These are the notes for the Struts 2.3.1.2 distribution.

For prior notes in this release series, see Version Notes 2.3.1.1

• If you are a Maven user, you might want to get started using the Maven Archetype.
• Another quick-start entry point is the blank application. Rename and deploy the WAR as a starting point for your own development.

You can also use Struts Archetype Catalog like below

Internal Changes

• Default acceptedParamNames were further updated to more restrictive values to solve security vulnerabilities in ParameterInterceptor.
  Also a new method was added to ValueStack called setParameter to prevent remote code execution through the evaluation of parameter names.

Issue Detail

• S2-009

Issue List

• Struts 2.3.x TODO

Other resources

• Commit Logs (Struts 1 and Struts 2)
• Source Code Repository (includes change browsing)