Author: lukaszlenart
Date: Tue Oct 18 06:08:01 2016
New Revision: 999592

Log:
Updates production

Added:
    websites/production/struts/content/docs/s2-042.html
    websites/production/struts/content/docs/s2-043.html
    websites/production/struts/content/docs/version-notes-2331.html
    websites/production/struts/content/docs/version-notes-255.html
Modified:
    websites/production/struts/content/announce.html
    websites/production/struts/content/docs/constant-configuration.html
    websites/production/struts/content/docs/json-plugin.html
    websites/production/struts/content/docs/migration-guide.html
    websites/production/struts/content/docs/security-bulletins.html
    websites/production/struts/content/docs/tiles-plugin.html
    websites/production/struts/content/docs/version-notes-251.html
    websites/production/struts/content/docs/version-notes-252.html
    websites/production/struts/content/index.html

Modified: websites/production/struts/content/announce.html
==============================================================================
--- websites/production/struts/content/announce.html (original)
+++ websites/production/struts/content/announce.html Tue Oct 18 06:08:01 2016
@@ -124,6 +124,43 @@
   Skip to: <a href="announce-2015.html">Announcements - 2015</a>
 </p>
 
+<h4 id="a20161018">18 October 2016 - Struts 2.3.31 General Availability</h4>
+
+<p>The Apache Struts group is pleased to announce that Struts 2.3.31 is 
available as a “General Availability”
+release. The GA designation is our highest quality grade.</p>
+
+<p>Apache Struts 2 is an elegant, extensible framework for creating 
enterprise-ready Java web applications.
+The framework is designed to streamline the full development cycle, from 
building, to deploying,
+to maintaining applications over time.</p>
+
+<p>This release addresses two potential security vulnerabilities:</p>
+
+<ul>
+  <li>Possible path traversal in the Convention plugin <a 
href="/docs/s2-042.html">S2-042</a></li>
+  <li>Using the Config Browser plugin in production <a 
href="/docs/s2-043.html">S2-043</a></li>
+</ul>
+
+<p>Also this release contains several breaking changes and improvements just 
to mention few of them:</p>
+
+<ul>
+  <li>webconsole can always be accessed, see WW-4601</li>
+  <li>Space character and includeParams,see WW-4628</li>
+  <li>ParametersInterceptor excludeParams only applies to first instance of 
params interceptor in paramsPrepareParamsStack,see WW-4667</li>
+  <li>Select box does not pre-select chosen values,see WW-4675</li>
+  <li>StrutsPrepareAndExecuteFilter should check for response committed 
status,see WW-4674</li>
+  <li>Allow directly accessing I18N keys from Tiles definitions,see 
WW-4685</li>
+</ul>
+
+<p><strong>All developers are strongly advised to perform this 
action.</strong></p>
+
+<p>The 2.3.x series of the Apache Struts framework has a minimum requirement 
of the following specification versions:
+Servlet API 2.4, JSP API 2.0, and Java 6.</p>
+
+<p>Should any issues arise with your use of any version of the Struts 
framework, please post your comments
+to the user list, and, if appropriate, file a tracking ticket.</p>
+
+<p>You can download this version from our <a 
href="download.cgi#struts-2331">download</a> page.</p>
+
 <h4 id="a20160707">7 July 2016 - Struts 2.5.2 General Availability</h4>
 
 <p>The Apache Struts group is pleased to announce that Struts 2.5.2 is 
available as a “General Availability”

Modified: websites/production/struts/content/docs/constant-configuration.html
==============================================================================
--- websites/production/struts/content/docs/constant-configuration.html 
(original)
+++ websites/production/struts/content/docs/constant-configuration.html Tue Oct 
18 06:08:01 2016
@@ -138,31 +138,24 @@ under the License.
 
     <div class="pagecontent">
         <div class="wiki-content">
-            <div id="ConfluenceContent"><p>Constants provide a simple way to 
customize a Struts application by defining key settings that modify framework 
and plugin behavior.  There are two key roles for constants.  First, they are 
used to override settings like the maximum file upload size or whether the 
Struts framework should be in "devMode" or not, and so on. Second, they specify 
which <a shape="rect" href="bean-configuration.html">Bean</a> implementation, 
among multiple implementations of a given type, should be chosen.  </p>
-
-<p>Constants can be declared in multiple files.  By default, constants are 
searched for in the following order, allowing for subsequent files to override 
previous ones:</p>
-
-<ol><li><a shape="rect" 
href="struts-defaultxml.html">struts-default.xml</a></li><li>struts-plugin.xml</li><li><a
 shape="rect" href="strutsxml.html">struts.xml</a></li><li><a shape="rect" 
href="strutsproperties.html">struts.properties</a></li><li><a shape="rect" 
href="webxml.html">web.xml</a></li></ol>
-
-
-<p><img class="emoticon emoticon-warning" 
src="https://cwiki.apache.org/confluence/s/en_GB/5982/f2b47fb3d636c8bc9fd0b11c0ec6d0ae18646be7.1/_/images/icons/emoticons/warning.png";
 data-emoticon-name="warning" alt="(warning)"> The 
<code>struts.properties</code> file is provided for backward-compatiblity with 
WebWork.</p>
-
-<h2 id="ConstantConfiguration-Constant">Constant</h2>
-
-<p>In the various XML variants, the constant element has two required 
attributes: <code>name</code> and <code>value</code>.  </p>
-
-<div class="table-wrap"><table class="confluenceTable"><tbody><tr><th 
colspan="1" rowspan="1" class="confluenceTh"><p> Attribute </p></th><th 
colspan="1" rowspan="1" class="confluenceTh"><p> Required </p></th><th 
colspan="1" rowspan="1" class="confluenceTh"><p> Description 
</p></th></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p> name 
</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p> 
<strong>yes</strong> </p></td><td colspan="1" rowspan="1" 
class="confluenceTd"><p> the name of the constant </p></td></tr><tr><td 
colspan="1" rowspan="1" class="confluenceTd"><p> value </p></td><td colspan="1" 
rowspan="1" class="confluenceTd"><p> <strong>yes</strong> </p></td><td 
colspan="1" rowspan="1" class="confluenceTd"><p> the value of the constant 
</p></td></tr></tbody></table></div>
-
-
-<p>In the <a shape="rect" href="strutsproperties.html">struts.properties</a> 
file, each entry is treated as a constant.</p>
-
-<p>In the <a shape="rect" href="webxml.html">web.xml</a> file, any 
FilterDispatcher initialization parameters are loaded as constants.</p>
-
-<h3 id="ConstantConfiguration-Sampleusage">Sample usage </h3>
-
-<div class="code panel pdl" style="border-width: 1px;"><div class="codeHeader 
panelHeader pdl" style="border-bottom-width: 1px;"><b>Constant Example 
(struts.xml)</b></div><div class="codeContent panelContent pdl">
-<pre class="brush: xml; gutter: false; theme: Default" style="font-size:12px;">
-&lt;struts&gt;
+            <div id="ConfluenceContent"><p><style type="text/css">/*<![CDATA[*/
+div.rbtoc1476770250347 {padding: 0px;}
+div.rbtoc1476770250347 ul {list-style: disc;margin-left: 0px;}
+div.rbtoc1476770250347 li {margin-left: 0px;padding-left: 0px;}
+
+/*]]>*/</style></p><div class="toc-macro rbtoc1476770250347">
+<ul class="toc-indentation"><li><a shape="rect" 
href="#ConstantConfiguration-Constant">Constant</a>
+<ul class="toc-indentation"><li><a shape="rect" 
href="#ConstantConfiguration-Valuesubstitution">Value 
substitution</a></li><li><a shape="rect" 
href="#ConstantConfiguration-Sampleusage">Sample usage</a></li></ul>
+</li></ul>
+</div><p>Constants provide a simple way to customize a Struts application by 
defining key settings that modify framework and plugin behavior. There are two 
key roles for constants. First, they are used to override settings like the 
maximum file upload size or whether the Struts framework should be in "devMode" 
or not, and so on. Second, they specify which <a shape="rect" 
href="bean-configuration.html">Bean</a> implementation, among multiple 
implementations of a given type, should be chosen.</p><p>Constants can be 
declared in multiple files. By default, constants are searched for in the 
following order, allowing for subsequent files to override previous 
ones:</p><ol><li><a shape="rect" 
href="struts-defaultxml.html">struts-default.xml</a></li><li>struts-plugin.xml</li><li><a
 shape="rect" href="strutsxml.html">struts.xml</a></li><li><a shape="rect" 
href="strutsproperties.html">struts.properties</a></li><li><a shape="rect" 
href="webxml.html">web.xml</a></li></ol><p><img class="emoticon 
 emoticon-warning" 
src="https://cwiki.apache.org/confluence/s/en_GB/5982/f2b47fb3d636c8bc9fd0b11c0ec6d0ae18646be7.1/_/images/icons/emoticons/warning.png";
 data-emoticon-name="warning" alt="(warning)"> The 
<code>struts.properties</code> file is provided for backward-compatiblity with 
WebWork.</p><h2 id="ConstantConfiguration-Constant">Constant</h2><p>In the 
various XML variants, the constant element has two required attributes: 
<code>name</code> and <code>value</code>.</p><div class="table-wrap"><table 
class="confluenceTable"><tbody><tr><th colspan="1" rowspan="1" 
class="confluenceTh"><p>Attribute</p></th><th colspan="1" rowspan="1" 
class="confluenceTh"><p>Required</p></th><th colspan="1" rowspan="1" 
class="confluenceTh"><p>Description</p></th></tr><tr><td colspan="1" 
rowspan="1" class="confluenceTd"><p>name</p></td><td colspan="1" rowspan="1" 
class="confluenceTd"><p><strong>yes</strong></p></td><td colspan="1" 
rowspan="1" class="confluenceTd"><p>the name of the constant</p></td></tr><
 tr><td colspan="1" rowspan="1" class="confluenceTd"><p>value</p></td><td 
colspan="1" rowspan="1" 
class="confluenceTd"><p><strong>yes</strong></p></td><td colspan="1" 
rowspan="1" class="confluenceTd"><p>the value of the 
constant</p></td></tr></tbody></table></div><p>In the <a shape="rect" 
href="strutsproperties.html">struts.properties</a> file, each entry is treated 
as a constant.</p><p>In the <a shape="rect" href="webxml.html">web.xml</a> 
file, any FilterDispatcher initialization parameters are loaded as 
constants.</p><h3 id="ConstantConfiguration-Valuesubstitution">Value 
substitution</h3><p>Since Apache Struts 2.5.6 it is possible to use value 
substitution when defining <code>constant</code>s 
in&#160;<code>struts.xml</code> file. You can also define a default value if 
given System property or ENV variable is missing, see example below:</p><div 
class="code panel pdl" style="border-width: 1px;"><div class="codeContent 
panelContent pdl">
+<pre class="brush: xml; gutter: false; theme: Default" 
style="font-size:12px;">&lt;struts&gt;
+    &lt;constant name="os" value="Current OS = ${os.name}"/&gt;
+
+
+    &lt;constant name="struts.devMode" 
value="${ENV.STRUTS_DEV_MODE:false}"/&gt;
+&lt;/struts&gt;</pre>
+</div></div><p>Note: substitution is limited to System properties and ENV 
variables and works only for&#160;<code>constant</code>s (as for now).</p><h3 
id="ConstantConfiguration-Sampleusage">Sample usage</h3><div class="code panel 
pdl" style="border-width: 1px;"><div class="codeHeader panelHeader pdl" 
style="border-bottom-width: 1px;"><b>Constant Example 
(struts.xml)</b></div><div class="codeContent panelContent pdl">
+<pre class="brush: xml; gutter: false; theme: Default" 
style="font-size:12px;">&lt;struts&gt;
 
   &lt;constant name="struts.devMode" value="true" /&gt;
 
@@ -170,19 +163,11 @@ under the License.
 
