blob: f029f2fe36280680ae0185d138d4f4600100336f [file] [log] [blame]
<?xml version="1.0"?>
<document url="release-notes.html">
<properties>
<title>Struts Release Notes (since 1.2.7)</title>
</properties>
<body>
<chapter name="6.1 Release Notes - Version 1.2.8" href="release_notes">
<section name="Introduction" href="Introduction">
<p>
The main motivation for releasing Struts 1.2.8 is to fix a
<i>Cross Site Scripting</i> (XSS) vulnerability which has
been identified by Hacktics.com. More details available on the
<a href="http://wiki.apache.org/struts/StrutsXssVulnerability">Wiki</a>.
</p>
<p>
This section contains release notes for changes that have taken
place since
<a href="release-notes-1.2.7.html">Version 1.2.7</a>.
To keep up-to-date on all changes to Struts, subscribe to the
dev@ list.
</p>
<p>
<b>Notes on upgrading</b> are maintained in the
<a href="http://wiki.apache.org/struts/StrutsUpgrade">Wiki Upgrade pages</a>.
The wiki is a community maintained resource - please feel free to add your
input so that everyone can benefit from the collective experience.
</p>
<p>
For the version requirements of each library, see the
<a href="installation.html">Installation chapter</a>.
</p>
<h3 id="STRUTS_1_2_8">Version 1.2.8</h3>
<p>
After <a href="http://svn.apache.org/viewcvs.cgi/struts/core/tags/STRUTS_1_2_6/">Version 1.2.6 was tagged</a>
the <a href="http://svn.apache.org/viewcvs.cgi/struts/core/branches/STRUTS_1_2_BRANCH/">1.2 Branch</a>
was created and work started on the next version (<i>1.3.x series</i>). Work has continued on
both versions and <i>Revision</i> numbers shown in brackets are where a change has been ported
from the current development version into the <i>1.2 Branch</i>.
</p>
<table>
<thead><tr>
<th>Modification</th><th>Revision</th><th>Bugzilla</th><th>Description</th>
</tr></thead>
<tr>
<td align="center">2005-11-07</td>
<td align="center"><a href="http://svn.apache.org/viewcvs?rev=331261&amp;view=rev">331261</a>
(<a href="http://svn.apache.org/viewcvs.cgi?rev=331265&amp;view=rev">331265</a>)</td>
<td align="center"><a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=37131">37131</a></td>
<td>Escape newlines in Validator variables.</td>
</tr>
<tr>
<td align="center">2005-11-05</td>
<td align="center"><a href="http://svn.apache.org/viewcvs?rev=191272&amp;view=rev">191272</a>
and <a href="http://svn.apache.org/viewcvs?rev=192949&amp;view=rev">192949</a>
(<a href="http://svn.apache.org/viewcvs.cgi?rev=331056&amp;view=rev">331056</a>)</td>
<td align="center"><a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=35127">35127</a></td>
<td>Changing rendering of the form name to use the 'id' attribute when in XHTML strict mode.</td>
</tr>
<tr>
<td align="center">2005-11-05</td>
<td align="center"><a href="http://svn.apache.org/viewcvs?rev=331060&amp;view=rev">331060</a>
(<a href="http://svn.apache.org/viewcvs.cgi?rev=331055&amp;view=rev">331055</a>)</td>
<td align="center"><i>n/a</i></td>
<td>Fix for Struts XSS Vulnerability - remove uri from error messages.</td>
</tr>
<tr>
<td align="center">2005-08-31</td>
<td align="center"><a href="http://svn.apache.org/viewcvs?rev=265661&amp;view=rev">265661</a>
(<a href="http://svn.apache.org/viewcvs.cgi?rev=265658&amp;view=rev">265658</a>)</td>
<td align="center"><i>n/a</i></td>
<td>Remove I18nFactorySet copied code.</td>
</tr>
<tr>
<td align="center">2005-08-29</td>
<td align="center"><a href="http://svn.apache.org/viewcvs?rev=264694&amp;view=rev">264694</a>
(<a href="http://svn.apache.org/viewcvs.cgi?rev=264684&amp;view=rev">264684</a>)</td>
<td align="center"><a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=32584">32584</a></td>
<td>Provide config option to turn off MessageResources escape processing.</td>
</tr>
<tr>
<td align="center">2005-08-29</td>
<td align="center"><a href="http://svn.apache.org/viewcvs?rev=226545&amp;view=rev">226545</a>
(<a href="http://svn.apache.org/viewcvs.cgi?rev=264662&amp;view=rev">264662</a>)</td>
