Repository: struts-site Updated Branches: refs/heads/asf-site 47b6ee7b7 -> 1fb1b66a8
Updates exported docs Project: http://git-wip-us.apache.org/repos/asf/struts-site/repo Commit: http://git-wip-us.apache.org/repos/asf/struts-site/commit/1fb1b66a Tree: http://git-wip-us.apache.org/repos/asf/struts-site/tree/1fb1b66a Diff: http://git-wip-us.apache.org/repos/asf/struts-site/diff/1fb1b66a Branch: refs/heads/asf-site Commit: 1fb1b66a878d659098b2b75d297486fbd2554721 Parents: 47b6ee7 Author: Lukasz Lenart <lukaszlen...@apache.org> Authored: Wed Aug 9 07:22:41 2017 +0200 Committer: Lukasz Lenart <lukaszlen...@apache.org> Committed: Wed Aug 9 07:22:41 2017 +0200 ---------------------------------------------------------------------- content/docs/rest-plugin.html | 34 ++++++++++++------------ content/docs/s2-049.html | 2 +- content/docs/struts-23-to-25-migration.html | 12 ++++----- content/docs/version-notes-2512.html | 8 +++++- 4 files changed, 31 insertions(+), 25 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/struts-site/blob/1fb1b66a/content/docs/rest-plugin.html ---------------------------------------------------------------------- diff --git a/content/docs/rest-plugin.html b/content/docs/rest-plugin.html index 794dcfd..25c3b8c 100644 --- a/content/docs/rest-plugin.html +++ b/content/docs/rest-plugin.html @@ -140,24 +140,24 @@ under the License. <div class="pagecontent"> <div class="wiki-content"> <div id="ConfluenceContent"><div class="confluence-information-macro confluence-information-macro-information"><span class="aui-icon aui-icon-small aui-iconfont-info confluence-information-macro-icon"></span><div class="confluence-information-macro-body"><p>This plugin is only available with Struts 2.1.1 or later</p></div></div><p><style type="text/css">/*<![CDATA[*/ -div.rbtoc1488974123313 {padding: 0px;} -div.rbtoc1488974123313 ul {list-style: disc;margin-left: 0px;} -div.rbtoc1488974123313 li {margin-left: 0px;padding-left: 0px;} - -/*]]>*/</style></p><div class="toc-macro rbtoc1488974123313"> -<ul class="toc-indentation"><li><span class="TOCOutline">1</span> <a shape="rect" href="#RESTPlugin-Overview">Overview</a> -<ul class="toc-indentation"><li><span class="TOCOutline">1.1</span> <a shape="rect" href="#RESTPlugin-Features">Features</a></li><li><span class="TOCOutline">1.2</span> <a shape="rect" href="#RESTPlugin-MappingRESTURLstoStruts2Actions">Mapping REST URLs to Struts 2 Actions</a> -<ul class="toc-indentation"><li><span class="TOCOutline">1.2.1</span> <a shape="rect" href="#RESTPlugin-RESTfulURLMappingLogic">RESTful URL Mapping Logic</a></li></ul> -</li><li><span class="TOCOutline">1.3</span> <a shape="rect" href="#RESTPlugin-ContentTypes">Content Types</a></li></ul> -</li><li><span class="TOCOutline">2</span> <a shape="rect" href="#RESTPlugin-Usage">Usage</a> -<ul class="toc-indentation"><li><span class="TOCOutline">2.1</span> <a shape="rect" href="#RESTPlugin-SettingUp">Setting Up</a> -<ul class="toc-indentation"><li><span class="TOCOutline">2.1.1</span> <a shape="rect" href="#RESTPlugin-Configuration(struts.xml)">Configuration ( struts.xml )</a> -<ul class="toc-indentation"><li><span class="TOCOutline">2.1.1.1</span> <a shape="rect" href="#RESTPlugin-RESTOnlyConfiguration">REST Only Configuration</a></li><li><span class="TOCOutline">2.1.1.2</span> <a shape="rect" href="#RESTPlugin-RESTandnon-RESTfulURL'sTogetherConfiguration">REST and non-RESTful URL's Together Configuration</a></li></ul> +div.rbtoc1502255738506 {padding: 0px;} +div.rbtoc1502255738506 ul {list-style: disc;margin-left: 0px;} +div.rbtoc1502255738506 li {margin-left: 0px;padding-left: 0px;} + +/*]]>*/</style></p><div class="toc-macro rbtoc1502255738506"> +<ul class="toc-indentation"><li><a shape="rect" href="#RESTPlugin-Overview">Overview</a> +<ul class="toc-indentation"><li><a shape="rect" href="#RESTPlugin-Features">Features</a></li><li><a shape="rect" href="#RESTPlugin-MappingRESTURLstoStruts2Actions">Mapping REST URLs to Struts 2 Actions</a> +<ul class="toc-indentation"><li><a shape="rect" href="#RESTPlugin-RESTfulURLMappingLogic">RESTful URL Mapping Logic</a></li></ul> +</li><li><a shape="rect" href="#RESTPlugin-ContentTypes">Content Types</a></li></ul> +</li><li><a shape="rect" href="#RESTPlugin-Usage">Usage</a> +<ul class="toc-indentation"><li><a shape="rect" href="#RESTPlugin-SettingUp">Setting Up</a> +<ul class="toc-indentation"><li><a shape="rect" href="#RESTPlugin-Configuration(struts.xml)">Configuration ( struts.xml )</a> +<ul class="toc-indentation"><li><a shape="rect" href="#RESTPlugin-RESTOnlyConfiguration">REST Only Configuration</a></li><li><a shape="rect" href="#RESTPlugin-RESTandnon-RESTfulURL'sTogetherConfiguration">REST and non-RESTful URL's Together Configuration</a></li></ul> </li></ul> -</li><li><span class="TOCOutline">2.2</span> <a shape="rect" href="#RESTPlugin-WriteYourControllerActions">Write Your Controller Actions</a></li></ul> -</li><li><span class="TOCOutline">3</span> <a shape="rect" href="#RESTPlugin-AdvancedTopics">Advanced Topics</a> -<ul class="toc-indentation"><li><span class="TOCOutline">3.1</span> <a shape="rect" href="#RESTPlugin-CustomContentTypeHandlers">Custom ContentTypeHandlers</a></li><li><span class="TOCOutline">3.2</span> <a shape="rect" href="#RESTPlugin-UseJacksonframeworkasJSONContentTypeHandler">Use Jackson framework as JSON ContentTypeHandler</a></li><li><span class="TOCOutline">3.3</span> <a shape="rect" href="#RESTPlugin-Settings">Settings</a></li></ul> -</li><li><span class="TOCOutline">4</span> <a shape="rect" href="#RESTPlugin-Resources">Resources</a></li><li><span class="TOCOutline">5</span> <a shape="rect" href="#RESTPlugin-VersionHistory">Version History</a></li></ul> +</li><li><a shape="rect" href="#RESTPlugin-WriteYourControllerActions">Write Your Controller Actions</a></li></ul> +</li><li><a shape="rect" href="#RESTPlugin-AdvancedTopics">Advanced Topics</a> +<ul class="toc-indentation"><li><a shape="rect" href="#RESTPlugin-CustomContentTypeHandlers">Custom ContentTypeHandlers</a></li><li><a shape="rect" href="#RESTPlugin-UseJacksonframeworkasJSONContentTypeHandler">Use Jackson framework as JSON ContentTypeHandler</a></li><li><a shape="rect" href="#RESTPlugin-Settings">Settings</a></li></ul> +</li><li><a shape="rect" href="#RESTPlugin-Resources">Resources</a></li><li><a shape="rect" href="#RESTPlugin-VersionHistory">Version History</a></li></ul> </div><h2 id="RESTPlugin-Overview">Overview</h2><p>The REST Pluginprovides high level support for the implementation of RESTful resource based web applicationsThe REST plugin can cooperate with the <a shape="rect" href="convention-plugin.html">Convention Plugin</a> to support a zero configuration approach to declaring your actions and results, but you can always use the REST plugin with XML style configuration if you like.