 &lt;/struts&gt;
 </pre>
-</div></div>
-
-<div class="code panel pdl" style="border-width: 1px;"><div class="codeHeader 
panelHeader pdl" style="border-bottom-width: 1px;"><b>Constant Example 
(struts.properties)</b></div><div class="codeContent panelContent pdl">
-<pre class="brush: java; gutter: false; theme: Default" 
style="font-size:12px;">
-struts.devMode = true
+</div></div><div class="code panel pdl" style="border-width: 1px;"><div 
class="codeHeader panelHeader pdl" style="border-bottom-width: 
1px;"><b>Constant Example (struts.properties)</b></div><div class="codeContent 
panelContent pdl">
+<pre class="brush: java; gutter: false; theme: Default" 
style="font-size:12px;">struts.devMode = true
 </pre>
-</div></div>
-
-
-<div class="code panel pdl" style="border-width: 1px;"><div class="codeHeader 
panelHeader pdl" style="border-bottom-width: 1px;"><b>Constant Example 
(web.xml)</b></div><div class="codeContent panelContent pdl">
-<pre class="brush: xml; gutter: false; theme: Default" style="font-size:12px;">
-
-&lt;web-app id="WebApp_9" version="2.4" 
+</div></div><div class="code panel pdl" style="border-width: 1px;"><div 
class="codeHeader panelHeader pdl" style="border-bottom-width: 
1px;"><b>Constant Example (web.xml)</b></div><div class="codeContent 
panelContent pdl">
+<pre class="brush: xml; gutter: false; theme: Default" 
style="font-size:12px;">&lt;web-app id="WebApp_9" version="2.4" 
        xmlns="http://java.sun.com/xml/ns/j2ee"; 
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; 
        xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee 
http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"&gt;

Modified: websites/production/struts/content/docs/json-plugin.html
==============================================================================
--- websites/production/struts/content/docs/json-plugin.html (original)
+++ websites/production/struts/content/docs/json-plugin.html Tue Oct 18 
06:08:01 2016
@@ -138,7 +138,20 @@ under the License.
 
     <div class="pagecontent">
         <div class="wiki-content">
-            <div id="ConfluenceContent"><p>The JSON pluginprovides a "json" 
result type that serializes actions into JSON. The serialization process is 
recursive, meaning that the whole object graph, starting on the action class 
(base class not included) will be serialized (root object can be customized 
using the "root" attribute). If the interceptor is used, the action will be 
populated from the JSON content in the request, these are the rules of the 
interceptor:</p><ol><li>The "content-type" must be 
"application/json"</li><li>The JSON content must be well formed, see <a 
shape="rect" class="external-link" href="http://www.json.org"; 
rel="nofollow">json.org</a> for grammar.</li><li>Action must have a public 
"setter" method for fields that must be populated.</li><li>Supported types for 
population are: Primitives (int,long...String), Date, List, Map, Primitive 
Arrays, Other class (more on this later), and Array of Other class.</li><li>Any 
object in JSON, that is to be populated inside 
 a list, or a map, will be of type Map (mapping from properties to values), any 
whole number will be of type Long, any decimal number will be of type Double, 
and any array of type List.</li></ol><p>Given this JSON string:</p><div 
class="code panel pdl" style="border-width: 1px;"><div class="codeContent 
panelContent pdl">
+            <div id="ConfluenceContent"><p><style type="text/css">/*<![CDATA[*/
+div.rbtoc1476770251369 {padding: 0px;}
+div.rbtoc1476770251369 ul {list-style: disc;margin-left: 0px;}
+div.rbtoc1476770251369 li {margin-left: 0px;padding-left: 0px;}
+
+/*]]>*/</style></p><div class="toc-macro rbtoc1476770251369">
+<ul class="toc-indentation"><li><a shape="rect" 
href="#JSONPlugin-Installation">Installation</a></li><li><a shape="rect" 
href="#JSONPlugin-CustomizingSerializationandDeserialization">Customizing 
Serialization and Deserialization</a>
+<ul class="toc-indentation"><li><a shape="rect" 
href="#JSONPlugin-Excludingproperties">Excluding properties</a></li><li><a 
shape="rect" href="#JSONPlugin-Includingproperties">Including 
properties</a></li><li><a shape="rect" href="#JSONPlugin-RootObject">Root 
Object</a></li><li><a shape="rect" 
href="#JSONPlugin-Wrapping">Wrapping</a></li><li><a shape="rect" 
href="#JSONPlugin-WrapwithComments">Wrap with Comments</a></li><li><a 
shape="rect" href="#JSONPlugin-Prefix">Prefix</a></li><li><a shape="rect" 
href="#JSONPlugin-BaseClasses">Base Classes</a></li><li><a shape="rect" 
href="#JSONPlugin-Enumerations">Enumerations</a></li><li><a shape="rect" 
href="#JSONPlugin-Compressingtheoutput.">Compressing the output.</a></li><li><a 
shape="rect" 
href="#JSONPlugin-Preventingthebrowserfromcachingtheresponse">Preventing the 
browser from caching the response</a></li><li><a shape="rect" 
href="#JSONPlugin-Excludingpropertieswithnullvalues">Excluding properties with 
null values</a></li><li><a shape="rect
 " href="#JSONPlugin-StatusandErrorcode">Status and Error code</a></li><li><a 
shape="rect" href="#JSONPlugin-JSONP">JSONP</a></li><li><a shape="rect" 
href="#JSONPlugin-ContentType">Content Type</a></li><li><a shape="rect" 
href="#JSONPlugin-Encoding">Encoding</a></li></ul>
+</li><li><a shape="rect" href="#JSONPlugin-Example">Example</a>
+<ul class="toc-indentation"><li><a shape="rect" 
href="#JSONPlugin-SetupAction">Setup Action</a></li><li><a shape="rect" 
href="#JSONPlugin-Writethemappingfortheaction">Write the mapping for the 
action</a>
+<ul class="toc-indentation"><li><a shape="rect" 
href="#JSONPlugin-JSONexampleoutput">JSON example output</a></li><li><a 
shape="rect" href="#JSONPlugin-AcceptingJSON">Accepting JSON</a></li></ul>
+</li></ul>
+</li><li><a shape="rect" href="#JSONPlugin-JSONRPC">JSON RPC</a></li><li><a 
shape="rect" href="#JSONPlugin-Proxiedobjects">Proxied objects</a></li></ul>
+</div><p>The JSON pluginprovides a "json" result type that serializes actions 
into JSON. The serialization process is recursive, meaning that the whole 
object graph, starting on the action class (base class not included) will be 
serialized (root object can be customized using the "root" attribute). If the 
interceptor is used, the action will be populated from the JSON content in the 
request, these are the rules of the interceptor:</p><ol><li>The "content-type" 
must be "application/json"</li><li>The JSON content must be well formed, see <a 
shape="rect" class="external-link" href="http://www.json.org"; 
rel="nofollow">json.org</a> for grammar.</li><li>Action must have a public 
"setter" method for fields that must be populated.</li><li>Supported types for 
population are: Primitives (int,long...String), Date, List, Map, Primitive 
Arrays, Other class (more on this later), and Array of Other class.</li><li>Any 
object in JSON, that is to be populated inside a list, or a map, will be of 
type 
 Map (mapping from properties to values), any whole number will be of type 
Long, any decimal number will be of type Double, and any array of type 
List.</li></ol><p>Given this JSON string:</p><div class="code panel pdl" 
style="border-width: 1px;"><div class="codeContent panelContent pdl">
 <pre class="brush: java; gutter: false; theme: Default" 
style="font-size:12px;">{
    "doubleValue": 10.10,
    "nestedBean": {
@@ -406,7 +419,12 @@ public class JSONExample extends ActionS
 </pre>
 </div></div><h4 id="JSONPlugin-AcceptingJSON">Accepting JSON</h4><p>Your 
actions can accept incoming JSON if they are in package which 
uses&#160;<code>json</code> interceptor or by adding reference to it as 
follow:</p><div class="code panel pdl" style="border-width: 1px;"><div 
class="codeContent panelContent pdl">
 <pre class="brush: java; gutter: false; theme: Default" 
style="font-size:12px;">@InterceptorRef(value="json")</pre>
-</div></div><h2 id="JSONPlugin-JSONRPC">JSON RPC</h2><p>The json plugin can be 
used to execute action methods from javascript and return the output. This 
feature was developed with Dojo in mind, so it uses <a shape="rect" 
class="external-link" 
href="http://manual.dojotoolkit.org/WikiHome/DojoDotBook/Book9"; 
rel="nofollow">Simple Method Definition</a> to advertise the remote service. 
Let's work it out with an example(useless as most examples).</p><p>First write 
the action:</p><div class="code panel pdl" style="border-width: 1px;"><div 
class="codeContent panelContent pdl">
+</div></div><p>By default <code>Content-Type</code>&#160;of value 
<code>application/json</code>&#160;is recognised to be used for 
de-serialisation and&#160;<code>application/json-rpc</code> to execute SMD 
processing. You can override those settings be 
defining&#160;<code>jsonContentType</code> 
and&#160;<code>jsonRpcContentType</code> params, see example:</p><div 
class="code panel pdl" style="border-width: 1px;"><div class="codeContent 
panelContent pdl">
+<pre class="brush: xml; gutter: false; theme: Default" 
style="font-size:12px;">&lt;interceptor-ref name="json"&gt;
+  &lt;param name="jsonContentType"&gt;text/json&lt;/param&gt;
+  &lt;param name="jsonRpcContentType"&gt;text/json-rpc&lt;/param&gt;
+&lt;/interceptor-ref&gt;</pre>
+</div></div><p>Please be aware that those are scoped params per stack, which 
means, once set it will be used by actions in scope of this stack.</p><h2 
id="JSONPlugin-JSONRPC">JSON RPC</h2><p>The json plugin can be used to execute 
action methods from javascript and return the output. This feature was 
developed with Dojo in mind, so it uses <a shape="rect" class="external-link" 
href="http://manual.dojotoolkit.org/WikiHome/DojoDotBook/Book9"; 
rel="nofollow">Simple Method Definition</a> to advertise the remote service. 
Let's work it out with an example(useless as most examples).</p><p>First write 
the action:</p><div class="code panel pdl" style="border-width: 1px;"><div 
class="codeContent panelContent pdl">
 <pre class="brush: java; gutter: false; theme: Default" 
style="font-size:12px;">package smd;
 
 import com.googlecode.jsonplugin.annotations.SMDMethod;

Modified: websites/production/struts/content/docs/migration-guide.html
==============================================================================
--- websites/production/struts/content/docs/migration-guide.html (original)
+++ websites/production/struts/content/docs/migration-guide.html Tue Oct 18 
06:08:01 2016
@@ -125,7 +125,7 @@ under the License.
 
