I just wanted to clarify that security alerts raised as to Struts 2.x MAY NOT apply to Struts 1.x.
The versions use entirely different codebases. When we say to immediately upgrade to Struts 2.0.9, we don't mean people should upgrade from Struts 1.3.8 just to address the security alert. If there were a serious problem with Struts 1.x, we would issue a new release of Struts 1.x. The Struts 1.x codebase is very much alive, and a Struts 1.4 series is expected. Of course, sometimes, there are security issues that affect any web applications, that might affect both Struts 1 and Struts 2, as well as other frameworks. In the case of the recent alert posted on the web site, the issue is Struts 2 specific. I'll update the project home page to clarify -Ted. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
