(struts-site) branch asf-site updated: Automatic Site Publish by Buildbot
This is an automated email from the ASF dual-hosted git repository. git-site-role pushed a commit to branch asf-site in repository https://gitbox.apache.org/repos/asf/struts-site.git The following commit(s) were added to refs/heads/asf-site by this push: new 46d0248fe Automatic Site Publish by Buildbot 46d0248fe is described below commit 46d0248fe296ba289d19c656a50a89f8f69bb700 Author: buildbot AuthorDate: Mon Jun 10 06:34:42 2024 + Automatic Site Publish by Buildbot --- output/core-developers/csp-interceptor.html | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/output/core-developers/csp-interceptor.html b/output/core-developers/csp-interceptor.html index 30934f39b..bb0aaca01 100644 --- a/output/core-developers/csp-interceptor.html +++ b/output/core-developers/csp-interceptor.html @@ -183,8 +183,9 @@ implement CSP in a highly secure fashion. is going to be enforced. reportUri - an uri under which the violations will be reported. prependServletContext (default true) - a flag to prepend or not the Servlet context to the reportUri - cspSettingsClassName (default to DefaultCspSettings.class) - a class name implementing CspSettings interface -to allow to define a custom CPS settings. It’s alternative approach of using CspAware interface below. + cspSettingsClassName (default to DefaultCspSettings.class) - a full class name implementing CspSettings interface +to allow to define a custom CPS settings. It’s alternative approach of using the CspSettingsAware +interface below. Report action
(struts-site) branch asf-site updated: Automatic Site Publish by Buildbot
This is an automated email from the ASF dual-hosted git repository. git-site-role pushed a commit to branch asf-site in repository https://gitbox.apache.org/repos/asf/struts-site.git The following commit(s) were added to refs/heads/asf-site by this push: new 3ec878623 Automatic Site Publish by Buildbot 3ec878623 is described below commit 3ec878623f09efd4deee51db721c5994ef83bf59 Author: buildbot AuthorDate: Mon Jun 10 06:03:51 2024 + Automatic Site Publish by Buildbot --- output/core-developers/csp-interceptor.html | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/output/core-developers/csp-interceptor.html b/output/core-developers/csp-interceptor.html index d5f7be7b8..30934f39b 100644 --- a/output/core-developers/csp-interceptor.html +++ b/output/core-developers/csp-interceptor.html @@ -173,7 +173,7 @@ header is sent and Content-Se CSP is now supported by all major browsers. https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP;>More information about CSP. -The interceptor adds a nonce value automatically to to s:script and s:link tags. This provides a painless way to +The interceptor adds a nonce value automatically to s:script and s:link tags. This provides a painless way to implement CSP in a highly secure fashion. Parameters @@ -183,6 +183,8 @@ implement CSP in a highly secure fashion. is going to be enforced. reportUri - an uri under which the violations will be reported. prependServletContext (default true) - a flag to prepend or not the Servlet context to the reportUri + cspSettingsClassName (default to DefaultCspSettings.class) - a class name implementing CspSettings interface +to allow to define a custom CPS settings. It’s alternative approach of using CspAware interface below. Report action
(struts-site) branch asf-site updated: Automatic Site Publish by Buildbot
This is an automated email from the ASF dual-hosted git repository. git-site-role pushed a commit to branch asf-site in repository https://gitbox.apache.org/repos/asf/struts-site.git The following commit(s) were added to refs/heads/asf-site by this push: new 84c3d4cd8 Automatic Site Publish by Buildbot 84c3d4cd8 is described below commit 84c3d4cd8c70375b2b99c40c86001b957ae49147 Author: buildbot AuthorDate: Thu Apr 25 04:40:08 2024 + Automatic Site Publish by Buildbot --- output/plugins/plugins-architecture.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/output/plugins/plugins-architecture.html b/output/plugins/plugins-architecture.html index 2a83e20e0..03a0ee137 100644 --- a/output/plugins/plugins-architecture.html +++ b/output/plugins/plugins-architecture.html @@ -213,7 +213,7 @@ other plugins available to an application. !-- Assuming /static/main.css is inside a plugin jar, to add it to the page: -- -@s.url value="/struts/main.css" var="css" / +@s.url value="/static/main.css" var="css" / link rel="stylesheet" type="text/css" href="%{#css}" /
(struts-site) branch asf-site updated: Automatic Site Publish by Buildbot
This is an automated email from the ASF dual-hosted git repository. git-site-role pushed a commit to branch asf-site in repository https://gitbox.apache.org/repos/asf/struts-site.git The following commit(s) were added to refs/heads/asf-site by this push: new 6c701d3c0 Automatic Site Publish by Buildbot 6c701d3c0 is described below commit 6c701d3c00057e757851a6dfcde4dd8ac5c7e152 Author: buildbot AuthorDate: Tue Apr 23 05:33:26 2024 + Automatic Site Publish by Buildbot --- output/security/index.html | 14 ++ 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/output/security/index.html b/output/security/index.html index ac8f34ddb..f271dfb73 100644 --- a/output/security/index.html +++ b/output/security/index.html @@ -608,10 +608,16 @@ with other known dangerous classes or packages in your application. We additionally recommend enabling the following options (enabled by default in 7.0). - struts.ognl.allowStaticFieldAccess=false - static methods are always blocked, but static fields can also optionally be blocked - struts.disallowProxyMemberAccess=true - disallow proxied objects from being used in OGNL expressions as they may present a security risk - struts.disallowDefaultPackageAccess=true - disallow access to classes in the default package which should not be used in production - struts.ognl.disallowCustomOgnlMap=true - disallow construction of custom OGNL maps which can be used to bypass the SecurityMemberAccess policy + struts.ognl.allowStaticFieldAccess=false - static field values which aren’t a primitive type can be used to access +classes that wouldn’t otherwise be accessible + struts.disallowProxyObjectAccess=true - disallow proxied objects from being used in OGNL expressions as these often +represent application beans or database entities which are sensitive + struts.disallowDefaultPackageAccess=true - disallow access to classes in the default package which should not be +used in production + struts.ognl.disallowCustomOgnlMap=true - disallow construction of custom OGNL maps which can be used to bypass the +SecurityMemberAccess policy + struts.actionConfig.fallbackToEmptyNamespace=false - prevent Actions in the empty namespace from being accessed from +alternative endpoints Allowlist Capability
(struts-site) branch asf-site updated: Automatic Site Publish by Buildbot
This is an automated email from the ASF dual-hosted git repository. git-site-role pushed a commit to branch asf-site in repository https://gitbox.apache.org/repos/asf/struts-site.git The following commit(s) were added to refs/heads/asf-site by this push: new 0501f8045 Automatic Site Publish by Buildbot 0501f8045 is described below commit 0501f8045c59ebfb8c9d5dc6a34f98a8361f8856 Author: buildbot AuthorDate: Sat Apr 20 13:58:19 2024 + Automatic Site Publish by Buildbot --- output/core-developers/web-xml.html| 13 +- output/plugins/async/index.html| 4 +- output/plugins/bean-validation/index.html | 4 +- output/plugins/cdi/index.html | 4 +- output/plugins/codebehind/index.html | 4 +- output/plugins/config-browser/index.html | 4 +- output/plugins/convention/converting.html | 6 +- output/plugins/convention/index.html | 4 +- output/plugins/dwr/index.html | 4 +- output/plugins/embedded-jsp/index.html | 4 +- output/plugins/index.html | 2 +- output/plugins/jasperreports/index.html| 4 +- output/plugins/java-8-support/index.html | 4 +- output/plugins/javatemplates/index.html| 4 +- output/plugins/jfreechart/index.html | 4 +- output/plugins/jsf/index.html | 4 +- output/plugins/json/index.html | 4 +- output/plugins/json/json-ajax-validation.html | 4 +- output/plugins/junit/index.html| 4 +- output/plugins/osgi/index.html | 4 +- output/plugins/oval/index.html | 4 +- output/plugins/plexus/index.html | 4 +- output/plugins/portlet-tiles/index.html| 4 +- output/plugins/portlet/index.html | 4 +- .../plugins/portlet/struts-2-portlet-tutorial.html | 4 +- output/plugins/rest/index.html | 4 +- output/plugins/sitegraph/index.html| 4 +- output/plugins/sitemesh/index.html | 60 +++ output/plugins/spring/index.html | 6 +- .../spring-session-components-workarounds.html | 192 - output/plugins/struts-1/index.html | 4 +- output/plugins/testng/index.html | 4 +- output/plugins/tiles-3/index.html | 4 +- output/plugins/tiles/index.html| 4 +- output/plugins/velocity/index.html | 2 +- 35 files changed, 98 insertions(+), 295 deletions(-) diff --git a/output/core-developers/web-xml.html b/output/core-developers/web-xml.html index b1dee9200..4ed498a9b 100644 --- a/output/core-developers/web-xml.html +++ b/output/core-developers/web-xml.html @@ -160,10 +160,13 @@ The web.xml web application descriptor file represents the core of the Java web application, so it is appropriate -that it is also part of the core of the Struts framework. In the web.xml file, Struts defines its FilterDispatcher, -the Servlet Filter class that initializes the Struts framework and handles all requests. This filter can contain -initialization parameters that affect what, if any, additional configuration files are loaded and how the framework -should behave. +that it is also part of the core of the Struts framework. In the web.xml file you can use one of the two options: + + Configure org.apache.struts2.dispatcher.filter.StrutsPrepareAndExecuteFilter which acts as a central + point of initializing the Struts framework and handles all requests. + Use combination of org.apache.struts2.dispatcher.filter.StrutsPrepareFilter and org.apache.struts2.dispatcher.filter.StrutsExecuteFilter + to support custom integration with other frameworks like Sitemesh. + Simple Example @@ -192,7 +195,7 @@ should behave. /web-app -See SiteMesh Plugin for an example on when to use separate Filters for prepare and execution phase. +See SiteMesh Plugin for an example on when to use separate Filters for prepare and execution phase. Custom mapping diff --git a/output/plugins/async/index.html b/output/plugins/async/index.html index ed24ec747..a46dc1733 100644 --- a/output/plugins/async/index.html +++ b/output/plugins/async/index.html @@ -13,7 +13,7 @@ - + @@ -148,7 +148,7 @@ https://github.com/apache/struts-site/edit/master/source/plugins/async/index.md; title="Edit this page on GitHub">Edit on GitHub -<< back to Plugins +<< back to Plugins Async Plugin diff --git a/output/plugins/bean-validation/index.html b/output/plugins/bean-validation/index.html index 220bd6b7b..005fc7ae0 100644 --- a/output/plugins/bean-validation/index.html +++ b/output/plugins/bean-validation/index.html @@ -13,7 +13,7 @@ - + @@ -148,7
(struts-site) branch asf-site updated: Automatic Site Publish by Buildbot
This is an automated email from the ASF dual-hosted git repository. git-site-role pushed a commit to branch asf-site in repository https://gitbox.apache.org/repos/asf/struts-site.git The following commit(s) were added to refs/heads/asf-site by this push: new 1e715bb71 Automatic Site Publish by Buildbot 1e715bb71 is described below commit 1e715bb7132c857c6bff321cd06ad2769aefe553 Author: buildbot AuthorDate: Sat Apr 20 08:36:41 2024 + Automatic Site Publish by Buildbot --- output/{index.html => announce-2024.html} | 162 +++-- output/core-developers/default-properties.html | 3 + output/download.html | 50 output/index.html | 26 ++-- output/releases.html | 47 ++- 5 files changed, 159 insertions(+), 129 deletions(-) diff --git a/output/index.html b/output/announce-2024.html similarity index 67% copy from output/index.html copy to output/announce-2024.html index d85a68a98..df884004c 100644 --- a/output/index.html +++ b/output/announce-2024.html @@ -7,18 +7,18 @@ - Welcome to the Apache Struts project + Announcements 2024 + + - https://buttons.github.io/buttons.js"> -
(struts-site) branch asf-site updated: Automatic Site Publish by Buildbot
This is an automated email from the ASF dual-hosted git repository. git-site-role pushed a commit to branch asf-site in repository https://gitbox.apache.org/repos/asf/struts-site.git The following commit(s) were added to refs/heads/asf-site by this push: new 03751e332 Automatic Site Publish by Buildbot 03751e332 is described below commit 03751e3323ddb76c0ef4886f3ebdc0b92aa80042 Author: buildbot AuthorDate: Thu Mar 28 11:52:30 2024 + Automatic Site Publish by Buildbot --- output/plugins/tiles/index.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/output/plugins/tiles/index.html b/output/plugins/tiles/index.html index 83f1258db..c75e28b8f 100644 --- a/output/plugins/tiles/index.html +++ b/output/plugins/tiles/index.html @@ -194,7 +194,7 @@ configuration will be similar to: Register the Tiles listener. This listener will typically either be the standard tiles listener org.apache.tiles.listener.TilesListener -or the Struts2 replacement org.apache.struts2.tiles.TilesListener. The latter provides tighter integration with +or the Struts2 replacement org.apache.struts2.tiles.StrutsTilesListener. The latter provides tighter integration with Struts features such as freemarker integration. listener
(struts-site) branch asf-site updated: Automatic Site Publish by Buildbot
This is an automated email from the ASF dual-hosted git repository. git-site-role pushed a commit to branch asf-site in repository https://gitbox.apache.org/repos/asf/struts-site.git The following commit(s) were added to refs/heads/asf-site by this push: new b2727cd9d Automatic Site Publish by Buildbot b2727cd9d is described below commit b2727cd9da2a0c37fa8378d55d480e9ab2b7ef82 Author: buildbot AuthorDate: Thu Mar 14 12:57:52 2024 + Automatic Site Publish by Buildbot --- output/core-developers/file-upload-interceptor.html | 2 +- output/core-developers/file-upload.html | 6 -- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/output/core-developers/file-upload-interceptor.html b/output/core-developers/file-upload-interceptor.html index 7aa55be6a..7ae6fa0e3 100644 --- a/output/core-developers/file-upload-interceptor.html +++ b/output/core-developers/file-upload-interceptor.html @@ -153,7 +153,7 @@ File Upload Interceptor - Since Struts 6.4.0 this interceptor is deprecated, please use Action FileUpload Interceptor instead! + Since Struts 6.4.0 this interceptor is deprecated, please use Action File Upload Interceptor instead! See this page for more examples and advanced configuration. diff --git a/output/core-developers/file-upload.html b/output/core-developers/file-upload.html index 124b60edf..b3e1253f5 100644 --- a/output/core-developers/file-upload.html +++ b/output/core-developers/file-upload.html @@ -146,8 +146,10 @@ -<< back to Core Developers Guide https://github.com/apache/struts-site/edit/master/source/core-developers/file-upload.md; title="Edit this page on GitHub">Edit on GitHub + +<< back to Action File Upload Interceptor + File Upload @@ -190,7 +192,7 @@ than the temporary directory and the directories that belong to your web applica The library is included in a base Struts 2 distribution. - NOTE: Since Struts 6.4.0 the FileUploadInterceptor is deprecated and you should use ActionFileUploadInterceptor instead! + NOTE: Since Struts 6.4.0 the FileUploadInterceptor is deprecated, and you should use ActionFileUploadInterceptor instead! Basic Usage
(struts-site) branch asf-site updated: Automatic Site Publish by Buildbot
This is an automated email from the ASF dual-hosted git repository. git-site-role pushed a commit to branch asf-site in repository https://gitbox.apache.org/repos/asf/struts-site.git The following commit(s) were added to refs/heads/asf-site by this push: new aa5cf6f82 Automatic Site Publish by Buildbot aa5cf6f82 is described below commit aa5cf6f82ab47078769ce33be8c86ee652e3a63d Author: buildbot AuthorDate: Wed Mar 6 06:08:05 2024 + Automatic Site Publish by Buildbot --- output/core-developers/csp-interceptor.html | 5 - 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/output/core-developers/csp-interceptor.html b/output/core-developers/csp-interceptor.html index 2b161917b..d088c1512 100644 --- a/output/core-developers/csp-interceptor.html +++ b/output/core-developers/csp-interceptor.html @@ -173,12 +173,15 @@ header is sent and Content-Se CSP is now supported by all major browsers. https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP;>More information about CSP. +The interceptor adds a nonce value automatically to to s:script and s:link tags. This provides a painless way to +implement CSP in a highly secure fashion. + Parameters enforcingMode (default false) - When set to “true”, the enforce mode has been enabled, and the provided policy is going to be enforced. - reportUri - an uri under, which the violations have to be reported. + reportUri - an uri under which the violations will be reported. prependServletContext (default true) - a flag to prepend or not the Servlet context to the reportUri