     <div class="pagecontent">
         <div class="wiki-content">
-            <div id="ConfluenceContent"><p>Getting here from there.</p><h3 
id="MigrationGuide-VersionNotes2.5.x">Version Notes 2.5.x</h3><ul><li><a 
shape="rect" href="version-notes-252.html">Version Notes 2.5.2</a></li><li><a 
shape="rect" href="version-notes-251.html">Version Notes 2.5.1</a></li><li><a 
shape="rect" href="version-notes-25.html">Version Notes 2.5</a></li></ul><h3 
id="MigrationGuide-VersionNotes2.3.x">Version Notes 2.3.x</h3><ul><li><a 
shape="rect" href="version-notes-2330.html">Version Notes 2.3.30</a></li><li><a 
shape="rect" href="version-notes-2329.html">Version Notes 2.3.29</a></li><li><a 
shape="rect" href="version-notes-23281.html">Version Notes 
2.3.28.1</a></li><li><a shape="rect" href="version-notes-2328.html">Version 
Notes 2.3.28</a></li><li><a shape="rect" 
href="version-notes-23243.html">Version Notes 2.3.24.3</a></li><li><a 
shape="rect" href="version-notes-23241.html">Version Notes 
2.3.24.1</a></li><li><a shape="rect" href="version-notes-2324.html">Version No
 tes 2.3.24</a></li><li><a shape="rect" href="version-notes-23203.html">Version 
Notes 2.3.20.3</a></li><li><a shape="rect" 
href="version-notes-23201.html">Version Notes 2.3.20.1</a></li><li><a 
shape="rect" href="version-notes-2320.html">Version Notes 2.3.20</a></li><li><a 
shape="rect" href="version-notes-23163.html">Version Notes 
2.3.16.3</a></li><li><a shape="rect" href="version-notes-23162.html">Version 
Notes 2.3.16.2</a></li><li><a shape="rect" 
href="version-notes-2316.html">Version Notes 2.3.16.1</a></li><li><a 
shape="rect" href="version-notes-2316.html">Version Notes 2.3.16</a></li><li><a 
shape="rect" href="version-notes-23153.html">Version Notes 
2.3.15.3</a></li><li><a shape="rect" href="version-notes-23152.html">Version 
Notes 2.3.15.2</a></li><li><a shape="rect" 
href="version-notes-23151.html">Version Notes 2.3.15.1</a></li><li><a 
shape="rect" href="version-notes-2315.html">Version Notes 2.3.15</a></li><li><a 
shape="rect" href="version-notes-23143.html">Version Notes 2.3.14.3<
 /a></li><li><a shape="rect" href="version-notes-23142.html">Version Notes 
2.3.14.2</a></li><li><a shape="rect" href="version-notes-23141.html">Version 
Notes 2.3.14.1</a></li><li><a shape="rect" 
href="version-notes-2314.html">Version Notes 2.3.14</a></li><li><a shape="rect" 
href="version-notes-23120.html">Version Notes 2.3.12.0</a></li><li><a 
shape="rect" href="version-notes-238.html">Version Notes 2.3.8</a></li><li><a 
shape="rect" href="version-notes-237.html">Version Notes 2.3.7</a></li><li><a 
shape="rect" href="version-notes-2341.html">Version Notes 
2.3.4.1</a></li><li><a shape="rect" href="version-notes-234.html">Version Notes 
2.3.4</a></li><li><a shape="rect" href="version-notes-233.html">Version Notes 
2.3.3</a></li><li><a shape="rect" href="version-notes-2312.html">Version Notes 
2.3.1.2</a></li><li><a shape="rect" href="version-notes-2311.html">Version 
Notes 2.3.1.1</a></li><li><a shape="rect" href="version-notes-231.html">Version 
Notes 2.3.1</a></li></ul><h3 id="MigrationGuide
 -VersionNotes2.2.x">Version Notes 2.2.x</h3><ul><li><a shape="rect" 
href="version-notes-2231.html">Version Notes 2.2.3.1</a></li><li><a 
shape="rect" href="version-notes-223.html">Version Notes 2.2.3</a></li><li><a 
shape="rect" href="version-notes-2211.html">Version Notes 
2.2.1.1</a></li><li><a shape="rect" href="version-notes-221.html">Version Notes 
2.2.1</a></li></ul><h3 id="MigrationGuide-VersionNotes2.1.x">Version Notes 
2.1.x</h3><ul><li><a shape="rect" href="version-notes-2181.html">Version Notes 
2.1.8.1</a></li><li><a shape="rect" href="version-notes-218.html">Version Notes 
2.1.8</a></li><li><a shape="rect" href="version-notes-216.html">Version Notes 
2.1.6</a></li><li><a shape="rect" href="version-notes-215.html">Version Notes 
2.1.5</a></li><li><a shape="rect" href="version-notes-214.html">Version Notes 
2.1.4</a></li><li><a shape="rect" href="version-notes-213.html">Version Notes 
2.1.3</a></li><li><a shape="rect" href="version-notes-212.html">Version Notes 
2.1.2</a></li><li><a 
 shape="rect" href="version-notes-211.html">Version Notes 2.1.1</a></li><li><a 
shape="rect" href="version-notes-210.html">Version Notes 2.1.0</a></li></ul><h3 
id="MigrationGuide-ReleaseNotes2.0.x">Release Notes 2.0.x</h3><ul><li><a 
shape="rect" href="release-notes-2014.html">Release Notes 2.0.14</a></li><li><a 
shape="rect" href="release-notes-2013.html">Release Notes 2.0.13</a></li><li><a 
shape="rect" href="release-notes-2012.html">Release Notes 2.0.12</a></li><li><a 
shape="rect" href="release-notes-20112.html">Release Notes 
2.0.11.2</a></li><li><a shape="rect" href="release-notes-20111.html">Release 
Notes 2.0.11.1</a></li><li><a shape="rect" 
href="release-notes-2011.html">Release Notes 2.0.11</a></li><li><a shape="rect" 
href="release-notes-2010.html">Release Notes 2.0.10</a></li><li><a shape="rect" 
href="release-notes-209.html">Release Notes 2.0.9</a></li><li><a shape="rect" 
href="release-notes-208.html">Release Notes 2.0.8</a></li><li><a shape="rect" 
href="release-notes-207.html">R
 elease Notes 2.0.7</a></li><li><a shape="rect" 
href="release-notes-206.html">Release Notes 2.0.6</a></li><li><a shape="rect" 
href="release-notes-205.html">Release Notes 2.0.5</a></li><li><a shape="rect" 
href="release-notes-204.html">Release Notes 2.0.4</a></li><li><a shape="rect" 
href="release-notes-203.html">Release Notes 2.0.3</a></li><li><a shape="rect" 
href="release-notes-202.html">Release Notes 2.0.2</a></li><li><a shape="rect" 
href="release-notes-201.html">Release Notes 2.0.1</a></li><li><a shape="rect" 
href="release-notes-200.html">Release Notes 2.0.0</a></li></ul><h3 
id="MigrationGuide-Struts2.3toStruts2.5">Struts 2.3 to Struts 2.5</h3><div 
class="table-wrap"><table class="confluenceTable"><tbody><tr><th colspan="1" 
rowspan="1" class="confluenceTh"><p><a shape="rect" 
href="struts-23-to-25-migration.html">Struts 2.3 to 2.5 
migration</a></p></th><td colspan="1" rowspan="1" 
class="confluenceTd">Migration guide.</td></tr></tbody></table></div><h3 
id="MigrationGuide-Struts1toStru
 ts2">Struts 1 to Struts 2</h3><div class="table-wrap"><table 
class="confluenceTable"><tbody><tr><th colspan="1" rowspan="1" 
class="confluenceTh"><p><a shape="rect" 
href="comparing-struts-1-and-2.html">Comparing Struts 1 and 2</a></p></th><td 
colspan="1" rowspan="1" class="confluenceTd"><p>How are Struts 1 and Struts 2 
alike? How are they different?</p></td></tr><tr><th colspan="1" rowspan="1" 
class="confluenceTh"><p><a shape="rect" href="struts-1-solutions.html">Struts 1 
Solutions</a></p></th><td colspan="1" rowspan="1" 
class="confluenceTd"><p>Various issues (and hopefully their solutions!) 
encountered during migrations to Struts 2.</p></td></tr><tr><th colspan="1" 
rowspan="1" class="confluenceTh"><p><a shape="rect" 
href="migration-strategies.html">Migration Strategies</a></p></th><td 
colspan="1" rowspan="1" class="confluenceTd"><p>Steps and overall strategies 
for migrating Struts 1 applications to Struts 2.</p></td></tr><tr><th 
colspan="1" rowspan="1" class="confluenceTh"><p><a sha
 pe="rect" href="migration-tools.html">Migration Tools</a></p></th><td 
colspan="1" rowspan="1" class="confluenceTd"><p>Development tools to help aid 
the migration process.</p></td></tr></tbody></table></div><h4 
id="MigrationGuide-Tutorials">Tutorials</h4><div class="table-wrap"><table 
class="confluenceTable"><tbody><tr><th colspan="1" rowspan="1" 
class="confluenceTh"><p><a shape="rect" class="external-link" 
href="http://www.infoq.com/news/migrating-struts2"; rel="nofollow">Migrating 
Applications to Struts 2 </a></p></th><td colspan="1" rowspan="1" 
class="confluenceTd"><p>A three-part series by Ian Roughley (Sep 
2006)</p></td></tr></tbody></table></div><h4 
id="MigrationGuide-Roadmap">Roadmap</h4><div class="table-wrap"><table 
class="confluenceTable"><tbody><tr><th colspan="1" rowspan="1" 
class="confluenceTh"><p><a shape="rect" class="external-link" 
href="http://struts.apache.org/roadmap.html#new";>Roadmap FAQ</a></p></th><td 
colspan="1" rowspan="1" class="confluenceTd"><p>What's in stor
 e for Struts 2?</p></td></tr><tr><th colspan="1" rowspan="1" 
class="confluenceTh"><p><a shape="rect" class="external-link" 
href="http://www.oreillynet.com/onjava/blog/2006/10/my_history_of_struts_2.html";
 rel="nofollow">A History of Struts 2</a></p></th><td colspan="1" rowspan="1" 
class="confluenceTd"><p>Don Brown's summary of 
events</p></td></tr></tbody></table></div><h3 
id="MigrationGuide-Webwork2.2toStruts2">Webwork 2.2 to Struts 2</h3><div 
class="table-wrap"><table class="confluenceTable"><tbody><tr><th colspan="1" 
rowspan="1" class="confluenceTh"><p><a shape="rect" 
href="key-changes-from-webwork-2.html">Key Changes From WebWork 
2</a></p></th><td colspan="1" rowspan="1" class="confluenceTd"><p>What has been 
removed or changed from WebWork 2.2 to Struts 2</p></td></tr><tr><th 
colspan="1" rowspan="1" class="confluenceTh"><p><a shape="rect" 
href="webwork-2-migration-strategies.html">WebWork 2 Migration 
Strategies</a></p></th><td colspan="1" rowspan="1" 
class="confluenceTd"><p>Steps 
 and overall strategies for migrating WebWork 2 applications to Struts 
2.</p></td></tr></tbody></table></div><h2 
id="MigrationGuide-FAQs">FAQs</h2><ul><li><a shape="rect" 
href="where-do-we-get-the-latest-version-the-framework.html">Where do we get 
the latest version the framework</a>?</li><li><a shape="rect" 
href="what-are-some-of-the-frameworks-best-features.html">What are some of the 
framework's best features</a>?</li><li><a shape="rect" 
href="what-is-the-actioncontext.html">What is the 
ActionContext?</a></li></ul><h2 id="MigrationGuide-Next:">Next: <a shape="rect" 
href="contributors-guide.html">Contributors Guide</a></h2></div>
+            <div id="ConfluenceContent"><p>Getting here from there.</p><h3 
