Vote passed with result: +1 (binding) x3 +0 (binding) x1 The release has been accepted!
Thanks a lot Łukasz sob., 4 cze 2022 o 21:12 James Chaplin <jchap...@apache.org> napisał(a): > > Appreciation goes out to everyone who contributed to the 6.0.0 release ! > > Since I have only tested 6.0 via the Showcase applications (it worked well > for both), I will abstain my vote for now: +0. > > One item to mention: I noticed that the 6.0.0 standalone artifacts seem to > have md5 and sha1 hashfiles generated (instead of sha256, sha512). It looks > like that was the case for 2.5.30 as well, but 2.5.29 has sha256 and sha512 > hashfiles, so something may have changed in the build packaging flow since > then. > > Regards, > > James. > > > On 2022/06/02 08:05:23 Lukasz Lenart wrote: > > The Apache Struts ver. 6.0.0 aka Apache Struts 2 ver. 2.6.0 test build > > is available. With this release the following areas were addressed: > > > > Version change: > > You can be surprised by the version change, previously we have been > > using Struts 2.5.x versioning schema, but this was a bit misleading. > > Struts 2 is a different framework than Struts 1 and its versioning is > > supposed to start with 1.0.0, yet that never happened. With each > > breaking changes release (like Struts 2.5), we had been only upgrading > > the MINOR part of the versioning schema. To fix that problem as from > > Struts 2 ver. 6.0.0 (aka Struts 2.6) we adopt a proper SemVer to > > avoid such confusion. > > > > Internal Changes: > > The framework requires Java 8 at runtime. Also Servlet API 3.1 capable > > container is required. > > OGNL expressions are limited to 256 characters by default. See WW-5179 > > - Set 'struts.ognl.expressionMaxLength' to 256 by default RESOLVED and > > docs for more details. > > Yasser's PR has been merged which contains a fix to double evaluation > > security vulnerability - it should solve any future attack vectors, > > yet it can impact your application if you have been depending on > > double evaluation. How to test: > > Run all your app tests, you shouldn't see any WARN log like below: > > Expression [so-and-so] isn't allowed by pattern [so-and-so]! See > > Accepted / Excluded patterns at https://struts.apache.org/security/ > > See if following components are still functioning correctly regarding > > java-scripts: > > - forms with client side validations > > - doubleselect > > - combobox > > Check also StreamResults, AliasInterceptors and JasperReportResults if > > they are still working as expected. > > Support to access static methods via OGNL expressions has been > > removed, use action instance methods instead. > > > > Bug > > [WW-3534] - PrepareOperations.createActionContext does not detect > > existing context correctly > > [WW-3730] - action tag accepts only String arrays as parameters > > [WW-4723] - s:url incompatible with JDK 1.5 > > [WW-4742] - Problem with escape when the key from getText has no value > > [WW-4865] - Struts s:checkbox conversion fails to List<Integer> > > [WW-4866] - ASM 5.2 and Java 9 leads to IllegalArgumentException > > [WW-4897] - KEYS, sigs and hashes should use https (SSL) > > [WW-4902] - Struts 2 fails to init Dispatcher - Tomcat Embedded > > [WW-4928] - Setting struts.devMode from system property not working as > > described > > [WW-4930] - SMI cannot be diasabled for action-packages found via the > > convention-plugin > > [WW-4941] - [jar_cache] Some jar_cache******.tmp files are generated > > into a temporary directory(/tmp) during web service start > > [WW-4943] - opensymphony.xwork2.util.LocalizedTextUtil can't get i18n > > resources > > [WW-4944] - Struts 2 REST Tiles integration issue > > [WW-4945] - TagUtils#buildNamespace should throw an exception when > > invocation is null > > [WW-4946] - Strtus 2 spring integrations is failing - fails to init > > Dispatcher - Tomcat Embedded > > [WW-4948] - Struts 2.5.16 is creating jar_cache files in temp folder > > [WW-4951] - MD5 and SHA1 should no longer be provided on download