> [ ] Leave at test build > [ ] Alpha > [ ] Beta > [X] General Availability (GA)
+1 (binding) Thank you Johannes Lukasz Lenart <[email protected]> schrieb am Mi., 24. Juni 2026, 09:02: > The Apache Struts 7.2.1 test build is available. This release contains > a few minor breaking changes plus some bug fixes. Also a lot of > dependencies have been updated: > > Breaking changes > > - JSON and REST request bodies are now authorized per property during > deserialization, so action/model properties without @StrutsParameter > are no longer populated when struts.parameters.requireAnnotations is > enabled (the default) [WW-5626], [WW-5624]. > - CookieInterceptor now applies @StrutsParameter authorization to > cookie values and deprecates the 4-arg > populateCookieValueIntoStack(...) in favor of a new 5-arg overload > taking the action, so un-annotated setters stop receiving cookies and > subclass overrides must migrate [WW-5627]. > - Apache Commons FileUpload was upgraded to 2.0.0-M5, whose renamed > methods break custom upload code or FileUploadInterceptor subclasses > calling its API directly [WW-5615], [WW-5632]. > - OGNL was upgraded from 3.3.5 to 3.4.11, which may affect code or > configuration relying on OGNL expression, method-access, or security > semantics [WW-5536], [WW-5613]. > - StreamResult now honors an explicitly empty contentCharSet by > clearing the response character encoding, changing the emitted > Content-Type for that configuration [WW-5602]. > - ChainingInterceptor adds the opt-in > struts.chaining.requireAnnotations constant (default false) that, > when enabled, skips properties without @StrutsParameter during action > chaining [WW-5631]. > > Bug > [WW-2963] - default-action-ref fails to find wildcard named actions > [WW-3429] - <input> tag generated by <s:checkbox> produce HTML warning > in validators > [WW-3647] - Adding a jndi-lookup Spring bean breaks > ServletActionRedirectResult > [WW-4421] - Duplicate @Action value annotation check skipped > [WW-4428] - Add support for new Java 8 LocalDate and LocalDateTime to > the JSON plugin > [WW-5294] - Tag <s:textfield/> is not showing the warning when exposed > directly via JSP > [WW-5368] - Access warning when get resource bundle which its name > starts with "label" > [WW-5514] - Allow configuration of ProxyUtil for cache types > [WW-5519] - Plugin not compatible with latest version of IDEA > [WW-5535] - HttpMethodInterceptor does not work with action names > using wildcards > [WW-5537] - Memory Leak > [WW-5549] - i18n interceptor param supportedLocale (when set) disables > request_locale param functionality > [WW-5578] - Bad interceptor configuration is masked > [WW-5586] - WithLazyParams interceptors cannot be configured within > interceptor stacks > [WW-5587] - WithLazyParams interceptors lose parameters in stack > configurations > [WW-5592] - Textfield tag not allowing white space > [WW-5593] - Convention plugin fails with NoClassDefFoundError when > scanning classes with missing dependencies > [WW-5594] - Convention plugin exclusion pattern org.apache.struts2.* > doesn't match root package classes > [WW-5602] - Can't specify empty charset on StreamResult > [WW-5614] - Excessive memory usage in apps with large short-lived objects > [WW-5623] - Harden output encoding of the form action attribute in > PostbackResult > [WW-5624] - Request body population bypasses @StrutsParameter contract > outside ParametersInterceptor > [WW-5630] - Performance Issue SecurityMemberAccess > [WW-5636] - ServletRedirectResult writes unescaped URL to response > body for non-302 status codes > > New Feature > [WW-5444] - Implement a new html5 theme > [WW-5631] - Add opt-in @StrutsParameter enforcement to ChainingInterceptor > [WW-5632] - Harden commons-fileupload2 dependency against milestone > binary-incompatibility > > Improvement > [WW-4291] - Can't use Spring bean name for type convertor > [WW-5256] - Reduce size of generate html out of freemarker tag templates > [WW-5560] - Support IntelliJ Platform 2024.2 > [WW-5563] - Support IntelliJ Platform 2025.3 > [WW-5576] - In Java 25: the use of the three-letter time zone IDs is > deprecated > [WW-5585] - Allow dynamically set "allowedTypes" and > "allowedExtensions" for file upload validation > [WW-5588] - Allow Preparable interface to work with only per-method > prepare*() implementations > [WW-5589] - Convert remaining UIBean protected fields to private to > prevent OGNL warnings > [WW-5603] - xwork-default.xml is shown as framework config file > [WW-5613] - Add proper support for OGNL 3.4.10 > [WW-5617] - Use System.err.println() instead of printStackTrace() > [WW-5618] - Make JSON plugin more configurable > [WW-5621] - Harden XML parsers against Entity Expansion (Billion Laughs) > attacks > [WW-5622] - Optimize Hibernate proxy detection to avoid repeated > exception overhead when Hibernate is absent > [WW-5626] - Refactor JSON/REST @StrutsParameter enforcement to > per-property authorization > [WW-5627] - CookieInterceptor bypasses @StrutsParameter authorization > [WW-5635] - TokenHelper.validToken() includes session token in WARN log > output > > Task > [WW-5615] - Adapt to renamed methods in Apache Commons FileUpload 2.0.0-M5 > > Dependency > [WW-5536] - Bump ognl:ognl from 3.3.5 to 3.4.8 > [WW-5579] - @DoubleRangeFieldValidator and @ShortRangeFieldValidator > missing from @Validations container annotation > [WW-5582] - Bump asm.version from 9.8 to 9.9 > [WW-5583] - Bump commons-validator:commons-validator from 1.9.0 to 1.10.0 > [WW-5595] - Bump org.apache.commons:commons-text from 1.14.0 to 1.15.0 > [WW-5596] - Bump byte-buddy.version from 1.17.7 to 1.18.2 > [WW-5598] - Bump com.fasterxml.jackson:jackson-bom from 2.19.1 to 2.20.1 > [WW-5601] - Bump commons-io:commons-io from 2.20.0 to 2.21.0 > [WW-5605] - Bump org.apache.juneau:juneau-marshall from 8.1.3 to 9.2.0 > [WW-5607] - Bump com.fasterxml.jackson:jackson-bom from 2.20.1 to 2.21.0 > [WW-5625] - Bump commons-io:commons-io from 2.21.0 to 2.22.0 > [WW-5628] - bump asm.version from 9.9.1 to 9.10 > [WW-5629] - bump log4j2.version from 2.25.4 to 2.26.0 > [WW-5633] - Bumps com.fasterxml.jackson:jackson-bom from 2.21.3 to 2.22.0. > [WW-5634] - Bumps org.htmlunit:htmlunit from 4.21.0 to 5.1.0. > > Release notes: > * https://cwiki.apache.org/confluence/display/WW/Version+Notes+7.2.1 > > Github release > * https://github.com/apache/struts/releases/tag/STRUTS_7_2_1 > > Distribution: > * https://dist.apache.org/repos/dist/dev/struts/7.2.1/ > > Maven 2 staging repository: > * https://repository.apache.org/content/repositories/staging/ > > Once you have had a chance to review the test build, please respond > with a vote on its quality: > > [ ] Leave at test build > [ ] Alpha > [ ] Beta > [ ] General Availability (GA) > > Everyone who has tested the build is invited to vote. Votes by PMC > members are considered binding. A vote passes if there are at least > three binding +1s and more +1s than -1s. > > The vote will remain open for at least 72 hours, longer upon request. > A vote can be amended at any time to upgrade or downgrade the quality > of the release based on future experience. If an initial vote > designates the build as "Beta", the release will be submitted for > mirroring and announced to the user list. Once released as a public > beta, subsequent quality votes on a build may be held on the user > list. > > As always, the act of voting carries certain obligations. A binding > vote not only states an opinion, but means that the voter is agreeing > to help do the work. > > On behalf of the Apache Struts project > Ćukasz > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > >
