> [ ] Leave at test build
> [ ] Alpha
> [ ] Beta
> [X] General Availability (GA)

+1 (binding)

Thank you

Johannes

Lukasz Lenart <[email protected]> schrieb am Mi., 24. Juni 2026,
09:02:

> The Apache Struts 7.2.1 test build is available. This release contains
> a few minor breaking changes plus some bug fixes. Also a lot of
> dependencies have been updated:
>
> Breaking changes
>
> - JSON and REST request bodies are now authorized per property during
> deserialization, so action/model properties without @StrutsParameter
> are no longer populated when struts.parameters.requireAnnotations is
> enabled (the default) [WW-5626], [WW-5624].
> - CookieInterceptor  now applies @StrutsParameter  authorization to
> cookie values and deprecates the 4-arg
> populateCookieValueIntoStack(...)  in favor of a new 5-arg overload
> taking the action, so un-annotated setters stop receiving cookies and
> subclass overrides must migrate [WW-5627].
> - Apache Commons FileUpload was upgraded to 2.0.0-M5, whose renamed
> methods break custom upload code or FileUploadInterceptor  subclasses
> calling its API directly [WW-5615], [WW-5632].
> - OGNL was upgraded from 3.3.5 to 3.4.11, which may affect code or
> configuration relying on OGNL expression, method-access, or security
> semantics [WW-5536], [WW-5613].
> - StreamResult  now honors an explicitly empty contentCharSet  by
> clearing the response character encoding, changing the emitted
> Content-Type for that configuration [WW-5602].
> - ChainingInterceptor  adds the opt-in
> struts.chaining.requireAnnotations  constant (default false) that,
> when enabled, skips properties without @StrutsParameter  during action
> chaining [WW-5631].
>
> Bug
> [WW-2963] - default-action-ref fails to find wildcard named actions
> [WW-3429] - <input> tag generated by <s:checkbox> produce HTML warning
> in validators
> [WW-3647] - Adding a jndi-lookup Spring bean breaks
> ServletActionRedirectResult
> [WW-4421] - Duplicate @Action value annotation check skipped
> [WW-4428] - Add support for new Java 8 LocalDate and LocalDateTime to
> the JSON plugin
> [WW-5294] - Tag <s:textfield/> is not showing the warning when exposed
> directly via JSP
> [WW-5368] - Access warning when get resource bundle which its name
> starts with "label"
> [WW-5514] - Allow configuration of ProxyUtil for cache types
> [WW-5519] - Plugin not compatible with latest version of IDEA
> [WW-5535] - HttpMethodInterceptor does not work with action names
> using wildcards
> [WW-5537] - Memory Leak
> [WW-5549] - i18n interceptor param supportedLocale (when set) disables
> request_locale param functionality
> [WW-5578] - Bad interceptor configuration is masked
> [WW-5586] - WithLazyParams interceptors cannot be configured within
> interceptor stacks
> [WW-5587] - WithLazyParams interceptors lose parameters in stack
> configurations
> [WW-5592] - Textfield tag not allowing white space
> [WW-5593] - Convention plugin fails with NoClassDefFoundError when
> scanning classes with missing dependencies
> [WW-5594] - Convention plugin exclusion pattern org.apache.struts2.*
> doesn't match root package classes
> [WW-5602] - Can't specify empty charset on StreamResult
> [WW-5614] - Excessive memory usage in apps with large short-lived objects
> [WW-5623] - Harden output encoding of the form action attribute in
> PostbackResult
> [WW-5624] - Request body population bypasses @StrutsParameter contract
> outside ParametersInterceptor
> [WW-5630] - Performance Issue SecurityMemberAccess
> [WW-5636] - ServletRedirectResult writes unescaped URL to response
> body for non-302 status codes
>
> New Feature
> [WW-5444] - Implement a new html5 theme
> [WW-5631] - Add opt-in @StrutsParameter enforcement to ChainingInterceptor
> [WW-5632] - Harden commons-fileupload2 dependency against milestone
> binary-incompatibility
>
> Improvement