pages > > [WW-4954] - xml-validation fails since struts 2.5.17 > > [WW-4957] - Update struts version from 2.5.10 to 2.5.17. > > LocalizedTextUtil class is removed and > > GlobalLocalizedTextProvider&StrutsLocalizedTextProvider cannot be used > > instead. > > [WW-4958] - File upload fails from certain clients > > [WW-4964] - Missing javascript in form-validate.ftl > > [WW-4968] - combining s:set and s:property where the property > > retrieved is null has unexpected results > > [WW-4971] - s:include tag fails with truncated content in certain > > circumstances > > [WW-4974] - NullPointerException in > > DefaultStaticContentLoader#findStaticResource > > [WW-4977] - Fixing flaky test in Jsr168DispatcherTest and > > Jsr286DispatcherTest > > [WW-4984] - Static files like css and js files in struts-core not > > properly served > > [WW-4986] - Race condition reloading config results in actions not found > > [WW-4987] - Setting Struts2 <s:select> options Css Class > > [WW-4991] - Not existing property in listValueKey throws exception > > [WW-4997] - <s:debug> can't be resolved > > [WW-4999] - Can't get OgnlValueStack log even if enable logMissingProperties > > [WW-5002] - Package Level Properties in Global Results > > [WW-5004] - No more calling of a static variable in Struts 2.8.20 available > > [WW-5006] - NullPointerException in ProxyUtil class when accessing static > > member > > [WW-5009] - EmptyStackException in JSON plugin due to concurrency > > [WW-5011] - Tiles bug when parsing file:// URLs including # as part of the > > URL > > [WW-5013] - Accessing static variable via OGNL returns nothing > > [WW-5022] - Struts 2.6 escaping behaviour change for s:a (anchor) tag > > [WW-5024] - HttpParameters.Builder can wrap objects in two layers of > > Parameters > > [WW-5025] - Binding Integer Array upon form submission > > [WW-5026] - Double-submit of TokenSessionStoreInterceptor broken since > > 2.5.16 > > [WW-5027] - xerces tries to load resources from the internet > > [WW-5028] - Dispatcher prints stacktraces directly to the console > > [WW-5029] - The content allowed-methods tag of the XML configuration > > is sometimes truncated > > [WW-5030] - ClassNotFoundException - MockPortletResponse > > [WW-5031] - OGNL: An illegal reflective access operation has occurred > > [WW-5043] - trouble with Enum subclassing > > [WW-5054] - Debugging Interceptor debug=browser not working > > [WW-5058] - Invalid link in primer.html > > [WW-5059] - primer.html link to spring-security is broken > > [WW-5065] - AbstractMatcher adds values to the map passed into > > replaceParameters > > [WW-5072] - Minor bug in single file upload example of the Showcase > > application > > [WW-5074] - Multiple ASM jar conflict in 2.6 build > > [WW-5076] - struts2 redirecting to https to http > > [WW-5077] - Unable to set long pathname variables > > [WW-5079] - Could not find StrutsPrepareAndExecuteFilter sometime in WAS > > server > > [WW-5081] - Struts default textarea template fails w3c validation > > [WW-5082] - struts2 update from 2.1.6 to 2.3.37 > > [WW-5086] - s:set with empty body > > [WW-5087] - AliasInterceptor doesn't properly handle Parameter.Empty > > [WW-5088] - Empty file upload gives wrong error message > > [WW-5091] - Switched hash and PGP links > > [WW-5093] - inconsistent scope for variables created with s:set and s:url > > [WW-5095] - Junit plugin does not push ACTION_MAPPING into the context > > resulting in NPE > > [WW-5096] - Struts2 StaticParametersInterceptor's > > addParametersToContext method is not working as expected. > > [WW-5100] - incorrect content-type behavior after upgrading to struts 2.5.