(struts-site) branch asf-site updated: Automatic Site Publish by Buildbot
This is an automated email from the ASF dual-hosted git repository. git-site-role pushed a commit to branch asf-site in repository https://gitbox.apache.org/repos/asf/struts-site.git The following commit(s) were added to refs/heads/asf-site by this push: new e3a090d9e Automatic Site Publish by Buildbot e3a090d9e is described below commit e3a090d9e7f2cd533d83ba8ace51fce9bd695db4 Author: buildbot AuthorDate: Wed Feb 21 21:36:23 2024 + Automatic Site Publish by Buildbot --- output/tag-developers/file-tag.html | 2 +- output/volunteers.html | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/output/tag-developers/file-tag.html b/output/tag-developers/file-tag.html index d34f9e412..6b7ee345a 100644 --- a/output/tag-developers/file-tag.html +++ b/output/tag-developers/file-tag.html @@ -533,7 +533,7 @@ false String -Preset the value of input element. +Ignored during file upload diff --git a/output/volunteers.html b/output/volunteers.html index 5cb8dac0d..ef113046e 100644 --- a/output/volunteers.html +++ b/output/volunteers.html @@ -204,6 +204,7 @@ or committee member. Mathias Bogaert (pathos at apache.org) John Lindal (jafl at apache.org) Bruce A. Phillips (bphillips at apache.org) + Kusal Kithul-Godage (kusal at apache.org) Emeritus Volunteers
(struts-site) branch asf-site updated: Automatic Site Publish by Buildbot
This is an automated email from the ASF dual-hosted git repository. git-site-role pushed a commit to branch asf-site in repository https://gitbox.apache.org/repos/asf/struts-site.git The following commit(s) were added to refs/heads/asf-site by this push: new 07e4bbb02 Automatic Site Publish by Buildbot 07e4bbb02 is described below commit 07e4bbb02dc25517169e1e9e4676986e4b05d8b3 Author: buildbot AuthorDate: Fri Feb 9 06:43:30 2024 + Automatic Site Publish by Buildbot --- output/plugins/plugins-architecture.html | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/output/plugins/plugins-architecture.html b/output/plugins/plugins-architecture.html index 72b5c3a72..8d3f865bb 100644 --- a/output/plugins/plugins-architecture.html +++ b/output/plugins/plugins-architecture.html @@ -306,7 +306,7 @@ For example, a plugin could provide a new class to create Action classes or map struts.velocity.manager.classname Loads and processes Velocity templates singleton - org.apache.struts2.views.velocity.VelocityManager + org.apache.struts2.views.velocity.VelocityManagerInterface struts.actionValidatorManager @@ -699,7 +699,7 @@ with no-arguments constructor: @Override public void register(ContainerBuilder builder, LocatableProperties props) throws ConfigurationException { -alias(VelocityManager.class, VelocityConstants.STRUTS_VELOCITY_MANAGER_CLASSNAME, builder, props); +alias(VelocityManagerInterface.class, VelocityConstants.STRUTS_VELOCITY_MANAGER_CLASSNAME, builder, props); } }
(struts-site) branch asf-site updated: Automatic Site Publish by Buildbot
This is an automated email from the ASF dual-hosted git repository. git-site-role pushed a commit to branch asf-site in repository https://gitbox.apache.org/repos/asf/struts-site.git The following commit(s) were added to refs/heads/asf-site by this push: new 3c62abca1 Automatic Site Publish by Buildbot 3c62abca1 is described below commit 3c62abca161954e2c0cf1d4d97353202904ae00d Author: buildbot AuthorDate: Sat Feb 3 16:43:51 2024 + Automatic Site Publish by Buildbot --- output/plugins/tiles/index.html | 120 - output/plugins/tiles/tiles-use.html | 257 2 files changed, 56 insertions(+), 321 deletions(-) diff --git a/output/plugins/tiles/index.html b/output/plugins/tiles/index.html index 0b3f05e38..83f1258db 100644 --- a/output/plugins/tiles/index.html +++ b/output/plugins/tiles/index.html @@ -164,8 +164,8 @@ Installation -Tiles is a templating framework designed to easily allow the creation of web application pages with a consistent look and feel. It can -be used for both page decorating and componentization. +Tiles is a templating framework designed to easily allow the creation of web application pages with a consistent +look and feel. It can be used for both page decorating and componentization. The Tiles plugin allows actions to return Tiles pages. @@ -181,101 +181,93 @@ be used for both page decorating and componentization. The following steps must be taken in order to enable tiles support within your Struts2 application: - Include the struts-tiles-plugin as a dependency in your web application. If you are using maven2, the dependency configuration will - be similar to: - + +Include the struts-tiles-plugin as a dependency in your web application. If you are using maven2, the dependency +configuration will be similar to: -dependency +dependency groupIdorg.apache.struts/groupId artifactIdstruts2-tiles-plugin/artifactId version${version.tiles}/version /dependency + + + +Register the Tiles listener. This listener will typically either be the standard tiles listener org.apache.tiles.listener.TilesListener +or the Struts2 replacement org.apache.struts2.tiles.TilesListener. The latter provides tighter integration with +Struts features such as freemarker integration. - - - - Register the tiles listener. This listener will typically either be the standard tiles listener org.apache.tiles.listener.TilesListener - or the Struts2 replacement org.apache.struts2.tiles.TilesListener. The latter provides tighter integration with Struts features such - as freemarker integration. - - -listener +listener listener-classorg.apache.struts2.tiles.StrutsTilesListener/listener-class /listener + + + +All package definitions, which require tiles support, must either extend the tiles-default package or must register +the Tiles Result type definition. - - - - All package definitions which require tiles support must either extend the tiles-default package or must register - the [Tiles Result] type definition. - - -result-types +result-types result-type name="tiles" class="org.apache.struts2.views.tiles.TilesResult"/ /result-types + + + +Configure your actions to utilize a tiles definition: - - - - Configure your actions to utilize a tiles definition: - - -action name="sample" class="org.apache.struts2.tiles.example.SampleAction" +action name="sample" class="org.apache.struts2.tiles.example.SampleAction" result name="success" type="tiles"tilesWorks/result /action + + + +Instead of xml configuration you can use annotations - - - - Instead of xml configuration you can use annotations - - -@Result(name = "success", type="tiles") +@Result(name = "success", type="tiles") @TilesDefinition(extend = "fooLayout", putAttributes = { @TilesPutAttribute(name = "header", value = "/WEB-INF/tiles/header.jsp"), @TilesPutAttribute(name = "body", value = "/WEB-INF/tiles/body.ftl") }) public class FooAction extends ActionSupport { - - - - You have to define Tiles Definitons in a tiles.xml file. That can be placed in resources or in WEB-INF. - + + + +You have to define Tiles Definitions in a tiles.xml file. That can be placed in resources or in WEB-INF. -!DOCTYPE tiles-definitions PUBLIC +!DOCTYPE tiles-definitions PUBLIC "-//Apache Software Foundation//DTD Tiles Configuration 3.0//EN" "http://tiles.apache.org/dtds/tiles-config_3_0.dtd"; - tiles-definitions - + definition name="fooLayout" template="/WEB-INF/tiles/layout.jsp" put-attribute name="title" value="Tiles Sample"/ put-attribute name="header" value=".header"/ put-attribute name="body" value=".bodyp"/ /definition - + definition name="tilesWorks" extends="fooLayout" put-attribute name="header" value="/WEB-INF/tiles/header.jsp"/ put-attribute
(struts-site) branch asf-site updated: Automatic Site Publish by Buildbot
This is an automated email from the ASF dual-hosted git repository. git-site-role pushed a commit to branch asf-site in repository https://gitbox.apache.org/repos/asf/struts-site.git The following commit(s) were added to refs/heads/asf-site by this push: new 1249738b0 Automatic Site Publish by Buildbot 1249738b0 is described below commit 1249738b03e662b6913f6160be60b39ea781786b Author: buildbot AuthorDate: Fri Feb 2 06:26:24 2024 + Automatic Site Publish by Buildbot --- output/core-developers/basic-validation.html | 3 + output/core-developers/client-validation.html | 3 + output/core-developers/conversion-validator.html | 3 +- .../core-developers/file-upload-interceptor.html | 3 + output/core-developers/file-upload.html| 9 ++ .../type-conversion-annotation.html| 4 + output/core-developers/type-conversion.html| 2 + .../using-non-field-validators.html| 3 + .../using-visitor-field-validator.html | 1 + output/core-developers/validation-annotation.html | 1 + output/core-developers/validation.html | 1 + output/core-developers/wildcard-mappings.html | 2 + output/getting-started/coding-actions.html | 4 +- output/getting-started/processing-forms.html | 32 +-- output/plugins/junit/index.html| 1 + .../plugins/portlet/struts-2-portlet-tutorial.html | 10 +- output/security/index.html | 102 ++--- 17 files changed, 158 insertions(+), 26 deletions(-) diff --git a/output/core-developers/basic-validation.html b/output/core-developers/basic-validation.html index 8df18d572..1da220948 100644 --- a/output/core-developers/basic-validation.html +++ b/output/core-developers/basic-validation.html @@ -215,6 +215,7 @@ return name; } + @StrutsParameter public void setName(String name) { this.name = name; } @@ -223,6 +224,7 @@ return age; } + @StrutsParameter public void setAge(int age) { this.age = age; } @@ -231,6 +233,7 @@ return answer; } + @StrutsParameter public void setAnswer(String answer) { this.answer = answer; } diff --git a/output/core-developers/client-validation.html b/output/core-developers/client-validation.html index c922bc167..6b770499f 100644 --- a/output/core-developers/client-validation.html +++ b/output/core-developers/client-validation.html @@ -212,6 +212,7 @@ return name; } + @StrutsParameter public void setName(String name) { this.name = name; } @@ -220,6 +221,7 @@ return age; } + @StrutsParameter public void setAge(int age) { this.age = age; } @@ -228,6 +230,7 @@ return answer; } + @StrutsParameter public void setAnswer(String answer) { this.answer = answer; } diff --git a/output/core-developers/conversion-validator.html b/output/core-developers/conversion-validator.html index 2769f41f2..3c07fa73d 100644 --- a/output/core-developers/conversion-validator.html +++ b/output/core-developers/conversion-validator.html @@ -228,7 +228,8 @@ property set to true, it will, meaning the textfield will have ‘one’ as its public Integer getMyIntegerField() { return this.myIntegerField; } - + +@StrutsParameter public void setMyIntegerField(Integer myIntegerField) { this.myIntegerField = myIntegerField; } diff --git a/output/core-developers/file-upload-interceptor.html b/output/core-developers/file-upload-interceptor.html index 514c6ede1..7aa55be6a 100644 --- a/output/core-developers/file-upload-interceptor.html +++ b/output/core-developers/file-upload-interceptor.html @@ -239,14 +239,17 @@ and which are not. private String contentType; private String filename; + @StrutsParameter public void setUpload(File file) { this.file = file; } + @StrutsParameter public void setUploadContentType(String contentType) { this.contentType = contentType; } + @StrutsParameter public void setUploadFileName(String filename) { this.filename = filename; } diff --git a/output/core-developers/file-upload.html b/output/core-developers/file-upload.html index c9d2e8274..124b60edf 100644 --- a/output/core-developers/file-upload.html +++ b/output/core-developers/file-upload.html @@ -264,14 +264,17 @@ class. For a form field named private String contentType; private String filename; +@StrutsParameter public void setUpload(File file) { this.file = file; } +@StrutsParameter public void setUploadContentType(String
(struts-site) branch asf-site updated: Automatic Site Publish by Buildbot
This is an automated email from the ASF dual-hosted git repository. git-site-role pushed a commit to branch asf-site in repository https://gitbox.apache.org/repos/asf/struts-site.git The following commit(s) were added to refs/heads/asf-site by this push: new 74f6ccb19 Automatic Site Publish by Buildbot 74f6ccb19 is described below commit 74f6ccb199f4d14d1af6fee75cdfed7eaef76eb6 Author: buildbot AuthorDate: Sun Jan 28 09:09:04 2024 + Automatic Site Publish by Buildbot --- output/tag-developers/iterator-tag.html | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/output/tag-developers/iterator-tag.html b/output/tag-developers/iterator-tag.html index cba519d83..c9f77f48e 100644 --- a/output/tag-developers/iterator-tag.html +++ b/output/tag-developers/iterator-tag.html @@ -252,9 +252,9 @@ The begin, Values generated by the tag are subject of internal conversion mechanism. It means when generating ordinary numbers and then using them with s:property/, the Integers will be converted to Strings using the current locale. -This can impact how the numbers are presented. To avoid conversion you can use the status object and its countStr -and indexStr which are a String representation of the numbers. The following example demonstrates the case when -using fa_IR locale: +This can impact how the numbers are presented. Since Struts 6.4.0 to avoid conversion you can use the status object +and its countStr and indexStr which are a String representation of the numbers. The following example demonstrates +the case when using fa_IR locale: s:iterator begin="1" end="3" status="status" s:property/
(struts-site) branch asf-site updated: Automatic Site Publish by Buildbot
This is an automated email from the ASF dual-hosted git repository. git-site-role pushed a commit to branch asf-site in repository https://gitbox.apache.org/repos/asf/struts-site.git The following commit(s) were added to refs/heads/asf-site by this push: new e0eb145c7 Automatic Site Publish by Buildbot e0eb145c7 is described below commit e0eb145c75945aac1409ea37f5f38eb264b01d6e Author: buildbot AuthorDate: Sun Jan 28 08:50:13 2024 + Automatic Site Publish by Buildbot --- output/tag-developers/iterator-tag.html | 35 ++--- 1 file changed, 32 insertions(+), 3 deletions(-) diff --git a/output/tag-developers/iterator-tag.html b/output/tag-developers/iterator-tag.html index b9dbf0de6..cba519d83 100644 --- a/output/tag-developers/iterator-tag.html +++ b/output/tag-developers/iterator-tag.html @@ -150,7 +150,14 @@ << back to Tag Reference -iterator +iterator + + + Description + Attributes + Conversion + Examples + Please make sure you have read the Tag Syntax document and understand how tag attribute syntax works. @@ -241,6 +248,28 @@ The begin, +Conversion + +Values generated by the tag are subject of internal conversion mechanism. It means when generating ordinary numbers +and then using them with s:property/, the Integers will be converted to Strings using the current locale. +This can impact how the numbers are presented. To avoid conversion you can use the status object and its countStr +and indexStr which are a String representation of the numbers. The following example demonstrates the case when +using fa_IR locale: + +s:iterator begin="1" end="3" status="status" +s:property/ +s:textfield id="text_%{#status.countStr}" name="test[%{#status.indexStr}]"/ +/s:iterator + + +۰ +input type="text" name="test[0]" value="" id="text_1" +۱ +input type="text" name="test[1]" value="" id="text_2" +۲ +input type="text" name="test[2]" value="" id="text_3" + + Examples The following example retrieves the value of the getDays() method of the current object on the value stack and uses @@ -251,8 +280,8 @@ it to iterate over. The s /s:iterator -The following example uses a {@link Bean} tag and places it into the ActionContext. The iterator tag will retrieve that -object from the ActionContext and then calls its getDays() method as above. The status attribute is also used +The following example uses a Bean tag and places it into the ActionContext. The iterator tag will retrieve +that object from the ActionContext and then calls its getDays() method as above. The status attribute is also used to create an IteratorStatus object, which in this example, its odd() method is used to alternate row colours: s:bean name="org.apache.struts2.example.IteratorExample" var="it"
