Hello,
Due to the recent security vulnerability identified in Struts, we are upgrading 
application from struts version 2.3.16 to 2.3.31.One of the major issues being 
the naming convention of getter and setter in Action classes.Example: For 
instance variable of String aType, given below are the setters and getters used 
earlier which had no issues with Struts 2.3.16.public class ErrorMessageAction 
extends ActionSupport{

    private String aType;

    public String getAType() {
        return aType;
    }

    public void setAType(String type) {
        this.aType = type;
    }
}But with Struts 2.3.31, expectation of setter and getter for same instance 
should be in below format.public class ErrorMessageAction extends ActionSupport{

    private String aType;

    public String getaType() {
        return aType;
    }

    public void setaType(String aType) {
        this.aType = aType;
    }
}I have many number of such action classes where these kind of issues 
(setter/getter naming convention) are found after applying 2.3.31 jars listed 
below.commons-lang3-3.2.jar, commons-fileupload-1.3.2.jar,commons-io-2.2.jar
freemarker-2.3.22.jar, ognl-3.0.19.jar, struts2-core-2.3.31.jar
exwork-core-2.3.31.jar, commons-logging-1.1.3.jar, javassist-3.11.0.GA.jarCan 
someone please suggest a solution at configuration level that does not require 
setter/getter changes in each and every Action classes ?

ThanksAbhishek

Reply via email to