Struts2 compatibility issues - EL expressions disabled in 2.0.11
Saturday, February 9th, 2008If you have been developing Struts2 applications in version <= 2.0.9, there are two important compatibility issues that you must address before you can upgrade to 2.0.11 or 2.1. These are the portlet compatibility issues and EL expression issue in Struts2 tags.
1. Struts 2.0.9 contained a major security issue as detailed here. The problem was that using EL expressions and OGNL tags at the same time in Struts2 tags, malicious code could be executed. The fix in 2.0.11 was to disable EL expressions completely(!). This means that code written in 2.0.9 will break in 2.0.11 if you have used EL expressions in JSP. If you have a well tested production system, this means total nightmare. Well, now you are between devil and the sea! 
2. Portlet support is undergoing drastic changes. If you have already developed your portlet application in 2.0.9, you will have to do a couple of changes before you can move to 2.0.11 or 2.1. This includes changes in web.xml.