(struts-site) branch asf-site updated: Automatic Site Publish by Buildbot
This is an automated email from the ASF dual-hosted git repository. git-site-role pushed a commit to branch asf-site in repository https://gitbox.apache.org/repos/asf/struts-site.git The following commit(s) were added to refs/heads/asf-site by this push: new 8a6b43a8e Automatic Site Publish by Buildbot 8a6b43a8e is described below commit 8a6b43a8e47d847a3c7add29511091371ba98d6a Author: buildbot AuthorDate: Sun Jan 28 08:32:57 2024 + Automatic Site Publish by Buildbot --- output/core-developers/csp-interceptor.html | 1 + 1 file changed, 1 insertion(+) diff --git a/output/core-developers/csp-interceptor.html b/output/core-developers/csp-interceptor.html index 69a8a4684..2b161917b 100644 --- a/output/core-developers/csp-interceptor.html +++ b/output/core-developers/csp-interceptor.html @@ -179,6 +179,7 @@ header is sent and Content-Se enforcingMode (default false) - When set to “true”, the enforce mode has been enabled, and the provided policy is going to be enforced. reportUri - an uri under, which the violations have to be reported. + prependServletContext (default true) - a flag to prepend or not the Servlet context to the reportUri Report action
(struts-site) branch asf-site updated: Automatic Site Publish by Buildbot
This is an automated email from the ASF dual-hosted git repository. git-site-role pushed a commit to branch asf-site in repository https://gitbox.apache.org/repos/asf/struts-site.git The following commit(s) were added to refs/heads/asf-site by this push: new a8af3573b Automatic Site Publish by Buildbot a8af3573b is described below commit a8af3573b7e5e95eb9f0c40cdf6ab45d6b36594d Author: buildbot AuthorDate: Fri Jan 12 12:24:37 2024 + Automatic Site Publish by Buildbot --- ...or.html => action-file-upload-interceptor.html} | 77 .../core-developers/file-upload-interceptor.html | 6 +- output/core-developers/file-upload.html| 48 - output/core-developers/interceptors.html | 194 +++-- output/download.html | 2 +- 5 files changed, 182 insertions(+), 145 deletions(-) diff --git a/output/core-developers/file-upload-interceptor.html b/output/core-developers/action-file-upload-interceptor.html similarity index 77% copy from output/core-developers/file-upload-interceptor.html copy to output/core-developers/action-file-upload-interceptor.html index 800fd990d..310dffc9d 100644 --- a/output/core-developers/file-upload-interceptor.html +++ b/output/core-developers/action-file-upload-interceptor.html @@ -7,7 +7,7 @@ - File Upload Interceptor + Action File Upload Interceptor @@ -146,25 +146,21 @@ -https://github.com/apache/struts-site/edit/master/source/core-developers/file-upload-interceptor.md; title="Edit this page on GitHub">Edit on GitHub +https://github.com/apache/struts-site/edit/master/source/core-developers/action-file-upload-interceptor.md; title="Edit this page on GitHub">Edit on GitHub -<< back to Interceptors +<< back to Interceptors -File Upload Interceptor +Action File Upload Interceptor + + + Available since Struts 6.4.0 as replacement for File Upload Interceptor + See this page for more examples and advanced configuration. Interceptor that is based off of MultiPartRequestWrapper, which is automatically applied for any request that includes -a file. It adds the following parameters, where file name is the name given to the file uploaded by the HTML form: - - - file name: File - the actual File - file nameContentType: String - the content type of the file - file nameFileName: String - the actual name of the file uploaded (not the HTML name) - - -You can get access to these files by merely providing setters in your action that correspond to any of the three patterns -above, such as setDocument(File document), setDocumentContentType(String contentType), etc. +a file. If an action implements org.apache.struts2.action.UploadedFilesAware interface, the interceptor will pass +information and content of uploaded files using the callback method withUploadedFiles(ListUploadedFile). See the example code section. @@ -203,7 +199,7 @@ and which are not. Example action mapping: action name="doUpload" class="com.example.UploadAction" - interceptor-ref name="fileUpload"/ + interceptor-ref name="actionFileUpload"/ interceptor-ref name="basicStack"/ result name="success"good_result.jsp/result /action @@ -225,34 +221,27 @@ and which are not. Example Action class: -package com.example; - -import java.io.File; -import com.opensymphony.xwork2.ActionSupport; - -public UploadAction extends ActionSupport { - private File file; - private String contentType; - private String filename; - - public void setUpload(File file) { - this.file = file; - } - - public void setUploadContentType(String contentType) { - this.contentType = contentType; - } - - public void setUploadFileName(String filename) { - this.filename = filename; - } - - public String execute() { - //... - return SUCCESS; - } - } - +public class UploadAction extends ActionSupport implements UploadedFilesAware { + private UploadedFile uploadedFile; + private String contentType; + private String fileName; + private String originalName; + + @Override + public void withUploadedFiles(ListUploadedFile uploadedFiles) { + if (!uploadedFiles.isEmpty()) { + this.uploadedFile = uploadedFiles.get(0); + this.fileName = uploadedFile.getName(); + this.contentType = uploadedFile.getContentType(); + this.originalName = uploadedFile.getOriginalName(); + } + } + + public String execute() { + //do something with the file + return SUCCESS; + } +} Setting parameters example: @@ -264,7 +253,7 @@ and which are not. /interceptor-ref -This part is optional and would be done in place of the interceptor-ref name="fileUpload"/ line in the action mapping +This part is optional and would be done in place of the interceptor-ref name="actionFileUpload"/ line in
(struts-site) branch asf-site updated: Automatic Site Publish by Buildbot
This is an automated email from the ASF dual-hosted git repository. git-site-role pushed a commit to branch asf-site in repository https://gitbox.apache.org/repos/asf/struts-site.git The following commit(s) were added to refs/heads/asf-site by this push: new 8a08075c2 Automatic Site Publish by Buildbot 8a08075c2 is described below commit 8a08075c2262ce0b253e36e5f7ba6f536ee1357d Author: buildbot AuthorDate: Mon Jan 1 10:50:27 2024 + Automatic Site Publish by Buildbot --- output/getting-started/preperable-interface.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/output/getting-started/preperable-interface.html b/output/getting-started/preperable-interface.html index ff7b5737d..579dde3b1 100644 --- a/output/getting-started/preperable-interface.html +++ b/output/getting-started/preperable-interface.html @@ -7,7 +7,7 @@ - Preperable Interface + Preparable Interface
(struts-site) branch asf-site updated: Automatic Site Publish by Buildbot
This is an automated email from the ASF dual-hosted git repository. git-site-role pushed a commit to branch asf-site in repository https://gitbox.apache.org/repos/asf/struts-site.git The following commit(s) were added to refs/heads/asf-site by this push: new bf29cc070 Automatic Site Publish by Buildbot bf29cc070 is described below commit bf29cc070631033791372648ab72ff893d6661ab Author: buildbot AuthorDate: Mon Jan 1 10:31:33 2024 + Automatic Site Publish by Buildbot --- output/getting-started/http-session.html | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/output/getting-started/http-session.html b/output/getting-started/http-session.html index d72c86c8b..e1e17e1a1 100644 --- a/output/getting-started/http-session.html +++ b/output/getting-started/http-session.html @@ -258,8 +258,7 @@ practices in the Action class that implements the SessionAware interface. the parameter name contains “session” we are telling the Struts 2 framework to ignore that parameter. This will prevent a malicious user from trying to hack the HTTP session object. -Instead of having each action that implements SessionAware also implement the ParameterNameAware interface you can tell t -he params interceptor to exclude specific request attributes for all actions in a package. In struts.xml configure +Instead of having each action that implements SessionAware also implement the ParameterNameAware interface you can tell the params interceptor to exclude specific request attributes for all actions in a package. In struts.xml configure the struts-default set of interceptors as follows: struts.xml configure params interceptor
(struts-site) branch asf-site updated: Automatic Site Publish by Buildbot
This is an automated email from the ASF dual-hosted git repository. git-site-role pushed a commit to branch asf-site in repository https://gitbox.apache.org/repos/asf/struts-site.git The following commit(s) were added to refs/heads/asf-site by this push: new 79429b106 Automatic Site Publish by Buildbot 79429b106 is described below commit 79429b10654d2ad0afc4871a38bc372837bff76b Author: buildbot AuthorDate: Mon Jan 1 10:30:53 2024 + Automatic Site Publish by Buildbot --- output/getting-started/themes.html | 2 +- output/tag-developers/simple-theme.html | 2 +- output/tag-developers/xhtml-theme.html | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/output/getting-started/themes.html b/output/getting-started/themes.html index 4b7b8d4b7..b7986c0cb 100644 --- a/output/getting-started/themes.html +++ b/output/getting-started/themes.html @@ -200,7 +200,7 @@ to your problem, post a question on the mailing list. Notice how the HTML generated uses table tags to control the layout of the label and select HTML. There is also a class, tdLabel, applied to the table column where the label tag is rendered. Since no theme was specified for the Struts 2 -select tag the default xhmtl theme was used. +select tag the default xhtml theme was used. Specifying The Theme Struts 2 Should Use diff --git a/output/tag-developers/simple-theme.html b/output/tag-developers/simple-theme.html index 75e30fd2d..b94030143 100644 --- a/output/tag-developers/simple-theme.html +++ b/output/tag-developers/simple-theme.html @@ -200,7 +200,7 @@ Ajax/Dojo support so that tags can import Dojo widgets easily. * under the License. */ -- -@s.script src="${base}${parameters.staticContentPath}/utils.js" type="text/javascript" / +@s.script src="${base}${parameters.staticContentPath}/utils.js" / diff --git a/output/tag-developers/xhtml-theme.html b/output/tag-developers/xhtml-theme.html index d492184b3..957f0e661 100644 --- a/output/tag-developers/xhtml-theme.html +++ b/output/tag-developers/xhtml-theme.html @@ -525,7 +525,7 @@ wrapping table, the opening and closing templates also, if the true, enable
(struts-site) branch asf-site updated: Automatic Site Publish by Buildbot
This is an automated email from the ASF dual-hosted git repository. git-site-role pushed a commit to branch asf-site in repository https://gitbox.apache.org/repos/asf/struts-site.git The following commit(s) were added to refs/heads/asf-site by this push: new 2705a13b3 Automatic Site Publish by Buildbot 2705a13b3 is described below commit 2705a13b31ad12bb7a6d644966f3c5fbcbc285ae Author: buildbot AuthorDate: Mon Dec 18 06:21:32 2023 + Automatic Site Publish by Buildbot --- output/core-developers/csp-interceptor.html| 11 +++ output/core-developers/interceptors.html | 9 + output/core-developers/struts-default-xml.html | 9 + 3 files changed, 29 insertions(+) diff --git a/output/core-developers/csp-interceptor.html b/output/core-developers/csp-interceptor.html index a2aab06e1..69a8a4684 100644 --- a/output/core-developers/csp-interceptor.html +++ b/output/core-developers/csp-interceptor.html @@ -155,6 +155,7 @@ Description Parameters + Report action Action aware Examples @@ -180,6 +181,16 @@ is going to be enforced. reportUri - an uri under, which the violations have to be reported. +Report action + +To receive reports about violations against CSP an abstract CspReportAction action has been created, which you can +extend to process the reports. When extending the action you must implement processReport(String) to process the report. +Read JavaDoc of the action for more details. + + + Note: the action must always return an HTTP status 204. + + Action aware Since Struts 6.2.0 it is possible to configure the CSP interceptor by providing the an instance of CspSettings interface. diff --git a/output/core-developers/interceptors.html b/output/core-developers/interceptors.html index e6375deda..ccb418e1e 100644 --- a/output/core-developers/interceptors.html +++ b/output/core-developers/interceptors.html @@ -305,6 +305,7 @@ than reiterate the same list of Interceptors, we can bundle these Interceptors t interceptor name="execAndWait" class="org.apache.struts2.interceptor.ExecuteAndWaitInterceptor"/ interceptor name="exception" class="com.opensymphony.xwork2.interceptor.ExceptionMappingInterceptor"/ interceptor name="fileUpload" class="org.apache.struts2.interceptor.FileUploadInterceptor"/ +interceptor name="actionFileUpload" class="org.apache.struts2.interceptor.ActionFileUploadInterceptor"/ interceptor name="i18n" class="org.apache.struts2.interceptor.I18nInterceptor"/ interceptor name="logger" class="com.opensymphony.xwork2.interceptor.LoggingInterceptor"/ interceptor name="modelDriven" class="com.opensymphony.xwork2.interceptor.ModelDrivenInterceptor"/ @@ -368,6 +369,12 @@ than reiterate the same list of Interceptors, we can bundle these Interceptors t interceptor-ref name="basicStack"/ /interceptor-stack +!-- Action based file upload stack -- +interceptor-stack name="actionFileUploadStack" +interceptor-ref name="actionFileUpload"/ +interceptor-ref name="basicStack"/ +/interceptor-stack + !-- Sample model-driven stack -- interceptor-stack name="modelDrivenStack" interceptor-ref name="modelDriven"/ @@ -412,6 +419,7 @@ than reiterate the same list of Interceptors, we can bundle these Interceptors t interceptor-ref name="chain"/ interceptor-ref name="modelDriven"/ interceptor-ref name="fileUpload"/ +interceptor-ref name="actionFileUpload"/ interceptor-ref name="staticParams"/ interceptor-ref name="actionMappingParams"/ interceptor-ref name="params"/ @@ -450,6 +458,7 @@ than reiterate the same list of Interceptors, we can bundle these Interceptors t interceptor-ref name="scopedModelDriven"/ interceptor-ref name="modelDriven"/ interceptor-ref name="fileUpload"/ +interceptor-ref name="actionFileUpload"/ interceptor-ref name="checkbox"/ interceptor-ref name="datetime"/ interceptor-ref name="multiselect"/ diff --git a/output/core-developers/struts-default-xml.html b/output/core-developers/struts-default-xml.html index fa3262ffb..a8b5f127c 100644 --- a/output/core-developers/struts-default-xml.html +++ b/output/core-developers/struts-default-xml.html @@ -221,6 +221,7 @@ setting in default.properties. interceptor name="execAndWait" class="org.apache.struts2.interceptor.ExecuteAndWaitInterceptor"/ interceptor name="exception" class="com.opensymphony.xwork2.interceptor.ExceptionMappingInterceptor"/ interceptor name="fileUpload" class="org.apache.struts2.interceptor.FileUploadInterceptor"/ +interceptor
(struts-site) branch asf-site updated: Automatic Site Publish by Buildbot
This is an automated email from the ASF dual-hosted git repository. git-site-role pushed a commit to branch asf-site in repository https://gitbox.apache.org/repos/asf/struts-site.git The following commit(s) were added to refs/heads/asf-site by this push: new 28467779a Automatic Site Publish by Buildbot 28467779a is described below commit 28467779a56366b69fb4dbda4ca7f388fc387dc2 Author: buildbot AuthorDate: Sat Dec 9 06:44:02 2023 + Automatic Site Publish by Buildbot --- output/struts25-eol-announcement.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/output/struts25-eol-announcement.html b/output/struts25-eol-announcement.html index 569c1d788..3b37ed9da 100644 --- a/output/struts25-eol-announcement.html +++ b/output/struts25-eol-announcement.html @@ -199,7 +199,7 @@ it on your own. I’m using Apache Struts 6.x.x, what will happen with this version? Struts 6.x.x is still actively supported, we are working on new versions as well as we are preparing -a new Struts 7.x.x version. Migration from Struts 2.5.x to Struts 6.x.x will a way smoother than switching from +a new Struts 7.x.x version. Migration from Struts 2.5.x to Struts 6.x.x will be smoother than switching from Struts 2.5.x to Struts 7.x.x.
