These are the notes for the Struts 2.0.11.1 distribution.

Struts 2.0.11.1 corrected two serious security flaws in the Struts 2 <s:url> and <s:a> tags where a missing URL encoding handling for <script> HTML tag can lead to a reflected XSS (cross site scripting) exploit. All users are strongly encouraged to upgrade to Struts 2.0.11.1.

For prior notes in this release series, see Release Notes 2.0.11

Changelog

Issue Detail

• JIRA Release Notes 2.0.11.1
• JIRA Release Notes 2.0.11
• JIRA Release Notes 2.0.10
• JIRA Release Notes 2.0.9
• JIRA Release Notes 2.0.8
• JIRA Release Notes 2.0.7
• JIRA Release Notes 2.0.6
• JIRA Release Notes 2.0.5
• JIRA Release Notes 2.0.4
• JIRA Release Notes 2.0.3
• JIRA Release Notes 2.0.2
• JIRA Release Notes 2.0.1
• JIRA Release Notes 2.0.0

Issue List

• Struts 2.0.11.1 DONE

Other resources

• Commit Logs (Struts 1 and Struts 2)
• Source Code Repository (includes change browsing)

Release Plan

• Struts 2.0.11.1 is a security fix for the prior Struts 2.0.11 GA release.
• The Release Manager is Rene Gielen.
• The tag date for the release is 02 Mar 2008.