struts-1.2.9-4jpp.8.AXS3

Welcome to the Struts Framework! The goal of this project is to provide an open source framework useful in building web applications with Java Servlet and JavaServer Pages (JSP) technology. Struts encourages application architectures based on the Model-View-Controller (MVC) design paradigm, colloquially known as Model 2 in discussions on various servlet and JSP related mailing lists.

Struts includes the following primary areas of functionality: A controller servlet that dispatches requests to appropriate Action classes provided by the application developer. JSP custom tag libraries, and associated support in the controller servlet, that assists developers in creating interactive form-based applications.

Utility classes to support XML parsing, automatic population of JavaBeans properties based on the Java reflection APIs, and internationalization of prompts and messages. Struts is part of the Jakarta Project, sponsored by the Apache Software Foundation. The official Struts home page is at http://jakarta.apache.org/struts.

Security issues fixed with this release:

• CVE-2014-0114
The ActionForm object in Apache Struts 1.x through 1.3.10 allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via the class parameter, which is passed to the getClass method.