(struts-site) branch asf-site updated: Automatic Site Publish by Buildbot
This is an automated email from the ASF dual-hosted git repository. git-site-role pushed a commit to branch asf-site in repository https://gitbox.apache.org/repos/asf/struts-site.git The following commit(s) were added to refs/heads/asf-site by this push: new 5ae04e736 Automatic Site Publish by Buildbot 5ae04e736 is described below commit 5ae04e736da06f8e3358e929895f00632e51fac5 Author: buildbot AuthorDate: Thu Dec 7 06:58:58 2023 + Automatic Site Publish by Buildbot --- output/announce-2023.html | 58 output/download.html | 84 +++ output/index.html | 34 +-- output/releases.html | 2 +- 4 files changed, 118 insertions(+), 60 deletions(-) diff --git a/output/announce-2023.html b/output/announce-2023.html index ea9092138..5b72ac13f 100644 --- a/output/announce-2023.html +++ b/output/announce-2023.html @@ -151,6 +151,8 @@ Announcements 2023 + 7 December 2023 - Apache Struts version 6.3.0.2 General Availability + 7 December 2023 - Apache Struts version 2.5.33 General Availability 30 October 2023 - Apache Struts 2.5.x End-Of-Life (EOL) Announcement 13 September 2023 - Apache Struts version 6.3.0.1 General Availability 13 September 2023 - Apache Struts version 6.1.2.2 General Availability @@ -166,6 +168,62 @@ Skip to: Announcements - 2022 +7 December 2023 - Apache Struts version 6.3.0.2 General Availability + +The Apache Struts group is pleased to announce that Apache Struts version 6.3.0.2 is available as a “General Availability” +release. The GA designation is our highest quality grade. + +The Apache Struts is an elegant, extensible framework for creating enterprise-ready Java web applications. +The framework has been designed to streamline the full development cycle, from building, to deploying, +to maintaining applications over time. + +This version addresses a potential security vulnerability identified as CVE-2023-50164 and described +in https://cwiki.apache.org/confluence/display/WW/S2-066;>S2-066 - please read the mentioned security bulletins for more details. +This is a drop-in replacement and upgrade should be straightforward. + + + Please read the https://cwiki.apache.org/confluence/display/WW/Version+Notes+6.3.0.2;>Version Notes to find more details about performed +bug fixes and improvements. + + +All developers are strongly advised to perform this upgrade. + +The 6.x series of the Apache Struts framework has a minimum requirement of the following specification versions: +Servlet API 3.1, JSP API 2.1, and Java 8. + +Should any issues arise with your use of any version of the Struts framework, please post your comments to the user list, +and, if appropriate, file https://issues.apache.org/jira/projects/WW/;>a tracking ticket. + +You can download this version from our download page. + +7 December 2023 - Apache Struts version 2.5.33 General Availability + +The Apache Struts group is pleased to announce that Apache Struts version 2.5.33 is available as a “General Availability” +release. The GA designation is our highest quality grade. + +The Apache Struts is an elegant, extensible framework for creating enterprise-ready Java web applications. +The framework has been designed to streamline the full development cycle, from building, to deploying, +to maintaining applications over time. + +This version addresses a potential security vulnerability identified as CVE-2023-50164 and described +in https://cwiki.apache.org/confluence/display/WW/S2-066;>S2-066 - please read the mentioned security bulletins for more details. +This is a drop-in replacement and upgrade should be straightforward. + + + Please read the https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.5.33;>Version Notes to find more details about performed +bug fixes and improvements. + + +All developers are strongly advised to perform this upgrade. + +The 6.x series of the Apache Struts framework has a minimum requirement of the following specification versions: +Servlet API 3.1, JSP API 2.1, and Java 8. + +Should any issues arise with your use of any version of the Struts framework, please post your comments to the user list, +and, if appropriate, file https://issues.apache.org/jira/projects/WW/;>a tracking ticket. + +You can download this version from our download page. + 30 October 2023 - Apache Struts 2.5.x End-Of-Life (EOL) Announcement The Apache Struts Project Team would like to inform you that the Struts 2.5.x web framework will reach diff --git a/output/download.html b/output/download.html index 4b434005a..917d303b6 100644 --- a/output/download.html +++ b/output/download.html @@ -203,26 +203,26 @@ Full Releases -Struts 6.3.0.1 +Struts 6.3.0.2 - The https://struts.apache.org/;>Apache Struts 6.3.0.1 is an elegant, extensible + The https://struts.apache.org/;>Apache Struts 6.3.0.2 is an elegant, extensible framework for
(struts-site) branch asf-site updated: Automatic Site Publish by Buildbot
This is an automated email from the ASF dual-hosted git repository. git-site-role pushed a commit to branch asf-site in repository https://gitbox.apache.org/repos/asf/struts-site.git The following commit(s) were added to refs/heads/asf-site by this push: new 084b1fb0f Automatic Site Publish by Buildbot 084b1fb0f is described below commit 084b1fb0f9782f407f66c6c7ed76024f25e2f134 Author: buildbot AuthorDate: Tue Dec 5 06:42:20 2023 + Automatic Site Publish by Buildbot --- output/security/index.html | 14 -- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/output/security/index.html b/output/security/index.html index 53c99d166..8a0841857 100644 --- a/output/security/index.html +++ b/output/security/index.html @@ -174,6 +174,7 @@ Run OGNL expressions inside sandbox Apply a maximum allowed length on OGNL expressions OGNL Member Access + Additional Options Allowlist Capability Extensibility @@ -492,8 +493,6 @@ package name patterns. An exact exemption must exist for each exclusion match (t The defaults are defined https://github.com/apache/struts/blob/master/core/src/main/resources/struts-excluded-classes.xml;>here. -Additionally, static methods are blocked, and static fields can also be blocked with ‘struts.allowStaticFieldAccess’. - Any expression or target which does not pass this criteria will be blocked, and you will see a warning in the logs: [WARNING] Target class [class example.MyBean] or declaring class of member type [public example.MyBean()] are excluded! @@ -505,6 +504,17 @@ of such expression is java.la It is possible to redefine the above constants in struts.xml, but avoid reducing the list, instead extending the list with other known dangerous classes or packages in your application. +Additional Options + +We additionally recommend enabling the following options and hope to enable them by default in a future major version. + + + struts.ognl.allowStaticFieldAccess=false - static methods are always blocked, but static fields can also optionally be blocked + struts.disallowProxyMemberAccess=true - disallow proxied objects from being used in OGNL expressions as they may present a security risk + struts.disallowDefaultPackageAccess=true - disallow access to classes in the default package which should not be used in production + struts.ognl.disallowCustomOgnlMap=true - disallow construction of custom OGNL maps which can be used to bypass the SecurityMemberAccess policy + + Allowlist Capability
(struts-site) branch asf-site updated: Automatic Site Publish by Buildbot
This is an automated email from the ASF dual-hosted git repository. git-site-role pushed a commit to branch asf-site in repository https://gitbox.apache.org/repos/asf/struts-site.git The following commit(s) were added to refs/heads/asf-site by this push: new da1dd2daa Automatic Site Publish by Buildbot da1dd2daa is described below commit da1dd2daa8bbe8ab3831ef71d756df7a07eddb7e Author: buildbot AuthorDate: Tue Dec 5 06:01:12 2023 + Automatic Site Publish by Buildbot --- output/core-developers/default-properties.html | 7 - output/core-developers/interceptors.html | 2 - output/core-developers/struts-default-xml.html | 2 - output/plugins/plugins-architecture.html | 14 +- output/security/index.html | 249 + 5 files changed, 184 insertions(+), 90 deletions(-) diff --git a/output/core-developers/default-properties.html b/output/core-developers/default-properties.html index b05405508..82e08be14 100644 --- a/output/core-developers/default-properties.html +++ b/output/core-developers/default-properties.html @@ -382,9 +382,6 @@ struts.mapper.alwaysSelectFullNamespace=false ### Whether to allow static field access in OGNL expressions or not struts.ognl.allowStaticFieldAccess=true -### Whether to allow static method access in OGNL expressions or not -struts.ognl.allowStaticMethodAccess=false - ### Whether to throw a RuntimeException when a property is not found ### in an expression, or when the expression evaluation fails struts.el.throwExceptionOnFailure=false @@ -392,10 +389,6 @@ struts.el.throwExceptionOnFailure=false ### Logs as Warnings properties that are not found (very verbose) struts.ognl.logMissingProperties=false -### Caches parsed OGNL expressions, but can lead to memory leaks -### if the application generates a lot of different expressions -struts.ognl.enableExpressionCache=true - ### Specify the OGNL expression cache factory and BeanInfo cache factory to use. ### Currently, the default implementations are used, but can be replaced with custom ones if desired. # struts.ognl.expressionCacheFactory=customOgnlExpressionCacheFactory diff --git a/output/core-developers/interceptors.html b/output/core-developers/interceptors.html index 11506002a..e6375deda 100644 --- a/output/core-developers/interceptors.html +++ b/output/core-developers/interceptors.html @@ -291,8 +291,6 @@ than reiterate the same list of Interceptors, we can bundle these Interceptors t interceptors interceptor name="alias" class="com.opensymphony.xwork2.interceptor.AliasInterceptor"/ -interceptor name="autowiring" - class="com.opensymphony.xwork2.spring.interceptor.ActionAutowiringInterceptor"/ interceptor name="chain" class="com.opensymphony.xwork2.interceptor.ChainingInterceptor"/ interceptor name="coep" class="org.apache.struts2.interceptor.CoepInterceptor"/ interceptor name="conversionError" diff --git a/output/core-developers/struts-default-xml.html b/output/core-developers/struts-default-xml.html index e6082f9a6..fa3262ffb 100644 --- a/output/core-developers/struts-default-xml.html +++ b/output/core-developers/struts-default-xml.html @@ -207,8 +207,6 @@ setting in default.properties. interceptors interceptor name="alias" class="com.opensymphony.xwork2.interceptor.AliasInterceptor"/ -interceptor name="autowiring" - class="com.opensymphony.xwork2.spring.interceptor.ActionAutowiringInterceptor"/ interceptor name="chain" class="com.opensymphony.xwork2.interceptor.ChainingInterceptor"/ interceptor name="coep" class="org.apache.struts2.interceptor.CoepInterceptor"/ interceptor name="conversionError" diff --git a/output/plugins/plugins-architecture.html b/output/plugins/plugins-architecture.html index 55b99112c..02c10f9de 100644 --- a/output/plugins/plugins-architecture.html +++ b/output/plugins/plugins-architecture.html @@ -480,7 +480,19 @@ For example, a plugin could provide a new class to create Action classes or map struts.date.formatter Allow define a date formatter used by s:date/ tag (since 6.0.0) singleton - org.apache.struts2.components.date.DateFromatter + org.apache.struts2.components.date.DateFormatter + + + struts.ognlGuard + Define a custom OgnlGuard implementation to block raw or compiled OGNL expressions (since 6.4.0) + singleton + org.apache.struts2.ognl.OgnlGuard + + + struts.securityMemberAccess + Define a custom SecurityMemberAccess implementation, used to restrict OGNL evaluations based on classes involved (since 6.4.0) + prototype + com.opensymphony.xwork2.ognl.SecurityMemberAccess diff --git a/output/security/index.html b/output/security/index.html index ec0574a0d..53c99d166 100644 --- a/output/security/index.html +++
(struts-site) branch asf-site updated: Automatic Site Publish by Buildbot
This is an automated email from the ASF dual-hosted git repository. git-site-role pushed a commit to branch asf-site in repository https://gitbox.apache.org/repos/asf/struts-site.git The following commit(s) were added to refs/heads/asf-site by this push: new 7a8520805 Automatic Site Publish by Buildbot 7a8520805 is described below commit 7a8520805efd7a30fd220c8e371d9615cd2853b4 Author: buildbot AuthorDate: Mon Nov 13 06:53:30 2023 + Automatic Site Publish by Buildbot --- output/dev-mail.html | 47 --- 1 file changed, 28 insertions(+), 19 deletions(-) diff --git a/output/dev-mail.html b/output/dev-mail.html index 3f3edd736..c0392f1a4 100644 --- a/output/dev-mail.html +++ b/output/dev-mail.html @@ -157,38 +157,47 @@ improvements and discussion on future Struts are welcome. For questions Please make sure you have read the guidelines on this page + -Name -Subscribe -Unsubscribe -Description + Name + Subscribe + Unsubscribe + Description + + -https://lists.apache.org/list.html?d...@struts.apache.org;>Struts-Dev -mailto:dev-subscr...@struts.apache.org?subject=subscribebody=subscribe;>subscribe -mailto:dev-unsubscr...@struts.apache.org?subject=unsubscribebody=unsubscribe;>unsubscribe -Contact other developers interested in expanding and improving Struts functionality. + https://lists.apache.org/list.html?d...@struts.apache.org;>Struts Devolopers + mailto:dev-subscr...@struts.apache.org?subject=subscribebody=subscribe;>subscribe + mailto:dev-unsubscr...@struts.apache.org?subject=unsubscribebody=unsubscribe;>unsubscribe + Contact other developers interested in expanding and improving Struts functionality. -https://lists.apache.org/list.html?commits@struts.apache.org;>Struts-Commits -mailto:commits-subscr...@struts.apache.org?subject=subscribebody=subscribe;>subscribe -mailto:commits-unsubscr...@struts.apache.org?subject=unsubscribebody=unsubscribe;>unsubscribe -Receive notifications of changes to the Struts source code repository. + https://lists.apache.org/list.html?commits@struts.apache.org;>Struts Commits + mailto:commits-subscr...@struts.apache.org?subject=subscribebody=subscribe;>subscribe + mailto:commits-unsubscr...@struts.apache.org?subject=unsubscribebody=unsubscribe;>unsubscribe + Receive notifications of changes to the Struts source code repository. -https://lists.apache.org/list.html?iss...@struts.apache.org;>Struts-Issues -mailto:issues-subscr...@struts.apache.org?subject=subscribebody=subscribe;>subscribe -mailto:issues-unsubscr...@struts.apache.org?subject=unsubscribebody=unsubscribe;>unsubscribe -Receive notifications from the Struts issue tracker. + https://lists.apache.org/list.html?iss...@struts.apache.org;>Struts Issues + mailto:issues-subscr...@struts.apache.org?subject=subscribebody=subscribe;>subscribe + mailto:issues-unsubscr...@struts.apache.org?subject=unsubscribebody=unsubscribe;>unsubscribe + Receive notifications from the Struts issue tracker. + + https://lists.apache.org/list.html?notificati...@struts.apache.org;>Struts Notifications + mailto:notifications-subscr...@struts.apache.org?subject=subscribebody=subscribe;>subscribe + mailto:notifications-unsubscr...@struts.apache.org?subject=unsubscribebody=unsubscribe;>unsubscribe + Receive notifications from Github PRs comments related to the Struts + + -You can use a web interface as well if you want to post a question https://lists.apache.org/list.html?d...@struts.apache.org;>https://lists.apache.org/ +You can use a web interface as well if you want to post a question https://lists.apache.org/list.html?d...@struts.apache.org;>https://lists.apache.org/ Archives -You can read the http://mail-archives.apache.org/mod_mbox/struts-dev/;>ASF Mail or the -http://markmail.org/list/org.apache.struts.dev/;>Mark Mail archives if you are looking for older discussions. +You can read the http://mail-archives.apache.org/mod_mbox/struts-dev/;>ASF Mail or the http://markmail.org/list/org.apache.struts.dev/;>Mark Mail archives if you are looking for older discussions. There are many other archives out there as well.
(struts-site) branch asf-site updated: Automatic Site Publish by Buildbot
This is an automated email from the ASF dual-hosted git repository. git-site-role pushed a commit to branch asf-site in repository https://gitbox.apache.org/repos/asf/struts-site.git The following commit(s) were added to refs/heads/asf-site by this push: new 89d1f4395 Automatic Site Publish by Buildbot 89d1f4395 is described below commit 89d1f43951a58530819f1e20758bb2e60e6d2dd0 Author: buildbot AuthorDate: Tue Oct 31 14:55:04 2023 + Automatic Site Publish by Buildbot --- .../accessing-application-session-request-objects.html | 14 -- output/tag-developers/access-to-valuestack-from-jsps.html | 2 ++ 2 files changed, 10 insertions(+), 6 deletions(-) diff --git a/output/core-developers/accessing-application-session-request-objects.html b/output/core-developers/accessing-application-session-request-objects.html index c9f60603f..e9d8eb350 100644 --- a/output/core-developers/accessing-application-session-request-objects.html +++ b/output/core-developers/accessing-application-session-request-objects.html @@ -211,23 +211,25 @@ Page attributes are accessed via OGNL using the #application stack value. The #attr stack value will search the javax.servlet.jsp.PageContext for the specified key. If the PageContext -doesn’t exist, it will search the request, session, and application scopes, in that order. +doesn’t exist, it will search the request, session and application scopes, in that order. -Accessing attributes in the Application, Session, Request, or Page scope from a JSP +Accessing attributes in the Application, Session, Request or Page scope from a JSP -pRetrieve the attribute (property), with key myId, from the specified scope:/p +Retrieve the attribute (property), with key myId, from the specified scope: -s:property value="#application.myId" / +s:property value="#application.myId" / s:property value="#session.myId" / s:property value="#request.myId" / s:property value="#attr.myId" / - -pReminder: #attr is for Page scope attributes first, but will search the remaining scopes, in order, seeking a match./p +Note: #attr is for Page scope attributes first, but will search the remaining scopes, in order, seeking a match. +In opposite using just # means you want to fetch a value from the top of the ValueStack +without searching down the stack. + diff --git a/output/tag-developers/access-to-valuestack-from-jsps.html b/output/tag-developers/access-to-valuestack-from-jsps.html index 8a9ff199c..f2789e298 100644 --- a/output/tag-developers/access-to-valuestack-from-jsps.html +++ b/output/tag-developers/access-to-valuestack-from-jsps.html @@ -147,6 +147,8 @@ https://github.com/apache/struts-site/edit/master/source/tag-developers/access-to-valuestack-from-jsps.md; title="Edit this page on GitHub">Edit on GitHub +<< back to JSP + Access to ValueStack from JSPs To access the ValueStack from third-party JSP taglibs, expose property values to JSP using the s:set/ tag.
