to 3.0
   </li>
 </ul>
 Besides that, various other bug fixes, improvements and security enhancements have been incorporated.
 </p>
 <p>
   All developers are strongly advised to update existing Struts 2 applications
   to Struts 2.3.1.
 </p>
 <p>
   Struts 2.3.1 is available in a full distribution,
   or as separate library, source, example and documentation
   distributions, from the
   <a href="http://struts.apache.org/download.cgi#struts231">releases page</a>.
   The release is also available through the central Maven repository under Group ID
   "org.apache.struts". The
   <a href="http://struts.apache.org/2.3.1/docs/version-notes-231.html">release notes</a>
   are available online.
 </p>
 <p>
   The 2.3.x series of the Apache Struts framework has a minimum
   requirement of the following specification versions: Servlet API 2.4,
   JSP API 2.0, and Java 5.
 </p>
 <p>
   Should any issues arise with your use of any version of the Struts
   framework, please post your comments to the user list, and, if
   appropriate, file a tracking ticket.
 </p>

 <h4 id="a20111007">7 September 2011 - Struts 2.2.3.1 General Availability Release</h4>
 <p>
   The Apache Struts group is pleased to announce that Struts 2.2.3.1 is
   available as a "General Availability" release. The GA designation is our
   highest quality grade.
 </p>
 <p>
   Apache Struts 2 is an elegant, extensible framework for creating
   enterprise-ready Java web applications. The framework is designed to
   streamline the full development cycle, from building, to deploying, to
   maintaining applications over time.
 </p>
 <p>
   An important vulnerability were solved with this release:
 <ul>
   <li>
     User input was evaluated as an OGNL expression when there's a conversion error.
   </li>
 </ul>
 </p>
 <p>
   All developers are strongly advised to update existing Struts 2 applications
   to Struts 2.2.3.1.
 </p>
 <p>
   Struts 2.2.3.1 is available in a full distribution,
   or as separate library, source, example and documentation
   distributions, from the
   <a href="http://struts.apache.org/download.cgi#struts2231">releases page</a>.
   The release is also available through the central Maven repository under Group ID
   "org.apache.struts". The
   <a href="http://struts.apache.org/2.2.3.1/docs/version-notes-2231.html">release notes</a>
   are available online.
 </p>
 <p>
   The 2.2.x series of the Apache Struts framework has a minimum
   requirement of the following specification versions: Servlet API 2.4,
   JSP API 2.0, and Java 5.
 </p>
 <p>
   Should any issues arise with your use of any version of the Struts
   framework, please post your comments to the user list, and, if
   appropriate, file a tracking ticket.
 </p>

 <p class="pull-right">
   Skip to: <a href="announce-2010.html">Announcements - 2010</a>
 </p>

 <p class="pull-left">
   <strong>Next:</strong>
   <a href="kickstart.html">Kickstart FAQ</a>
 </p>
	---
	layout: default
	title: Announcements 2011
	---

	<h1>Announcements - 2011</h1>

	<p class="pull-right">
	Skip to: <a href="announce-2010.html">Announcements - 2010</a>
	</p>

	<h4 id="a20111225">25 December 2011 - Struts 2.3.1.1 General Availability Release</h4>
	<p>
	The Apache Struts group is pleased to announce that Struts 2.3.1.1 is
	available as a "General Availability" release. The GA designation is our
	highest quality grade.
	</p>
	<p>
	Apache Struts 2 is an elegant, extensible framework for creating
	enterprise-ready Java web applications. The framework is designed to
	streamline the full development cycle, from building, to deploying, to
	maintaining applications over time.
	</p>
	<p>
	An important vulnerability were solved with this release:
	<ul>
	<li>
	Remote command execution and arbitrary file overwrite
	</li>
	<li>
	Strict DMI mode does not work correctly
	</li>
	</ul>
	</p>
	<p>
	All developers are strongly advised to update existing Struts 2 applications
	to Struts 2.3.1.1.
	</p>
	<p>
	Struts 2.3.1.1 is available in a full distribution,
	or as separate library, source, example and documentation
	distributions, from the
	<a href="http://struts.apache.org/download.cgi#struts2311">releases page</a>.
	The release is also available through the central Maven repository under Group ID
	"org.apache.struts". The
	<a href="http://struts.apache.org/docs/version-notes-2311.html">release notes</a>
	are available online.
	</p>
	<p>
	The 2.3.x series of the Apache Struts framework has a minimum
	requirement of the following specification versions: Servlet API 2.4,
	JSP API 2.0, and Java 5.
	</p>
	<p>
	Should any issues arise with your use of any version of the Struts
	framework, please post your comments to the user list, and, if
	appropriate, file a tracking ticket.
	</p>

