[ https://issues.apache.org/jira/browse/WW-5371?focusedWorklogId=899124&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-899124 ]
ASF GitHub Bot logged work on WW-5371: -------------------------------------- Author: ASF GitHub Bot Created on: 11/Jan/24 08:15 Start Date: 11/Jan/24 08:15 Worklog Time Spent: 10m Work Description: lukaszlenart commented on code in PR #223: URL: https://github.com/apache/struts-site/pull/223#discussion_r1448460628 ########## source/core-developers/file-upload.md: ########## @@ -21,11 +24,13 @@ than the temporary directory and the directories that belong to your web applica The Struts 2 framework leverages the Commons FileUpload library as a based library to support file upload in the framework. The library is included in a base Struts 2 distribution. +> NOTE: Since Struts 6.4.0 the `FileUploadInterceptor` is deprecated and you should use `ActionFileUploadInterceptor` instead! + ## Basic Usage -The `org.apache.struts2.interceptor.FileUploadInterceptor` class is included as part of the `defaultStack`. As long as -the required libraries are added to your project you will be able to take advantage of the Struts 2 file upload -capability. Configure an Action mapping for your Action class as you typically would. +The `org.apache.struts2.interceptor.FileUploadInterceptor` and `org.apache.struts2.interceptor.ActionFileUploadInterceptor` +classes is included as part of the `defaultStack`. As long as the required libraries are added to your project you will be able Review Comment: Rephrased the sentence a bit Issue Time Tracking ------------------- Worklog Id: (was: 899124) Time Spent: 1h 40m (was: 1.5h) > Use action based callback to transfer information about uploaded files > ---------------------------------------------------------------------- > > Key: WW-5371 > URL: https://issues.apache.org/jira/browse/WW-5371 > Project: Struts 2 > Issue Type: Improvement > Components: Core Interceptors > Reporter: Lukasz Lenart > Assignee: Lukasz Lenart > Priority: Major > Fix For: 6.4.0 > > Time Spent: 1h 40m > Remaining Estimate: 0h > > Based on experience of the latest security vulnerability (CVE-2023-50164) it > would be better to keep uploaded files out of scope of passed parameters. > The idea is to have a dedicated interceptor and *Aware interface instead of > using parameter injection as it happens currently. -- This message was sent by Atlassian Jira (v8.20.10#820010)