Return-Path: 
 <user-return-212220-apmail-struts-user-archive=struts.apache.org@struts.apache.org>
X-Original-To: apmail-struts-user-archive@www.apache.org
Delivered-To: apmail-struts-user-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id E45F19B7F
	for <apmail-struts-user-archive@www.apache.org>;
 Tue,  3 Jan 2012 19:57:46 +0000 (UTC)
Received: (qmail 71214 invoked by uid 500); 3 Jan 2012 19:57:44 -0000
Delivered-To: apmail-struts-user-archive@struts.apache.org
Received: (qmail 71192 invoked by uid 500); 3 Jan 2012 19:57:44 -0000
Mailing-List: contact user-help@struts.apache.org; run by ezmlm
Precedence: bulk
List-Unsubscribe: <mailto:user-unsubscribe@struts.apache.org>
List-Help: <mailto:user-help@struts.apache.org>
List-Post: <mailto:user@struts.apache.org>
List-Id: "Struts Users Mailing List" <user.struts.apache.org>
Reply-To: "Struts Users Mailing List" <user@struts.apache.org>
Delivered-To: mailing list user@struts.apache.org
Received: (qmail 71180 invoked by uid 99); 3 Jan 2012 19:57:44 -0000
Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 03 Jan 2012 19:57:44 +0000
X-ASF-Spam-Status: No, hits=-0.7 required=5.0
	tests=RCVD_IN_DNSWL_LOW,SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (nike.apache.org: domain of lukasz.lenart@googlemail.com
 designates 209.85.210.176 as permitted sender)
Received: from [209.85.210.176] (HELO mail-iy0-f176.google.com)
 (209.85.210.176)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 03 Jan 2012 19:57:38 +0000
Received: by iapp10 with SMTP id p10so41996099iap.35
        for <multiple recipients>; Tue, 03 Jan 2012 11:57:17 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=googlemail.com; s=gamma;
        h=mime-version:reply-to:date:message-id:subject:from:to:content-type;
        bh=Vgx4IvQW1nNroVxKtkK/doPAQebuzfGOpha8Cymgl8Y=;
        b=NjiObLeYl50BVsPLLRkwjSqSftIojLcoq2G62t0gpyIM1sXAK/8jn9zoF8F6b5+THa
         SXVZRajQS3oUHxyF21eSXPlcLFTJ9ytwC1VpPQ3YFlClnffEmcj4aRgk9Dqn/w/ZmlLJ
         R1AYeogKJRQYVNX2mrfXBSE5a/Nd2A6W9ZUtg=
MIME-Version: 1.0
Received: by 10.50.184.166 with SMTP id ev6mr63622056igc.2.1325620636996; Tue,
 03 Jan 2012 11:57:16 -0800 (PST)
Received: by 10.42.3.1 with HTTP; Tue, 3 Jan 2012 11:57:16 -0800 (PST)
Reply-To: lukasz.lenart@gmail.com
Date: Tue, 3 Jan 2012 20:57:16 +0100
Message-ID: 
 <CAMopvkNhmiimBVx6Mx0CDhmvxe4SdiJ6W1Y+FoMTtz4aSBAmWg@mail.gmail.com>
Subject: [ANN] Struts 2.3.1.1 GA release available
From: =?UTF-8?Q?=C5=81ukasz_Lenart?= <lukasz.lenart@googlemail.com>
To: Struts Users Mailing List <user@struts.apache.org>,
 announcements@struts.apache.org
Content-Type: text/plain; charset=UTF-8
X-Virus-Checked: Checked by ClamAV on apache.org

The Apache Struts group is pleased to announce that Struts 2.3.1.1 is
available as a "General Availability" release. The GA designation is
our highest quality grade.

Apache Struts 2 is an elegant, extensible framework for creating
enterprise-ready Java web applications. The framework is designed to
streamline the full development cycle, from building, to deploying, to
maintaining applications over time.

This release includes one important security fix:
* Strict DMI mode was improved and now it should work correctly
* Default acceptedParamNames were updated to more restrictive values
to solve security vulnerabilities in ParameterInterceptor - support
for param names with withe spaces was dropped! Also a new
configuration was added to CookieInterceptor call acceptCookieNames to
prevent remote code execution with cookies. There is a security
weaknesses in DebuggingInterceptor as a wanted feature in Development
Mode, which anyway should not be used it in a production environment!

All developers are strongly advised to update existing Struts 2
applications to Struts 2.3.1.1.

Struts 2.3.1.1 is available in a full distribution, or as separate
library, source, example and documentation distributions, from the
releases page.
* http://struts.apache.org/download.cgi#struts2311

The release is also available from the central Maven repository under
Group ID "org.apache.struts".

The #.#.x series of the Apache Struts framework has a minimum
requirement of the following specification versions:
* Java Servlet 2.4 and JavaServer Pages (JSP) 2.0
* Java 2 Standard Platform Edition (J2SE) 5

The release notes are available online at:
* http://struts.apache.org/2.x/docs/version-notes-2311.html

Should any issues arise with your use of any version of the Struts
framework, please post your comments to the user list, and, if
appropriate, file a tracking ticket.appropriate, file a tracking
ticket:
* https://issues.apache.org/jira/browse/WW


- The Apache Struts group.

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org