</p><p>If you prefer to see a working code example, instead of reading through an explanation, you can download the <a shape="rect" class="external-link" href="http://struts.apache.org/download.cgi#struts-ga";>struts2 sample apps</a> and check out the <code>struts2-rest-showcase</code> application, a complete WAR file, that demonstrates a simple REST web program.</p><h3 id="RESTPlugin-Features">Features</h3><ul><li>Ruby on Rails REST-style URLs</li><li>Zero XML config when used with Convention Plugin</li><li>Built-in serialization and deserialization support for XML and JSON</li><li>Automatic error handling</li><li>Type-safe configuration of the HTTP response</li><li>Automatic conditional GET support</li></ul><h3 id="RESTPlugin-MappingRESTURLstoStruts2Actions">Mapping REST URLs to Struts 2 Actions</h3><p>The main functionality of the REST plugin lies in the interpretation of incoming request URL's according the RESTful rules. In the Struts 2 framework, this 'mapping' of request URL's to Actions is handled by in implementation of the <a shape="rect" class="external-link" href="http://struts.apache.org/maven/struts2-core/apidocs/org/apache/struts2/dispatcher/mapper/ActionMapper.html";><code>ActionMapper</code></a> interface. Out of the box, Struts 2 uses the <a shape="rect" class="external-link" href="http://struts.apache.org/maven/struts2-core/apidocs/org/apache/struts2/dispatcher/mapper/DefaultActionMapper.html";><code>DefaultActionMapper</code></a> to map URL's to Actions via the logic you are probably already familiar with.</p><div class="conf luence-information-macro confluence-information-macro-note"><span class="aui-icon aui-icon-small aui-iconfont-warning confluence-information-macro-icon"></span><div class="confluence-information-macro-body"><p><em>Actions or Controllers</em>? Most Struts 2 developers are familiar with the Action. They are the things that get executed by the incoming requests. In the context of the REST plugin, just to keep you on your toes, we'll adopt the RESTful lingo and refer to our Actions as <em>Controllers</em>. Don't be confused; it's just a name!</p></div></div><p>The REST plugin provides an alternative implementation, <a shape="rect" class="external-link" href="http://struts.apache.org/maven/struts2-plugins/struts2-rest-plugin/apidocs/org/apache/struts2/rest/RestActionMapper.html";><code>RestActionMapper</code></a>, that provides the RESTful logic that maps a URL to a give action class ( aka 'controller' in RESTful terms ) and, more specifically, to the invocation of a method on that contro ller class. The following section, which comes from the Javadoc for the class, details this logic.</p><h4 id="RESTPlugin-RESTfulURLMappingLogic">RESTful URL Mapping Logic</h4><p>This Restful action mapper enforces Ruby-On-Rails REST-style mappings. If the method is not specified (via '!' or 'method:' prefix), the method is "guessed" at using REST-style conventions that examine the URL and the HTTP method. Special care has been given to ensure this mapper works correctly with the codebehind plugin so that XML configuration is unnecessary.</p><p>This mapper supports the following parameters:</p><ul style="list-style-type: square;"><li><span style="line-height: 1.4285715;"><code>struts.mapper.idParameterName</code> - If set, this value will be the name</span><span style="line-height: 1.4285715;"> of the parameter under which the id is stored. The id will then be removed</span><span style="line-height: 1.4285715;"> from the action name. Whether or not the method is s pecified, the mapper will </span><span style="line-height: 1.4285715;"> try to truncate the identifier from the url and store it as a parameter.</span></li><li><span style="line-height: 1.4285715;"><code>struts.mapper.indexMethodName</code> - The method name to call for a GET</span><span style="line-height: 1.4285715;"> request with no id parameter. Defaults to <strong>index</strong>.</span></li><li><span style="line-height: 1.4285715;"><code>struts.mapper.getMethodName</code> - The method name to call for a GET</span><span style="line-height: 1.4285715;"> request with an id parameter. Defaults to <strong>show</strong>.</span></li><li><span style="line-height: 1.4285715;"><code>struts.mapper.postMethodName</code> - The method name to call for a POST</span><span style="line-height: 1.4285715;"> request with no id parameter. Defaults to <strong>create</strong>.</span></li><li><span style="line-height: 1.4285715;"><code>struts.mapper.putMethodName</code> - The method name to call for a PUT</span><span style="line-height: 1.4285715;"> request with an id parameter. Defaults to <strong>update</strong>.</span></li><li><span style="line-height: 1.4285715;"><code>struts.mapper.deleteMethodName</code> - The method name to call for a DELETE</span><span style="line-height: 1.4285715;"> request with an id parameter. Defaults to <strong>destroy</strong>.</span></li><li><span style="line-height: 1.4285715;"><code>struts.mapper.editMethodName</code> - The method name to call for a GET</span><span style="line-height: 1.4285715;"> request with an id parameter and the <strong>edit</strong> view specified. Defaults to <strong>edit</strong>.</span></li><li><span style="line-height: 1.4285715;"><code>struts.mapper.newMethodName</code> - The method name to call for a GET</span><span style="line-height: 1.4285715;"> request with no id parameter and the <strong>new</strong> view specified. Defaults to <strong>editNew</strong>.</sp an></li></ul><p>The following URL's will invoke its methods:</p><ul style="list-style-type: square;"><li><code>GET: /movies</code> => method=<strong>index</strong></li><li><span style="line-height: 1.4285715;"><code>GET: /movies/Thrillers</code> => method=<strong>show</strong>, id=<strong>Thrillers</strong></span></li><li><span style="line-height: 1.4285715;"><code>GET: /movies/Thrillers;edit</code> => method=<strong>edit</strong>, id=<strong>Thrillers</strong></span></li><li><span style="line-height: 1.4285715;"><code>GET: /movies/Thrillers/edit</code> => method=<strong>edit</strong>, id=<strong>Thrillers</strong></span></li><li><span style="line-height: 1.4285715;"><code>GET: /movies/new</code> => method=<strong>editNew</strong></span></li><li><span style="line-height: 1.4285715;"><code>POST: /movies</code> => method=<strong>create</strong></span></li><li><span style="line-height: 1.4285715;"><code>PUT: /movies/Thrillers</code> => method=<strong>update</strong>, id=<strong>Thrillers</strong></span></li><li><span style="line-height: 1.4285715;"><code>DELETE: /movies/Thrillers</code> => method=<strong>destroy</strong>, id=<strong>Thrillers</strong></span></li></ul><div class="confluence-information-macro confluence-information-macro-note"><span class="aui-icon aui-icon-small aui-iconfont-warning confluence-information-macro-icon"></span><div class="confluence-information-macro-body"><p>To simulate the HTTP methods PUT and DELETE, since they aren't supported by HTML, the HTTP parameter "_method" will be used.