<td align="center"><a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=35833">35833</a></td>
<td>Fix bug where non-resource action messages only work for the first message in the messages list.</td>
</tr>
<tr>
<td align="center">2005-06-20</td>
<td align="center"><a href="http://svn.apache.org/viewcvs?rev=191474&amp;view=rev">191474</a>
(<a href="http://svn.apache.org/viewcvs.cgi?rev=191475&amp;view=rev">191475</a>)</td>
<td align="center"><a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=35421">35421</a></td>
<td>Correct link on the acquiring page to the maven generated nightly builds.</td>
</tr>
<tr>
<td align="center">2005-06-17</td>
<td align="center"><a href="http://svn.apache.org/viewcvs?rev=190794&amp;view=rev">190794</a>
(<a href="http://svn.apache.org/viewcvs.cgi?rev=191170&amp;view=rev">191170</a>)</td>
<td align="center"><i>n/a</i></td>
<td>Update TagUtils to provide a more specific error message where properties on a formbean are not found.</td>
</tr>
<tr>
<td align="center">2005-06-16</td>
<td align="center"><a href="http://svn.apache.org/viewcvs.cgi?rev=191011&amp;view=rev">191011</a></td>
<td align="center"><a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=34460">34460</a></td>
<td>Update to the HTML tag library docs.</td>
</tr>
<tr>
<td align="center">2005-06-16</td>
<td align="center"><a href="http://svn.apache.org/viewcvs?rev=191001&amp;view=rev">191001</a>
(<a href="http://svn.apache.org/viewcvs.cgi?rev=191002&amp;view=rev">191002</a>)</td>
<td align="center"><a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=32313">32313</a></td>
<td>Update tag library configuration docs for Servlet 2.4.</td>
</tr>
<tr>
<td align="center">2005-06-15</td>
<td align="center"><a href="http://svn.apache.org/viewcvs?rev=190634&amp;view=rev">190634</a>
(<a href="http://svn.apache.org/viewcvs.cgi?rev=190779&amp;view=rev">190779</a>)</td>
<td align="center"><a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=23864">23864</a></td>
<td>Filter html sensitive characters in the &lt;html:radio&gt; tag's value.</td>
</tr>
<tr>
<td align="center">2005-06-15</td>
<td align="center"><a href="http://svn.apache.org/viewcvs?rev=190804&amp;view=rev">190804</a>
(<a href="http://svn.apache.org/viewcvs.cgi?rev=190807&amp;view=rev">190807</a>)</td>
<td align="center"><a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=3202">3202</a></td>
<td>&lt;html:options&gt; tag logic updated to be more efficient with use of iterators.</td>
</tr>
<tr>
<td align="center">2005-06-15</td>
<td align="center"><a href="http://svn.apache.org/viewcvs?rev=190631&amp;view=rev">190631</a>
(<a href="http://svn.apache.org/viewcvs.cgi?rev=190780&amp;view=rev">190780</a>)</td>
<td align="center"><a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=27861">27861</a></td>
<td>Add better error reporting to &lt;bean:define&gt; tag.</td>
</tr>
<tr>
<td align="center">2005-06-04</td>
<td align="center"><a href="http://svn.apache.org/viewcvs?rev=180002&amp;view=rev">180002</a>
(<a href="http://svn.apache.org/viewcvs.cgi?rev=180001&amp;view=rev">180001</a>)</td>
<td align="center"><i>n/a</i></td>
<td>Add warning to ActionMapping.findForward() method if not found.</td>
</tr>
<tr>
<td align="center">2005-05-27</td>
<td align="center"><a href="http://svn.apache.org/viewcvs.cgi?rev=178799&amp;view=rev">178799</a></td>
<td align="center"><a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=35108">35108</a></td>
<td>Add comment regarding jdbc20ext.jar and JDK to build.properties.sample.</td>
</tr>
<tr>
<td align="center">2005-05-18</td>
<td align="center"><a href="http://svn.apache.org/viewcvs?rev=170859&amp;view=rev">170859</a>
(<a href="http://svn.apache.org/viewcvs.cgi?rev=170858&amp;view=rev">170858</a>)</td>
<td align="center"><a href="http://issues.apache.org/bugzilla/show_bug.cgi?id=34949">34949</a></td>
<td>Add no-arg constructor to ModuleConfigImpl.</td>
</tr>
</table>
</section>
<section>
<p class="right">Next:
<a href="installation.html">Installation</a></p>
</section>
</chapter>
</body>
</document>