Apache Struts 2.0.11.1 is now available from <http://struts.apache.org/download.cgi#struts20111>.
This release is a fast track security fix release, including important security fixes regarding possible cross site scripting exploits when using the <s:url> or <s:a> Struts 2 tags. For more information about the exploits, visit our security bulletins page at <http://struts.apache.org/2.0.11.1/docs/s2-002.html>. * All developers are strongly advised to update Struts 2 applications to Struts 2.0.11.1 to prevent cross site scripting attacks through Struts 2 tags. For the complete release notes for Struts 2.0.11.1, see <http://struts.apache.org/2.0.11.1/docs/release-notes-20111.html>. - The Apache Struts Team. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]