</p></div></div><p>Or, expressed as a table:</p><div class="table-wrap"><table class="confluenceTable"><tbody><tr><th colspan="1" rowspan="1" class="confluenceTh"><p>HTTP method</p></th><th colspan="1" rowspan="1" class="confluenceTh"><p>URI</p></th><th colspan="1" rowspan="1" class="confluenceTh"><p>Class.method</p></th><th colspan="1" rowspan="1" class="confluenceTh"><p>parameters</p></th></t r><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>GET</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>/movie</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>Movie.index</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p> </p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>POST</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>/movie</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>Movie.create</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p> </p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>PUT</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>/movie/Thrillers</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>Movie.update</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>id="Thrillers"</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>DELETE</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>/movie/Thrille rs</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>Movie.destroy</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>id="Thrillers"</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>GET</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>/movie/Thrillers</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>Movie.show</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>id="Thrillers"</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>GET</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>/movie/Thrillers/edit</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>Movie.edit</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>id="Thrillers"</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>GET</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>/movie/new</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>Movie.editNew</p></td><td colspan="1" rowspa n="1" class="confluenceTd"><p> </p></td></tr></tbody></table></div><h3 id="RESTPlugin-ContentTypes">Content Types</h3><p>In addition to providing mapping of RESTful URL's to Controller ( Action ) invocations, the REST plugin also provides the ability to produce multiple representations of the resource data. By default, the plugin can return the resource in the following content types:</p><ul style="list-style-type: square;"><li>HTML</li><li><span style="line-height: 1.4285715;">XML </span></li><li><span style="line-height: 1.4285715;">JSON</span></li></ul><p>There is nothing configure here, just add the conent type extension to your RESTful URL. The framework will take care of the rest. So, for instance, assuming a Controller called Movies and a movie with the id of superman, the following URL's will all hit the</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl"> <pre class="brush: java; gutter: false; theme: Default" style="font-size:12px;">http://my.company.com/myapp/movies/superman http://my.company.com/myapp/movies/superman.xml http://git-wip-us.apache.org/repos/asf/struts-site/blob/1fb1b66a/content/docs/s2-049.html ---------------------------------------------------------------------- diff --git a/content/docs/s2-049.html b/content/docs/s2-049.html index 173981f..fc8c5ac 100644 --- a/content/docs/s2-049.html +++ b/content/docs/s2-049.html @@ -139,7 +139,7 @@ under the License. <div class="pagecontent"> <div class="wiki-content"> - <div id="ConfluenceContent"><h2 id="S2-049-Summary">Summary</h2>A DoS attack is available for Spring secured actions<div class="table-wrap"><table class="confluenceTable"><tbody><tr><th colspan="1" rowspan="1" class="confluenceTh"><p>Who should read this</p></th><td colspan="1" rowspan="1" class="confluenceTd"><p>All Struts 2 developers and users</p></td></tr><tr><th colspan="1" rowspan="1" class="confluenceTh"><p>Impact of vulnerability</p></th><td colspan="1" rowspan="1" class="confluenceTd"><p>A DoS attack is available for Spring secured actions</p></td></tr><tr><th colspan="1" rowspan="1" class="confluenceTh"><p>Maximum security rating</p></th><td colspan="1" rowspan="1" class="confluenceTd"><p>Medium</p></td></tr><tr><th colspan="1" rowspan="1" class="confluenceTh"><p>Recommendation</p></th><td colspan="1" rowspan="1" class="confluenceTd"><p>Upgrade to <a shape="rect" href="version-notes-2512.html">Struts 2.5.12</a></p></td></tr><tr><th colspan="1" rowspan="1" class ="confluenceTh"><p>Affected Software</p></th><td colspan="1" rowspan="1" class="confluenceTd"><p>Struts 2.3.7 - Struts 2.3.32, Struts 2.5 -<span style="color: rgb(23,35,59);"> Struts 2.5.10.1</span></p></td></tr><tr><th colspan="1" rowspan="1" class="confluenceTh"><p>Reporter</p></th><td colspan="1" rowspan="1" class="confluenceTd"><p>Yasser Zamani <yasser dot zamani at live dot com></p></td></tr><tr><th colspan="1" rowspan="1" class="confluenceTh"><p>CVE Identifier</p></th><td colspan="1" rowspan="1" class="confluenceTd"><p>CVE-2017-9787</p></td></tr></tbody></table></div><h2 id="S2-049-Problem">Problem</h2><p>When using a Spring AOP functionality to secure Struts actions it is possible to perform a DoS attack when user was properly authenticated</p><p><span style="font-size: 20.0px;">Solution</span></p><p>Upgrade to Apache Struts version 2.5.12 or 2.3.33.</p><h2 id="S2-049-Backwardcompatibility">Backward compatibility</h2><p>No backward incompatibility issues are expected.</ p><h2 id="S2-049-Workaround">Workaround</h2><p>Please define the below constant in a <code>struts.xml</code> file:</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl"> + <div id="ConfluenceContent"><h2 id="S2-049-Summary">Summary</h2>A DoS attack is available for Spring secured actions<div class="table-wrap"><table class="confluenceTable"><tbody><tr><th colspan="1" rowspan="1" class="confluenceTh"><p>Who should read this</p></th><td colspan="1" rowspan="1" class="confluenceTd"><p>All Struts 2 developers and users</p></td></tr><tr><th colspan="1" rowspan="1" class="confluenceTh"><p>Impact of vulnerability</p></th><td colspan="1" rowspan="1" class="confluenceTd"><p>A DoS attack is available for Spring secured actions</p></td></tr><tr><th colspan="1" rowspan="1" class="confluenceTh"><p>Maximum security rating</p></th><td colspan="1" rowspan="1" class="confluenceTd"><p>High</p></td></tr><tr><th colspan="1" rowspan="1" class="confluenceTh"><p>Recommendation</p></th><td colspan="1" rowspan="1" class="confluenceTd"><p>Upgrade to <a shape="rect" href="version-notes-2512.html">Struts 2.5.12</a></p></td></tr><tr><th colspan="1" rowspan="1" class=" confluenceTh"><p>Affected Software</p></th><td colspan="1" rowspan="1" class="confluenceTd"><p>Struts 2.3.7 - Struts 2.3.32, Struts 2.5 -<span style="color: rgb(23,35,59);"> Struts 2.5.10.1</span></p></td></tr><tr><th colspan="1" rowspan="1" class="confluenceTh"><p>Reporter</p></th><td colspan="1" rowspan="1" class="confluenceTd"><p>Yasser Zamani <yasser dot zamani at live dot com></p></td></tr><tr><th colspan="1" rowspan="1" class="confluenceTh"><p>CVE Identifier</p></th><td colspan="1" rowspan="1" class="confluenceTd"><p>CVE-2017-9787</p></td></tr></tbody></table></div><h2 id="S2-049-Problem">Problem</h2><p>When using a Spring AOP functionality to secure Struts actions it is possible to perform a DoS attack even if user was not properly authenticated but an application mixed secured and not secured actions in one class.