blob: 25ec94b2c2ba7c296169bfd7fd40a91708acdb4f [file] [log] [blame]
<?xml version="1.0"?>
<document url="release-notes.html">
<title>Struts Release Notes (since 1.2.8)</title>
<chapter name="6.1 Release Notes - Version 1.2.9" href="release_notes">
<section name="Introduction" href="Introduction">
The main motivation for releasing Struts 1.2.9 is to fix three
security issues which have been identified:
<li><a href="">Bug 38374</a> -
Validation always skipped with Globals.CANCEL_KEY.</li>
<li><a href="">Bug 38534</a> -
DOS attack, application hack.</li>
<li><a href="">Bug 38749</a> -
XSS vulnerability in LookupDispatchAction.</li>
This section contains release notes for changes that have taken
place since
<a href="release-notes-1.2.8.html">Version 1.2.8</a>.
To keep up-to-date on all changes to Struts, subscribe to the
dev@ list.
<b>Notes on upgrading</b> are maintained in the
<a href="">Wiki Upgrade pages</a>.
The wiki is a community maintained resource - please feel free to add your
input so that everyone can benefit from the collective experience.
For the version requirements of each library, see the
<a href="installation.html">Installation chapter</a>.
<h3 id="STRUTS_1_2_9">Version 1.2.9</h3>
After <a href="">Version 1.2.6 was tagged</a>
the <a href="">1.2 Branch</a>
was created and work started on the next version (<i>1.3.x series</i>). Work has continued on
both versions and <i>Revision</i> numbers shown in brackets are where a change has been ported
from the current development version into the <i>1.2 Branch</i>.
<td align="center">2006-03-08</td>
<td align="center"><a href=";view=rev">384234</a>
(<a href=";view=rev">384235</a>)</td>
<td align="center"><a href="">37817</a></td>
<td>TagUtils doesn't create XHTML compliant URLs using forwards defined with redirect="true".</td>
<td align="center">2006-03-08</td>
<td align="center"><a href=";view=rev">384090</a>
(<a href=";view=rev">384092</a>)</td>
<td align="center"><a href="">38343</a></td>
<td>Add EventDispatchAction and EventActionDispatcher.</td>
<td align="center">2006-03-07</td>
<td align="center"><a href=";view=rev">383907</a>
(<a href=";view=rev">383908</a>)</td>
<td align="center"><a href="">37685</a></td>
<td>Javascript tag does not work on Mozilla.</td>
<td align="center">2006-03-07</td>
<td align="center"><a href=";view=rev">383718</a>
(<a href=";view=rev">383720</a>)</td>
<td align="center"><a href="">38749</a></td>
<td>XSS vulnerability in LookupDispatchAction.</td>
<td align="center">2006-02-15</td>
<td align="center"><a href=";view=rev">379661</a>
(<a href=";view=rev">377929</a>)</td>
<td align="center"><a href="">38534</a></td>
<td>DOS attack, application hack.</td>
<td align="center">2006-02-14</td>
<td align="center"><a href=";view=rev">377562</a>
(<a href=";view=rev">377805</a>)</td>
<td align="center"><a href="">38374</a></td>
<td>Validation always skipped with Globals.CANCEL_KEY.</td>
<td align="center">2006-01-31</td>
<td align="center"><a href=";view=rev">373798</a>
(<a href=";view=rev">373801</a>)</td>
<td align="center"><a href="">38461</a></td>
<td>struts-el html tag library errorKey not using documented default value.</td>
<p class="right">Next:
<a href="installation.html">Installation</a></p>