id="MigrationGuide-VersionNotes2.5.x">Version Notes 2.5.x</h3><ul><li><a 
shape="rect" href="version-notes-255.html">Version Notes 2.5.5</a></li><li><a 
shape="rect" href="version-notes-252.html">Version Notes 2.5.2</a></li><li><a 
shape="rect" href="version-notes-251.html">Version Notes 2.5.1</a></li><li><a 
shape="rect" href="version-notes-25.html">Version Notes 2.5</a></li></ul><h3 
id="MigrationGuide-VersionNotes2.3.x">Version Notes 2.3.x</h3><ul><li><a 
shape="rect" href="version-notes-2331.html">Version Notes 2.3.31</a></li><li><a 
shape="rect" href="version-notes-2330.html">Version Notes 2.3.30</a></li><li><a 
shape="rect" href="version-notes-2329.html">Version Notes 2.3.29</a></li><li><a 
shape="rect" href="version-notes-23281.html">Version Notes 
2.3.28.1</a></li><li><a shape="rect" href="version-notes-2328.html">Version 
Notes 2.3.28</a></li><li><a shape="rect" 
href="version-notes-23243.html">Version Notes 2.3
 .24.3</a></li><li><a shape="rect" href="version-notes-23241.html">Version 
Notes 2.3.24.1</a></li><li><a shape="rect" 
href="version-notes-2324.html">Version Notes 2.3.24</a></li><li><a shape="rect" 
href="version-notes-23203.html">Version Notes 2.3.20.3</a></li><li><a 
shape="rect" href="version-notes-23201.html">Version Notes 
2.3.20.1</a></li><li><a shape="rect" href="version-notes-2320.html">Version 
Notes 2.3.20</a></li><li><a shape="rect" 
href="version-notes-23163.html">Version Notes 2.3.16.3</a></li><li><a 
shape="rect" href="version-notes-23162.html">Version Notes 
2.3.16.2</a></li><li><a shape="rect" href="version-notes-2316.html">Version 
Notes 2.3.16.1</a></li><li><a shape="rect" 
href="version-notes-2316.html">Version Notes 2.3.16</a></li><li><a shape="rect" 
href="version-notes-23153.html">Version Notes 2.3.15.3</a></li><li><a 
shape="rect" href="version-notes-23152.html">Version Notes 
2.3.15.2</a></li><li><a shape="rect" href="version-notes-23151.html">Version 
Notes 2.3.15.1</a></
 li><li><a shape="rect" href="version-notes-2315.html">Version Notes 
2.3.15</a></li><li><a shape="rect" href="version-notes-23143.html">Version 
Notes 2.3.14.3</a></li><li><a shape="rect" 
href="version-notes-23142.html">Version Notes 2.3.14.2</a></li><li><a 
shape="rect" href="version-notes-23141.html">Version Notes 
2.3.14.1</a></li><li><a shape="rect" href="version-notes-2314.html">Version 
Notes 2.3.14</a></li><li><a shape="rect" 
href="version-notes-23120.html">Version Notes 2.3.12.0</a></li><li><a 
shape="rect" href="version-notes-238.html">Version Notes 2.3.8</a></li><li><a 
shape="rect" href="version-notes-237.html">Version Notes 2.3.7</a></li><li><a 
shape="rect" href="version-notes-2341.html">Version Notes 
2.3.4.1</a></li><li><a shape="rect" href="version-notes-234.html">Version Notes 
2.3.4</a></li><li><a shape="rect" href="version-notes-233.html">Version Notes 
2.3.3</a></li><li><a shape="rect" href="version-notes-2312.html">Version Notes 
2.3.1.2</a></li><li><a shape="rect" href="ve
 rsion-notes-2311.html">Version Notes 2.3.1.1</a></li><li><a shape="rect" 
href="version-notes-231.html">Version Notes 2.3.1</a></li></ul><h3 
id="MigrationGuide-VersionNotes2.2.x">Version Notes 2.2.x</h3><ul><li><a 
shape="rect" href="version-notes-2231.html">Version Notes 
2.2.3.1</a></li><li><a shape="rect" href="version-notes-223.html">Version Notes 
2.2.3</a></li><li><a shape="rect" href="version-notes-2211.html">Version Notes 
2.2.1.1</a></li><li><a shape="rect" href="version-notes-221.html">Version Notes 
2.2.1</a></li></ul><h3 id="MigrationGuide-VersionNotes2.1.x">Version Notes 
2.1.x</h3><ul><li><a shape="rect" href="version-notes-2181.html">Version Notes 
2.1.8.1</a></li><li><a shape="rect" href="version-notes-218.html">Version Notes 
2.1.8</a></li><li><a shape="rect" href="version-notes-216.html">Version Notes 
2.1.6</a></li><li><a shape="rect" href="version-notes-215.html">Version Notes 
2.1.5</a></li><li><a shape="rect" href="version-notes-214.html">Version Notes 
2.1.4</a></li><li><
 a shape="rect" href="version-notes-213.html">Version Notes 
2.1.3</a></li><li><a shape="rect" href="version-notes-212.html">Version Notes 
2.1.2</a></li><li><a shape="rect" href="version-notes-211.html">Version Notes 
2.1.1</a></li><li><a shape="rect" href="version-notes-210.html">Version Notes 
2.1.0</a></li></ul><h3 id="MigrationGuide-ReleaseNotes2.0.x">Release Notes 
2.0.x</h3><ul><li><a shape="rect" href="release-notes-2014.html">Release Notes 
2.0.14</a></li><li><a shape="rect" href="release-notes-2013.html">Release Notes 
2.0.13</a></li><li><a shape="rect" href="release-notes-2012.html">Release Notes 
2.0.12</a></li><li><a shape="rect" href="release-notes-20112.html">Release 
Notes 2.0.11.2</a></li><li><a shape="rect" 
href="release-notes-20111.html">Release Notes 2.0.11.1</a></li><li><a 
shape="rect" href="release-notes-2011.html">Release Notes 2.0.11</a></li><li><a 
shape="rect" href="release-notes-2010.html">Release Notes 2.0.10</a></li><li><a 
shape="rect" href="release-notes-209.html"
 >Release Notes 2.0.9</a></li><li><a shape="rect" 
 >href="release-notes-208.html">Release Notes 2.0.8</a></li><li><a shape="rect" 
 >href="release-notes-207.html">Release Notes 2.0.7</a></li><li><a shape="rect" 
 >href="release-notes-206.html">Release Notes 2.0.6</a></li><li><a shape="rect" 
 >href="release-notes-205.html">Release Notes 2.0.5</a></li><li><a shape="rect" 
 >href="release-notes-204.html">Release Notes 2.0.4</a></li><li><a shape="rect" 
 >href="release-notes-203.html">Release Notes 2.0.3</a></li><li><a shape="rect" 
 >href="release-notes-202.html">Release Notes 2.0.2</a></li><li><a shape="rect" 
 >href="release-notes-201.html">Release Notes 2.0.1</a></li><li><a shape="rect" 
 >href="release-notes-200.html">Release Notes 2.0.0</a></li></ul><h3 
 >id="MigrationGuide-Struts2.3toStruts2.5">Struts 2.3 to Struts 2.5</h3><div 
 >class="table-wrap"><table class="confluenceTable"><tbody><tr><th colspan="1" 
 >rowspan="1" class="confluenceTh"><p><a shape="rect" 
 >href="struts-23-to-25-migration.html">Struts 2.3 to 2
 .5 migration</a></p></th><td colspan="1" rowspan="1" 
class="confluenceTd">Migration guide.</td></tr></tbody></table></div><h3 
id="MigrationGuide-Struts1toStruts2">Struts 1 to Struts 2</h3><div 
class="table-wrap"><table class="confluenceTable"><tbody><tr><th colspan="1" 
rowspan="1" class="confluenceTh"><p><a shape="rect" 
href="comparing-struts-1-and-2.html">Comparing Struts 1 and 2</a></p></th><td 
colspan="1" rowspan="1" class="confluenceTd"><p>How are Struts 1 and Struts 2 
alike? How are they different?</p></td></tr><tr><th colspan="1" rowspan="1" 
class="confluenceTh"><p><a shape="rect" href="struts-1-solutions.html">Struts 1 
Solutions</a></p></th><td colspan="1" rowspan="1" 
class="confluenceTd"><p>Various issues (and hopefully their solutions!) 
encountered during migrations to Struts 2.</p></td></tr><tr><th colspan="1" 
rowspan="1" class="confluenceTh"><p><a shape="rect" 
href="migration-strategies.html">Migration Strategies</a></p></th><td 
colspan="1" rowspan="1" class="confluenceTd
 "><p>Steps and overall strategies for migrating Struts 1 applications to 
Struts 2.</p></td></tr><tr><th colspan="1" rowspan="1" 
class="confluenceTh"><p><a shape="rect" href="migration-tools.html">Migration 
Tools</a></p></th><td colspan="1" rowspan="1" 
class="confluenceTd"><p>Development tools to help aid the migration 
process.</p></td></tr></tbody></table></div><h4 
id="MigrationGuide-Tutorials">Tutorials</h4><div class="table-wrap"><table 
class="confluenceTable"><tbody><tr><th colspan="1" rowspan="1" 
class="confluenceTh"><p><a shape="rect" class="external-link" 
href="http://www.infoq.com/news/migrating-struts2"; rel="nofollow">Migrating 
Applications to Struts 2 </a></p></th><td colspan="1" rowspan="1" 
class="confluenceTd"><p>A three-part series by Ian Roughley (Sep 
2006)</p></td></tr></tbody></table></div><h4 
id="MigrationGuide-Roadmap">Roadmap</h4><div class="table-wrap"><table 
class="confluenceTable"><tbody><tr><th colspan="1" rowspan="1" 
class="confluenceTh"><p><a shape="rect" cla
 ss="external-link" href="http://struts.apache.org/roadmap.html#new";>Roadmap 
FAQ</a></p></th><td colspan="1" rowspan="1" class="confluenceTd"><p>What's in 
store for Struts 2?</p></td></tr><tr><th colspan="1" rowspan="1" 
class="confluenceTh"><p><a shape="rect" class="external-link" 
href="http://www.oreillynet.com/onjava/blog/2006/10/my_history_of_struts_2.html";
 rel="nofollow">A History of Struts 2</a></p></th><td colspan="1" rowspan="1" 
class="confluenceTd"><p>Don Brown's summary of 
events</p></td></tr></tbody></table></div><h3 
id="MigrationGuide-Webwork2.2toStruts2">Webwork 2.2 to Struts 2</h3><div 
class="table-wrap"><table class="confluenceTable"><tbody><tr><th colspan="1" 
rowspan="1" class="confluenceTh"><p><a shape="rect" 
href="key-changes-from-webwork-2.html">Key Changes From WebWork 
2</a></p></th><td colspan="1" rowspan="1" class="confluenceTd"><p>What has been 
removed or changed from WebWork 2.2 to Struts 2</p></td></tr><tr><th 
colspan="1" rowspan="1" class="confluenceTh"><p><a
  shape="rect" href="webwork-2-migration-strategies.html">WebWork 2 Migration 
Strategies</a></p></th><td colspan="1" rowspan="1" 
class="confluenceTd"><p>Steps and overall strategies for migrating WebWork 2 
applications to Struts 2.</p></td></tr></tbody></table></div><h2 
id="MigrationGuide-FAQs">FAQs</h2><ul><li><a shape="rect" 
href="where-do-we-get-the-latest-version-the-framework.html">Where do we get 
the latest version the framework</a>?</li><li><a shape="rect" 
href="what-are-some-of-the-frameworks-best-features.html">What are some of the 
framework's best features</a>?</li><li><a shape="rect" 
href="what-is-the-actioncontext.html">What is the 
ActionContext?</a></li></ul><h2 id="MigrationGuide-Next:">Next: <a shape="rect" 
href="contributors-guide.html">Contributors Guide</a></h2></div>
         </div>
 