> [WW-4291] - Can't use Spring bean name for type convertor
> [WW-5256] - Reduce size of generate html out of freemarker tag templates
> [WW-5560] - Support IntelliJ Platform 2024.2
> [WW-5563] - Support IntelliJ Platform 2025.3
> [WW-5576] - In Java 25: the use of the three-letter time zone IDs is
> deprecated
> [WW-5585] - Allow dynamically set "allowedTypes" and
> "allowedExtensions" for file upload validation
> [WW-5588] - Allow Preparable interface to work with only per-method
> prepare*() implementations
> [WW-5589] - Convert remaining UIBean protected fields to private to
> prevent OGNL warnings
> [WW-5603] - xwork-default.xml is shown as framework config file
> [WW-5613] - Add proper support for OGNL 3.4.10
> [WW-5617] - Use System.err.println() instead of printStackTrace()
> [WW-5618] - Make JSON plugin more configurable
> [WW-5621] - Harden XML parsers against Entity Expansion (Billion Laughs)
> attacks
> [WW-5622] - Optimize Hibernate proxy detection to avoid repeated
> exception overhead when Hibernate is absent
> [WW-5626] - Refactor JSON/REST @StrutsParameter enforcement to
> per-property authorization
> [WW-5627] - CookieInterceptor bypasses @StrutsParameter authorization
> [WW-5635] - TokenHelper.validToken() includes session token in WARN log
> output
>
> Task
> [WW-5615] - Adapt to renamed methods in Apache Commons FileUpload 2.0.0-M5
>
> Dependency
> [WW-5536] - Bump ognl:ognl from 3.3.5 to 3.4.8
> [WW-5579] - @DoubleRangeFieldValidator and @ShortRangeFieldValidator
> missing from @Validations container annotation
> [WW-5582] - Bump asm.version from 9.8 to 9.9
> [WW-5583] - Bump commons-validator:commons-validator from 1.9.0 to 1.10.0
> [WW-5595] - Bump org.apache.commons:commons-text from 1.14.0 to 1.15.0
> [WW-5596] - Bump byte-buddy.version from 1.17.7 to 1.18.2
> [WW-5598] - Bump com.fasterxml.jackson:jackson-bom from 2.19.1 to 2.20.1
> [WW-5601] - Bump commons-io:commons-io from 2.20.0 to 2.21.0
> [WW-5605] - Bump org.apache.juneau:juneau-marshall from 8.1.3 to 9.2.0
> [WW-5607] - Bump com.fasterxml.jackson:jackson-bom from 2.20.1 to 2.21.0
> [WW-5625] - Bump commons-io:commons-io from 2.21.0 to 2.22.0
> [WW-5628] - bump asm.version from 9.9.1 to 9.10
> [WW-5629] - bump log4j2.version from 2.25.4 to 2.26.0
> [WW-5633] - Bumps com.fasterxml.jackson:jackson-bom from 2.21.3 to 2.22.0.
> [WW-5634] - Bumps org.htmlunit:htmlunit from 4.21.0 to 5.1.0.
>
> Release notes:
> * https://cwiki.apache.org/confluence/display/WW/Version+Notes+7.2.1
>
> Github release
> * https://github.com/apache/struts/releases/tag/STRUTS_7_2_1
>
> Distribution:
> * https://dist.apache.org/repos/dist/dev/struts/7.2.1/
>
> Maven 2 staging repository:
> * https://repository.apache.org/content/repositories/staging/
>
> Once you have had a chance to review the test build, please respond
> with a vote on its quality:
>
> [ ] Leave at test build
> [ ] Alpha
> [ ] Beta
> [ ] General Availability (GA)
>
> Everyone who has tested the build is invited to vote. Votes by PMC
> members are considered binding. A vote passes if there are at least
> three binding +1s and more +1s than -1s.
>
> The vote will remain open for at least 72 hours, longer upon request.
> A vote can be amended at any time to upgrade or downgrade the quality
> of the release based on future experience. If an initial vote
> designates the build as "Beta", the release will be submitted for
> mirroring and announced to the user list. Once released as a public
> beta, subsequent quality votes on a build may be held on the user
> list.
>
> As always, the act of voting carries certain obligations. A binding
> vote not only states an opinion, but means that the voter is agreeing
> to help do the work.
>
> On behalf of the Apache Struts project
> Ɓukasz
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [email protected]
> For additional commands, e-mail: [email protected]
>
>

Reply via email to