</p><p><span style="font-size: 20.0px;">Solution</span></p><p>Upgrade to Apache Struts version 2.5.12 or 2.3.33.</p><h2 id="S2-049-Backwardcompatibility">Back ward compatibility</h2><p>No backward incompatibility issues are expected.</p><h2 id="S2-049-Workaround">Workaround</h2><p>Please define the below constant in a <code>struts.xml</code> file:</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl"> <pre class="brush: java; gutter: false; theme: Default" style="font-size:12px;"><constant name="struts.additional.excludedPatterns" value=".\.accessDecisionManager\.." /></pre> </div></div><p> </p><p> </p></div> </div> http://git-wip-us.apache.org/repos/asf/struts-site/blob/1fb1b66a/content/docs/struts-23-to-25-migration.html ---------------------------------------------------------------------- diff --git a/content/docs/struts-23-to-25-migration.html b/content/docs/struts-23-to-25-migration.html index 43a7fea..9155a52 100644 --- a/content/docs/struts-23-to-25-migration.html +++ b/content/docs/struts-23-to-25-migration.html @@ -140,12 +140,12 @@ under the License. <div class="pagecontent"> <div class="wiki-content"> <div id="ConfluenceContent"><p><style type="text/css">/*<![CDATA[*/ -div.rbtoc1492970356602 {padding: 0px;} -div.rbtoc1492970356602 ul {list-style: disc;margin-left: 0px;} -div.rbtoc1492970356602 li {margin-left: 0px;padding-left: 0px;} +div.rbtoc1502255740100 {padding: 0px;} +div.rbtoc1502255740100 ul {list-style: disc;margin-left: 0px;} +div.rbtoc1502255740100 li {margin-left: 0px;padding-left: 0px;} -/*]]>*/</style></p><div class="toc-macro rbtoc1492970356602"> -<ul class="toc-indentation"><li><a shape="rect" href="#Struts2.3to2.5migration-Dependencies">Dependencies</a></li><li><a shape="rect" href="#Struts2.3to2.5migration-StrutsPrepareAndExecuteFilter">StrutsPrepareAndExecuteFilter</a></li><li><a shape="rect" href="#Struts2.3to2.5migration-DTD">DTD</a></li><li><a shape="rect" href="#Struts2.3to2.5migration-Tagsattributes">Tags attributes</a></li><li><a shape="rect" href="#Struts2.3to2.5migration-Divtag">Div tag</a></li><li><a shape="rect" href="#Struts2.3to2.5migration-Fieldnames">Field names</a></li><li><a shape="rect" href="#Struts2.3to2.5migration-Tiles">Tiles</a></li><li><a shape="rect" href="#Struts2.3to2.5migration-Temp/WorkdirectoryofApplicationServer/ServletContainer">Temp/Work directory of ApplicationServer/ServletContainer</a></li></ul> +/*]]>*/</style></p><div class="toc-macro rbtoc1502255740100"> +<ul class="toc-indentation"><li><a shape="rect" href="#Struts2.3to2.5migration-Dependencies">Dependencies</a></li><li><a shape="rect" href="#Struts2.3to2.5migration-StrutsPrepareAndExecuteFilter">StrutsPrepareAndExecuteFilter</a></li><li><a shape="rect" href="#Struts2.3to2.5migration-DTD">DTD</a></li><li><a shape="rect" href="#Struts2.3to2.5migration-HTML5">HTML 5</a></li><li><a shape="rect" href="#Struts2.3to2.5migration-Tagsattributes">Tags attributes</a></li><li><a shape="rect" href="#Struts2.3to2.5migration-Divtag">Div tag</a></li><li><a shape="rect" href="#Struts2.3to2.5migration-Fieldnames">Field names</a></li><li><a shape="rect" href="#Struts2.3to2.5migration-Tiles">Tiles</a></li><li><a shape="rect" href="#Struts2.3to2.5migration-Temp/WorkdirectoryofApplicationServer/ServletContainer">Temp/Work directory of ApplicationServer/ServletContainer</a></li></ul> </div><h3 id="Struts2.3to2.5migration-Dependencies">Dependencies</h3><p>Update Struts dependencies to 2.5.<br clear="none"><br clear="none">Remove the following plugin dependencies because they were dropped and aren't supported anymore.</p><ul><li>Dojo Plugin</li><li>Codebehind Plugin</li><li>JSF Plugin</li><li>Struts1 Plugin</li></ul><p>Please be aware that the framework is using Log4j2 now as a main logging layer, the existing old logging layer is deprecated and will be removed soon. Log4j2 supports many different logging implementations, please check documentations for more details.</p><h3 id="Struts2.3to2.5migration-StrutsPrepareAndExecuteFilter">StrutsPrepareAndExecuteFilter</h3><p>The <code>org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter</code> was moved to <code>org.apache.struts2.dispatcher.filter.StrutsPrepareAndExecuteFilter</code>.<br clear="none"><br clear="none">In web.xml replace this:</p><div class="code panel pdl" style="border-width: 1px;" ><div class="codeContent panelContent pdl"> <pre class="brush: xml; gutter: false; theme: Default" style="font-size:12px;"><filter> <filter-name>struts2</filter-name> @@ -164,7 +164,7 @@ div.rbtoc1492970356602 li {margin-left: 0px;padding-left: 0px;} <pre class="brush: xml; gutter: false; theme: Default" style="font-size:12px;"><!DOCTYPE struts PUBLIC "-//Apache Software Foundation//DTD Struts Configuration 2.5//EN" "http://struts.apache.org/dtds/struts-2.5.dtd"></pre> -</div></div><h3 id="Struts2.3to2.5migration-Tagsattributes">Tags attributes</h3><p>The <code>id</code> attribute was replaced with <code>var</code> attribute in the following tags.</p><ul><li><code><s:action></code></li><li><code><s:append></code></li><li><code><s:bean></code></li><li><code><s:date></code></li><li><code><s:generator></code></li><li><code><s:iterator></code></li><li><code><s:merge></code></li><li><code><s:number></code></li><li><code><s:set></code></li><li><code><s:sort></code></li><li><code><s:subset></code></li><li><code><s:text></code></li><li><code><s:url></code></li></ul><p><br clear="none">If you have something like that in your code: </p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl"> +</div></div><h3 id="Struts2.3to2.5migration-HTML5">HTML 5</h3><p>All the core themes are now HTML 5 compliant which means using a <code>required</code> attribute in your tags will produce a proper browser's validation.</p><h3 id="Struts2.3to2.5migration-Tagsattributes">Tags attributes</h3><p>The <code>id</code> attribute was replaced with <code>var</code> attribute in the following tags.