* > > [WW-5102] - Download page issues > > [WW-5104] - Please delete old releases > > [WW-5106] - The call chains of ActionContext.getContext() in > > ServletActionContext are dangerious > > [WW-5107] - JQuery plugin does not handle dynamic component ids correctly > > [WW-5108] - No errors are reported locally. On linux environment, > > tomcat runs alone and reports > > java.lang.annotation.AnnotationTypeMismatchException > > [WW-5109] - Ognl issue after migrating from strut 2.3 to 2.5 > > [WW-5116] - PostbackResult uses wrong regex range > > [WW-5117] - %{id} evaluates different for data-* and value attribute > > [WW-5119] - Blocking Threads in retrieving text from resource bundle > > [WW-5121] - Contention when injecting Scope.SINGLETON instances > > [WW-5123] - CheckboxTag value missing for labelposition > > [WW-5124] - Tag attribute values cached > > [WW-5125] - forbidden name attribute values (size, clone...?) in > > <s:textfield> using the default theme > > [WW-5129] - Dynamic Attributes are not working for doubleselect, > > optiontransferselect, inputtransferselect tags > > [WW-5130] - ID param not being set > > [WW-5140] - Cannot download struts from the main page > > [WW-5146] - Empty file upload ends in error > > [WW-5147] - OGNL valid expression is not cached and is parsed over > > again in some situations > > [WW-5160] - Template not found for name > > "Empty{name='templateDir'}/simple/hidden.ftl" > > [WW-5163] - Error executing FreeMarker template > > [WW-5169] - Key Technologies Primer: Broken link to ResourceBundles > > > > New Feature > > [WW-4598] - async Actions > > [WW-4760] - Switch to Servlet API 2.5 > > [WW-4874] - Asynchronous action method > > [WW-5005] - Struts2 convention plugin lacks Java 11 support > > [WW-5049] - Move Velocity support into a dedicated plugin > > [WW-5083] - Fetch Metadata support > > [WW-5084] - Content Security Policy support > > [WW-5085] - Add Cross-Origin Opener Policy and Cross-Origin Embedder > > Policy Support > > [WW-5101] - AbstractLocalizedTextProvider illegal reflective access > > operation has occurred > > > > Improvement > > [WW-685] - Generic error message - Type Conversion Error Handling > > [WW-2040] - Struts 1 vs. Struts 2 benchmarking application > > [WW-2411] - Add a maxlength attribute to the textarea tag > > [WW-2537] - Fix generics in all codebase > > [WW-3788] - Convert ServletActionContext to be more as ActionContext > > [WW-3877] - Remove altSyntax option > > [WW-4043] - Duplicated class TestUtils > > [WW-4069] - Upgrade DWR plugin to use the latest available version > > [WW-4348] - Remove access to static methods > > [WW-4713] - Drop "searchValueStack" attribute from tag <s:text/> > > [WW-4763] - Drop deprecated logging layer > > [WW-4779] - Remove profiling layer > > [WW-4789] - ActionContext should be immutable > > [WW-4792] - Removes deprecated XWork constants > > [WW-4796] - Rename Spring related flags to use the same pattern > > [WW-4799] - make DateConverter configurable > > [WW-4875] - Java configuration > > [WW-4889] - Implement REST content handlers using Apache Juneau > > [WW-4910] - Align OptGroup with Select > > [WW-4915] - Replace deprecated commons-lang3 classes > > [WW-4927] - Use immutable version of OGNL without access to #context > > [WW-4929] - Fallback i18n Locale > > [WW-4932] - Conversion fails when generic type is an interface > > [WW-4937] - Add SortedSet field support to JSON plugin > > [WW-4938] - ObjectFactory should use Container to instantiate actions > > and inject dependencies > > [WW-4952] - Upgrade to apache-master version 21 > > [WW-4963] - Implement new Aware interfaces that are using withXxxx > > pattern instead of setters > > [WW-4972] - Switch to latest freemarker version when defining > > incompatible_improvements > > [WW-4995] - Enhancement for s:set tag to improve tag body whitespace > > control. > > [WW-4996] - Refactor DefaultTypeConverterCreator to use > > ObjectFactory#buildConverter > > [WW-5000] - Replace string literals with proper constants in @Inject > > [WW-5001] - Allow to define converters in "struts-conversion.properties" > > file > > [WW-5003] - Use StrutsException instead of XWorkException > > [WW-5012] - Make a public state check the first acceptance check in > > SecurityMemberAccess > > [WW-5017] - Drop @Validation annotation as not needed > > [WW-5018] - Add maven enforce plugin to control