                     <div class="tabletitle">
@@ -140,6 +140,12 @@ under the License.
                     <span class="smalltext">(Apache Struts 2 
Documentation)</span>
                     <br>
                                     $page.link($child)
+                    <span class="smalltext">(Apache Struts 2 
Documentation)</span>
+                    <br>
+                                    $page.link($child)
+                    <span class="smalltext">(Apache Struts 2 
Documentation)</span>
+                    <br>
+                                    $page.link($child)
                     <span class="smalltext">(Apache Struts 2 
Documentation)</span>
                     <br>
                                     $page.link($child)

Added: websites/production/struts/content/docs/s2-042.html
==============================================================================
--- websites/production/struts/content/docs/s2-042.html (added)
+++ websites/production/struts/content/docs/s2-042.html Tue Oct 18 06:08:01 2016
@@ -0,0 +1,138 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" 
"http://www.w3.org/TR/html4/loose.dtd";>
+<!-- 
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied.  See the License for the
+specific language governing permissions and limitations
+under the License. 
+-->
+<html>
+<head>
+    <link type="text/css" rel="stylesheet" 
href="https://struts.apache.org/css/default.css";>
+    <style type="text/css">
+        .dp-highlighter {
+            width:95% !important;
+        }
+    </style>
+    <style type="text/css">
+        .footer {
+            background-image:      
url('https://cwiki.apache.org/confluence/images/border/border_bottom.gif');
+            background-repeat:     repeat-x;
+            background-position:   left top;
+            padding-top:           4px;
+            color:                 #666;
+        }
+    </style>
+    <script type="text/javascript" language="javascript">
+        var hide = null;
+        var show = null;
+        var children = null;
+
+        function init() {
+            /* Search form initialization */
+            var form = document.forms['search'];
+            if (form != null) {
+                form.elements['domains'].value = location.hostname;
+                form.elements['sitesearch'].value = location.hostname;
+            }
+
+            /* Children initialization */
+            hide = document.getElementById('hide');
+            show = document.getElementById('show');
+            children = document.all != null ?
+                    document.all['children'] :
+                    document.getElementById('children');
+            if (children != null) {
+                children.style.display = 'none';
+                show.style.display = 'inline';
+                hide.style.display = 'none';
+            }
+        }
+
+        function showChildren() {
+            children.style.display = 'block';
+            show.style.display = 'none';
+            hide.style.display = 'inline';
+        }
+
+        function hideChildren() {
+            children.style.display = 'none';
+            show.style.display = 'inline';
+            hide.style.display = 'none';
+        }
+    </script>
+    <title>S2-042</title>
+</head>
+<body onload="init()">
+<table border="0" cellpadding="2" cellspacing="0" width="100%">
+    <tr class="topBar">
+        <td align="left" valign="middle" class="topBarDiv" align="left" nowrap>
+            &nbsp;<a href="home.html">Home</a>&nbsp;&gt;&nbsp;<a 
href="security-bulletins.html">Security Bulletins</a>&nbsp;&gt;&nbsp;<a 
href="s2-042.html">S2-042</a>
+        </td>
+        <td align="right" valign="middle" nowrap>
+            <form name="search" action="https://www.google.com/search"; 
method="get">
+                <input type="hidden" name="ie" value="UTF-8" />
+                <input type="hidden" name="oe" value="UTF-8" />
+                <input type="hidden" name="domains" value="" />
+                <input type="hidden" name="sitesearch" value="" />
+                <input type="text" name="q" maxlength="255" value="" />
+                <input type="submit" name="btnG" value="Google Search" />
+            </form>
+        </td>
+    </tr>
+</table>
+
+<div id="PageContent">
+    <div class="pageheader" style="padding: 6px 0px 0px 0px;">
+        <!-- We'll enable this once we figure out how to access (and save) the 
logo resource -->
+        <!--img src="/wiki/images/confluence_logo.gif" style="float: left; 
margin: 4px 4px 4px 10px;" border="0"-->
+        <div style="margin: 0px 10px 0px 10px" class="smalltext">Apache Struts 
2 Documentation</div>
+        <div style="margin: 0px 10px 8px 10px"  class="pagetitle">S2-042</div>
+
+        <div class="greynavbar" align="right" style="padding: 2px 10px; 
margin: 0px;">
+            <a 
href="https://cwiki.apache.org/confluence/pages/editpage.action?pageId=65873559";>
+                <img 
src="https://cwiki.apache.org/confluence/images/icons/notep_16.gif";
+                     height="16" width="16" border="0" align="absmiddle" 
title="Edit Page"></a>
+            <a 
href="https://cwiki.apache.org/confluence/pages/editpage.action?pageId=65873559";>Edit
 Page</a>
+            &nbsp;
+            <a 
href="https://cwiki.apache.org/confluence/pages/listpages.action?key=WW";>
+                <img 
src="https://cwiki.apache.org/confluence/images/icons/browse_space.gif";
+                     height="16" width="16" border="0" align="absmiddle" 
title="Browse Space"></a>
+            <a 
href="https://cwiki.apache.org/confluence/pages/listpages.action?key=WW";>Browse 
Space</a>
+            &nbsp;
+            <a 
href="https://cwiki.apache.org/confluence/pages/createpage.action?spaceKey=WW&fromPageId=65873559";>
+                <img 
src="https://cwiki.apache.org/confluence/images/icons/add_page_16.gif";
+                     height="16" width="16" border="0" align="absmiddle" 
title="Add Page"></a>
+            <a 
href="https://cwiki.apache.org/confluence/pages/createpage.action?spaceKey=WW&fromPageId=65873559";>Add
 Page</a>
+            &nbsp;
+            <a 
href="https://cwiki.apache.org/confluence/pages/createblogpost.action?spaceKey=WW&fromPageId=65873559";>
+                <img 
src="https://cwiki.apache.org/confluence/images/icons/add_blogentry_16.gif";
+                     height="16" width="16" border="0" align="absmiddle" 
title="Add News"></a>
+            <a 
href="https://cwiki.apache.org/confluence/pages/createblogpost.action?spaceKey=WW&fromPageId=65873559";>Add
 News</a>
+        </div>
+    </div>
+
+    <div class="pagecontent">
+        <div class="wiki-content">
+            <div id="ConfluenceContent"><h2 
id="S2-042-Summary">Summary</h2>Possible path traversal in the Convention 
plugin<div class="table-wrap"><table class="confluenceTable"><tbody><tr><th 
colspan="1" rowspan="1" class="confluenceTh"><p>Who should read 
this</p></th><td colspan="1" rowspan="1" class="confluenceTd"><p>All Struts 2 
developers and users</p></td></tr><tr><th colspan="1" rowspan="1" 
class="confluenceTh"><p>Impact of vulnerability</p></th><td colspan="1" 
rowspan="1" class="confluenceTd"><p>Possible path traversal in the Convention 
plugin in Struts 2.3.20 - 2.3.30</p></td></tr><tr><th colspan="1" rowspan="1" 
class="confluenceTh"><p>Maximum security rating</p></th><td colspan="1" 
rowspan="1" class="confluenceTd"><p>High</p></td></tr><tr><th colspan="1" 
rowspan="1" class="confluenceTh"><p>Recommendation</p></th><td colspan="1" 
rowspan="1" class="confluenceTd"><p>Upgrade to<span>&#160;</span><a 
shape="rect" href="version-notes-2331.html">Struts 2.3.31</a> or to any versio
 n of Struts 2.5</p></td></tr><tr><th colspan="1" rowspan="1" 
class="confluenceTh"><p>Affected Software</p></th><td colspan="1" rowspan="1" 
class="confluenceTd"><p>Struts 2.3.20 - Struts <span style="color: 
rgb(23,35,59);">2.3.31</span></p></td></tr><tr><th colspan="1" rowspan="1" 
class="confluenceTh"><p>Reporter</p></th><td colspan="1" rowspan="1" 
class="confluenceTd"><p>Takeshi Terada of Mitsui Bussan Secure Directions, 
Inc.</p></td></tr><tr><th colspan="1" rowspan="1" class="confluenceTh"><p>CVE 
Identifier</p></th><td colspan="1" rowspan="1" 
class="confluenceTd"><p>CVE-2016-6795</p></td></tr></tbody></table></div><h2 
id="S2-042-Problem">Problem</h2><p>It is possible to prepare a special URL 
which will be used for path traversal and execution of arbitrary code on server 
side.</p><h2 id="S2-042-Solution">Solution</h2><p>Upgrade to Apache Struts 
version 2.3.31 when you are using Struts 2.3.20 - 2.3.30 with the Convention 
plugin.</p><h2 id="S2-042-Backwardcompatibility">Backward compa
 tibility</h2><p>No backward incompatibility issues are expected.</p><h2 
id="S2-042-Workaround">Workaround</h2><p>There is no known workaround for this 
vulnerability, please upgrade to the mentioned Struts 
versions.</p><p>&#160;</p></div>
+        </div>
+
+        
+    </div>
+</div>
+<div class="footer">
+    Generated by CXF SiteExporter
+</div>
+</body>
+</html>

