source/announce-2012.html - struts-site - Git at Google

 ---
 layout: default
 title: Announcements 2012
 ---

 <h1>Announcements - 2012</h1>

 <p class="pull-right">
   Skip to:
   <a href="announce-2011.html">Announcements - 2011</a>
 </p>

 <h4 id="a20121222">22 December 2012 - Struts 2.3.8 General Availability Release</h4>
 <p>
   The Apache Struts group is pleased to announce that Struts 2.3.8 is
   available as a "General Availability" release. The GA designation is our
   highest quality grade.
 </p>
 <p>
   Apache Struts 2 is an elegant, extensible framework for creating
   enterprise-ready Java web applications. The framework is designed to
   streamline the full development cycle, from building, to deploying, to
   maintaining applications over time.
 </p>
 <p>
   It's a mostly maintenance release which improves overall performance which should be significant
   better than in version 2.3.7 and slightly better than in version 2.3.4.1. This version depends on new OGNL
   version 3.0.6 - thanks to Pelladi Gabor and Johno Crawford for their contribution!
   Please check the Version Notes to see more details.
 </p>
 <p>
   All developers are strongly advised to update existing Struts 2 applications
   to Struts 2.3.8.
 </p>
 <p>
   Struts 2.3.8 is available in a full distribution or as separate library, source, example and documentation
   distributions, from the
   <a href="http://struts.apache.org/download.cgi#struts238">releases page</a>.
   The release is also available through the central Maven repository under Group ID "org.apache.struts". The
   <a href="http://struts.apache.org/docs/version-notes-238.html">release notes</a>
   are available online.
 </p>
 <p>
   The 2.3.x series of the Apache Struts framework has a minimum
   requirement of the following specification versions: Servlet API 2.4,
   JSP API 2.0, and Java 5.
 </p>
 <p>
   Should any issues arise with your use of any version of the Struts
   framework, please post your comments to the user list, and, if
   appropriate, file a tracking ticket.
 </p>

 <h4 id="a20121119">19 November 2012 - Struts 2.3.7 General Availability Release</h4>
 <p>
   The Apache Struts group is pleased to announce that Struts 2.3.7 is
   available as a "General Availability" release. The GA designation is our
   highest quality grade.
 </p>
 <p>
   Apache Struts 2 is an elegant, extensible framework for creating
   enterprise-ready Java web applications. The framework is designed to
   streamline the full development cycle, from building, to deploying, to
   maintaining applications over time.
 </p>
 <p>
   It's a mostly maintenance release where many bugs were solved and many improvements were added.
   Please check the Version Notes to see more details, also performance was improved.
 </p>
 <p>
   All developers are strongly advised to update existing Struts 2 applications
   to Struts 2.3.7.
 </p>
 <p>
   Struts 2.3.7 is available in a full distribution,
   or as separate library, source, example and documentation
   distributions, from the
   <a href="http://struts.apache.org/download.cgi#struts237">releases page</a>.
   The release is also available through the central Maven repository under Group ID
   "org.apache.struts". The
   <a href="http://struts.apache.org/docs/version-notes-237.html">release notes</a>
   are available online.
 </p>
 <p>
   The 2.3.x series of the Apache Struts framework has a minimum
   requirement of the following specification versions: Servlet API 2.4,
   JSP API 2.0, and Java 5.
 </p>
 <p>
   Should any issues arise with your use of any version of the Struts
   framework, please post your comments to the user list, and, if
   appropriate, file a tracking ticket.
 </p>