</p><ul><li><code><s:action></code></li><li><code><s:append></code></li><li><code><s:bean></code></li><li><code><s:date></code></li><li><code><s:generator></code></li><li><code><s:iterator></code></li><li><code><s:merge></code></li><li><code><s:number></code></li><li><code><s:set></code></li><li><code><s:sort></code></li><li><code><s:subset></code></li><li><code><s:text></code></li><li><code><s:url></code></li></ul><p><br clear="none">If you have something like that in your code: </p><div class="cod e panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl"> <pre class="brush: xml; gutter: false; theme: Default" style="font-size:12px;"><s:url id="url" action="login"></pre> </div></div><p>change it to:</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl"> <pre class="brush: xml; gutter: false; theme: Default" style="font-size:12px;"><s:url var="url" action="login"></pre> http://git-wip-us.apache.org/repos/asf/struts-site/blob/1fb1b66a/content/docs/version-notes-2512.html ---------------------------------------------------------------------- diff --git a/content/docs/version-notes-2512.html b/content/docs/version-notes-2512.html index 639547b..e189800 100644 --- a/content/docs/version-notes-2512.html +++ b/content/docs/version-notes-2512.html @@ -156,7 +156,13 @@ under the License. <url>https://repository.apache.org/content/groups/staging/</url> </repository> </repositories></pre> -</div></div><h2 id="VersionNotes2.5.12-InternalChanges">Internal Changes</h2><ul style="list-style-type: square;"><li><img class="emoticon emoticon-warning" src="https://cwiki.apache.org/confluence/s/en_GB/5997/6f42626d00e36f53fe51440403446ca61552e2a2.1/_/images/icons/emoticons/warning.png"; data-emoticon-name="warning" alt="(warning)"> Possible DoS attack when using URLValidator, see <a shape="rect" href="s2-047.html">S2-047</a></li><li><img class="emoticon emoticon-warning" src="https://cwiki.apache.org/confluence/s/en_GB/5997/6f42626d00e36f53fe51440403446ca61552e2a2.1/_/images/icons/emoticons/warning.png"; data-emoticon-name="warning" alt="(warning)"> A DoS attack is available for Spring secured actions, see <a shape="rect" href="s2-049.html">S2-049</a></li></ul><ul style="list-style-type: square;"><li><h2 id="VersionNotes2.5.12-Bug">Bug</h2><ul><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-3171";>WW-3171</a>] - "double " and "Double" are not validated with the same decimal séparator</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-3357";>WW-3357</a>] - ognl.MethodFailedException when you do not enter a value for a field mapped to an int.</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-3650";>WW-3650</a>] - Double Value Conversion with requestLocale=de</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-3659";>WW-3659</a>] - strange behavior of s:a tag with s:include tag inside</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-3905";>WW-3905</a>] - The TextProvider injection in ActionSupport isn't quite integrated into the framework's core DI</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4105";>WW-4105</a>] - Struts2 raise java.lang.ClassCastException when Result type is chain< /li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4472";>WW-4472</a>] - @InputConfig annotation is not working when integrating with spring aop</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4528";>WW-4528</a>] - ChainingInterceptor does not handle lists correctly for excludes and includes</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4578";>WW-4578</a>] - Validators do not work for multiple values</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4581";>WW-4581</a>] - BigDecimal are not converted according context locale</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4663";>WW-4663</a>] - NullPointerException when displaying a form without action attribute</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4665";>WW-466 5</a>] - Struts2 JSR286 Portlet fileupload not working</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4694";>WW-4694</a>] - AnnotationWorkflowInterceptor doesn't work with spring proxied action</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4736";>WW-4736</a>] - Upgrade to Log4j2 version 2.8</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4737";>WW-4737</a>] - Array-of-null parameters are converted to arrays containing "null"</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4739";>WW-4739</a>] - <s:reset> tag does not properly interpret the attribute tabindex</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4740";>WW-4740</a>] - NullPointer in com.opensymphony.xwork2.ActionSupport.getLocale</li><li>[<a shape="rect" class="external-link" href="https://issue s.apache.org/jira/browse/WW-4741">WW-4741</a>] - Http Sessions forcefully created for all requests using I18nInterceptor with default Storage value.</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4746";>WW-4746</a>] - cssErrorClass attribute has no effect on label tag</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4747";>WW-4747</a>] - s:file generates input tag with "value" attribute</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4750";>WW-4750</a>] - Why JSONValidationInterceptor return Status Code 400 BAD_REQUEST instead of 200 SUCCESS</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4758";>WW-4758</a>] - @autowired does not work since Struts 2.3.28.1</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4772";>WW-4772</a>] - Convention Plugin can't use ${message }</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4773";>WW-4773</a>] - Mixed content https to http when upgraded to 2.3.32 or 2.5.10.1</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4774";>WW-4774</a>] - Upgrding Struts 2.3.1 to 2.5.10.1 - Redirect issues HTTPS to HTTP</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4775";>WW-4775</a>] - Action class Attributes(value stack) is not getting populated through Ajax url request parms</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4784";>WW-4784</a>] - <s:url tag is not working after Struts 2.5.10.1 migration</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4786";>WW-4786</a>] - Upgrade from struts2-tiles3-plugin to struts2-tiles-plugin gives a NoSuchDefinitionException</li><li>[<a shape="rect" class="external-li nk" href="https://issues.apache.org/jira/browse/WW-4788";>WW-4788</a>] - Parameters which are added via ServletDispatcherResult aren't availabe in #parameters</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4790";>WW-4790</a>] - struts 2.5.10.1 upgrade cause more frequent garbage collection</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4794";>WW-4794</a>] - Subreport call "Caused by: java.lang.ClassCastException: org.apache.struts2.views.jasperreports.ValueStackDataSource cannot be cast to java.util.Collection"</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4800";>WW-4800</a>] - Aspects are not executed when chaining AOPed actions</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4801";>WW-4801</a>] - Duplicate hidden input field checkboxListHandler</li><li>[<a shape="rect" class="external-link" href="http s://issues.apache.org/jira/browse/WW-4804">WW-4804</a>] - inputtransferselect does not auto-select its elements</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4810";>WW-4810</a>] - Calling empty locale</li></ul><h2 id="VersionNotes2.5.12-Improvement">Improvement</h2><ul><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-1534";>WW-1534</a>] - The value of checkbox getted in server-side is "false" when no any checkbox been selected.