Wow! That's a long list of improvements and major milestone! Thanks to everyone who contributed to this release!
+1 binding [ ] Leave at test build [ ] Alpha [ ] Beta [X] General Availability (GA) Best Regards Johannes Lukasz Lenart <lukaszlen...@apache.org> schrieb am Do., 2. Juni 2022, 10:05: > The Apache Struts ver. 6.0.0 aka Apache Struts 2 ver. 2.6.0 test build > is available. With this release the following areas were addressed: > > Version change: > You can be surprised by the version change, previously we have been > using Struts 2.5.x versioning schema, but this was a bit misleading. > Struts 2 is a different framework than Struts 1 and its versioning is > supposed to start with 1.0.0, yet that never happened. With each > breaking changes release (like Struts 2.5), we had been only upgrading > the MINOR part of the versioning schema. To fix that problem as from > Struts 2 ver. 6.0.0 (aka Struts 2.6) we adopt a proper SemVer to > avoid such confusion. > > Internal Changes: > The framework requires Java 8 at runtime. Also Servlet API 3.1 capable > container is required. > OGNL expressions are limited to 256 characters by default. See WW-5179 > - Set 'struts.ognl.expressionMaxLength' to 256 by default RESOLVED and > docs for more details. > Yasser's PR has been merged which contains a fix to double evaluation > security vulnerability - it should solve any future attack vectors, > yet it can impact your application if you have been depending on > double evaluation. How to test: > Run all your app tests, you shouldn't see any WARN log like below: > Expression [so-and-so] isn't allowed by pattern [so-and-so]! See > Accepted / Excluded patterns at https://struts.apache.org/security/ > See if following components are still functioning correctly regarding > java-scripts: > - forms with client side validations > - doubleselect > - combobox > Check also StreamResults, AliasInterceptors and JasperReportResults if > they are still working as expected. > Support to access static methods via OGNL expressions has been > removed, use action instance methods instead. > > Bug > [WW-3534] - PrepareOperations.createActionContext does not detect > existing context correctly > [WW-3730] - action tag accepts only String arrays as parameters > [WW-4723] - s:url incompatible with JDK 1.5 > [WW-4742] - Problem with escape when the key from getText has no value > [WW-4865] - Struts s:checkbox conversion fails to List<Integer> > [WW-4866] - ASM 5.2 and Java 9 leads to IllegalArgumentException > [WW-4897] - KEYS, sigs and hashes should use https (SSL) > [WW-4902] - Struts 2 fails to init Dispatcher - Tomcat Embedded > [WW-4928] - Setting struts.devMode from system property not working as > described > [WW-4930] - SMI cannot be diasabled for action-packages found via the > convention-plugin > [WW-4941] - [jar_cache] Some jar_cache******.tmp files are generated > into a temporary directory(/tmp) during web service start > [WW-4943] - opensymphony.xwork2.util.LocalizedTextUtil can't get i18n > resources > [WW-4944] - Struts 2 REST Tiles integration issue > [WW-4945] - TagUtils#buildNamespace should throw an exception when > invocation is null > [WW-4946] - Strtus 2 spring integrations is failing - fails to init > Dispatcher - Tomcat Embedded > [WW-4948] - Struts 2.5.16 is creating jar_cache files in temp folder > [WW-4951] - MD5 and SHA1 should no longer be provided on download pages > [WW-4954] - xml-validation fails since struts 2.5.17 > [WW-4957] - Update struts version from 2.5.10 to 2.5.17. > LocalizedTextUtil class is removed and > GlobalLocalizedTextProvider&StrutsLocalizedTextProvider cannot be used > instead. > [WW-4958] - File upload fails from certain clients > [WW-4964] - Missing