 <h4 id="a20120813">13 August 2012 - Struts 2.3.4.1 General Availability Release</h4>
 <p>
   The Apache Struts group is pleased to announce that Struts 2.3.4.1 is
   available as a "General Availability" release. The GA designation is our
   highest quality grade.
 </p>
 <p>
   Apache Struts 2 is an elegant, extensible framework for creating
   enterprise-ready Java web applications. The framework is designed to
   streamline the full development cycle, from building, to deploying, to
   maintaining applications over time.
 </p>
 <p>
   Two security issues were solved with this release:
 <ul>
   <li>
     Decoupling of session attribute and parameter naming for Struts 2 token mechanism,
     to improve security when used for CSRF-attack protection
   </li>
   <li>
     Parameter name length is now by default restricted to 100 characters to diminish possible DOS
     attack effectiveness
   </li>
 </ul>
 </p>
 <p>
   All developers are strongly advised to update existing Struts 2 applications
   to Struts 2.3.4.1.
 </p>
 <p>
   Struts 2.3.4.1 is available in a full distribution,
   or as separate library, source, example and documentation
   distributions, from the
   <a href="http://struts.apache.org/download.cgi#struts2341">releases page</a>.
   The release is also available through the central Maven repository under Group ID
   "org.apache.struts". The
   <a href="http://struts.apache.org/docs/version-notes-2341.html">release notes</a>
   and the
   <a href="https://cwiki.apache.org/confluence/display/WW/S2-010">token mechanism security bulletin</a>
   as well as the
   <a href="https://cwiki.apache.org/confluence/display/WW/S2-011">parameter name length security bulletin</a>
   are available online.
 </p>
 <p>
   The 2.3.x series of the Apache Struts framework has a minimum
   requirement of the following specification versions: Servlet API 2.4,
   JSP API 2.0, and Java 5.
 </p>
 <p>
   Should any issues arise with your use of any version of the Struts
   framework, please post your comments to the user list, and, if
   appropriate, file a tracking ticket.
 </p>

 <h4 id="a20120511">12 May 2012 - Struts 2.3.4 General Availability Release</h4>
 <p>
   The Apache Struts group is pleased to announce that Struts 2.3.4 is
   available as a "General Availability" release. The GA designation is our
   highest quality grade.
 </p>
 <p>
   Apache Struts 2 is an elegant, extensible framework for creating
   enterprise-ready Java web applications. The framework is designed to
   streamline the full development cycle, from building, to deploying, to
   maintaining applications over time.
 </p>
 <p>
   It's a mostly maintenance release where many bugs were solved and many improvements were added.
   Please check the Version Notes to see more details.
 </p>
 <p>
   All developers are strongly advised to update existing Struts 2 applications
   to Struts 2.3.4.
 </p>
 <p>
   Struts 2.3.4 is available in a full distribution, or as separate library, source,
   example and documentation distributions, from the
   <a href="http://struts.apache.org/download.cgi#struts234">releases page</a>.
   The release is also available through the central Maven repository under Group ID
   "org.apache.struts". The
   <a href="http://struts.apache.org/docs/version-notes-234.html">version notes</a>
   are available online.
 </p>
 <p>
   The 2.3.x series of the Apache Struts framework has a minimum
   requirement of the following specification versions: Servlet API 2.4,
   JSP API 2.0, and Java 5.
 </p>
 <p>
   Should any issues arise with your use of any version of the Struts
   framework, please post your comments to the user list, and, if
   appropriate, file a tracking ticket.
 </p>

 <h4 id="a20120416">16 April 2012 - Struts 2.3.3 General Availability Release</h4>
 <p>
   The Apache Struts group is pleased to announce that Struts 2.3.3 is
   available as a "General Availability" release. The GA designation is our
   highest quality grade.
 </p>
 <p>
   Apache Struts 2 is an elegant, extensible framework for creating
   enterprise-ready Java web applications. The framework is designed to
   streamline the full development cycle, from building, to deploying, to
   maintaining applications over time.
 </p>
 <p>
   It's a mostly maintenance release where many bugs were solved and many improvements were added.
   Please check the Version Notes to see more details.
 </p>
 <p>
   All developers are strongly advised to update existing Struts 2 applications
   to Struts 2.3.3.
 </p>
 <p>
   Struts 2.3.3 is available in a full distribution, or as separate library, source,
   example and documentation distributions, from the
   <a href="http://struts.apache.org/download.cgi#struts233">releases page</a>.
   The release is also available through the central Maven repository under Group ID
   "org.apache.struts". The
   <a href="http://struts.apache.org/docs/version-notes-233.html">version notes</a>
   are available online.
 </p>
 <p>
   The 2.3.x series of the Apache Struts framework has a minimum
   requirement of the following specification versions: Servlet API 2.4,
   JSP API 2.0, and Java 5.
 </p>
 <p>
   Should any issues arise with your use of any version of the Struts
   framework, please post your comments to the user list, and, if
   appropriate, file a tracking ticket.
 </p>