Added: websites/production/struts/content/docs/s2-043.html
==============================================================================
--- websites/production/struts/content/docs/s2-043.html (added)
+++ websites/production/struts/content/docs/s2-043.html Tue Oct 18 06:08:01 2016
@@ -0,0 +1,138 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" 
"http://www.w3.org/TR/html4/loose.dtd";>
+<!-- 
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied.  See the License for the
+specific language governing permissions and limitations
+under the License. 
+-->
+<html>
+<head>
+    <link type="text/css" rel="stylesheet" 
href="https://struts.apache.org/css/default.css";>
+    <style type="text/css">
+        .dp-highlighter {
+            width:95% !important;
+        }
+    </style>
+    <style type="text/css">
+        .footer {
+            background-image:      
url('https://cwiki.apache.org/confluence/images/border/border_bottom.gif');
+            background-repeat:     repeat-x;
+            background-position:   left top;
+            padding-top:           4px;
+            color:                 #666;
+        }
+    </style>
+    <script type="text/javascript" language="javascript">
+        var hide = null;
+        var show = null;
+        var children = null;
+
+        function init() {
+            /* Search form initialization */
+            var form = document.forms['search'];
+            if (form != null) {
+                form.elements['domains'].value = location.hostname;
+                form.elements['sitesearch'].value = location.hostname;
+            }
+
+            /* Children initialization */
+            hide = document.getElementById('hide');
+            show = document.getElementById('show');
+            children = document.all != null ?
+                    document.all['children'] :
+                    document.getElementById('children');
+            if (children != null) {
+                children.style.display = 'none';
+                show.style.display = 'inline';
+                hide.style.display = 'none';
+            }
+        }
+
+        function showChildren() {
+            children.style.display = 'block';
+            show.style.display = 'none';
+            hide.style.display = 'inline';
+        }
+
+        function hideChildren() {
+            children.style.display = 'none';
+            show.style.display = 'inline';
+            hide.style.display = 'none';
+        }
+    </script>
+    <title>S2-043</title>
+</head>
+<body onload="init()">
+<table border="0" cellpadding="2" cellspacing="0" width="100%">
+    <tr class="topBar">
+        <td align="left" valign="middle" class="topBarDiv" align="left" nowrap>
+            &nbsp;<a href="home.html">Home</a>&nbsp;&gt;&nbsp;<a 
href="security-bulletins.html">Security Bulletins</a>&nbsp;&gt;&nbsp;<a 
href="s2-043.html">S2-043</a>
+        </td>
+        <td align="right" valign="middle" nowrap>
+            <form name="search" action="https://www.google.com/search"; 
method="get">
+                <input type="hidden" name="ie" value="UTF-8" />
+                <input type="hidden" name="oe" value="UTF-8" />
+                <input type="hidden" name="domains" value="" />
+                <input type="hidden" name="sitesearch" value="" />
+                <input type="text" name="q" maxlength="255" value="" />
+                <input type="submit" name="btnG" value="Google Search" />
+            </form>
+        </td>
+    </tr>
+</table>
+
+<div id="PageContent">
+    <div class="pageheader" style="padding: 6px 0px 0px 0px;">
+        <!-- We'll enable this once we figure out how to access (and save) the 
logo resource -->
+        <!--img src="/wiki/images/confluence_logo.gif" style="float: left; 
margin: 4px 4px 4px 10px;" border="0"-->
+        <div style="margin: 0px 10px 0px 10px" class="smalltext">Apache Struts 
2 Documentation</div>
+        <div style="margin: 0px 10px 8px 10px"  class="pagetitle">S2-043</div>
+
+        <div class="greynavbar" align="right" style="padding: 2px 10px; 
margin: 0px;">
+            <a 
href="https://cwiki.apache.org/confluence/pages/editpage.action?pageId=65873562";>
+                <img 
src="https://cwiki.apache.org/confluence/images/icons/notep_16.gif";
+                     height="16" width="16" border="0" align="absmiddle" 
title="Edit Page"></a>
+            <a 
href="https://cwiki.apache.org/confluence/pages/editpage.action?pageId=65873562";>Edit
 Page</a>
+            &nbsp;
+            <a 
href="https://cwiki.apache.org/confluence/pages/listpages.action?key=WW";>
+                <img 
src="https://cwiki.apache.org/confluence/images/icons/browse_space.gif";
+                     height="16" width="16" border="0" align="absmiddle" 
title="Browse Space"></a>
+            <a 
href="https://cwiki.apache.org/confluence/pages/listpages.action?key=WW";>Browse 
Space</a>
+            &nbsp;
+            <a 
href="https://cwiki.apache.org/confluence/pages/createpage.action?spaceKey=WW&fromPageId=65873562";>
+                <img 
src="https://cwiki.apache.org/confluence/images/icons/add_page_16.gif";
+                     height="16" width="16" border="0" align="absmiddle" 
title="Add Page"></a>
+            <a 
href="https://cwiki.apache.org/confluence/pages/createpage.action?spaceKey=WW&fromPageId=65873562";>Add
 Page</a>
+            &nbsp;
+            <a 
href="https://cwiki.apache.org/confluence/pages/createblogpost.action?spaceKey=WW&fromPageId=65873562";>
+                <img 
src="https://cwiki.apache.org/confluence/images/icons/add_blogentry_16.gif";
+                     height="16" width="16" border="0" align="absmiddle" 
title="Add News"></a>
+            <a 
href="https://cwiki.apache.org/confluence/pages/createblogpost.action?spaceKey=WW&fromPageId=65873562";>Add
 News</a>
+        </div>
+    </div>
+
+    <div class="pagecontent">
+        <div class="wiki-content">
+            <div id="ConfluenceContent"><h2 
id="S2-043-Summary">Summary</h2>Using the Config Browser plugin in 
production<div class="table-wrap"><table class="confluenceTable"><tbody><tr><th 
colspan="1" rowspan="1" class="confluenceTh"><p>Who should read 
this</p></th><td colspan="1" rowspan="1" class="confluenceTd"><p>All Struts 2 
developers and users</p></td></tr><tr><th colspan="1" rowspan="1" 
class="confluenceTh"><p>Impact of vulnerability</p></th><td colspan="1" 
rowspan="1" class="confluenceTd"><p>Usage of the Config Browser plugin in a 
production evnironment</p></td></tr><tr><th colspan="1" rowspan="1" 
class="confluenceTh"><p>Maximum security rating</p></th><td colspan="1" 
rowspan="1" class="confluenceTd"><p>Low</p></td></tr><tr><th colspan="1" 
rowspan="1" class="confluenceTh"><p>Recommendation</p></th><td colspan="1" 
rowspan="1" class="confluenceTd"><p>Please read the <a shape="rect" 
href="https://cwiki.apache.org/confluence/display/WW/Security#Security-RestrictaccesstotheConf
 igBrowser">Security guideline</a></p></td></tr><tr><th colspan="1" rowspan="1" 
class="confluenceTh"><p>Affected Software</p></th><td colspan="1" rowspan="1" 
class="confluenceTd"><p>Any Struts 2 version</p></td></tr><tr><th colspan="1" 
rowspan="1" class="confluenceTh"><p>Reporter</p></th><td colspan="1" 
rowspan="1" class="confluenceTd"><p>Yelin from Venustech 
Inc.</p></td></tr><tr><th colspan="1" rowspan="1" class="confluenceTh"><p>CVE 
Identifier</p></th><td colspan="1" rowspan="1" 
class="confluenceTd"><p>&#160;</p></td></tr></tbody></table></div><h2 
id="S2-043-Problem">Problem</h2><p>Usage of the Config Browser in a production 
environment can lead to exposing vunerable information of the 
application</p><h2 id="S2-043-Solution">Solution</h2><p>Please read out&#160;<a 
shape="rect" href="security.html">Security</a> guideline and restrict access to 
the Config Browwser or do not use in a production environment!</p><h2 
id="S2-043-Backwardcompatibility">Backward compatibility</h2><p>No bac
 kward incompatibility issues are expected.</p></div>
+        </div>
+
+        
+    </div>
+</div>
+<div class="footer">
+    Generated by CXF SiteExporter
+</div>
+</body>
+</html>

