Struts 2.0.9 Released

July, 24, 2007
Apache foundation is pleased to announce the release of Struts 2.0.9 with many bug fixes and enhancements. Struts 2 is one of the leading framework for developing enterprise web application of any size.

New features in enhancements in Struts 2.0.9

• Remote code exploit bug fixed:
  In the earlier versions of Struts 2 there was a bug "Remote code execution", now this bug has been fixed. It is recommended to upgrade the struts 2.0.x application to Struts 2.0.9.
    
• Serious security flaw fixed:
  Now Struts 2.0.9 is much better then from previous versions. This version of struts is released with a correction in one of dependencies to fix a serious security flaw. It is recommend to upgrade to Struts 2.0.9.
     
• This release utilizes XWork 2.0.4 which prevents OGNL evaluations of user input.
    
• Experimental bundled with Struts 2.0.9 plugins are:
  Codebehind Plugin
  Plexus Plugin
  Scope Plugin
  Struts1 Plugin
  Tiles Plugin
    
• Experimental Features in Struts 2.0.9 are:
  Java 1.4 support
  Cookie Interceptor
  Portlets
  AJAX Theme
  Zero Configuration
  REST-ful URLs
    
• Struts 2.0.9 is released with many bug fixes:
  Struts 2.0 DTD missing "default-class-ref" element
  HTTP Status 404 - result 'null' not found
  bug in struts.xml of the portlet demo (bad result URL)
  More at https://issues.apache.org/struts/secure/ReleaseNote.jspa?projectId=10030&styleName=Html&version=21832

Visit http://struts.apache.org/2.0.9/docs/release-notes-209.html for more information about this release.

Download Struts 2.0.9 from http://struts.apache.org/download.cgi