 <h4 id="a20120122">22 January 2012 - Struts 2.3.1.2 General Availability Release</h4>
 <p>
   The Apache Struts group is pleased to announce that Struts 2.3.1.2 is
   available as a "General Availability" release. The GA designation is our
   highest quality grade.
 </p>
 <p>
   Apache Struts 2 is an elegant, extensible framework for creating
   enterprise-ready Java web applications. The framework is designed to
   streamline the full development cycle, from building, to deploying, to
   maintaining applications over time.
 </p>
 <p>
   An important vulnerability were solved with this release:
 <ul>
   <li>
     ParameterInterceptor vulnerability allowed remote command execution
   </li>
   <li>
     Default acceptedParamNames has been updated to more restrictive values
   </li>
 </ul>
 </p>
 <p>
   All developers are strongly advised to update existing Struts 2 applications
   to Struts 2.3.1.2.
 </p>
 <p>
   Struts 2.3.1.2 is available in a full distribution,
   or as separate library, source, example and documentation
   distributions, from the
   <a href="http://struts.apache.org/download.cgi#struts2312">releases page</a>.
   The release is also available through the central Maven repository under Group ID
   "org.apache.struts". The
   <a href="http://struts.apache.org/docs/version-notes-2312.html">release notes</a>
   and the
   <a href="https://cwiki.apache.org/confluence/display/WW/S2-009">security bulletin</a>
   are available online.
 </p>
 <p>
   The 2.3.x series of the Apache Struts framework has a minimum
   requirement of the following specification versions: Servlet API 2.4,
   JSP API 2.0, and Java 5.
 </p>
 <p>
   Should any issues arise with your use of any version of the Struts
   framework, please post your comments to the user list, and, if
   appropriate, file a tracking ticket.
 </p>

 <p class="pull-right">
   Skip to: <a href="announce-2011.html">Announcements - 2011</a>
 </p>

 <p class="pull-left">
   <strong>Next:</strong>
   <a href="kickstart.html">Kickstart FAQ</a>
 </p>
	---
	layout: default
	title: Announcements 2012
	---

	<h1>Announcements - 2012</h1>

	<p class="pull-right">
	Skip to:
	<a href="announce-2011.html">Announcements - 2011</a>
	</p>

	<h4 id="a20121222">22 December 2012 - Struts 2.3.8 General Availability Release</h4>
	<p>
	The Apache Struts group is pleased to announce that Struts 2.3.8 is
	available as a "General Availability" release. The GA designation is our
	highest quality grade.
	</p>
	<p>
	Apache Struts 2 is an elegant, extensible framework for creating
	enterprise-ready Java web applications. The framework is designed to
	streamline the full development cycle, from building, to deploying, to
	maintaining applications over time.
	</p>
	<p>
	It's a mostly maintenance release which improves overall performance which should be significant
	better than in version 2.3.7 and slightly better than in version 2.3.4.1. This version depends on new OGNL
	version 3.0.6 - thanks to Pelladi Gabor and Johno Crawford for their contribution!
	Please check the Version Notes to see more details.
	</p>
	<p>
	All developers are strongly advised to update existing Struts 2 applications
	to Struts 2.3.8.
	</p>
	<p>
	Struts 2.3.8 is available in a full distribution or as separate library, source, example and documentation
	distributions, from the
	<a href="http://struts.apache.org/download.cgi#struts238">releases page</a>.
	The release is also available through the central Maven repository under Group ID "org.apache.struts". The
	<a href="http://struts.apache.org/docs/version-notes-238.html">release notes</a>
	are available online.
	</p>
	<p>
	The 2.3.x series of the Apache Struts framework has a minimum
	requirement of the following specification versions: Servlet API 2.4,
	JSP API 2.0, and Java 5.
	</p>
	<p>
	Should any issues arise with your use of any version of the Struts
	framework, please post your comments to the user list, and, if
	appropriate, file a tracking ticket.
	</p>