javascript in form-validate.ftl > [WW-4968] - combining s:set and s:property where the property > retrieved is null has unexpected results > [WW-4971] - s:include tag fails with truncated content in certain > circumstances > [WW-4974] - NullPointerException in > DefaultStaticContentLoader#findStaticResource > [WW-4977] - Fixing flaky test in Jsr168DispatcherTest and > Jsr286DispatcherTest > [WW-4984] - Static files like css and js files in struts-core not > properly served > [WW-4986] - Race condition reloading config results in actions not found > [WW-4987] - Setting Struts2 <s:select> options Css Class > [WW-4991] - Not existing property in listValueKey throws exception > [WW-4997] - <s:debug> can't be resolved > [WW-4999] - Can't get OgnlValueStack log even if enable > logMissingProperties > [WW-5002] - Package Level Properties in Global Results > [WW-5004] - No more calling of a static variable in Struts 2.8.20 available > [WW-5006] - NullPointerException in ProxyUtil class when accessing static > member > [WW-5009] - EmptyStackException in JSON plugin due to concurrency > [WW-5011] - Tiles bug when parsing file:// URLs including # as part of the > URL > [WW-5013] - Accessing static variable via OGNL returns nothing > [WW-5022] - Struts 2.6 escaping behaviour change for s:a (anchor) tag > [WW-5024] - HttpParameters.Builder can wrap objects in two layers of > Parameters > [WW-5025] - Binding Integer Array upon form submission > [WW-5026] - Double-submit of TokenSessionStoreInterceptor broken since > 2.5.16 > [WW-5027] - xerces tries to load resources from the internet > [WW-5028] - Dispatcher prints stacktraces directly to the console > [WW-5029] - The content allowed-methods tag of the XML configuration > is sometimes truncated > [WW-5030] - ClassNotFoundException - MockPortletResponse > [WW-5031] - OGNL: An illegal reflective access operation has occurred > [WW-5043] - trouble with Enum subclassing > [WW-5054] - Debugging Interceptor debug=browser not working > [WW-5058] - Invalid link in primer.html > [WW-5059] - primer.html link to spring-security is broken > [WW-5065] - AbstractMatcher adds values to the map passed into > replaceParameters > [WW-5072] - Minor bug in single file upload example of the Showcase > application > [WW-5074] - Multiple ASM jar conflict in 2.6 build > [WW-5076] - struts2 redirecting to https to http > [WW-5077] - Unable to set long pathname variables > [WW-5079] - Could not find StrutsPrepareAndExecuteFilter sometime in WAS > server > [WW-5081] - Struts default textarea template fails w3c validation > [WW-5082] - struts2 update from 2.1.6 to 2.3.37 > [WW-5086] - s:set with empty body > [WW-5087] - AliasInterceptor doesn't properly handle Parameter.Empty > [WW-5088] - Empty file upload gives wrong error message > [WW-5091] - Switched hash and PGP links > [WW-5093] - inconsistent scope for variables created with s:set and s:url > [WW-5095] - Junit plugin does not push ACTION_MAPPING into the context > resulting in NPE > [WW-5096] - Struts2 StaticParametersInterceptor's > addParametersToContext method is not working as expected. > [WW-5100] - incorrect content-type behavior after upgrading to struts 2.5.