	<h4 id="a20111218">18 December 2011 - Struts 2.0.14 End of Life Announcement</h4>
	<p>
	The Apache Struts Team likes to inform you that the Struts 2.0 branch has reached it's end of life
	and is no longer supported. All users of Struts 2.0.14 or earlier Struts 2 versions are strongly
	advised to update their existing applications to Struts 2.3.x.
	</p>
	<p>
	Struts 2.0.14 was for some time maintained in parallel to the 2.1 and 2.2 branches, since Struts 2.1
	introduced some API and plugin changes that were likely to break existing user code on top of Struts 2.
	However, the community interest in maintaining the Struts 2.0.x branch was not strong enough to
	keep it sufficiently up to date, especially in terms of security fixes. There are several serious
	security problems that, while being continuously addressed in later Struts 2 versions, did not make
	it into the 2.0.x branch. For that reason the Apache Struts PMC decided to remove 2.0.14 as a supported
	version.
	</p>
	<p>
	For more information on how to upgrade existing applications running on top of Struts 2.0.x to
	Struts 2.1 and later, please read the
	<a href="https://cwiki.apache.org/confluence/display/S2WIKI/Troubleshooting+guide+migrating+from+Struts+2.0.x+to+2.1.x">
	Guide to migrating from Struts 2.0.x to 2.1.x</a>.
	</p>


	<h4 id="a20111212">12 December 2011 - Struts 2.3.1 General Availability Release</h4>
	<p>
	The Apache Struts group is pleased to announce that Struts 2.3.1 is
	available as a "General Availability" release. The GA designation is our
	highest quality grade.
	</p>
	<p>
	Apache Struts 2 is an elegant, extensible framework for creating
	enterprise-ready Java web applications. The framework is designed to
	streamline the full development cycle, from building, to deploying, to
	maintaining applications over time.
	</p>
	<p>
	Some new futures are:
	<ul>
	<li>
	New Portlet 2.0 (JSR 286) plugin replaced the Portlet 1.0 (JSR 168) plugin
	</li>
	<li>
	New CDI plugin was added to allow use CDI (JavaEE 6) as an Object Factory in Struts 2
	</li>
	<li>
	The dependencies of the Struts2-Spring plugin were upgraded from Spring 2.5 to 3.0
	</li>
	</ul>
	Besides that, various other bug fixes, improvements and security enhancements have been incorporated.
	</p>
	<p>
	All developers are strongly advised to update existing Struts 2 applications
	to Struts 2.3.1.
	</p>
	<p>
	Struts 2.3.1 is available in a full distribution,
	or as separate library, source, example and documentation
	distributions, from the
	<a href="http://struts.apache.org/download.cgi#struts231">releases page</a>.
	The release is also available through the central Maven repository under Group ID
	"org.apache.struts". The
	<a href="http://struts.apache.org/2.3.1/docs/version-notes-231.html">release notes</a>
	are available online.
	</p>
	<p>
	The 2.3.x series of the Apache Struts framework has a minimum
	requirement of the following specification versions: Servlet API 2.4,
	JSP API 2.0, and Java 5.
	</p>
	<p>
	Should any issues arise with your use of any version of the Struts
	framework, please post your comments to the user list, and, if
	appropriate, file a tracking ticket.
	</p>

	<h4 id="a20111007">7 September 2011 - Struts 2.2.3.1 General Availability Release</h4>
	<p>
	The Apache Struts group is pleased to announce that Struts 2.2.3.1 is
	available as a "General Availability" release. The GA designation is our
	highest quality grade.
	</p>
	<p>
	Apache Struts 2 is an elegant, extensible framework for creating
	enterprise-ready Java web applications. The framework is designed to
	streamline the full development cycle, from building, to deploying, to
	maintaining applications over time.
	</p>
	<p>
	An important vulnerability were solved with this release:
	<ul>
	<li>
	User input was evaluated as an OGNL expression when there's a conversion error.
	</li>
	</ul>
	</p>
	<p>
	All developers are strongly advised to update existing Struts 2 applications
	to Struts 2.2.3.1.
	</p>
	<p>
	Struts 2.2.3.1 is available in a full distribution,
	or as separate library, source, example and documentation
	distributions, from the
	<a href="http://struts.apache.org/download.cgi#struts2231">releases page</a>.
	The release is also available through the central Maven repository under Group ID
	"org.apache.struts". The
	<a href="http://struts.apache.org/2.2.3.1/docs/version-notes-2231.html">release notes</a>
	are available online.
	</p>
	<p>
	The 2.2.x series of the Apache Struts framework has a minimum
	requirement of the following specification versions: Servlet API 2.4,
	JSP API 2.0, and Java 5.
	</p>
	<p>
	Should any issues arise with your use of any version of the Struts
	framework, please post your comments to the user list, and, if
	appropriate, file a tracking ticket.
	</p>

	<p class="pull-right">
	Skip to: <a href="announce-2010.html">Announcements - 2010</a>
	</p>

	<p class="pull-left">
	<strong>Next:</strong>
	<a href="kickstart.html">Kickstart FAQ</a>
	</p>