I haven't seen anything go into 1.1 or 1.2 for a pretty long time. Upgrading from 1.1 to 1.2 was usually a pretty good idea, and usually easy.
I'm not sure how much effort we'd put into fixing something in 1.1. I'm a little skeptical we'd put a lot of effort into 1.2, either, but it'd depend on the nature of the issue. Dave On Dec 23, 2010 3:33 AM, "chris snow" <chsnow...@gmail.com> wrote: > > I am working on various legacy software projects that have various versions > of struts 1.x. (mostly 1.1.x and 1.2.x) > > I need to ensure I am only using versions that are still maintained for > security fixes. Which 1.x versions are still being maintained for security > fixes? > > It's not possible to move to struts 2.x at this stage. > > How are struts security advisories and fixes announced? > > Many thanks in advance, > > Chris