(struts-site) branch asf-site updated: Automatic Site Publish by Buildbot
This is an automated email from the ASF dual-hosted git repository. git-site-role pushed a commit to branch asf-site in repository https://gitbox.apache.org/repos/asf/struts-site.git The following commit(s) were added to refs/heads/asf-site by this push: new ae5d466a4 Automatic Site Publish by Buildbot ae5d466a4 is described below commit ae5d466a45138dd2af72be508bc8e0db3ba1c6c4 Author: buildbot AuthorDate: Tue Oct 31 09:10:04 2023 + Automatic Site Publish by Buildbot --- output/tag-developers/include-tag.html | 45 ++ 1 file changed, 40 insertions(+), 5 deletions(-) diff --git a/output/tag-developers/include-tag.html b/output/tag-developers/include-tag.html index b93c3120b..ed47efebe 100644 --- a/output/tag-developers/include-tag.html +++ b/output/tag-developers/include-tag.html @@ -163,10 +163,28 @@ through the s:property... via the HttpServletRequest object or from a JSP page via a scriptlet. -How To access parameters +How to access parameters -Parameters are passed as request parameters, so use the ${param.ParamName} notation to access them. Do not use -the property tag to access parameters in included files. +Parameters are passed as request parameters, so use the ${param.paramName} notation to access them. Do not use +the s:property/ tag to access parameters in included files. + +Below it’s an example how you can access parameters passed into the included page: + +with scope: +s:set var="innerName" scope="page"${param.paramName}/s:set +s:property value="#attr.innerName"/ + + +with no scope: +s:set var="innerName"${param.paramName}/s:set +s:property value="innerName"/ +s:property value="#attr.innerName"/ +s:property value="#innerName"/ + + + + Note: You can access such params without using JSTL, just use ${param.paramName} notation. + Attributes @@ -220,7 +238,7 @@ the property tag to access parameters in included files. /s:include -do an include to myJsp.jsp page with parameters param1=value1 and param2=value2 +do an include to myJsp.jsp page with parameters param1=value1 and param2=value2 Example 3 @@ -230,7 +248,24 @@ the property tag to access parameters in included files. /s:include -do an include to myJsp.jsp page with parameters param1=value1 and param2=value2 +do an include to myJsp.jsp page with parameters param1=value1 and param2=value2 + +Example 4 + +accessing passed parameters in the included page + +with scope: +s:set var="param1" scope="page"${param.param1}/s:set +s:property value="#attr.param1"/ + + +with no scope: +s:set var="param2"${param.param2}/s:set +s:property value="param2"/ + +s:property value="#attr.param2"/ +s:property value="#param2"/ +
[struts-site] branch asf-site updated: Automatic Site Publish by Buildbot
This is an automated email from the ASF dual-hosted git repository. git-site-role pushed a commit to branch asf-site in repository https://gitbox.apache.org/repos/asf/struts-site.git The following commit(s) were added to refs/heads/asf-site by this push: new 800244f65 Automatic Site Publish by Buildbot 800244f65 is described below commit 800244f650489ce540fb65226112ef16e7c6b54d Author: buildbot AuthorDate: Wed Oct 11 07:51:15 2023 + Automatic Site Publish by Buildbot --- output/core-developers/static-content.html | 16 ++-- output/core-developers/web-xml.html| 61 ++ 2 files changed, 48 insertions(+), 29 deletions(-) diff --git a/output/core-developers/static-content.html b/output/core-developers/static-content.html index 90f98e9d5..5d674b17a 100644 --- a/output/core-developers/static-content.html +++ b/output/core-developers/static-content.html @@ -132,21 +132,29 @@ Static Content + Disabling static content Custom Static Content Loaders Default Content Loader Default path Preventing Struts from handling a request -Struts can serve static content like css and javascript files. This feature is enabled by default, but can be disabled -by setting: +Struts can serve a static content like CSS and JavaScript files using a predefined path. By default, these resources +are served using /static path defined using a constant struts.ui.staticContentPath - see below for more details. + +Please remember to include this path in your filter mapping if you use a custom mapping, see web.xml example config. + +Disabling static content + +You can disable this feature by setting the following constant to false. Once disabled you must provided the required +CSS JavaScript files on your own, which can be a good thing when you want to use a CDN. constant name="struts.serve.static" value="false"/ - If you disable this feature, but use the xhtml, or css_xhtml theme, make sure that the javascript and css files -shipped inside the core jar are extracted to your web application directory. + If you disable this feature, but you use the xhtml, or css_xhtml theme, make sure the JavasScript and CSS files +shipped inside the core jar are extracted to your web application directory or served in some other way. Custom Static Content Loaders diff --git a/output/core-developers/web-xml.html b/output/core-developers/web-xml.html index d4ca7fec0..bfaecdcb3 100644 --- a/output/core-developers/web-xml.html +++ b/output/core-developers/web-xml.html @@ -133,8 +133,7 @@ Simple Example - Changed filter package in Struts = 2.5 - Changed Filter Structure in Struts = 2.1.3 + Custom mapping Exclude specific URLs Taglib Example Custom FileManager and FileManagerFactory implementations @@ -174,38 +173,50 @@ should behave. /web-app -Changed filter package in Struts = 2.5 +See SiteMesh Plugin for an example on when to use separate Filters for prepare and execution phase. -As from Struts 2.5 all filters were moved to top package, if you are using older version you must use the old package, -see example: +Custom mapping -web-app id="WebApp_9" version="2.4" - xmlns="http://java.sun.com/xml/ns/j2ee; - xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance; - xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd; +The above approach is a preferred way of enabling support for Struts in your web application. Yet you can have more +specific requirements and use more specific mapping like presented below: + +web-app ... filter filter-namestruts2/filter-name -filter-classorg.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter/filter-class +filter-classorg.apache.struts2.dispatcher.filter.StrutsPrepareAndExecuteFilter/filter-class /filter -... + +filter-mapping +filter-namestruts2/filter-name +url-pattern*.action/url-pattern +/filter-mapping + /web-app -Changed Filter Structure in Struts = 2.1.3 +In such case only requests ending with .action will be directed by a Servlet container to be handled by Struts filter. +This can impact serving static content provided by Struts and you will have to define additional mapping to support it: -To split up the the dispatcher phases, FilterDispatcher is deprecated since Struts 2.1.3. If working with older -versions, you need to use +web-app ... -... filter filter-namestruts2/filter-name -filter-classorg.apache.struts2.dispatcher.FilterDispatcher/filter-class -... - +filter-classorg.apache.struts2.dispatcher.filter.StrutsPrepareAndExecuteFilter/filter-class +/filter + +filter-mapping +filter-namestruts2/filter-name +url-pattern*.action/url-pattern +/filter-mapping -See SiteMesh Plugin for an example on when to use separate Filters for prepare -and
[struts-site] branch asf-site updated: Automatic Site Publish by Buildbot
This is an automated email from the ASF dual-hosted git repository. git-site-role pushed a commit to branch asf-site in repository https://gitbox.apache.org/repos/asf/struts-site.git The following commit(s) were added to refs/heads/asf-site by this push: new 26ad9bc0d Automatic Site Publish by Buildbot 26ad9bc0d is described below commit 26ad9bc0de7c2e7871120cf102524bd267188b28 Author: buildbot AuthorDate: Wed Sep 13 17:58:20 2023 + Automatic Site Publish by Buildbot --- output/download.html | 2 +- output/releases.html | 15 +++ 2 files changed, 16 insertions(+), 1 deletion(-) diff --git a/output/download.html b/output/download.html index f6b98dbbd..204639e61 100644 --- a/output/download.html +++ b/output/download.html @@ -329,7 +329,7 @@ -Struts 2.5.32 +Struts 2.3.x We stopped serving directly the outdated Struts 2.3.x series, you should immediately upgrade to the latest 2.5.x version or migrate to the latest 6.x.x version. Please check the Prior releases section below, if you are looking for older versions. diff --git a/output/releases.html b/output/releases.html index 49924f545..4c426a9e1 100644 --- a/output/releases.html +++ b/output/releases.html @@ -226,12 +226,25 @@ + + + Struts 6.3.0 + +4 September 2023 + + https://cwiki.apache.org/confluence/display/WW/S2-065;>S2-065 + + + https://cwiki.apache.org/confluence/display/WW/Version+Notes+6.3.0;>Version notes + + Struts 6.2.0 10 July 2023 + https://cwiki.apache.org/confluence/display/WW/S2-065;>S2-065 https://cwiki.apache.org/confluence/display/WW/Version+Notes+6.2.0;>Version notes @@ -243,6 +256,7 @@ 13 June 2023 + https://cwiki.apache.org/confluence/display/WW/S2-065;>S2-065 https://cwiki.apache.org/confluence/display/WW/Version+Notes+6.1.2.1;>Version notes @@ -254,6 +268,7 @@ 13 June 2023 + https://cwiki.apache.org/confluence/display/WW/S2-065;>S2-065 https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.5.31;>Version notes
[struts-site] branch asf-site updated: Automatic Site Publish by Buildbot
This is an automated email from the ASF dual-hosted git repository. git-site-role pushed a commit to branch asf-site in repository https://gitbox.apache.org/repos/asf/struts-site.git The following commit(s) were added to refs/heads/asf-site by this push: new d76f306b3 Automatic Site Publish by Buildbot d76f306b3 is described below commit d76f306b38598e1ece4ce7b993bb7620777073cd Author: buildbot AuthorDate: Wed Sep 13 17:42:26 2023 + Automatic Site Publish by Buildbot --- output/download.html | 42 +- 1 file changed, 21 insertions(+), 21 deletions(-) diff --git a/output/download.html b/output/download.html index 9bbc5c6e4..f6b98dbbd 100644 --- a/output/download.html +++ b/output/download.html @@ -260,19 +260,19 @@ -Struts 6.3.0 +Struts 2.5.32 -https://cwiki.apache.org/confluence/display/WW/Version+Notes+6.3.0;>Version Notes +https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.5.32;>Version Notes Full Distribution: -https://archive.apache.org/dist/struts/6.3.0/struts-6.3.0-all.zip;>struts-6.3.0-all.zip (65MB) -[https://archive.apache.org/dist/struts/6.3.0/struts-6.3.0-all.zip.asc;>PGP] -[https://archive.apache.org/dist/struts/6.3.0/struts-6.3.0-all.zip.sha256;>SHA256] +https://archive.apache.org/dist/struts/2.5.32/struts-2.5.32-all.zip;>struts-2.5.32-all.zip (65MB) +[https://archive.apache.org/dist/struts/2.5.32/struts-2.5.32-all.zip.asc;>PGP] +[https://archive.apache.org/dist/struts/2.5.32/struts-2.5.32-all.zip.sha256;>SHA256] @@ -280,9 +280,9 @@ Example Applications: -https://archive.apache.org/dist/struts/6.3.0/struts-6.3.0-apps.zip;>struts-6.3.0-apps.zip (35MB) -[https://archive.apache.org/dist/struts/6.3.0/struts-6.3.0-apps.zip.asc;>PGP] -[https://archive.apache.org/dist/struts/6.3.0/struts-6.3.0-apps.zip.sha256;>SHA256] +https://archive.apache.org/dist/struts/2.5.32/struts-2.5.32-apps.zip;>struts-2.5.32-apps.zip (35MB) +[https://archive.apache.org/dist/struts/2.5.32/struts-2.5.32-apps.zip.asc;>PGP] +[https://archive.apache.org/dist/struts/2.5.32/struts-2.5.32-apps.zip.sha256;>SHA256] @@ -290,9 +290,9 @@ Essential Dependencies Only: -https://archive.apache.org/dist/struts/6.3.0/struts-6.3.0-min-lib.zip;>struts-6.3.0-min-lib.zip (4MB) -[https://archive.apache.org/dist/struts/6.3.0/struts-6.3.0-min-lib.zip.asc;>PGP] -[https://archive.apache.org/dist/struts/6.3.0/struts-6.3.0-min-lib.zip.sha256;>SHA256] +https://archive.apache.org/dist/struts/2.5.32/struts-2.5.32-min-lib.zip;>struts-2.5.32-min-lib.zip (4MB) +[https://archive.apache.org/dist/struts/2.5.32/struts-2.5.32-min-lib.zip.asc;>PGP] +[https://archive.apache.org/dist/struts/2.5.32/struts-2.5.32-min-lib.zip.sha256;>SHA256] @@ -300,9 +300,9 @@ All Dependencies: -https://archive.apache.org/dist/struts/6.3.0/struts-6.3.0-lib.zip;>struts-6.3.0-lib.zip (19MB) -[https://archive.apache.org/dist/struts/6.3.0/struts-6.3.0-lib.zip.asc;>PGP] -[https://archive.apache.org/dist/struts/6.3.0/struts-6.3.0-lib.zip.sha256;>SHA256] +https://archive.apache.org/dist/struts/2.5.32/struts-2.5.32-lib.zip;>struts-2.5.32-lib.zip (19MB) +[https://archive.apache.org/dist/struts/2.5.32/struts-2.5.32-lib.zip.asc;>PGP] +[https://archive.apache.org/dist/struts/2.5.32/struts-2.5.32-lib.zip.sha256;>SHA256] @@ -310,9 +310,9 @@ Documentation: -https://archive.apache.org/dist/struts/6.3.0/struts-6.3.0-docs.zip;>struts-6.3.0-docs.zip (13MB) -[https://archive.apache.org/dist/struts/6.3.0/struts-6.3.0-docs.zip.asc;>PGP] -[https://archive.apache.org/dist/struts/6.3.0/struts-6.3.0-docs.zip.sha256;>SHA256] +https://archive.apache.org/dist/struts/2.5.32/struts-2.5.32-docs.zip;>struts-2.5.32-docs.zip (13MB) +[https://archive.apache.org/dist/struts/2.5.32/struts-2.5.32-docs.zip.asc;>PGP] +[https://archive.apache.org/dist/struts/2.5.32/struts-2.5.32-docs.zip.sha256;>SHA256] @@ -320,16 +320,16 @@ Source: -https://archive.apache.org/dist/struts/6.3.0/struts-6.3.0-src.zip;>struts-6.3.0-src.zip (7MB) -[https://archive.apache.org/dist/struts/6.3.0/struts-6.3.0-src.zip.asc;>PGP] -[https://archive.apache.org/dist/struts/6.3.0/struts-6.3.0-src.zip.sha256;>SHA256] +https://archive.apache.org/dist/struts/2.5.32/struts-2.5.32-src.zip;>struts-2.5.32-src.zip (7MB) +[https://archive.apache.org/dist/struts/2.5.32/struts-2.5.32-src.zip.asc;>PGP] +[https://archive.apache.org/dist/struts/2.5.32/struts-2.5.32-src.zip.sha256;>SHA256] -Struts 6.3.0 +Struts 2.5.32 We stopped serving directly the outdated
[struts-site] branch asf-site updated: Automatic Site Publish by Buildbot
This is an automated email from the ASF dual-hosted git repository. git-site-role pushed a commit to branch asf-site in repository https://gitbox.apache.org/repos/asf/struts-site.git The following commit(s) were added to refs/heads/asf-site by this push: new 6d714b936 Automatic Site Publish by Buildbot 6d714b936 is described below commit 6d714b936fd47f8488b0f6f0b53900f064d4af0d Author: buildbot AuthorDate: Tue Sep 5 06:10:13 2023 + Automatic Site Publish by Buildbot --- output/announce-2023.html | 66 output/download.html | 86 +- output/index.html | 18 +++--- output/releases.html | 2 +- output/tag-developers/ajax-head-template.html | 88 +-- 5 files changed, 121 insertions(+), 139 deletions(-) diff --git a/output/announce-2023.html b/output/announce-2023.html index 788bfc3be..13e8417f8 100644 --- a/output/announce-2023.html +++ b/output/announce-2023.html @@ -132,6 +132,7 @@ Announcements 2023 + 04 September 2023 - Apache Struts version 6.3.0 General Availability 10 July 2023 - Apache Struts version 6.2.0 General Availability 13 June 2023 - Apache Struts version 6.1.2.1 General Availability 13 June 2023 - Apache Struts version 2.5.31 General Availability @@ -142,6 +143,71 @@ Skip to: Announcements - 2022 +04 September 2023 - Apache Struts version 6.3.0 General Availability + +The Apache Struts group is pleased to announce that Apache Struts version 6.3.0 is available as a “General Availability” +release. The GA designation is our highest quality grade. + +The Apache Struts is an elegant, extensible framework for creating enterprise-ready Java web applications. +The framework has been designed to streamline the full development cycle, from building, to deploying, +to maintaining applications over time. + + + Note: This version includes the whole code of retired The Apache Tiles, when you use the Struts Tiles plugin +please to remove any external dependencies to the Apache Tiles as the whole code is already included in the plugin. +See https://issues.apache.org/jira/browse/WW-5233;>WW-5233 for more details. + + +Below is a full list of all changes: + +Bug + + + WW-5330 - Issue when submitting a form with a textarea containing more than 4000 characters. + WW-5331 - Access to request attributes via tags is broken + + +Improvement + + + WW-5233 - Include Apache Tiles code base in the Tiles plugin + WW-5321 - notify / document about new maxStringLength limitation + WW-5327 - Stop using JavaBeans notation for setters in SecurityMemberAccess MemberAccessValueStack + WW-5332 - Validate excluded package name list for missing commas + WW-5334 - Misc VelocityManager code cleanup + WW-5336 - Merge OgnlTool class into StrutsUtil class + WW-5337 - Improve performance of excluded classes and packages + + +Dependency + + + WW-5315 - Upgrades ASM to version 9.5 + WW-5316 - Upgrades commons-io to version 2.13.0 + WW-5317 - Upgrades log4j-api to version 2.20.0 + WW-5318 - Upgrades slf4j-api to version 2.0.7 + WW-5320 - finish Reproducible Builds + WW-5322 - Upgrade Jackson version to 2.15.2 + WW-5323 - Upgrade JasperReports to version 6.20.5 + WW-5325 - Upgrade commons-lang3 to version 2.13.0 + WW-5329 - Upgrade xstream to version 1.4.20 + + + + Please read the https://cwiki.apache.org/confluence/display/WW/Version+Notes+6.3.0;>Version Notes to find more details about performed +bug fixes and improvements. + + +All developers are strongly advised to perform this upgrade. + +The 6.x series of the Apache Struts framework has a minimum requirement of the following specification versions: +Servlet API 3.1, JSP API 2.1, and Java 8. + +Should any issues arise with your use of any version of the Struts framework, please post your comments to the user list, +and, if appropriate, file https://issues.apache.org/jira/projects/WW/;>a tracking ticket. + +You can download this version from our download page. + 10 July 2023 - Apache Struts version 6.2.0 General Availability The Apache Struts group is pleased to announce that Apache Struts version 6.2.0 is available as a “General Availability” diff --git a/output/download.html b/output/download.html index e81daf714..7ab556e6b 100644 --- a/output/download.html +++ b/output/download.html @@ -184,26 +184,26 @@ Full Releases -Struts 6.2.0 +Struts 6.3.0 - The https://struts.apache.org/;>Apache Struts 6.2.0 is an elegant, extensible + The https://struts.apache.org/;>Apache Struts 6.3.0 is an elegant, extensible framework for creating enterprise-ready Java web applications. It is available in a full distribution, or as separate library, source, example and documentation distributions. - Struts 6.2.0 is the "best available" version of Struts in the 2.5 series. + Struts 6.3.0 is the "best available" version of Struts in
[struts-site] branch asf-site updated: Automatic Site Publish by Buildbot
This is an automated email from the ASF dual-hosted git repository. git-site-role pushed a commit to branch asf-site in repository https://gitbox.apache.org/repos/asf/struts-site.git The following commit(s) were added to refs/heads/asf-site by this push: new 1ec2e7621 Automatic Site Publish by Buildbot 1ec2e7621 is described below commit 1ec2e762109ad4fbdb7561c1236e73d8dd420800 Author: buildbot AuthorDate: Wed Aug 16 11:43:06 2023 + Automatic Site Publish by Buildbot --- ...essing-application-session-request-objects.html | 64 +- 1 file changed, 39 insertions(+), 25 deletions(-) diff --git a/output/core-developers/accessing-application-session-request-objects.html b/output/core-developers/accessing-application-session-request-objects.html index b2a408adc..a975cbb48 100644 --- a/output/core-developers/accessing-application-session-request-objects.html +++ b/output/core-developers/accessing-application-session-request-objects.html @@ -131,46 +131,60 @@ << back to Core Developers Guide -Accessing application, session, request objects +Accessing application, session, request objects -DEPRECATED??? + + Accessing from Java + Avoid using ActionContext + + + Accessing from the view (JSP, FreeMarker, etc.) + -The framework provides several access helpers to access Session, Application, Request scopes. +The framework provides several access helpers to access Request, Session, Application scopes. +See Servlet Config Interceptor page to find all the supported interfaces. Accessing from Java -All the JEE scope attribute maps can be accessed via ActionContext. +The best way to access Request, Session or Application scope is to use one of the following interfaces: + + ServletRequestAware - to access Request scope + ServletResponseAware - to access Response scope + SessionAware - to access Session scope + ApplicationAware - to access Application scope + -Accessing servlet scopes +Example usage of the interfaces: -Map attr = (Map) ActionContext.getContext().get("attr"); -attr.put("myId", myProp); // Page scope. +public class MyAction implements ApplicationAware { + +private MapString, Object application; -Map application = (Map) ActionContext.getContext().get("application"); -application.put("myId", myProp); - -Map session = (Map) ActionContext.getContext().get("session"); -session.put("myId", myProp); - -Map request = (Map) ActionContext.getContext().get("request"); -request.put("myId", myProp); +public void withApplication(MapString, Object application) { +this.application = application; +} + +public String execute() { +application.set("myKey", "myValue"); +... +return "success"; +} + +} - - Do not use ActionContext.getContext() in the constructor of your Action class. The values may not be set up, and -the call may return null for getSession(). - +Implementing ServletRequestAware or ServletResponseAware will tie your actions to Servlet objects. Yet using these +interfaces and SessionAware or ApplicationAware combined with the servletConfig interceptor, is the best way +to access these scopes. -We can also access the HttpServletRequest and HttpServletResponse objects themselves through ServletActionContext. -In general this isn’t recommended as it will tie our action to the servlet specification. +Avoid using ActionContext -Setting session attribute through session object +Using ActionContext directly is a bad practice and should be avoided, instead of using -ServletActionContext.getRequest().getSession().put("myId", myProp); +ActionContext.getContext().getSession().put("myAttribute", "myValue"); -Implementing ServletRequestAware or ServletResponseAware, combined with the servletConfig interceptor, -is an alternative way to access the request and response objects, with the same caveat. +use one of the *Aware interfaces above. Accessing from the view (JSP, FreeMarker, etc.)
