Dear all, Tiles 2.1.0 and 2.1.1 have a security bug that can lead to remote server status exposure. If you have enabled EL support, EL expressions in JSP using some Tiles JSP tags are evaluated twice. This problem can lead to XSS and remote server exposure attacks. Tiles 2.1.0 and 2.1.1 users are strongly encouraged *not* to deploy these versions in a production environment and wait until Tiles 2.1.2 is released. More info about the bug are here: http://tiles.apache.org/framework/security/security-bulletin-1.html
Best regards Antonio