certain environmental > > constraints > > [WW-5023] - Upgrade SLF4J to latest 1.7.x version > > [WW-5034] - Minor enhancement/fix to AbstractLocalizedTextProvider > > [WW-5035] - Provide mechanism to clear OgnlUtil caches > > [WW-5036] - update JFreeChart plugin for compatibility with JFreeChart 1.5 > > [WW-5052] - Use TypeConversionException instead of StrutsException > > [WW-5056] - Standard Accepted Patterns in DefaultAcceptedPatternsChecker > > [WW-5057] - Cleanup and/or improvements to Showcase Applications > > [WW-5062] - Use downloads.a.o instead of archive > > [WW-5063] - Use null check of passed in invocation in all the results > > [WW-5064] - Move XWork Spring support into struts2-spring-plugin > > [WW-5069] - Improve build behaviour on JDK9+ > > [WW-5070] - JSONResult default root object should be set explicitly, > > rather than from result of ValueStack.peek() > > [WW-5073] - Use TextParser in AbstractMatcher > > [WW-5078] - Remove support for <xwork> DTD > > [WW-5080] - Allow write directly to a response - define a new result > > [WW-5099] - Upgrade JFreeChart plugin to use version 1.5.1 of JFreeChart > > [WW-5112] - Add ability (control flag) for TextProviders to prioritize > > reads from the default resource bundlest. > > [WW-5113] - Drop deprecated constant "struts.xworkTextProvider" > > [WW-5114] - Drop deprecated constant "struts.localeProvider" > > [WW-5115] - Reduce logging for DMI excluded parameters > > [WW-5126] - inconsistancy between Model Driven and Model Driven > > Interceptor documentations > > [WW-5136] - Make class attribute deprecated > > [WW-5152] - Make OVal plugin deprecated > > [WW-5153] - Make Portlet, Portlet Mocks and Portlet Tiles plugins deprecated > > [WW-5154] - Make GXP plugin deprecated > > [WW-5155] - Make OSGi plugin deprecated > > [WW-5156] - Make Plexus plugin deprecated > > [WW-5157] - Make Sitemesh plugin deprecated > > [WW-5164] - Remove deprecated ConversionDescription class > > [WW-5168] - Fix missing submitUnchecked and broken disabled attributes > > in Javatemplates checkbox tag > > [WW-5175] - Add basic LocalDateTime support > > [WW-5179] - Set 'struts.ognl.expressionMaxLength' to 256 by default > > [WW-5181] - Stop supporting accessing static methods via OGNL expressions > > [WW-5182] - Upgrade to Servlet API 3.1 > > > > Task > > [WW-4845] - run, test, and validate Struts2 with Java9 > > [WW-4981] - Add support for Java 11 > > [WW-4982] - Remove the deprecated JsonLibHandler and outdated json-lib > > dependency > > [WW-4983] - Set private access modifier for HttpParameters.toMap > > [WW-4998] - I18nInterceptor's default storage should store locale > > [WW-5010] - Switch to Java 8 > > [WW-5016] - Support Java 8 date time in the date tag > > [WW-5020] - delete deprecated sitegraph plugin > > [WW-5021] - Serve static resources from different path > > [WW-5118] - OGNL long conversion > > > > Dependency > > [WW-4887] - Upgrade to Tiles 3.0.8 > > [WW-4926] - Upgrade commons-beanutils to version 1.9.3 > > [WW-4931] - Upgrade to Apache FreeMarker 2.3.28 version > > [WW-4947] - server errors generated by > > secure-jakarta-multipart-parser-plugin > > [WW-4955] - Upgrade to OGNL 3.2.6 > > [WW-4956] - Upgrade to Log4j2 2.11.1 > > [WW-4965] - Upgrade to OGNL 3.2.7 > > [WW-4967] - Upgrade to Jackson 2.9.6 > > [WW-4973] - Upgrade to OGNL 3.2.8 > > [WW-4975] - Upgraded commons-fileupload to version 1.4 > > [WW-4976] - Upgrade ASM to version 7.0 > > [WW-4979] - Update multiple Struts 2.6.x libraries to more recent versions > > [WW-4980] - Update maven-wrapper to 3.5.4 and add maven-wrapper.jar to > > .gitignore > > [WW-4985] - Update persistence-api from 1.0 to 1.0.2 for CDI Plugin > > [WW-4988] - Upgrade DWR from 1.x to 2.x (for DWR plugin) > > [WW-4989] - Use JacksonXML handler instead of XStream as a default > > handler for XML in the REST plugin > > [WW-4992] - Mark the Embedded JSP plugin as depracted > > [WW-4993] - Update OGNL versions for 2.6 and 2.5.x builds > > [WW-5007] - Upgrade Jackson library