DUE TO SPAM, SIGN-UP IS DISABLED. Goto Selfserve wiki signup and request an account.
Upgrading Struts 1.2.7 to Struts 1.2.8
N.B. The primary motivation for Struts 1.2.8 was to fix a Cross Site Scripting (XSS) vulnerability. See StrutsXssVulnerability for more details.
1. jars
Only the struts.jar needs to be upgraded - all Struts dependencies remain the same as Struts 1.2.7.
2. Commons Validator 1.2.0
Struts 1.2.8 is distributed with Commons Validator 1.1.4. However you may wish to upgrade to Commons Validator 1.2.0 which was recently released either because of the XHTML & JavaScript Validation Issue or because of the Validator 1.2.0 Features...
2.1 XHTML & JavaScript Validation Issue
The problem of JavaScript Validation not working in XHTML mode (see