Yesterday I had a heck of a time trying to figure out my my JSPs weren’t passing validation since I upgraded Ganymede from 3.4.0 to 3.4.1. There was a consistent issue where the JSP Validation did not like my scriptlet code, even when I dumbed it down to try even the simplest scriptlet. The validation errors looked like:

Syntax error on token "}", delete this token
Syntax error on token "catch", Identifier expected
Syntax error, insert "Finally" to complete TryStatement

I actually found out what my problem was through the Eclipse Web Tools usergroup. The issue for me was the use of the Spring form custom tag library. If you self-close the tag…

<form:errors path="*" />

…then you get the goofy JSP validation error. If you close the tag as if there was body content…

<form:errors path="*"></form:errors>

Then the error goes away. I need to follow-up with a bug for the Ganymede team.

The Server Side reports that Ounce Labs discovered two vulnerabilities in the Spring Framework’s MVC component.

SpringSource, the company behind Spring, issued a security advisory as a result. The two issues are entitled Data Submission to Non-Editable Fields and ModelView Injection.

Pass along the word to your friends and co-workers.