[struts-site] branch asf-site updated: Automatic Site Publish by Buildbot
This is an automated email from the ASF dual-hosted git repository. git-site-role pushed a commit to branch asf-site in repository https://gitbox.apache.org/repos/asf/struts-site.git The following commit(s) were added to refs/heads/asf-site by this push: new 17779c97e Automatic Site Publish by Buildbot 17779c97e is described below commit 17779c97ec67454ab168e99dcbbeefa990428343 Author: buildbot AuthorDate: Fri Aug 4 07:35:33 2023 + Automatic Site Publish by Buildbot --- output/core-developers/file-upload.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/output/core-developers/file-upload.html b/output/core-developers/file-upload.html index 4a9587b20..60687fb58 100644 --- a/output/core-developers/file-upload.html +++ b/output/core-developers/file-upload.html @@ -467,7 +467,7 @@ The defeault limit is set to 4096 bytes: This options prevents attacks, which consists of multiple large objects in the multipart request. Such attack can exhaust -the available memory and finally produce OutOfMemoryException. If the limit is too low you can increase it but defining +the available memory and finally produce OutOfMemoryException. If the limit is too low you can increase it by defining the following constant in struts.xml: struts
[struts-site] branch asf-site updated: Automatic Site Publish by Buildbot
This is an automated email from the ASF dual-hosted git repository. git-site-role pushed a commit to branch asf-site in repository https://gitbox.apache.org/repos/asf/struts-site.git The following commit(s) were added to refs/heads/asf-site by this push: new 2a39eae70 Automatic Site Publish by Buildbot 2a39eae70 is described below commit 2a39eae7089dfdd366963d828e9ce4eef15753f2 Author: buildbot AuthorDate: Fri Aug 4 07:34:10 2023 + Automatic Site Publish by Buildbot --- output/core-developers/file-upload.html | 21 + 1 file changed, 21 insertions(+) diff --git a/output/core-developers/file-upload.html b/output/core-developers/file-upload.html index 2eaf1ad0b..4a9587b20 100644 --- a/output/core-developers/file-upload.html +++ b/output/core-developers/file-upload.html @@ -147,6 +147,7 @@ Advanced Configuration Files Number Limit File Size Limits + Normal Field Size Limit File Types Error Messages Temporary Directories @@ -457,6 +458,26 @@ precedence over this interceptor setting. /action /struts +Normal Field Size Limit + +Since Struts 6.1.2.1 a new option has been introduced to limit the size of a normal string field in the multipart request. +The defeault limit is set to 4096 bytes: + +struts.multipart.maxStringLength=4096 + + +This options prevents attacks, which consists of multiple large objects in the multipart request. Such attack can exhaust +the available memory and finally produce OutOfMemoryException. If the limit is too low you can increase it but defining +the following constant in struts.xml: + +struts +constant name="struts.multipart.maxStringLength" value="1"/ + +action name="doUpload" class="com.example.UploadAction" + ... +/action +/struts + File Types
[struts-site] branch asf-site updated: Automatic Site Publish by Buildbot
This is an automated email from the ASF dual-hosted git repository. git-site-role pushed a commit to branch asf-site in repository https://gitbox.apache.org/repos/asf/struts-site.git The following commit(s) were added to refs/heads/asf-site by this push: new 269f27e0b Automatic Site Publish by Buildbot 269f27e0b is described below commit 269f27e0b872434e93122ce1c107da0c387c3d14 Author: buildbot AuthorDate: Wed Jul 26 19:30:17 2023 + Automatic Site Publish by Buildbot --- output/core-developers/file-upload.html |6 +- output/index.html |2 +- output/releases.html| 1367 --- 3 files changed, 145 insertions(+), 1230 deletions(-) diff --git a/output/core-developers/file-upload.html b/output/core-developers/file-upload.html index 0fe66ffc6..2eaf1ad0b 100644 --- a/output/core-developers/file-upload.html +++ b/output/core-developers/file-upload.html @@ -404,6 +404,7 @@ struts.multipart.saveDir= # Filesystem location to save parsed request data struts.multipart.maxSize=2097152 # Max combined size of files per request struts.multipart.maxFiles=256 # Max number of files per request struts.multipart.maxFileSize= # Max size per file per request +struts.multipart.maxStringLength=4096 # Max length of a string parameter (a normal field) in a multipart request (since Struts 6.1.2.1) You can also set the max options to unlimited by setting their value to -1, but please see the sections below for @@ -411,12 +412,11 @@ further details on these options first. Files Number Limit -Since Struts 6.1.2/6.2.0 a new option was added, which uses Commons FileUpload feature to limit how many files can be +Since Struts 6.1.2 a new option was added, which uses Commons FileUpload feature to limit how many files can be uploaded at once, in one request. This option requires to use Commons FileUpload ver. 1.5 at least and by default is set to 256. Please always set this to a finite value to prevent DoS attacks. -To change this value define a constant -in struts.xml as follows: +To change this value define a constant in struts.xml as follows: struts constant name="struts.multipart.maxFiles" value="500"/ diff --git a/output/index.html b/output/index.html index 320536d40..7ebce2a47 100644 --- a/output/index.html +++ b/output/index.html @@ -149,7 +149,7 @@ Apache Struts 6.2.0 GA - Apache Struts 6.2.0 GA has been releasedon 10 June 2023. + Apache Struts 6.2.0 GA has been releasedon 10 July 2023. Read more in Announcement or in https://cwiki.apache.org/confluence/display/WW/Version+Notes+6.2.0;>Version notes diff --git a/output/releases.html b/output/releases.html index 266efbfc1..2f4d787e9 100644 --- a/output/releases.html +++ b/output/releases.html @@ -226,12 +226,60 @@ + + + Struts 6.2.0 + +10 July 2023 + + + + https://cwiki.apache.org/confluence/display/WW/Version+Notes+6.2.0;>Version notes + + + + + Struts 6.1.2.1 + +13 June 2023 + + + + https://cwiki.apache.org/confluence/display/WW/Version+Notes+6.1.2.1;>Version notes + + + + + Struts 2.5.31 + +13 June 2023 + + + + https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.5.31;>Version notes + + + + + Struts 6.1.2 + +10 March 2023 + + https://cwiki.apache.org/confluence/display/WW/S2-064;>S2-064, + https://cwiki.apache.org/confluence/display/WW/S2-063;>S2-063 + + + https://cwiki.apache.org/confluence/display/WW/Version+Notes+6.1.2;>Version notes + + Struts 6.1.1 28 November 2022 + https://cwiki.apache.org/confluence/display/WW/S2-064;>S2-064, + https://cwiki.apache.org/confluence/display/WW/S2-063;>S2-063 https://cwiki.apache.org/confluence/display/WW/Version+Notes+6.1.1;>Version notes @@ -243,6 +291,8 @@ 15 September 2022 + https://cwiki.apache.org/confluence/display/WW/S2-064;>S2-064, + https://cwiki.apache.org/confluence/display/WW/S2-063;>S2-063 https://cwiki.apache.org/confluence/display/WW/Version+Notes+6.0.3;>Version notes @@ -254,6 +304,8 @@ 6 June 2022 + https://cwiki.apache.org/confluence/display/WW/S2-064;>S2-064, + https://cwiki.apache.org/confluence/display/WW/S2-063;>S2-063 https://cwiki.apache.org/confluence/display/WW/Version+Notes+6.0.0;>Version notes @@ -265,6 +317,8 @@ 4 April 2022 + https://cwiki.apache.org/confluence/display/WW/S2-064;>S2-064, + https://cwiki.apache.org/confluence/display/WW/S2-063;>S2-063 https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.5.30;>Version notes @@ -276,6 +330,8 @@ 22 January 2022 +
[struts-site] branch asf-site updated: Automatic Site Publish by Buildbot
This is an automated email from the ASF dual-hosted git repository. git-site-role pushed a commit to branch asf-site in repository https://gitbox.apache.org/repos/asf/struts-site.git The following commit(s) were added to refs/heads/asf-site by this push: new ec39d5f26 Automatic Site Publish by Buildbot ec39d5f26 is described below commit ec39d5f263f7032f6049bb3c130d9fec1599def8 Author: buildbot AuthorDate: Tue Jul 18 07:41:09 2023 + Automatic Site Publish by Buildbot --- output/core-developers/csp-interceptor.html | 26 +- 1 file changed, 25 insertions(+), 1 deletion(-) diff --git a/output/core-developers/csp-interceptor.html b/output/core-developers/csp-interceptor.html index fae9c3ec8..d4d486fc1 100644 --- a/output/core-developers/csp-interceptor.html +++ b/output/core-developers/csp-interceptor.html @@ -131,7 +131,14 @@ << back to Interceptors -Content Security Policy Interceptor +Content Security Policy Interceptor + + + Description + Parameters + Action aware + Examples + Description @@ -154,6 +161,23 @@ is going to be enforced. reportUri - an uri under, which the violations have to be reported. +Action aware + +Since Struts 6.2.0 it is possible to configure the CSP interceptor by providing the an instance of CspSettings interface. +Please use CspSettingsAware interface and implement the getCspSettings() method to steer the policy per action. + +public class MyAction implements CspSettingsAware { + +public String execute() { +return "success"; +} + +public CspSetting getCspSettings() { + ... +} +} + + Examples action name="someAction" class="com.examples.SomeAction"
[struts-site] branch asf-site updated: Automatic Site Publish by Buildbot
This is an automated email from the ASF dual-hosted git repository. git-site-role pushed a commit to branch asf-site in repository https://gitbox.apache.org/repos/asf/struts-site.git The following commit(s) were added to refs/heads/asf-site by this push: new e5dce2008 Automatic Site Publish by Buildbot e5dce2008 is described below commit e5dce2008761fbd36be2bc47fc78aa6aa88eee76 Author: buildbot AuthorDate: Tue Jun 27 13:12:30 2023 + Automatic Site Publish by Buildbot --- output/core-developers/interceptors.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/output/core-developers/interceptors.html b/output/core-developers/interceptors.html index 504baf04d..e96150dbb 100644 --- a/output/core-developers/interceptors.html +++ b/output/core-developers/interceptors.html @@ -623,7 +623,7 @@ specified in the intercep Store and retrieve action messages / errors / field errors for action that implements ValidationAware interface into session. - Model Driven Interceptor + Model Driven Interceptor modelDriven If the Action implements ModelDriven, pushes the getModel Result onto the Value Stack.