</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-3924";>WW-3924</a>] - refactor file upload framework</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-3952";>WW-3952</a>] - creditCard validator available in Struts 1 missing in Struts 2</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4149";>WW-4149</a>] - No easy way to have an empty intercepto r stack if have default stack</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4210";>WW-4210</a>] - @TypeConversion converter attribut to class</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4714";>WW-4714</a>] - Convert LocalizedTextUtil into a bean with default implementation</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4743";>WW-4743</a>] - NPE in StrutsTilesContainerFactory when resource isn't found</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4744";>WW-4744</a>] - AnnotationWorkflowInterceptor should supports non-public annotated methods</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4748";>WW-4748</a>] - Upgrade commons-lang3 to 3.5</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4749";>WW-4749</a>] - Bu ffer/Flush behaviour in FreemarkerResult</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4751";>WW-4751</a>] - Struts2 should know and consider config time class of user's Actions</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4752";>WW-4752</a>] - getters of exclude-sets in OgnlUtil should return immutable collections</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4753";>WW-4753</a>] - Make DelegatingValidatorContext injectable</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4754";>WW-4754</a>] - Mark site-graph plugin as deprecated</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4756";>WW-4756</a>] - Use TextProviderFactory instead of TextProvider as bean's dependency</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/ WW-4757">WW-4757</a>] - Create LocaleProviderFactory and uses instead of LocaleProvider</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4761";>WW-4761</a>] - Improve error logging in DefaultDispatcherErrorHandler</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4762";>WW-4762</a>] - DefaultLocalizedTextProvider refactoring</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4764";>WW-4764</a>] - Make jakarta-stream multipart parser more extensbile</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4767";>WW-4767</a>] - Make Multipart parsers more extensible</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4768";>WW-4768</a>] - Add proper validation if request is a multipart request</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse /WW-4769">WW-4769</a>] - Make SecurityMethodAccess excluded classes & packages definitions immutable</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4771";>WW-4771</a>] - minor typos in confluence page "security.html"</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4780";>WW-4780</a>] - Upgrade to Log4j2 2.8.2</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4785";>WW-4785</a>] - Allow disable file upload support via an configurable option</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4787";>WW-4787</a>] - TestCase XWorkMapPropertyAccessorTest should be moved to src/test/java</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4791";>WW-4791</a>] - Stop using DefaultLocalizedTextProvider#localeFromString static util method</li><li>[<a shape="rect" class="extern al-link" href="https://issues.apache.org/jira/browse/WW-4793";>WW-4793</a>] - Don't add JBossFileManager as a possible FileManager when not on JBoss</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4795";>WW-4795</a>] - There is no @LongRangeFieldValidator annotation to support LongRangeFieldValidator</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4805";>WW-4805</a>] - At least a DoS attack is available for Spring secured actions</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4809";>WW-4809</a>] - Upgrade to commons-lang 3.6</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4812";>WW-4812</a>] - Update commons-fileupload</li></ul><h2 id="VersionNotes2.5.12-NewFeature">New Feature</h2><ul><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-3399";>WW-3399</a>] - JCR(JSR-170 ) Struts2 plugin</li></ul></li></ul><p> </p><div class="confluence-information-macro confluence-information-macro-note"><span class="aui-icon aui-icon-small aui-iconfont-warning confluence-information-macro-icon"></span><div class="confluence-information-macro-body"><p>This release contains fixes related to <a shape="rect" href="s2-047.html">S2-047</a> and <a shape="rect" href="s2-049.html">S2-049</a>, please read them carefully!</p></div></div><p> </p><p>Issue Detail</p><ul><li><a shape="rect" class="external-link" href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12311041&version=12338701";>JIRA Release Notes 2.5.12</a></li></ul><h2 id="VersionNotes2.5.12-IssueList">Issue List</h2><ul><li><a shape="rect" class="external-link" href="https://issues.apache.org/jira/issues/?filter=12341147";>Struts 2.5.12 DONE</a></li><li><a shape="rect" class="external-link" href="https://issues.apache.org/jira/issues/?filter=12335667";>Struts 2.5.x TODO</a></li></ul>< h2 id="VersionNotes2.5.12-Otherresources">Other resources</h2><ul><li><a shape="rect" class="external-link" href="http://www.mail-archive.com/commits%40struts.apache.org/"; rel="nofollow">Commit Logs</a></li><li><a shape="rect" class="external-link" href="https://git-wip-us.apache.org/repos/asf?p=struts.git;a=tree;h=refs/heads/develop;hb=develop";>Source Code Repository</a></li></ul><div><span style="font-size: 24.0px;line-height: 30.0px;"><br clear="none"></span></div><div><span style="font-size: 24.0px;line-height: 30.0px;background-color: rgb(245,245,245);"><br clear="none"></span></div></div> +</div></div><h2 id="VersionNotes2.5.12-InternalChanges">Internal Changes</h2><ul style="list-style-type: square;"><li><img class="emoticon emoticon-warning" src="https://cwiki.apache.org/confluence/s/en_GB/5997/6f42626d00e36f53fe51440403446ca61552e2a2.1/_/images/icons/emoticons/warning.png"; data-emoticon-name="warning" alt="(warning)"> Possible DoS attack when using URLValidator, see <a shape="rect" href="s2-047.html">S2-047</a></li><li><img class="emoticon emoticon-warning" src="https://cwiki.apache.org/confluence/s/en_GB/5997/6f42626d00e36f53fe51440403446ca61552e2a2.1/_/images/icons/emoticons/warning.png"; data-emoticon-name="warning" alt="(warning)"> A DoS attack is available for Spring secured actions, see <a shape="rect" href="s2-049.html">S2-049</a></li></ul><ul style="list-style-type: square;"><li><h2 id="VersionNotes2.5.12-Bug">Bug</h2><ul><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-3171";>WW-3171</a>] - "double " and "Double" are not validated with the same decimal séparator</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-3357";>WW-3357</a>] - ognl.MethodFailedException when you do not enter a value for a field mapped to an int.