* > [WW-5102] - Download page issues > [WW-5104] - Please delete old releases > [WW-5106] - The call chains of ActionContext.getContext() in > ServletActionContext are dangerious > [WW-5107] - JQuery plugin does not handle dynamic component ids correctly > [WW-5108] - No errors are reported locally. On linux environment, > tomcat runs alone and reports > java.lang.annotation.AnnotationTypeMismatchException > [WW-5109] - Ognl issue after migrating from strut 2.3 to 2.5 > [WW-5116] - PostbackResult uses wrong regex range > [WW-5117] - %{id} evaluates different for data-* and value attribute > [WW-5119] - Blocking Threads in retrieving text from resource bundle > [WW-5121] - Contention when injecting Scope.SINGLETON instances > [WW-5123] - CheckboxTag value missing for labelposition > [WW-5124] - Tag attribute values cached > [WW-5125] - forbidden name attribute values (size, clone...?) in > <s:textfield> using the default theme > [WW-5129] - Dynamic Attributes are not working for doubleselect, > optiontransferselect, inputtransferselect tags > [WW-5130] - ID param not being set > [WW-5140] - Cannot download struts from the main page > [WW-5146] - Empty file upload ends in error > [WW-5147] - OGNL valid expression is not cached and is parsed over > again in some situations > [WW-5160] - Template not found for name > "Empty{name='templateDir'}/simple/hidden.ftl" > [WW-5163] - Error executing FreeMarker template > [WW-5169] - Key Technologies Primer: Broken link to ResourceBundles > > New Feature > [WW-4598] - async Actions > [WW-4760] - Switch to Servlet API 2.5 > [WW-4874] - Asynchronous action method > [WW-5005] - Struts2 convention plugin lacks Java 11 support > [WW-5049] - Move Velocity support into a dedicated plugin > [WW-5083] - Fetch Metadata support > [WW-5084] - Content Security Policy support > [WW-5085] - Add Cross-Origin Opener Policy and Cross-Origin Embedder > Policy Support > [WW-5101] - AbstractLocalizedTextProvider illegal reflective access > operation has occurred > > Improvement > [WW-685] - Generic error message - Type Conversion Error Handling > [WW-2040] - Struts 1 vs. Struts 2 benchmarking application > [WW-2411] - Add a maxlength attribute to the textarea tag > [WW-2537] - Fix generics in all codebase > [WW-3788] - Convert ServletActionContext to be more as ActionContext > [WW-3877] - Remove altSyntax option > [WW-4043] - Duplicated class TestUtils > [WW-4069] - Upgrade DWR plugin to use the latest available version > [WW-4348] - Remove access to static methods > [WW-4713] - Drop "searchValueStack" attribute from tag <s:text/> > [WW-4763] - Drop deprecated logging layer > [WW-4779] - Remove profiling layer > [WW-4789] - ActionContext should be immutable > [WW-4792] - Removes deprecated XWork constants > [WW-4796] - Rename Spring related flags to use the same pattern > [WW-4799] - make DateConverter configurable > [WW-4875] - Java configuration > [WW-4889] - Implement REST content handlers using Apache Juneau > [WW-4910] - Align OptGroup with Select > [WW-4915] - Replace deprecated commons-lang3 classes > [WW-4927] - Use immutable version of OGNL without access to #context > [WW-4929] - Fallback i18n Locale > [WW-4932] - Conversion fails when generic type is an interface > [WW-4937] - Add SortedSet field support to JSON plugin > [WW-4938] - ObjectFactory should use Container to instantiate actions > and inject dependencies > [WW-4952] - Upgrade to apache-master version 21 > [WW-4963] - Implement new Aware interfaces that are using withXxxx > pattern instead of setters > [WW-4972] - Switch to latest freemarker version when defining > incompatible_improvements > [WW-4995] - Enhancement for s:set tag to improve tag body whitespace > control. > [WW-4996] - Refactor DefaultTypeConverterCreator to use > ObjectFactory#buildConverter > [WW-5000] - Replace string literals with proper constants in @Inject > [WW-5001] - Allow to define converters in "struts-conversion.properties" > file > [WW-5003] - Use StrutsException instead of XWorkException > [WW-5012] - Make a public state check the first acceptance check in > SecurityMemberAccess > [WW-5017] - Drop @Validation annotation as not needed > [WW-5018] - Add maven enforce plugin to control certain environmental > constraints > [WW-5023] - Upgrade SLF4J to latest 1.7.x version > [WW-5034] - Minor enhancement/fix to AbstractLocalizedTextProvider > [WW-5035] - Provide mechanism to clear OgnlUtil caches > [WW-5036] - update JFreeChart plugin for compatibility with JFreeChart 1.5 > [WW-5052] - Use TypeConversionException instead of StrutsException > [WW-5056] - Standard Accepted Patterns in DefaultAcceptedPatternsChecker > [WW-5057] - Cleanup and/or improvements to Showcase Applications > [WW-5062] - Use downloads.a.o instead of archive > [WW-5063] - Use null check of passed in invocation in all the results > [WW-5064] - Move XWork Spring support into struts2-spring-plugin > [WW-5069] - Improve build behaviour on JDK9+ > [WW-5070] - JSONResult default root object should be set explicitly, > rather than from result of ValueStack.peek() > [WW-5073] - Use TextParser in AbstractMatcher > [WW-5078] - Remove support for <xwork> DTD > [WW-5080] - Allow write directly to a response - define a new result > [WW-5099] - Upgrade JFreeChart plugin to use version 1.5.1 of JFreeChart > [WW-5112] - Add ability (control flag) for TextProviders to prioritize > reads from the default resource bundlest. > [WW-5113] - Drop deprecated constant "struts.xworkTextProvider" > [WW-5114] - Drop deprecated constant "struts.localeProvider" > [WW-5115] - Reduce logging for DMI excluded parameters > [WW-5126] - inconsistancy between Model Driven and Model Driven > Interceptor documentations > [WW-5136] - Make class attribute deprecated > [WW-5152] - Make OVal plugin deprecated > [WW-5153] - Make Portlet, Portlet Mocks and Portlet Tiles plugins > deprecated > [WW-5154] - Make GXP plugin deprecated > [WW-5155] - Make OSGi plugin deprecated > [WW-5156] - Make Plexus plugin deprecated > [WW-5157] - Make Sitemesh plugin deprecated > [WW-5164] - Remove deprecated ConversionDescription class > [WW-5168] - Fix missing submitUnchecked and broken disabled attributes > in Javatemplates checkbox tag > [WW-5175] - Add basic LocalDateTime support > [WW-5179] - Set 'struts.ognl.expressionMaxLength' to 256 by default > [WW-5181] - Stop supporting accessing static methods via OGNL expressions > [WW-5182] - Upgrade to Servlet API 3.1 > > Task > [WW-4845] - run, test, and validate Struts2 with Java9 > [WW-4981] - Add support for Java 11 > [WW-4982] - Remove the deprecated JsonLibHandler and outdated json-lib > dependency > [WW-4983] - Set private access modifier for HttpParameters.toMap > [WW-4998] - I18nInterceptor's default storage should store locale > [WW-5010] - Switch to Java 8 > [WW-5016] - Support Java 8 date time in the date tag > [WW-5020] - delete deprecated sitegraph plugin > [WW-5021] - Serve static resources from different path > [WW-5118] - OGNL long conversion > > Dependency > [WW-4887] - Upgrade to Tiles 3.0.8 > [WW-4926] - Upgrade commons-beanutils to version 1.9.3 > [WW-4931] - Upgrade to Apache FreeMarker 2.3.28 version > [WW-4947] - server errors generated by > secure-jakarta-multipart-parser-plugin > [WW-4955] - Upgrade to OGNL 3.2.6 > [WW-4956] - Upgrade to Log4j2 2.11.1 > [WW-4965] - Upgrade to OGNL 3.2.7 > [WW-4967] - Upgrade to Jackson 2.9.6 > [WW-4973] - Upgrade to OGNL 3.2.8 > [WW-4975] - Upgraded commons-fileupload to version 1.4 > [WW-4976] - Upgrade ASM to version 7.0 > [WW-4979] - Update multiple Struts 2.6.x libraries to more recent versions > [WW-4980] - Update maven-wrapper to 3.5.4 and add maven-wrapper.jar to > .gitignore > [WW-4985] - Update persistence-api from 1.0 to 1.0.2 for CDI Plugin > [WW-4988] - Upgrade DWR from 1.x to 2.x (for DWR plugin) > [WW-4989] - Use JacksonXML handler instead of XStream as a default > handler for XML in the REST plugin > [WW-4992] - Mark the Embedded JSP plugin