[struts-site] branch asf-site updated: Automatic Site Publish by Buildbot
This is an automated email from the ASF dual-hosted git repository. git-site-role pushed a commit to branch asf-site in repository https://gitbox.apache.org/repos/asf/struts-site.git The following commit(s) were added to refs/heads/asf-site by this push: new ba0d75a9b Automatic Site Publish by Buildbot ba0d75a9b is described below commit ba0d75a9bb466ba2388543987f65f045997e3d41 Author: buildbot AuthorDate: Sun May 28 07:14:38 2023 + Automatic Site Publish by Buildbot --- output/tag-developers/ognl-basics.html | 98 +++--- output/tag-developers/ognl.html| 76 +++--- 2 files changed, 51 insertions(+), 123 deletions(-) diff --git a/output/tag-developers/ognl-basics.html b/output/tag-developers/ognl-basics.html index 9bd857119..4377ccd05 100644 --- a/output/tag-developers/ognl-basics.html +++ b/output/tag-developers/ognl-basics.html @@ -136,7 +136,6 @@ Struts-specific language features Accessing static properties - Differences from the WebWork 1.x EL Struts 2 Named Objects @@ -144,11 +143,11 @@ Struts-specific language features -The biggest addition that Struts provides on top of OGNL is the support for the ValueStack. While OGNL operates under +The biggest addition that Struts provides on top of OGNL is the support for the ValueStack. While OGNL operates under the assumption there is only one “root”, Struts’s ValueStack concept requires there be many “roots”. -For example, suppose we are using standard OGNL (not using Struts) and there are two objects in the OgnlContext map: -“foo” - foo and “bar” - bar and that the foo object is also configured to be the single root object. +For example, suppose we are using standard OGNL (not using Struts) and there are two objects in the OgnlContext map: +“foo” - foo and “bar” - bar and that the foo object is also configured to be the single root object. The following code illustrates how OGNL deals with these three situations: #foo.blah // returns foo.getBlah() @@ -156,34 +155,34 @@ The following code illustrates how OGNL deals with these three situations: blah // returns foo.getBlah() because foo is the root -What this means is that OGNL allows many objects in the context, but unless the object you are trying to access is the root, -it must be prepended with a namespaces such as @bar. Now let’s talk about how Struts is a little different… +What this means is that OGNL allows many objects in the context, but unless the object you are trying to access is the +root, it must be prepended with a namespaces such as @bar. Now let’s talk about how Struts is a little different… - In Struts, the entire ValueStack is the root object in the context. Rather than having your expressions get the object -you want from the stack and then get properties from that (ie: peek().blah), Struts has a special OGNL PropertyAccessor -that will automatically look at the all entries in the stack (from the top down) until it finds an object with the property -you are looking for. + In Struts, the entire ValueStack is the root object in the context. Rather than having your expressions get the object +you want from the stack and then get properties from that (ie: peek().blah), Struts has a special OGNL +PropertyAccessor that will automatically look at the all entries in the stack (from the top down) until it finds +an object with the property you are looking for. -For example, suppose the stack contains two objects: Animal and Person. Both objects have a “name” property, Animal has -a “species” property, and Person has a “salary” property. Animal is on the top of the stack, and Person is below it. -The follow code fragments help you get an idea of what is going on here: +For example, suppose the stack contains two objects: Animal and Person. Both objects have a name property, +Animal has a species property, and Person has a salary property. Animal is on the top of the stack, +and Person is below it. The follow code fragments help you get an idea of what is going on here: species// call to animal.getSpecies() salary // call to person.getSalary() name // call to animal.getName() because animal is on the top -In the last example, there was a tie and so the animal’s name was returned. Usually this is the desired effect, but -sometimes you want the property of a lower-level object. To do this, XWork has added support for indexes on the ValueStack. -All you have to do is: +In the last example, there was a tie and so the animal’s name was returned. Usually this is the desired effect, but +sometimes you want the property of a lower-level object. To do this, XWork has added support for indexes on the +ValueStack. All you have to do is: [0].name // call to animal.getName() [1].name // call to person.getName() -With expression like [0] ... [3] etc. Struts will cut the stack and still
[struts-site] branch asf-site updated: Automatic Site Publish by Buildbot
This is an automated email from the ASF dual-hosted git repository. git-site-role pushed a commit to branch asf-site in repository https://gitbox.apache.org/repos/asf/struts-site.git The following commit(s) were added to refs/heads/asf-site by this push: new e1364279d Automatic Site Publish by Buildbot e1364279d is described below commit e1364279d4f5372a1a6b882e95b66e2267332a3f Author: buildbot AuthorDate: Wed May 24 05:40:11 2023 + Automatic Site Publish by Buildbot --- output/core-developers/configuration-files.html| 18 - .../configuration-provider-and-configuration.html | 8 +++- output/core-developers/constant-configuration.html | 3 +- output/core-developers/struts-xml.html | 2 +- output/plugins/plugins-architecture.html | 47 +- 5 files changed, 45 insertions(+), 33 deletions(-) diff --git a/output/core-developers/configuration-files.html b/output/core-developers/configuration-files.html index 99eab2d14..b797a8443 100644 --- a/output/core-developers/configuration-files.html +++ b/output/core-developers/configuration-files.html @@ -160,13 +160,7 @@ See Reloading configuration for more. struts.xml yes /WEB-INF/classes/ - Main configuration, contains result/view types, action mappings, interceptors, and so forth \ - - - - - - + Main configuration, contains result/view types, action mappings, interceptors, and so forth default.properties @@ -187,10 +181,16 @@ See Reloading configuration for more. Default macros referenced by velocity.properties - struts-plugin.xml + struts-plugin.xml + yes + At the root of a plugin JAR + Optional configuration files for Plugins in the same format as struts.xml. + + + struts-deferred.xml yes At the root of a plugin JAR - Optional configuration files for Plugins in the same format as struts.xml. + Optional configuration files for Plugins, most useful for defining extension points velocity.properties diff --git a/output/core-developers/configuration-provider-and-configuration.html b/output/core-developers/configuration-provider-and-configuration.html index be6d98308..25a844648 100644 --- a/output/core-developers/configuration-provider-and-configuration.html +++ b/output/core-developers/configuration-provider-and-configuration.html @@ -155,8 +155,12 @@ through a Dispatcher’s DispatcherListener. - XmlConfigurationProvider - an abstract based implementation which can use XML files as source of configuration - StrutsXmlConfigurationProvider - primary configuration provider, represents struts.xml and struts-plugin.xml files + XmlDocConfigurationProvider - an abstract based implementation which can use XML documents from any source as +configuration + XmlConfigurationProvider - an abstract based implementation which can use XML files on disk as source of +configuration + StrutsXmlConfigurationProvider - primary configuration provider, represents struts.xml, struts-plugin.xml +and struts-deferred.xml files PropertiesConfigurationProvider - used to load struts.properties -ServletContextAwareConfigurationProvider - marking interface allowing to inject ServletContext into provider diff --git a/output/core-developers/constant-configuration.html b/output/core-developers/constant-configuration.html index 03f9e30df..cf36457ff 100644 --- a/output/core-developers/constant-configuration.html +++ b/output/core-developers/constant-configuration.html @@ -141,10 +141,11 @@ for subsequent files to override previous ones: struts-default.xml - struts-plugin.xml + struts-plugin.xml struts.xml default.properties web.xml + struts-deferred.xml diff --git a/output/core-developers/struts-xml.html b/output/core-developers/struts-xml.html index 85e87c9fb..55b905135 100644 --- a/output/core-developers/struts-xml.html +++ b/output/core-developers/struts-xml.html @@ -136,7 +136,7 @@ of the webapp (generally /WEB The default file may include other configuration files as needed. - A struts-plugin.xml file can be placed in a JAR and automatically plugged into an application, so that modules + A struts-plugin.xml (and/or a struts-deferred.xml) file can be placed in a JAR and automatically plugged into an application, so that modules can be self-contained and automatically configured. In the case of Freemarker and Velocity modules, the templates can also be loaded from the classpath, so the entire module can be plugged in as a single JAR. diff --git a/output/plugins/plugins-architecture.html b/output/plugins/plugins-architecture.html index f0e15ba96..bad09d682 100644 --- a/output/plugins/plugins-architecture.html +++ b/output/plugins/plugins-architecture.html @@ -143,43 +143,49 @@ Developing new extension point Extension point provided by the Core -
[struts-site] branch asf-site updated: Automatic Site Publish by Buildbot
This is an automated email from the ASF dual-hosted git repository. git-site-role pushed a commit to branch asf-site in repository https://gitbox.apache.org/repos/asf/struts-site.git The following commit(s) were added to refs/heads/asf-site by this push: new 1f880082e Automatic Site Publish by Buildbot 1f880082e is described below commit 1f880082e8aa90382b201353a3c69da047bfb72a Author: buildbot AuthorDate: Thu Mar 30 17:33:41 2023 + Automatic Site Publish by Buildbot --- output/core-developers/execute-and-wait-interceptor.html | 11 ++- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/output/core-developers/execute-and-wait-interceptor.html b/output/core-developers/execute-and-wait-interceptor.html index 7e780851e..dac520389 100644 --- a/output/core-developers/execute-and-wait-interceptor.html +++ b/output/core-developers/execute-and-wait-interceptor.html @@ -206,17 +206,18 @@ process extension, extend Exe Using ExecutorProvider -Since Struts 6.1.1 it is possible to use your own ExecutorProvider to run background tasks. To use your own executor +Since Struts 6.2.0 it is possible to use your own ExecutorProvider to run background tasks. To use your own executor you must implement interface org.apache.struts2.interceptor.exec.ExecutorProvider and install the bean using struts.xml like follows: -bean type="org.apache.struts2.interceptor.exec.ExecutorProvider" +bean type="org.apache.struts2.interceptor.exec.ExecutorProvider" name="myExecutor" class="com.company.MyExecutorProvider"/ - -Please take a look into example implementation in the Showcase App. +constant name="struts.executor.provider" value="myExecutor"/ + -If no custom executor is defined, Struts will use org.apache.struts2.interceptor.exec.StrutsExecutorProvider by default. +Please take a look into example implementation in the Showcase App. If no custom executor has been defined, +Struts will use org.apache.struts2.interceptor.exec.StrutsExecutorProvider by default. Examples
[struts-site] branch asf-site updated: Automatic Site Publish by Buildbot
This is an automated email from the ASF dual-hosted git repository. git-site-role pushed a commit to branch asf-site in repository https://gitbox.apache.org/repos/asf/struts-site.git The following commit(s) were added to refs/heads/asf-site by this push: new a443372b5 Automatic Site Publish by Buildbot a443372b5 is described below commit a443372b58d844f4edc61b8bf0419d9edd5dfeb3 Author: buildbot AuthorDate: Wed Mar 22 16:11:51 2023 + Automatic Site Publish by Buildbot --- output/archetype-catalog.xml | 14 +++--- output/download.html | 42 +- 2 files changed, 28 insertions(+), 28 deletions(-) diff --git a/output/archetype-catalog.xml b/output/archetype-catalog.xml index dbeb5f82c..364f39e19 100644 --- a/output/archetype-catalog.xml +++ b/output/archetype-catalog.xml @@ -7,49 +7,49 @@ org.apache.struts struts2-archetype-blank -2.5.22 +6.0.0 https://repository.apache.org/content/groups/public/ Struts 2 Archetypes - Blank org.apache.struts struts2-archetype-convention -2.5.22 +6.0.0 https://repository.apache.org/content/groups/public/ Struts 2 Archetypes - Blank Convention org.apache.struts struts2-archetype-dbportlet -2.5.22 +6.0.0 https://repository.apache.org/content/groups/public/ Struts 2 Archetypes - Database Portlet org.apache.struts struts2-archetype-plugin -2.5.22 +6.0.0 https://repository.apache.org/content/groups/public/ Struts 2 Archetypes - Plugin org.apache.struts struts2-archetype-portlet -2.5.22 +6.0.0 https://repository.apache.org/content/groups/public/ Struts 2 Archetypes - Portlet org.apache.struts struts2-archetype-starter -2.5.22 +6.0.0 https://repository.apache.org/content/groups/public/ Struts 2 Archetypes - Starter org.apache.struts struts2-archetype-angularjs -2.5.22 +6.0.0 https://repository.apache.org/content/groups/public/ Struts 2 Archetypes - Angular JS diff --git a/output/download.html b/output/download.html index bef61e432..b2e385c8f 100644 --- a/output/download.html +++ b/output/download.html @@ -260,19 +260,19 @@ -Struts 2.5.22 +Struts 2.5.30 -https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.5.22;>Version Notes +https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.5.30;>Version Notes Full Distribution: -https://archive.apache.org/dist/struts/2.5.22/struts-2.5.22-all.zip;>struts-2.5.22-all.zip (65MB) -[https://archive.apache.org/dist/struts/2.5.22/struts-2.5.22-all.zip.asc;>PGP] -[https://archive.apache.org/dist/struts/2.5.22/struts-2.5.22-all.zip.sha256;>SHA256] +https://archive.apache.org/dist/struts/2.5.30/struts-2.5.30-all.zip;>struts-2.5.30-all.zip (65MB) +[https://archive.apache.org/dist/struts/2.5.30/struts-2.5.30-all.zip.asc;>PGP] +[https://archive.apache.org/dist/struts/2.5.30/struts-2.5.30-all.zip.sha256;>SHA256] @@ -280,9 +280,9 @@ Example Applications: -https://archive.apache.org/dist/struts/2.5.22/struts-2.5.22-apps.zip;>struts-2.5.22-apps.zip (35MB) -[https://archive.apache.org/dist/struts/2.5.22/struts-2.5.22-apps.zip.asc;>PGP] -[https://archive.apache.org/dist/struts/2.5.22/struts-2.5.22-apps.zip.sha256;>SHA256] +https://archive.apache.org/dist/struts/2.5.30/struts-2.5.30-apps.zip;>struts-2.5.30-apps.zip (35MB) +[https://archive.apache.org/dist/struts/2.5.30/struts-2.5.30-apps.zip.asc;>PGP] +[https://archive.apache.org/dist/struts/2.5.30/struts-2.5.30-apps.zip.sha256;>SHA256] @@ -290,9 +290,9 @@ Essential Dependencies Only: -https://archive.apache.org/dist/struts/2.5.22/struts-2.5.22-min-lib.zip;>struts-2.5.22-min-lib.zip (4MB) -[https://archive.apache.org/dist/struts/2.5.22/struts-2.5.22-min-lib.zip.asc;>PGP] -[https://archive.apache.org/dist/struts/2.5.22/struts-2.5.22-min-lib.zip.sha256;>SHA256] +https://archive.apache.org/dist/struts/2.5.30/struts-2.5.30-min-lib.zip;>struts-2.5.30-min-lib.zip (4MB) +[https://archive.apache.org/dist/struts/2.5.30/struts-2.5.30-min-lib.zip.asc;>PGP] +[https://archive.apache.org/dist/struts/2.5.30/struts-2.5.30-min-lib.zip.sha256;>SHA256] @@ -300,9 +300,9 @@ All Dependencies:
[struts-site] branch asf-site updated: Automatic Site Publish by Buildbot
This is an automated email from the ASF dual-hosted git repository. git-site-role pushed a commit to branch asf-site in repository https://gitbox.apache.org/repos/asf/struts-site.git The following commit(s) were added to refs/heads/asf-site by this push: new 324b637a2 Automatic Site Publish by Buildbot 324b637a2 is described below commit 324b637a2b89d1504645d1943d86febba3649311 Author: buildbot AuthorDate: Wed Mar 22 05:34:46 2023 + Automatic Site Publish by Buildbot --- output/core-developers/file-upload.html | 82 - 1 file changed, 39 insertions(+), 43 deletions(-) diff --git a/output/core-developers/file-upload.html b/output/core-developers/file-upload.html index ede426e0d..47f375784 100644 --- a/output/core-developers/file-upload.html +++ b/output/core-developers/file-upload.html @@ -145,8 +145,8 @@ Advanced Configuration - File Size Limits Files Number Limit + File Size Limits File Types Error Messages Temporary Directories @@ -397,54 +397,53 @@ see struts-fileupload.xmlAdvanced Configuration The Struts 2 default.properties file defines several settings that affect the behavior of file uploading. You may find -in necessary to change these values. The names and default values are: +it necessary to change these values. The names and default values are: struts.multipart.parser=jakarta -struts.multipart.saveDir= -struts.multipart.maxSize=2097152 -struts.multipart.maxFiles=256 +struts.multipart.saveDir= # Filesystem location to save parsed request data +struts.multipart.maxSize=2097152 # Max combined size of files per request +struts.multipart.maxFiles=256 # Max number of files per request +struts.multipart.maxFileSize= # Max size per file per request - - Please remember that the struts.multipart.maxSize is the size limit of the whole request, which means when you’re -uploading multiple files, the sum of their size must be below the struts.multipart.maxSize! - +You can also set the max options to unlimited by setting their value to -1, but please see the sections below for +further details on these options first. + +Files Number Limit + +Since Struts 6.1.2/6.2.0 a new option was added, which uses Commons FileUpload feature to limit how many files can be +uploaded at once, in one request. This option requires to use Commons FileUpload ver. 1.5 at least and by default is set +to 256. Please always set this to a finite value to prevent DoS attacks. -In order to change these settings you define a constant in your applications struts.xml file like so: +To change this value define a constant +in struts.xml as follows: struts -constant name="struts.multipart.maxSize" value="100"/ -... +constant name="struts.multipart.maxFiles" value="500"/ /struts -Additionally, the fileUpload interceptor has settings that can be put in place for individual action mappings -by customizing your interceptor stack. +File Size Limits -action name="doUpload" class="com.example.UploadAction" -interceptor-ref name="basicStack"/ -interceptor-ref name="fileUpload" -param name="allowedTypes"text/plain/param -/interceptor-ref -interceptor-ref name="validation"/ -interceptor-ref name="workflow"/ +There are multiple methods to enforce file size limits. -result name="success"good_result.jsp/result -/action - +There is struts.multipart.maxSize which is loaded from the Struts configuration. This setting exists for security +reasons to prohibit a malicious user from uploading extremely large files to fill up your server’s disk space. This +setting defaults to approximately 2MB and should be adjusted to the maximum size (2GB) that you expect to parse. If you +are uploading more than one file in a single request, the struts.multipart.maxSize applies to the combined total, not +the individual files. -File Size Limits +There is also struts.multipart.maxFileSize which is not enforced by default, but can be enabled to enforce a max size +on a per-file basis. -There are two separate file size limits. First is struts.multipart.maxSize which comes from the Struts -2 default.properties file. This setting exists for security reasons to prohibit a malicious user from uploading -extremely large files to file up your servers disk space. This setting defaults to approximately 2 megabytes and should -be adjusted to the maximum size file (2 gigs max) that your will need the framework to receive. If you are uploading -more than one file on a form the struts.multipart.maxSize applies to the combined total, not the individual file -sizes. The other setting, maximumSize, is an interceptor setting that is used to ensure a particular Action does not -receive a file that is too large. Notice the locations of both settings in the following example: +The other setting, maximumSize, is an interceptor setting that is used to ensure a particular Action does not
[struts-site] branch asf-site updated: Automatic Site Publish by Buildbot
This is an automated email from the ASF dual-hosted git repository. git-site-role pushed a commit to branch asf-site in repository https://gitbox.apache.org/repos/asf/struts-site.git The following commit(s) were added to refs/heads/asf-site by this push: new cfb523c09 Automatic Site Publish by Buildbot cfb523c09 is described below commit cfb523c09be97534a758c34686dbf59863f992c0 Author: buildbot AuthorDate: Wed Mar 22 05:34:02 2023 + Automatic Site Publish by Buildbot --- output/core-developers/default-properties.html | 1 + output/security/index.html | 19 ++- 2 files changed, 11 insertions(+), 9 deletions(-) diff --git a/output/core-developers/default-properties.html b/output/core-developers/default-properties.html index d22a34275..6bec201b6 100644 --- a/output/core-developers/default-properties.html +++ b/output/core-developers/default-properties.html @@ -214,6 +214,7 @@ struts.multipart.parser=jakarta struts.multipart.saveDir= struts.multipart.maxSize=2097152 struts.multipart.maxFiles=256 +# struts.multipart.maxFileSize= ### Load custom property files (does not override struts.properties!) # struts.custom.properties=application,org/apache/struts2/extension/custom diff --git a/output/security/index.html b/output/security/index.html index a3491fa29..253044b25 100644 --- a/output/security/index.html +++ b/output/security/index.html @@ -333,8 +333,8 @@ framework with following proactive optional possibilities since OGNL 3.1.24 and default but via enabling them, you can proactively protect from potential still unknown OGNL Expression Injections flaws: - NOTE: These might break your current app functionality. Before using in production environment, you’re recommended to -comprehensively test your app UI and functionalities with these enabled. + NOTE: These might break your current app functionality. Before using in production environment, you’re recommended +to comprehensively test your app UI and functionalities with these enabled. Run OGNL expressions inside sandbox @@ -355,17 +355,18 @@ really only a “style guard” for long OGNL expressions in an application).The Apache Struts 2 contains internal security manager which blocks access to particular classes and Java packages - it’s a OGNL-wide mechanism which means it affects any aspect of the framework ie. incoming parameters, expressions -used in JSPs, etc. +used in JSPs, etc. Matching is done based on both the target and member class of an OGNL expression. There are 4 options that can be used to configure excluded packages and classes: - struts.excludedClasses - comma-separated list of excluded classes - struts.excludedPackageNamePatterns - patterns used to exclude packages based on RegEx - this option is slower than -simple string comparison but it’s more flexible - struts.excludedPackageNames - comma-separated list of excluded packages, it is used with simple string comparison -via startWith and equals - struts.excludedPackageExemptClasses - comma-separated list of classes to exempt from any of the excluded packages or package name patterns + struts.excludedClasses: comma-separated list of excluded classes. Note that superclasses are also matched. + struts.excludedPackageNames: comma-separated list of excluded packages, matched using string +comparison via startWith. Note that classes in subpackages are also excluded. + struts.excludedPackageNamePatterns - comma-separated list of RegEx patterns used to exclude packages. Note that this +option is slower than string comparison but more flexible. + struts.excludedPackageExemptClasses - comma-separated list of classes to exempt from any of the excluded packages or +package name patterns. An exact exemption must exist for each exclusion match (target or member or both). The defaults are defined https://github.com/apache/struts/blob/master/core/src/main/resources/struts-excluded-classes.xml;>here.