to the latest version > > [WW-5019] - Upgrade Log4j to version 2.13.3 > > [WW-5032] - Struts 2 Junit Plugin is not working with Zulu JDK11 > > [WW-5033] - Update a few Struts 2.5.x libraries to more recent versions > > [WW-5037] - Upgrade commons-beanutils to version 1.9.4 > > [WW-5038] - Upgrade jackson-databind to version 2.9.9.3 > > [WW-5042] - Upgrade jackson-databind to version 2.10.0 > > [WW-5045] - Update jasperreports to 6.10.0 > > [WW-5047] - Upgrade Velocity to 2.1 and Velocity Tools to 3.0 > > [WW-5048] - Update various dependencies to newest version > > [WW-5050] - Upgrade to OGNL 3.2.12 > > [WW-5061] - CVEs in the library dependencies > > [WW-5068] - Update multiple Struts 2.6.x libraries / Maven build plugin > > versions > > [WW-5075] - Upgrade OSGi to the latest version > > [WW-5092] - ASM dependency update to 8.* > > [WW-5094] - Upgrade Spring Framework to version 4.3.29.RELEASE > > [WW-5097] - Upgrade to OGNL 3.2.16 > > [WW-5098] - Upgrade ASM to version 9.0 > > [WW-5103] - Upgrade XStream to version 1.4.14 > > [WW-5120] - Upgrade Velocity Engine & Velocity Tools > > [WW-5122] - Upgrade XStream to version 1.4.16 > > [WW-5131] - Upgrade commons-io to version 2.9 > > [WW-5134] - Upgrade JasperReports to version 6.17.0 > > [WW-5135] - Upgrade XStream to version 1.4.17 > > [WW-5142] - Upgrade XStream to version 1.4.18 > > [WW-5143] - Upgrade Oval library to ver. 3.2.1 > > [WW-5144] - Mark OVal plugin as deprecated > > [WW-5148] - Upgrade ASM to version 9.2 > > [WW-5151] - Bump to 2.15.0 to fix log4j vulnerability > > [WW-5158] - Upgrade Log4j to version 2.16.0 to address security > > vulnerability > > [WW-5161] - Update spring to 4.3.30 > > [WW-5162] - Upgrade Log4j to version 2.17.1 to address security > > vulnerability > > [WW-5165] - Update spring to 5.3.x b/c 4.3.x is EOL > > [WW-5166] - Update OGNL to 3.3.2 > > [WW-5167] - Upgrade XStream to version 1.4.19 > > [WW-5171] - Upgrade Apache Log4j 2.17.2 > > [WW-5172] - Upgrade freemarker to 2.3.31 > > [WW-5174] - Upgrade Jackson-Core to version 2.13.2 and > > Jackson-Databind to 2.13.2.1 > > > > Github release: > > * https://github.com/apache/struts/releases/tag/STRUTS_6_0_0 > > > > Release notes: > > * https://cwiki.apache.org/confluence/display/WW/Version+Notes+6.0.0 > > > > MIgration guide: > > * > > https://cwiki.apache.org/confluence/display/WW/Struts+2.5+to+6.0.0+migration > > > > Distribution: > > * https://dist.apache.org/repos/dist/dev/struts/6.0.0/ > > > > Maven 2 staging repository: > > * https://repository.apache.org/content/repositories/staging/ > > > > Once you have had a chance to review the test build, please respond > > with a vote on its quality: > > > > [ ] Leave at test build > > [ ] Alpha > > [ ] Beta > > [ ] General Availability (GA) > > > > Everyone who has tested the build is invited to vote. Votes by PMC > > members are considered binding. A vote passes if there are at least > > three binding +1s and more +1s than -1s. > > > > The vote will remain open for at least 72 hours, longer upon request. > > A vote can be amended at any time to upgrade or downgrade the quality > > of the release based on future experience. If an initial vote > > designates the build as "Beta", the release will be submitted for > > mirroring and announced to the user list. Once released as a public > > beta, subsequent quality votes on a build may be held on the user > > list. > > > > As always, the act of voting carries certain obligations. A binding > > vote not only states an opinion, but means that the voter is agreeing > > to help do the work. > > > > > > Kind regards > > -- > > Łukasz > > + 48 606 323 122 http://www.lenart.org.pl/ > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org > > For additional commands, e-mail: dev-h...@struts.apache.org > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org > For additional commands, e-mail: dev-h...@struts.apache.org > -- Łukasz + 48 606 323 122 http://www.lenart.org.pl/ --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