	<h4 id="a20121119">19 November 2012 - Struts 2.3.7 General Availability Release</h4>
	<p>
	The Apache Struts group is pleased to announce that Struts 2.3.7 is
	available as a "General Availability" release. The GA designation is our
	highest quality grade.
	</p>
	<p>
	Apache Struts 2 is an elegant, extensible framework for creating
	enterprise-ready Java web applications. The framework is designed to
	streamline the full development cycle, from building, to deploying, to
	maintaining applications over time.
	</p>
	<p>
	It's a mostly maintenance release where many bugs were solved and many improvements were added.
	Please check the Version Notes to see more details, also performance was improved.
	</p>
	<p>
	All developers are strongly advised to update existing Struts 2 applications
	to Struts 2.3.7.
	</p>
	<p>
	Struts 2.3.7 is available in a full distribution,
	or as separate library, source, example and documentation
	distributions, from the
	<a href="http://struts.apache.org/download.cgi#struts237">releases page</a>.
	The release is also available through the central Maven repository under Group ID
	"org.apache.struts". The
	<a href="http://struts.apache.org/docs/version-notes-237.html">release notes</a>
	are available online.
	</p>
	<p>
	The 2.3.x series of the Apache Struts framework has a minimum
	requirement of the following specification versions: Servlet API 2.4,
	JSP API 2.0, and Java 5.
	</p>
	<p>
	Should any issues arise with your use of any version of the Struts
	framework, please post your comments to the user list, and, if
	appropriate, file a tracking ticket.
	</p>

	<h4 id="a20120813">13 August 2012 - Struts 2.3.4.1 General Availability Release</h4>
	<p>
	The Apache Struts group is pleased to announce that Struts 2.3.4.1 is
	available as a "General Availability" release. The GA designation is our
	highest quality grade.
	</p>
	<p>
	Apache Struts 2 is an elegant, extensible framework for creating
	enterprise-ready Java web applications. The framework is designed to
	streamline the full development cycle, from building, to deploying, to
	maintaining applications over time.
	</p>
	<p>
	Two security issues were solved with this release:
	<ul>
	<li>
	Decoupling of session attribute and parameter naming for Struts 2 token mechanism,
	to improve security when used for CSRF-attack protection
	</li>
	<li>
	Parameter name length is now by default restricted to 100 characters to diminish possible DOS
	attack effectiveness
	</li>
	</ul>
	</p>
	<p>
	All developers are strongly advised to update existing Struts 2 applications
	to Struts 2.3.4.1.
	</p>
	<p>
	Struts 2.3.4.1 is available in a full distribution,
	or as separate library, source, example and documentation
	distributions, from the
	<a href="http://struts.apache.org/download.cgi#struts2341">releases page</a>.
	The release is also available through the central Maven repository under Group ID
	"org.apache.struts". The
	<a href="http://struts.apache.org/docs/version-notes-2341.html">release notes</a>
	and the
	<a href="https://cwiki.apache.org/confluence/display/WW/S2-010">token mechanism security bulletin</a>
	as well as the
	<a href="https://cwiki.apache.org/confluence/display/WW/S2-011">parameter name length security bulletin</a>
	are available online.
	</p>
	<p>
	The 2.3.x series of the Apache Struts framework has a minimum
	requirement of the following specification versions: Servlet API 2.4,
	JSP API 2.0, and Java 5.
	</p>
	<p>
	Should any issues arise with your use of any version of the Struts
	framework, please post your comments to the user list, and, if
	appropriate, file a tracking ticket.
	</p>

	<h4 id="a20120511">12 May 2012 - Struts 2.3.4 General Availability Release</h4>
	<p>
	The Apache Struts group is pleased to announce that Struts 2.3.4 is
	available as a "General Availability" release. The GA designation is our
	highest quality grade.
	</p>
	<p>
	Apache Struts 2 is an elegant, extensible framework for creating
	enterprise-ready Java web applications. The framework is designed to
	streamline the full development cycle, from building, to deploying, to
	maintaining applications over time.
	</p>
	<p>
	It's a mostly maintenance release where many bugs were solved and many improvements were added.
	Please check the Version Notes to see more details.
	</p>
	<p>
	All developers are strongly advised to update existing Struts 2 applications
	to Struts 2.3.4.
	</p>
	<p>
	Struts 2.3.4 is available in a full distribution, or as separate library, source,
	example and documentation distributions, from the
	<a href="http://struts.apache.org/download.cgi#struts234">releases page</a>.
	The release is also available through the central Maven repository under Group ID
	"org.apache.struts". The
	<a href="http://struts.apache.org/docs/version-notes-234.html">version notes</a>
	are available online.
	</p>
	<p>
	The 2.3.x series of the Apache Struts framework has a minimum
	requirement of the following specification versions: Servlet API 2.4,
	JSP API 2.0, and Java 5.
	</p>
	<p>
	Should any issues arise with your use of any version of the Struts
	framework, please post your comments to the user list, and, if
	appropriate, file a tracking ticket.
	</p>