</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-3650";>WW-3650</a>] - Double Value Conversion with requestLocale=de</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-3659";>WW-3659</a>] - strange behavior of s:a tag with s:include tag inside</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-3905";>WW-3905</a>] - The TextProvider injection in ActionSupport isn't quite integrated into the framework's core DI</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4105";>WW-4105</a>] - Struts2 raise java.lang.ClassCastException when Result type is chain< /li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4472";>WW-4472</a>] - @InputConfig annotation is not working when integrating with spring aop</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4528";>WW-4528</a>] - ChainingInterceptor does not handle lists correctly for excludes and includes</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4578";>WW-4578</a>] - Validators do not work for multiple values</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4581";>WW-4581</a>] - BigDecimal are not converted according context locale</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4663";>WW-4663</a>] - NullPointerException when displaying a form without action attribute</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4665";>WW-466 5</a>] - Struts2 JSR286 Portlet fileupload not working</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4694";>WW-4694</a>] - AnnotationWorkflowInterceptor doesn't work with spring proxied action</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4736";>WW-4736</a>] - Upgrade to Log4j2 version 2.8</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4737";>WW-4737</a>] - Array-of-null parameters are converted to arrays containing "null"</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4739";>WW-4739</a>] - <s:reset> tag does not properly interpret the attribute tabindex</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4740";>WW-4740</a>] - NullPointer in com.opensymphony.xwork2.ActionSupport.getLocale</li><li>[<a shape="rect" class="external-link" href="https://issue s.apache.org/jira/browse/WW-4741">WW-4741</a>] - Http Sessions forcefully created for all requests using I18nInterceptor with default Storage value.</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4746";>WW-4746</a>] - cssErrorClass attribute has no effect on label tag</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4747";>WW-4747</a>] - s:file generates input tag with "value" attribute</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4750";>WW-4750</a>] - Why JSONValidationInterceptor return Status Code 400 BAD_REQUEST instead of 200 SUCCESS</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4758";>WW-4758</a>] - @autowired does not work since Struts 2.3.28.1</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4772";>WW-4772</a>] - Convention Plugin can't use ${message }</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4773";>WW-4773</a>] - Mixed content https to http when upgraded to 2.3.32 or 2.5.10.1</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4774";>WW-4774</a>] - Upgrding Struts 2.3.1 to 2.5.10.1 - Redirect issues HTTPS to HTTP</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4775";>WW-4775</a>] - Action class Attributes(value stack) is not getting populated through Ajax url request parms</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4784";>WW-4784</a>] - <s:url tag is not working after Struts 2.5.10.1 migration</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4786";>WW-4786</a>] - Upgrade from struts2-tiles3-plugin to struts2-tiles-plugin gives a NoSuchDefinitionException</li><li>[<a shape="rect" class="external-li nk" href="https://issues.apache.org/jira/browse/WW-4788";>WW-4788</a>] - Parameters which are added via ServletDispatcherResult aren't availabe in #parameters</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4790";>WW-4790</a>] - struts 2.5.10.1 upgrade cause more frequent garbage collection</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4794";>WW-4794</a>] - Subreport call "Caused by: java.lang.ClassCastException: org.apache.struts2.views.jasperreports.ValueStackDataSource cannot be cast to java.util.Collection"</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4800";>WW-4800</a>] - Aspects are not executed when chaining AOPed actions</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4801";>WW-4801</a>] - Duplicate hidden input field checkboxListHandler</li><li>[<a shape="rect" class="external-link" href="http s://issues.apache.org/jira/browse/WW-4804">WW-4804</a>] - inputtransferselect does not auto-select its elements</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4810";>WW-4810</a>] - Calling empty locale</li></ul><h2 id="VersionNotes2.5.12-Improvement">Improvement</h2><ul><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-1534";>WW-1534</a>] - The value of checkbox getted in server-side is "false" when no any checkbox been selected.</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-3924";>WW-3924</a>] - refactor file upload framework</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-3952";>WW-3952</a>] - creditCard validator available in Struts 1 missing in Struts 2</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4149";>WW-4149</a>] - No easy way to have an empty intercepto r stack if have default stack</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4210";>WW-4210</a>] - @TypeConversion converter attribut to class</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4714";>WW-4714</a>] - Convert LocalizedTextUtil into a bean with default implementation</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4743";>WW-4743</a>] - NPE in StrutsTilesContainerFactory when resource isn't found</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4744";>WW-4744</a>] - AnnotationWorkflowInterceptor should supports non-public annotated methods</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4748";>WW-4748</a>] - Upgrade commons-lang3 to 3.5</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4749";>WW-4749</a>] - Bu ffer/Flush behaviour in FreemarkerResult</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4751";>WW-4751</a>] - Struts2 should know and consider config time class of user's Actions</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4752";>WW-4752</a>] - getters of exclude-sets in OgnlUtil should return immutable collections</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4753";>WW-4753</a>] - Make DelegatingValidatorContext injectable</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4754";>WW-4754</a>] - Mark site-graph plugin as deprecated</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4756";>WW-4756</a>] - Use TextProviderFactory instead of TextProvider as bean's dependency</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/ WW-4757">WW-4757</a>] - Create LocaleProviderFactory and uses instead of LocaleProvider</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4761";>WW-4761</a>] - Improve error logging in DefaultDispatcherErrorHandler</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4762";>WW-4762</a>] - DefaultLocalizedTextProvider refactoring</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4764";>WW-4764</a>] - Make jakarta-stream multipart parser more extensbile</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4767";>WW-4767</a>] - Make Multipart parsers more extensible</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4768";>WW-4768</a>] - Add proper validation if request is a multipart request</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse /WW-4769">WW-4769</a>] - Make SecurityMethodAccess excluded classes & packages definitions immutable</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4771";>WW-4771</a>] - minor typos in confluence page "security.html"</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4780";>WW-4780</a>] - Upgrade to Log4j2 2.8.2</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4785";>WW-4785</a>] - Allow disable file upload support via an configurable option</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4787";>WW-4787</a>] - TestCase XWorkMapPropertyAccessorTest should be moved to src/test/java</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4791";>WW-4791</a>] - Stop using DefaultLocalizedTextProvider#localeFromString static util method</li><li>[<a shape="rect" class="extern al-link" href="https://issues.apache.org/jira/browse/WW-4793";>WW-4793</a>] - Don't add JBossFileManager as a possible FileManager when not on JBoss</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4795";>WW-4795</a>] - There is no @LongRangeFieldValidator annotation to support LongRangeFieldValidator</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4805";>WW-4805</a>] - At least a DoS attack is available for Spring secured actions</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4809";>WW-4809</a>] - Upgrade to commons-lang 3.6</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4812";>WW-4812</a>] - Update commons-fileupload</li></ul><h2 id="VersionNotes2.5.12-NewFeature">New Feature</h2><ul><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-3399";>WW-3399</a>] - JCR(JSR-170 ) Struts2 plugin</li></ul></li></ul><p> </p><div class="confluence-information-macro confluence-information-macro-note"><span class="aui-icon aui-icon-small aui-iconfont-warning confluence-information-macro-icon"></span><div class="confluence-information-macro-body"><p>This release contains fixes related to <a shape="rect" href="s2-047.html">S2-047</a> and <a shape="rect" href="s2-049.html">S2-049</a>, please read them carefully!</p></div></div><div class="confluence-information-macro confluence-information-macro-note"><span class="aui-icon aui-icon-small aui-iconfont-warning confluence-information-macro-icon"></span><div class="confluence-information-macro-body"><p>This version contains a new conversion logic which is <code>Locale</code> aware and can affect your application when you are using some uncommon solutions. One of these is to use <code>a number literals</code> in Freemarker template. In such case Freemarker treats them as numbers (as <code>BigDecimal</code>s) and St ruts logic converts them to a string with decimal zero, see the example below:</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl"> +<pre class="brush: xml; gutter: false; theme: Default" style="font-size:12px;"><@s.textfield name="userId" value=35/></pre> +</div></div><p>this snippet will produce the following Html control:</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl"> +<pre class="brush: html; gutter: false; theme: Default" style="font-size:12px;"><input type="text" name="userId" value="35.0"/></pre> +</div></div><p>To resolves this problem you must add quotes around the value:</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl"> +<pre class="brush: html; gutter: false; theme: Default" style="font-size:12px;"><@s.textfield name="userId" value="35"/></pre> +</div></div><p>This is due how Freemarker treats <a shape="rect" class="external-link" href="http://freemarker.org/docs/dgui_template_exp.html#dgui_template_exp_direct_number"; rel="nofollow">a number literals</a>.</p></div></div><p> </p><p>Issue Detail</p><ul><li><a shape="rect" class="external-link" href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12311041&version=12338701";>JIRA Release Notes 2.5.12</a></li></ul><h2 id="VersionNotes2.5.12-IssueList">Issue List</h2><ul><li><a shape="rect" class="external-link" href="https://issues.apache.org/jira/issues/?filter=12341147";>Struts 2.5.12 DONE</a></li><li><a shape="rect" class="external-link" href="https://issues.apache.org/jira/issues/?filter=12335667";>Struts 2.5.x TODO</a></li></ul><h2 id="VersionNotes2.5.12-Otherresources">Other resources</h2><ul><li><a shape="rect" class="external-link" href="http://www.mail-archive.com/commits%40struts.apache.org/"; rel="nofollow">Commit Logs</a></li><li><a shape="rect " class="external-link" href="https://git-wip-us.apache.org/repos/asf?p=struts.git;a=tree;h=refs/heads/develop;hb=develop";>Source Code Repository</a></li></ul><div><span style="font-size: 24.0px;line-height: 30.0px;"><br clear="none"></span></div><div><span style="font-size: 24.0px;line-height: 30.0px;background-color: rgb(245,245,245);"><br clear="none"></span></div></div> </div>
![https://cwiki.apache.org/confluence/s/en_GB/5997/6f42626d00e36f53fe51440403446ca61552e2a2.1/_/images/icons/emoticons/warning.png"](https://cwiki.apache.org/confluence/s/en_GB/5997/6f42626d00e36f53fe51440403446ca61552e2a2.1/_/images/icons/emoticons/warning.png"){kind=link}