Modified: websites/production/struts/content/docs/security-bulletins.html
==============================================================================
--- websites/production/struts/content/docs/security-bulletins.html (original)
+++ websites/production/struts/content/docs/security-bulletins.html Tue Oct 18 
06:08:01 2016
@@ -126,7 +126,7 @@ under the License.
     <div class="pagecontent">
         <div class="wiki-content">
             <div id="ConfluenceContent"><p>The following security bulletins 
are available:</p>
-<ul class="childpages-macro"><li><a shape="rect" href="s2-001.html">S2-001</a> 
&#8212; <span class="smalltext">Remote code exploit on form validation 
error</span></li><li><a shape="rect" href="s2-002.html">S2-002</a> &#8212; 
<span class="smalltext">Cross site scripting (XSS) vulnerability on 
&lt;s:url&gt; and &lt;s:a&gt; tags</span></li><li><a shape="rect" 
href="s2-003.html">S2-003</a> &#8212; <span class="smalltext">XWork 
ParameterInterceptors bypass allows OGNL statement execution</span></li><li><a 
shape="rect" href="s2-004.html">S2-004</a> &#8212; <span 
class="smalltext">Directory traversal vulnerability while serving static 
content</span></li><li><a shape="rect" href="s2-005.html">S2-005</a> &#8212; 
<span class="smalltext">XWork ParameterInterceptors bypass allows remote 
command execution</span></li><li><a shape="rect" href="s2-006.html">S2-006</a> 
&#8212; <span class="smalltext">Multiple Cross-Site Scripting (XSS) in XWork 
generated error pages</span></li><li><a shape="rect" hr
 ef="s2-007.html">S2-007</a> &#8212; <span class="smalltext">User input is 
evaluated as an OGNL expression when there's a conversion 
error</span></li><li><a shape="rect" href="s2-008.html">S2-008</a> &#8212; 
<span class="smalltext">Multiple critical vulnerabilities in 
Struts2</span></li><li><a shape="rect" href="s2-009.html">S2-009</a> &#8212; 
<span class="smalltext">ParameterInterceptor vulnerability allows remote 
command execution</span></li><li><a shape="rect" href="s2-010.html">S2-010</a> 
&#8212; <span class="smalltext">When using Struts 2 token mechanism for CSRF 
protection, token check may be bypassed by misusing known session 
attributes</span></li><li><a shape="rect" href="s2-011.html">S2-011</a> &#8212; 
<span class="smalltext">Long request parameter names might significantly 
promote the effectiveness of DOS attacks</span></li><li><a shape="rect" 
href="s2-012.html">S2-012</a> &#8212; <span class="smalltext">Showcase app 
vulnerability allows remote command execution</span></li>
 <li><a shape="rect" href="s2-013.html">S2-013</a> &#8212; <span 
class="smalltext">A vulnerability, present in the includeParams attribute of 
the URL and Anchor Tag, allows remote command execution</span></li><li><a 
shape="rect" href="s2-014.html">S2-014</a> &#8212; <span class="smalltext">A 
vulnerability introduced by forcing parameter inclusion in the URL and Anchor 
Tag allows remote command execution, session access and manipulation and XSS 
attacks</span></li><li><a shape="rect" href="s2-015.html">S2-015</a> &#8212; 
<span class="smalltext">A vulnerability introduced by wildcard matching 
mechanism or double evaluation of OGNL Expression allows remote command 
execution.</span></li><li><a shape="rect" href="s2-016.html">S2-016</a> &#8212; 
<span class="smalltext">A vulnerability introduced by manipulating parameters 
prefixed with "action:"/"redirect:"/"redirectAction:" allows remote command 
execution</span></li><li><a shape="rect" href="s2-017.html">S2-017</a> &#8212; 
<span class="sma
 lltext">A vulnerability introduced by manipulating parameters prefixed with 
"redirect:"/"redirectAction:" allows for open redirects</span></li><li><a 
shape="rect" href="s2-018.html">S2-018</a> &#8212; <span 
class="smalltext">Broken Access Control Vulnerability in Apache 
Struts2</span></li><li><a shape="rect" href="s2-019.html">S2-019</a> &#8212; 
<span class="smalltext">Dynamic Method Invocation disabled by 
default</span></li><li><a shape="rect" href="s2-020.html">S2-020</a> &#8212; 
<span class="smalltext">Upgrade Commons FileUpload to version 1.3.1 (avoids DoS 
attacks) and adds 'class' to exclude params in ParametersInterceptor (avoid 
ClassLoader manipulation)</span></li><li><a shape="rect" 
href="s2-021.html">S2-021</a> &#8212; <span class="smalltext">Improves excluded 
params in ParametersInterceptor and CookieInterceptor to avoid ClassLoader 
manipulation</span></li><li><a shape="rect" href="s2-022.html">S2-022</a> 
&#8212; <span class="smalltext">Extends excluded params in CookieInt
 erceptor to avoid manipulation of Struts' internals</span></li><li><a 
shape="rect" href="s2-023.html">S2-023</a> &#8212; <span 
class="smalltext">Generated value of token can be predictable</span></li><li><a 
shape="rect" href="s2-024.html">S2-024</a> &#8212; <span 
class="smalltext">Wrong excludeParams overrides those defined in 
DefaultExcludedPatternsChecker</span></li><li><a shape="rect" 
href="s2-025.html">S2-025</a> &#8212; <span class="smalltext">Cross-Site 
Scripting Vulnerability in Debug Mode and in exposed JSP 
files</span></li><li><a shape="rect" href="s2-026.html">S2-026</a> &#8212; 
<span class="smalltext">Special top object can be used to access Struts' 
internals</span></li><li><a shape="rect" href="s2-027.html">S2-027</a> &#8212; 
<span class="smalltext">TextParseUtil.translateVariables does not filter 
malicious OGNL expressions</span></li><li><a shape="rect" 
href="s2-028.html">S2-028</a> &#8212; <span class="smalltext">Use of a JRE with 
broken URLDecoder implementation may l
 ead to XSS vulnerability in Struts 2 based web applications.</span></li><li><a 
shape="rect" href="s2-029.html">S2-029</a> &#8212; <span 
class="smalltext">Forced double OGNL evaluation, when evaluated on raw user 
input in tag attributes, may lead to remote code execution.</span></li><li><a 
shape="rect" href="s2-030.html">S2-030</a> &#8212; <span 
class="smalltext">Possible XSS vulnerability in 
I18NInterceptor</span></li><li><a shape="rect" href="s2-031.html">S2-031</a> 
&#8212; <span class="smalltext">XSLTResult can be used to parse arbitrary 
stylesheet</span></li><li><a shape="rect" href="s2-032.html">S2-032</a> &#8212; 
<span class="smalltext">Remote Code Execution can be performed via method: 
prefix when Dynamic Method Invocation is enabled.</span></li><li><a 
shape="rect" href="s2-033.html">S2-033</a> &#8212; <span 
class="smalltext">Remote Code Execution can be performed when using REST Plugin 
with ! operator when Dynamic Method Invocation is enabled.</span></li><li><a 
shape="rect" h
 ref="s2-034.html">S2-034</a> &#8212; <span class="smalltext">OGNL cache 
poisoning can lead to DoS vulnerability</span></li><li><a shape="rect" 
href="s2-035.html">S2-035</a> &#8212; <span class="smalltext">Action name clean 
up is error prone</span></li><li><a shape="rect" href="s2-036.html">S2-036</a> 
&#8212; <span class="smalltext">Forced double OGNL evaluation, when evaluated 
on raw user input in tag attributes, may lead to remote code execution (similar 
to S2-029)</span></li><li><a shape="rect" href="s2-037.html">S2-037</a> &#8212; 
<span class="smalltext">Remote Code Execution can be performed when using REST 
Plugin.</span></li><li><a shape="rect" href="s2-038.html">S2-038</a> &#8212; 
<span class="smalltext">It is possible to bypass token validation and perform a 
CSRF attack</span></li><li><a shape="rect" href="s2-039.html">S2-039</a> 
&#8212; <span class="smalltext">Getter as action method leads to security 
bypass</span></li><li><a shape="rect" href="s2-040.html">S2-040</a> &#8212
 ; <span class="smalltext">Input validation bypass using existing default 
action method.</span></li><li><a shape="rect" href="s2-041.html">S2-041</a> 
&#8212; <span class="smalltext">Possible DoS attack when using 
URLValidator</span></li></ul></div>
+<ul class="childpages-macro"><li><a shape="rect" href="s2-001.html">S2-001</a> 
&#8212; <span class="smalltext">Remote code exploit on form validation 
error</span></li><li><a shape="rect" href="s2-002.html">S2-002</a> &#8212; 
<span class="smalltext">Cross site scripting (XSS) vulnerability on 
&lt;s:url&gt; and &lt;s:a&gt; tags</span></li><li><a shape="rect" 
href="s2-003.html">S2-003</a> &#8212; <span class="smalltext">XWork 
ParameterInterceptors bypass allows OGNL statement execution</span></li><li><a 
shape="rect" href="s2-004.html">S2-004</a> &#8212; <span 
class="smalltext">Directory traversal vulnerability while serving static 
content</span></li><li><a shape="rect" href="s2-005.html">S2-005</a> &#8212; 
<span class="smalltext">XWork ParameterInterceptors bypass allows remote 
command execution</span></li><li><a shape="rect" href="s2-006.html">S2-006</a> 
&#8212; <span class="smalltext">Multiple Cross-Site Scripting (XSS) in XWork 
generated error pages</span></li><li><a shape="rect" hr
 ef="s2-007.html">S2-007</a> &#8212; <span class="smalltext">User input is 
evaluated as an OGNL expression when there's a conversion 
error</span></li><li><a shape="rect" href="s2-008.html">S2-008</a> &#8212; 
<span class="smalltext">Multiple critical vulnerabilities in 
Struts2</span></li><li><a shape="rect" href="s2-009.html">S2-009</a> &#8212; 
<span class="smalltext">ParameterInterceptor vulnerability allows remote 
command execution</span></li><li><a shape="rect" href="s2-010.html">S2-010</a> 
&#8212; <span class="smalltext">When using Struts 2 token mechanism for CSRF 
protection, token check may be bypassed by misusing known session 
attributes</span></li><li><a shape="rect" href="s2-011.html">S2-011</a> &#8212; 
<span class="smalltext">Long request parameter names might significantly 
promote the effectiveness of DOS attacks</span></li><li><a shape="rect" 
href="s2-012.html">S2-012</a> &#8212; <span class="smalltext">Showcase app 
vulnerability allows remote command execution</span></li>
 <li><a shape="rect" href="s2-013.html">S2-013</a> &#8212; <span 
class="smalltext">A vulnerability, present in the includeParams attribute of 
the URL and Anchor Tag, allows remote command execution</span></li><li><a 
shape="rect" href="s2-014.html">S2-014</a> &#8212; <span class="smalltext">A 
vulnerability introduced by forcing parameter inclusion in the URL and Anchor 
Tag allows remote command execution, session access and manipulation and XSS 
attacks</span></li><li><a shape="rect" href="s2-015.html">S2-015</a> &#8212; 
<span class="smalltext">A vulnerability introduced by wildcard matching 
mechanism or double evaluation of OGNL Expression allows remote command 
execution.</span></li><li><a shape="rect" href="s2-016.html">S2-016</a> &#8212; 
<span class="smalltext">A vulnerability introduced by manipulating parameters 
prefixed with "action:"/"redirect:"/"redirectAction:" allows remote command 
execution</span></li><li><a shape="rect" href="s2-017.html">S2-017</a> &#8212; 
<span class="sma
 lltext">A vulnerability introduced by manipulating parameters prefixed with 
"redirect:"/"redirectAction:" allows for open redirects</span></li><li><a 
shape="rect" href="s2-018.html">S2-018</a> &#8212; <span 
class="smalltext">Broken Access Control Vulnerability in Apache 
Struts2</span></li><li><a shape="rect" href="s2-019.html">S2-019</a> &#8212; 
<span class="smalltext">Dynamic Method Invocation disabled by 
default</span></li><li><a shape="rect" href="s2-020.html">S2-020</a> &#8212; 
<span class="smalltext">Upgrade Commons FileUpload to version 1.3.1 (avoids DoS 
attacks) and adds 'class' to exclude params in ParametersInterceptor (avoid 
ClassLoader manipulation)</span></li><li><a shape="rect" 
href="s2-021.html">S2-021</a> &#8212; <span class="smalltext">Improves excluded 
params in ParametersInterceptor and CookieInterceptor to avoid ClassLoader 
manipulation</span></li><li><a shape="rect" href="s2-022.html">S2-022</a> 
&#8212; <span class="smalltext">Extends excluded params in CookieInt
 erceptor to avoid manipulation of Struts' internals</span></li><li><a 
shape="rect" href="s2-023.html">S2-023</a> &#8212; <span 
class="smalltext">Generated value of token can be predictable</span></li><li><a 
shape="rect" href="s2-024.html">S2-024</a> &#8212; <span 
class="smalltext">Wrong excludeParams overrides those defined in 
DefaultExcludedPatternsChecker</span></li><li><a shape="rect" 
href="s2-025.html">S2-025</a> &#8212; <span class="smalltext">Cross-Site 
Scripting Vulnerability in Debug Mode and in exposed JSP 
files</span></li><li><a shape="rect" href="s2-026.html">S2-026</a> &#8212; 
<span class="smalltext">Special top object can be used to access Struts' 
internals</span></li><li><a shape="rect" href="s2-027.html">S2-027</a> &#8212; 
<span class="smalltext">TextParseUtil.translateVariables does not filter 
malicious OGNL expressions</span></li><li><a shape="rect" 
href="s2-028.html">S2-028</a> &#8212; <span class="smalltext">Use of a JRE with 
broken URLDecoder implementation may l
 ead to XSS vulnerability in Struts 2 based web applications.</span></li><li><a 
shape="rect" href="s2-029.html">S2-029</a> &#8212; <span 
class="smalltext">Forced double OGNL evaluation, when evaluated on raw user 
input in tag attributes, may lead to remote code execution.</span></li><li><a 
shape="rect" href="s2-030.html">S2-030</a> &#8212; <span 
class="smalltext">Possible XSS vulnerability in 
I18NInterceptor</span></li><li><a shape="rect" href="s2-031.html">S2-031</a> 
&#8212; <span class="smalltext">XSLTResult can be used to parse arbitrary 
stylesheet</span></li><li><a shape="rect" href="s2-032.html">S2-032</a> &#8212; 
<span class="smalltext">Remote Code Execution can be performed via method: 
prefix when Dynamic Method Invocation is enabled.</span></li><li><a 
shape="rect" href="s2-033.html">S2-033</a> &#8212; <span 
class="smalltext">Remote Code Execution can be performed when using REST Plugin 
with ! operator when Dynamic Method Invocation is enabled.</span></li><li><a 
shape="rect" h
 ref="s2-034.html">S2-034</a> &#8212; <span class="smalltext">OGNL cache 
poisoning can lead to DoS vulnerability</span></li><li><a shape="rect" 
href="s2-035.html">S2-035</a> &#8212; <span class="smalltext">Action name clean 
up is error prone</span></li><li><a shape="rect" href="s2-036.html">S2-036</a> 
&#8212; <span class="smalltext">Forced double OGNL evaluation, when evaluated 
on raw user input in tag attributes, may lead to remote code execution (similar 
to S2-029)</span></li><li><a shape="rect" href="s2-037.html">S2-037</a> &#8212; 
<span class="smalltext">Remote Code Execution can be performed when using REST 
Plugin.</span></li><li><a shape="rect" href="s2-038.html">S2-038</a> &#8212; 
<span class="smalltext">It is possible to bypass token validation and perform a 
CSRF attack</span></li><li><a shape="rect" href="s2-039.html">S2-039</a> 
&#8212; <span class="smalltext">Getter as action method leads to security 
bypass</span></li><li><a shape="rect" href="s2-040.html">S2-040</a> &#8212
 ; <span class="smalltext">Input validation bypass using existing default 
action method.</span></li><li><a shape="rect" href="s2-041.html">S2-041</a> 
&#8212; <span class="smalltext">Possible DoS attack when using 
URLValidator</span></li><li><a shape="rect" href="s2-042.html">S2-042</a> 
&#8212; <span class="smalltext">Possible path traversal in the Convention 
plugin</span></li><li><a shape="rect" href="s2-043.html">S2-043</a> &#8212; 
<span class="smalltext">Using the Config Browser plugin in 
production</span></li></ul></div>
         </div>
 