as depracted > [WW-4993] - Update OGNL versions for 2.6 and 2.5.x builds > [WW-5007] - Upgrade Jackson library to the latest version > [WW-5019] - Upgrade Log4j to version 2.13.3 > [WW-5032] - Struts 2 Junit Plugin is not working with Zulu JDK11 > [WW-5033] - Update a few Struts 2.5.x libraries to more recent versions > [WW-5037] - Upgrade commons-beanutils to version 1.9.4 > [WW-5038] - Upgrade jackson-databind to version 2.9.9.3 > [WW-5042] - Upgrade jackson-databind to version 2.10.0 > [WW-5045] - Update jasperreports to 6.10.0 > [WW-5047] - Upgrade Velocity to 2.1 and Velocity Tools to 3.0 > [WW-5048] - Update various dependencies to newest version > [WW-5050] - Upgrade to OGNL 3.2.12 > [WW-5061] - CVEs in the library dependencies > [WW-5068] - Update multiple Struts 2.6.x libraries / Maven build plugin > versions > [WW-5075] - Upgrade OSGi to the latest version > [WW-5092] - ASM dependency update to 8.* > [WW-5094] - Upgrade Spring Framework to version 4.3.29.RELEASE > [WW-5097] - Upgrade to OGNL 3.2.16 > [WW-5098] - Upgrade ASM to version 9.0 > [WW-5103] - Upgrade XStream to version 1.4.14 > [WW-5120] - Upgrade Velocity Engine & Velocity Tools > [WW-5122] - Upgrade XStream to version 1.4.16 > [WW-5131] - Upgrade commons-io to version 2.9 > [WW-5134] - Upgrade JasperReports to version 6.17.0 > [WW-5135] - Upgrade XStream to version 1.4.17 > [WW-5142] - Upgrade XStream to version 1.4.18 > [WW-5143] - Upgrade Oval library to ver. 3.2.1 > [WW-5144] - Mark OVal plugin as deprecated > [WW-5148] - Upgrade ASM to version 9.2 > [WW-5151] - Bump to 2.15.0 to fix log4j vulnerability > [WW-5158] - Upgrade Log4j to version 2.16.0 to address security > vulnerability > [WW-5161] - Update spring to 4.3.30 > [WW-5162] - Upgrade Log4j to version 2.17.1 to address security > vulnerability > [WW-5165] - Update spring to 5.3.x b/c 4.3.x is EOL > [WW-5166] - Update OGNL to 3.3.2 > [WW-5167] - Upgrade XStream to version 1.4.19 > [WW-5171] - Upgrade Apache Log4j 2.17.2 > [WW-5172] - Upgrade freemarker to 2.3.31 > [WW-5174] - Upgrade Jackson-Core to version 2.13.2 and > Jackson-Databind to 2.13.2.1 > > Github release: > * https://github.com/apache/struts/releases/tag/STRUTS_6_0_0 > > Release notes: > * https://cwiki.apache.org/confluence/display/WW/Version+Notes+6.0.0 > > MIgration guide: > * > https://cwiki.apache.org/confluence/display/WW/Struts+2.5+to+6.0.0+migration > > Distribution: > * https://dist.apache.org/repos/dist/dev/struts/6.0.0/ > > Maven 2 staging repository: > * https://repository.apache.org/content/repositories/staging/ > > Once you have had a chance to review the test build, please respond > with a vote on its quality: > > [ ] Leave at test build > [ ] Alpha > [ ] Beta > [ ] General Availability (GA) > > Everyone who has tested the build is invited to vote. Votes by PMC > members are considered binding. A vote passes if there are at least > three binding +1s and more +1s than -1s. > > The vote will remain open for at least 72 hours, longer upon request. > A vote can be amended at any time to upgrade or downgrade the quality > of the release based on future experience. If an initial vote > designates the build as "Beta", the release will be submitted for > mirroring and announced to the user list. Once released as a public > beta, subsequent quality votes on a build may be held on the user > list. > > As always, the act of voting carries certain obligations. A binding > vote not only states an opinion, but means that the voter is agreeing > to help do the work. > > > Kind regards > -- > Ćukasz > + 48 606 323 122 http://www.lenart.org.pl/ > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org > For additional commands, e-mail: dev-h...@struts.apache.org > >