	<h4 id="a20120416">16 April 2012 - Struts 2.3.3 General Availability Release</h4>
	<p>
	The Apache Struts group is pleased to announce that Struts 2.3.3 is
	available as a "General Availability" release. The GA designation is our
	highest quality grade.
	</p>
	<p>
	Apache Struts 2 is an elegant, extensible framework for creating
	enterprise-ready Java web applications. The framework is designed to
	streamline the full development cycle, from building, to deploying, to
	maintaining applications over time.
	</p>
	<p>
	It's a mostly maintenance release where many bugs were solved and many improvements were added.
	Please check the Version Notes to see more details.
	</p>
	<p>
	All developers are strongly advised to update existing Struts 2 applications
	to Struts 2.3.3.
	</p>
	<p>
	Struts 2.3.3 is available in a full distribution, or as separate library, source,
	example and documentation distributions, from the
	<a href="http://struts.apache.org/download.cgi#struts233">releases page</a>.
	The release is also available through the central Maven repository under Group ID
	"org.apache.struts". The
	<a href="http://struts.apache.org/docs/version-notes-233.html">version notes</a>
	are available online.
	</p>
	<p>
	The 2.3.x series of the Apache Struts framework has a minimum
	requirement of the following specification versions: Servlet API 2.4,
	JSP API 2.0, and Java 5.
	</p>
	<p>
	Should any issues arise with your use of any version of the Struts
	framework, please post your comments to the user list, and, if
	appropriate, file a tracking ticket.
	</p>

	<h4 id="a20120122">22 January 2012 - Struts 2.3.1.2 General Availability Release</h4>
	<p>
	The Apache Struts group is pleased to announce that Struts 2.3.1.2 is
	available as a "General Availability" release. The GA designation is our
	highest quality grade.
	</p>
	<p>
	Apache Struts 2 is an elegant, extensible framework for creating
	enterprise-ready Java web applications. The framework is designed to
	streamline the full development cycle, from building, to deploying, to
	maintaining applications over time.
	</p>
	<p>
	An important vulnerability were solved with this release:
	<ul>
	<li>
	ParameterInterceptor vulnerability allowed remote command execution
	</li>
	<li>
	Default acceptedParamNames has been updated to more restrictive values
	</li>
	</ul>
	</p>
	<p>
	All developers are strongly advised to update existing Struts 2 applications
	to Struts 2.3.1.2.
	</p>
	<p>
	Struts 2.3.1.2 is available in a full distribution,
	or as separate library, source, example and documentation
	distributions, from the
	<a href="http://struts.apache.org/download.cgi#struts2312">releases page</a>.
	The release is also available through the central Maven repository under Group ID
	"org.apache.struts". The
	<a href="http://struts.apache.org/docs/version-notes-2312.html">release notes</a>
	and the
	<a href="https://cwiki.apache.org/confluence/display/WW/S2-009">security bulletin</a>
	are available online.
	</p>
	<p>
	The 2.3.x series of the Apache Struts framework has a minimum
	requirement of the following specification versions: Servlet API 2.4,
	JSP API 2.0, and Java 5.
	</p>
	<p>
	Should any issues arise with your use of any version of the Struts
	framework, please post your comments to the user list, and, if
	appropriate, file a tracking ticket.
	</p>

	<p class="pull-right">
	Skip to: <a href="announce-2011.html">Announcements - 2011</a>
	</p>

	<p class="pull-left">
	<strong>Next:</strong>
	<a href="kickstart.html">Kickstart FAQ</a>
	</p>