                     <div class="tabletitle">
@@ -141,6 +141,12 @@ under the License.
                     <span class="smalltext">(Apache Struts 2 
Documentation)</span>
                     <br>
                                     $page.link($child)
+                    <span class="smalltext">(Apache Struts 2 
Documentation)</span>
+                    <br>
+                                    $page.link($child)
+                    <span class="smalltext">(Apache Struts 2 
Documentation)</span>
+                    <br>
+                                    $page.link($child)
                     <span class="smalltext">(Apache Struts 2 
Documentation)</span>
                     <br>
                                     $page.link($child)

Modified: websites/production/struts/content/docs/tiles-plugin.html
==============================================================================
--- websites/production/struts/content/docs/tiles-plugin.html (original)
+++ websites/production/struts/content/docs/tiles-plugin.html Tue Oct 18 
06:08:01 2016
@@ -138,7 +138,16 @@ under the License.
 
     <div class="pagecontent">
         <div class="wiki-content">
-            <div id="ConfluenceContent"><div 
class="confluence-information-macro 
confluence-information-macro-information"><span class="aui-icon aui-icon-small 
aui-iconfont-info confluence-information-macro-icon"></span><div 
class="confluence-information-macro-body"><p>Tiles is a templating framework 
designed to easily allow the creation of web application pages with a 
consistent look and feel. It can be used for both page decorating and 
componentization.</p></div></div><p>The Tiles pluginallows actions to return 
Tiles pages</p><h2 id="TilesPlugin-Features">Features</h2><ul><li>Supports 
Tiles in Freemarker, JSP, and Velocity</li><li>Provides annotations to keep 
tiles.xml short and put definitons into actions</li></ul><h2 
id="TilesPlugin-Usage">Usage</h2><p>The following steps must be taken in order 
to enable tiles support within your Struts2 application:</p><ol><li><p>Include 
the struts-tiles-plugin as a dependency in your web application. If you are 
using maven2, the dependency con
 figuration will be similar to:</p><div class="code panel pdl" 
style="border-width: 1px;"><div class="codeContent panelContent pdl">
+            <div id="ConfluenceContent"><p><style type="text/css">/*<![CDATA[*/
+div.rbtoc1476770248680 {padding: 0px;}
+div.rbtoc1476770248680 ul {list-style: disc;margin-left: 0px;}
+div.rbtoc1476770248680 li {margin-left: 0px;padding-left: 0px;}
+
+/*]]>*/</style></p><div class="toc-macro rbtoc1476770248680">
+<ul class="toc-indentation"><li><a shape="rect" 
href="#TilesPlugin-Features">Features</a></li><li><a shape="rect" 
href="#TilesPlugin-Usage">Usage</a>
+<ul class="toc-indentation"><li><a shape="rect" 
href="#TilesPlugin-AccessingStrutsattributes">Accessing Struts 
attributes</a></li><li><a shape="rect" 
href="#TilesPlugin-I18N">I18N</a></li></ul>
+</li><li><a shape="rect" href="#TilesPlugin-Example">Example</a></li><li><a 
shape="rect" href="#TilesPlugin-Settings">Settings</a></li><li><a shape="rect" 
href="#TilesPlugin-Installation">Installation</a></li></ul>
+</div><div class="confluence-information-macro 
confluence-information-macro-information"><span class="aui-icon aui-icon-small 
aui-iconfont-info confluence-information-macro-icon"></span><div 
class="confluence-information-macro-body"><p>Tiles is a templating framework 
designed to easily allow the creation of web application pages with a 
consistent look and feel. It can be used for both page decorating and 
componentization.</p></div></div><p>The Tiles pluginallows actions to return 
Tiles pages</p><h2 id="TilesPlugin-Features">Features</h2><ul><li>Supports 
Tiles in Freemarker, JSP, and Velocity</li><li>Provides annotations to keep 
tiles.xml short and put definitons into actions</li></ul><h2 
id="TilesPlugin-Usage">Usage</h2><p>The following steps must be taken in order 
to enable tiles support within your Struts2 application:</p><ol><li><p>Include 
the struts-tiles-plugin as a dependency in your web application. If you are 
using maven2, the dependency configuration will be similar to:</p>
 <div class="code panel pdl" style="border-width: 1px;"><div class="codeContent 
panelContent pdl">
 <pre class="brush: xml; gutter: false; theme: Default" 
style="font-size:12px;">&lt;dependency&gt;
   &lt;groupId&gt;org.apache.struts&lt;/groupId&gt;
   &lt;artifactId&gt;struts2-tiles-plugin&lt;/artifactId&gt;
@@ -186,7 +195,17 @@ public class FooAction extends ActionSup
     &lt;/definition&gt;
 
 &lt;/tiles-definitions&gt;</pre>
-</div></div></li></ol><div class="confluence-information-macro 
confluence-information-macro-information"><span class="aui-icon aui-icon-small 
aui-iconfont-info confluence-information-macro-icon"></span><div 
class="confluence-information-macro-body"><p>As from Struts 2.3.28, the plugin 
automatically loads all Tiles definitions matching the following pattern 
<code>tiles*.xml</code> - you don't have to specify them via 
<code>org.apache.tiles.definition.DefinitionsFactory.DEFINITIONS_CONFIG</code> 
in <code>web.xml</code>, but you can use this option if your application is 
going to work in restricted servlet environment e.g. Google AppEngine. In such 
case, defintions will be read from provided init-param.</p></div></div><h2 
id="TilesPlugin-Example">Example</h2><p>This example shows a Tiles layout page 
using Struts tags:</p><div class="code panel pdl" style="border-width: 
1px;"><div class="codeContent panelContent pdl">
+</div></div></li></ol><p>&#160;</p><div class="confluence-information-macro 
confluence-information-macro-information"><span class="aui-icon aui-icon-small 
aui-iconfont-info confluence-information-macro-icon"></span><div 
class="confluence-information-macro-body"><p>As from Struts 2.3.28, the plugin 
automatically loads all Tiles definitions matching the following pattern 
<code>tiles*.xml</code> - you don't have to specify them via 
<code>org.apache.tiles.definition.DefinitionsFactory.DEFINITIONS_CONFIG</code> 
in <code>web.xml</code>, but you can use this option if your application is 
going to work in restricted servlet environment e.g. Google AppEngine. In such 
case, definitions will be read from provided 
<code>init-param</code>.</p></div></div><h3 
id="TilesPlugin-AccessingStrutsattributes">Accessing Struts 
attributes</h3><p>As from Struts version 2.5.3 it's possible accessing defined 
values on a&#160;<code>ValueStack</code> using&#160;<code>S2</code> prefix when 
defining an expression
  in tiles definition, e.g.:</p><div class="code panel pdl" 
style="border-width: 1px;"><div class="codeContent panelContent pdl">
+<pre class="brush: xml; gutter: false; theme: Default" 
style="font-size:12px;">&lt;definition name="home" extends="logged-in"&gt;
+  &lt;put-attribute name="title" expression="S2:actionProperty"/&gt;
+  &lt;put-attribute name="body" value="/WEB-INF/tiles/home.jsp"/&gt;
+&lt;/definition&gt;</pre>
+</div></div><p>In such case Tiles will delegate evaluation of the expression 
to Struts and&#160;<code>ValueStack</code> will be examined to evaluate the 
expression.</p><h3 id="TilesPlugin-I18N">I18N</h3><p>Instead of defining new 
tiles definitions per supported language 
(i.e.:&#160;<code>tiles.xml</code>,&#160;<code>tiles_de.xml</code>,&#160;<code>tiles_pl.xml</code>)
 you can use&#160;<code>I18N</code> prefix to evaluate provided expression as a 
key in Struts resource bundles.&#160;</p><div class="code panel pdl" 
style="border-width: 1px;"><div class="codeContent panelContent pdl">
+<pre class="brush: xml; gutter: false; theme: Default" 
style="font-size:12px;">&lt;definition name="home" extends="logged-in"&gt;
+  &lt;put-attribute name="title" expression="I18N:home.title"/&gt;
+  &lt;put-attribute name="body" value="/WEB-INF/tiles/home.jsp"/&gt;
+&lt;/definition&gt;</pre>
+</div></div><h2 id="TilesPlugin-Example">Example</h2><p>This example shows a 
Tiles layout page using Struts tags:</p><div class="code panel pdl" 
style="border-width: 1px;"><div class="codeContent panelContent pdl">
 <script class="brush: xml; gutter: false; theme: Default" 
type="syntaxhighlighter"><![CDATA[
 &lt;%@ taglib uri=&quot;http://tiles.apache.org/tags-tiles&quot; 
prefix=&quot;tiles&quot; %&gt;
 &lt;%@ taglib prefix=&quot;s&quot; uri=&quot;/struts-tags&quot; %&gt;


Reply via email to