[struts-site] branch asf-site updated: Automatic Site Publish by Buildbot
This is an automated email from the ASF dual-hosted git repository. git-site-role pushed a commit to branch asf-site in repository https://gitbox.apache.org/repos/asf/struts-site.git The following commit(s) were added to refs/heads/asf-site by this push: new b21aa4e74 Automatic Site Publish by Buildbot b21aa4e74 is described below commit b21aa4e7425972f0d0a13c341c718192fa63f26e Author: buildbot AuthorDate: Fri Mar 10 06:54:30 2023 + Automatic Site Publish by Buildbot --- output/{index.html => announce-2023.html} | 141 -- output/download.html | 44 +- output/index.html | 10 +-- output/releases.html | 2 +- 4 files changed, 86 insertions(+), 111 deletions(-) diff --git a/output/index.html b/output/announce-2023.html similarity index 67% copy from output/index.html copy to output/announce-2023.html index d67470e6e..4f5c9c79d 100644 --- a/output/index.html +++ b/output/announce-2023.html @@ -7,17 +7,17 @@ - Welcome to the Apache Struts project + Announcements 2023 + + - - https://buttons.github.io/buttons.js"> @@ -125,86 +125,61 @@ - - - - -Apache Struts -Apache Struts is a free, open-source, MVC framework for creating elegant, - modern Java web applications. It favors convention over configuration, is - extensible using a plugin architecture, and ships with plugins to support - REST, AJAX and JSON. - - - Download - - - Technology Primer - - - - - - - -Apache Struts 6.1.1 GA - - Apache Struts 6.1.1 GA has been releasedon 28 November 2022. - -Read more in Announcement or in -https://cwiki.apache.org/confluence/display/WW/Version+Notes+6.1.1;>Version notes - - -Security Advice on Log4j 2.12.4/2.17.1 - - The Apache Struts Security team would like to announce that all the users using - the latest Struts 2.5.x series should either upgrade to Apache Struts 2.5.28.3 which - uses Log4j 2.12.4 version which addresses the latest security vulnerabilities in Log4j - or upgrade Log4j to version 2.12.4 (when running on Java 1.7) or 2.17.1 (when running on Java 8+). - Read more in Announcement - - - -Google's Patch Reward program -During http://www.meetup.com/sfhtml5/;>SFHTML5 Google announced that - they extend their program to cover the Apache Struts project as well. Now you can earn - money preparing patches for us! - read more - - - - - - - -Apache Struts 2.3.x EOL - - The Apache Struts Team informs about discontinuing support for Struts 2.3.x branch, we recommend migration - to the latest version of Struts, read more in - Announcement - - - - - - - - - -Keep in touch: - - -https://www.facebook.com/apachestruts; data-width="250" data-layout="button_count" data-action="like" data-show-faces="false" data-share="true" class="fb-like"> - - -https://github.com/apache/struts; data-color-scheme="no-preference: light; light: light; dark: light;" data-show-count="true" aria-label="Star apache/struts on GitHub">Star - - -https://twitter.com/TheApacheStruts; data-show-count="false" data-lang="en" data-width="240px" data-align="left" class="twitter-follow-button">Follow @TheApacheStruts - - - - + + +https://github.com/apache/struts-site/edit/master/source/announce-2023.md; title="Edit this page on GitHub">Edit on GitHub + +Announcements 2023 + + + 10 March 2023 - Apache Struts version 6.1.2 General Availability + + + + Skip to: Announcements - 2022 + + +10 March 2023 - Apache Struts version 6.1.2 General Availability + +The Apache Struts group is pleased to announce that Apache Struts version 6.1.2 is available as a “General Availability” +release. The GA designation is our highest quality grade. + +The Apache Struts is an elegant, extensible framework for creating enterprise-ready Java web applications. +The framework has been designed to streamline the full development cycle, from building, to deploying, +to maintaining applications over time. + +Below is a full list of all changes: + +Improvement + + + WW-5285 - Upgrade commons-fileupload to ver 1.5 and add option to limit number of accepted files + + + + Please read the https://cwiki.apache.org/confluence/display/WW/Version+Notes+6.1.2;>Version Notes to find more details about performed +bug fixes and improvements. Also, a dedicated https://cwiki.apache.org/confluence/display/WW/Struts+2.5+to+6.0.0+migration;>migration guide +has been prepared. + + +All developers are strongly advised to perform
[struts-site] branch asf-site updated: Automatic Site Publish by Buildbot
This is an automated email from the ASF dual-hosted git repository. git-site-role pushed a commit to branch asf-site in repository https://gitbox.apache.org/repos/asf/struts-site.git The following commit(s) were added to refs/heads/asf-site by this push: new 66ef7795e Automatic Site Publish by Buildbot 66ef7795e is described below commit 66ef7795e62681984fe169035d68e0534eb9ef95 Author: buildbot AuthorDate: Fri Mar 10 06:32:43 2023 + Automatic Site Publish by Buildbot --- output/core-developers/file-upload.html | 104 +++- 1 file changed, 21 insertions(+), 83 deletions(-) diff --git a/output/core-developers/file-upload.html b/output/core-developers/file-upload.html index a05500bff..ede426e0d 100644 --- a/output/core-developers/file-upload.html +++ b/output/core-developers/file-upload.html @@ -132,11 +132,7 @@ File Upload - Dependencies - Struts 2.0.x File Upload Dependencies - Struts 2.1.x File Upload Dependencies - - + Dependencies Basic Usage Example action mapping: Example JSP form tags: @@ -161,8 +157,7 @@ -The Struts 2 framework provides built-in support for processing file uploads that conform -to http://www.ietf.org/rfc/rfc1867.txt;>RFC 1867, +The Struts 2 framework provides built-in support for processing file uploads that conform to http://www.ietf.org/rfc/rfc1867.txt;>RFC 1867, “Form-based File Upload in HTML”. When correctly configured the framework will pass uploaded file(s) into your Action class. Support for individual and multiple file uploads are provided. When a file is uploaded it will typically be stored in a temporary directory. Uploaded files should be processed or moved by your Action class to ensure the data is @@ -171,71 +166,13 @@ than the temporary directory and the directories that belong to your web applica Dependencies -The Struts 2 framework leverages add-on libraries to handle the parsing of uploaded files. These libraries are not -included in the Struts distribution, you must add them into your project. The libraries needed are: - - - - - Library - URL - Struts 2.0.x - Struts 2.1.x - Struts 2.5.x - - - - - Commons-FileUpload - http://commons.apache.org/fileupload/;>http://commons.apache.org/fileupload/ - 1.1.1 - 1.2.1 - 1.3.2 - - - Commons-IO - http://commons.apache.org/io/;>http://commons.apache.org/io/ - 1.0 - 1.3.2 - 2.4 - - - - -If you are using Maven then you can add these libraries as dependencies in your project’s pom.xml. - -Struts 2.0.x File Upload Dependencies - -dependency -groupIdcommons-fileupload/groupId -artifactIdcommons-fileupload/artifactId -version1.1.1/version -/dependency -dependency -groupIdcommons-io/groupId -artifactIdcommons-io/artifactId -version1.0/version -/dependency - - -Struts 2.1.x File Upload Dependencies - -dependency -groupIdcommons-fileupload/groupId -artifactIdcommons-fileupload/artifactId -version1.2.1/version -/dependency -dependency -groupIdcommons-io/groupId -artifactIdcommons-io/artifactId -version1.3.2/version -/dependency - +The Struts 2 framework leverages the Commons FileUpload library as a based library to support file upload in the framework. +The library is included in a base Struts 2 distribution. Basic Usage The org.apache.struts2.interceptor.FileUploadInterceptor class is included as part of the defaultStack. As long as -the required libraries are added to your project you will be able to take advantage of of the Struts 2 fileUpload +the required libraries are added to your project you will be able to take advantage of the Struts 2 file upload capability. Configure an Action mapping for your Action class as you typically would. Example action mapping: @@ -247,9 +184,10 @@ capability. Configure an Action mapping for your Action class as you typically w A form must be create with a form field of type file, INPUT type="file" name="upload". The form used to upload the -file must have its encoding type set to multipart/form-data -, form action="doUpload" enctype="multipart/form-data" method="post". The standard procedure for adding these -elements is by using the Struts 2 tag libraries as shown in the following example: +file must have its encoding type set +to multipart/form-data, form action="doUpload" enctype="multipart/form-data" method="post". +The standard procedure for adding these elements is by using the Struts 2 tag libraries as shown in the following +example: Example JSP form tags: @@ -335,10 +273,10 @@ see struts-fileupload.xmlmultipleUploadUsingArray.jsp Notice all file input types have the same name. s:form action="doMultipleUploadUsingArray" method="POST" enctype="multipart/form-data" - s:file label="File (1)" name="upload" / - s:file label="File (2)" name="upload" / - s:file label="FIle
[struts-site] branch asf-site updated: Automatic Site Publish by Buildbot
This is an automated email from the ASF dual-hosted git repository. git-site-role pushed a commit to branch asf-site in repository https://gitbox.apache.org/repos/asf/struts-site.git The following commit(s) were added to refs/heads/asf-site by this push: new e09a6fba3 Automatic Site Publish by Buildbot e09a6fba3 is described below commit e09a6fba3d8f9134c816c001ffe093fae37fc7b5 Author: buildbot AuthorDate: Mon Mar 6 13:45:13 2023 + Automatic Site Publish by Buildbot --- .../execute-and-wait-interceptor.html | 28 +- 1 file changed, 27 insertions(+), 1 deletion(-) diff --git a/output/core-developers/execute-and-wait-interceptor.html b/output/core-developers/execute-and-wait-interceptor.html index d90537c0b..7e780851e 100644 --- a/output/core-developers/execute-and-wait-interceptor.html +++ b/output/core-developers/execute-and-wait-interceptor.html @@ -131,7 +131,19 @@ << back to Interceptors -Execute and Wait Interceptor +Execute and Wait Interceptor + + + Parameters + Extending the Interceptor + Using ExecutorProvider + Examples + Example code 1 + Example code 2: + Example code 3: + + + The ExecuteAndWaitInterceptor is great for running long-lived actions in the background while showing the user a nice progress meter. This also prevents the HTTP request from timing out when the action takes more than 5 or 10 minutes. @@ -192,6 +204,20 @@ for obtaining and releasing resources that the background process will need to e background process extension, extend ExecuteAndWaitInterceptor and implement the getNewBackgroundProcess() method. +Using ExecutorProvider + +Since Struts 6.1.1 it is possible to use your own ExecutorProvider to run background tasks. To use your own executor +you must implement interface org.apache.struts2.interceptor.exec.ExecutorProvider and install the bean using struts.xml +like follows: + +bean type="org.apache.struts2.interceptor.exec.ExecutorProvider" + class="com.company.MyExecutorProvider"/ + + +Please take a look into example implementation in the Showcase App. + +If no custom executor is defined, Struts will use org.apache.struts2.interceptor.exec.StrutsExecutorProvider by default. + Examples Example code 1
[struts-site] branch asf-site updated: Automatic Site Publish by Buildbot
This is an automated email from the ASF dual-hosted git repository. git-site-role pushed a commit to branch asf-site in repository https://gitbox.apache.org/repos/asf/struts-site.git The following commit(s) were added to refs/heads/asf-site by this push: new 7def7c52b Automatic Site Publish by Buildbot 7def7c52b is described below commit 7def7c52bb85ad51b36aa2da778afd181150f562 Author: buildbot AuthorDate: Mon Mar 6 06:11:15 2023 + Automatic Site Publish by Buildbot --- output/core-developers/file-upload.html | 35 +++-- 1 file changed, 20 insertions(+), 15 deletions(-) diff --git a/output/core-developers/file-upload.html b/output/core-developers/file-upload.html index bc799f265..a05500bff 100644 --- a/output/core-developers/file-upload.html +++ b/output/core-developers/file-upload.html @@ -150,6 +150,7 @@ Advanced Configuration File Size Limits + Files Number Limit File Types Error Messages Temporary Directories @@ -463,27 +464,24 @@ in necessary to change these values. The names and default values are: struts.multipart.parser=jakarta struts.multipart.saveDir= struts.multipart.maxSize=2097152 +struts.multipart.maxFiles=256 - Please remember that the struts.multipart.maxSize is the size limit of the whole request, which means when you uploading multiple files, -the sum of their size must be below the struts.multipart.maxSize! + Please remember that the struts.multipart.maxSize is the size limit of the whole request, which means when you’re +uploading multiple files, the sum of their size must be below the struts.multipart.maxSize! -In order to change theses settings you define a constant in your applications struts.xml file like so: +In order to change these settings you define a constant in your applications struts.xml file like so: -?xml version="1.0" encoding="UTF-8"? -!DOCTYPE struts PUBLIC -"-//Apache Software Foundation//DTD Struts Configuration 2.0//EN" -"http://struts.apache.org/dtds/struts-2.0.dtd"; -struts +struts constant name="struts.multipart.maxSize" value="100"/ ... /struts -Additionally the fileUpload interceptor has settings that can be put in place for individual action mappings by -customizing your interceptor stack. +Additionally, the fileUpload interceptor has settings that can be put in place for individual action mappings +by customizing your interceptor stack. action name="doUpload" class="com.example.UploadAction" interceptor-ref name="basicStack"/ @@ -507,11 +505,7 @@ more than one file on a form the maximumSize, is an interceptor setting that is used to ensure a particular Action does not receive a file that is too large. Notice the locations of both settings in the following example: -?xml version="1.0" encoding="UTF-8"? -!DOCTYPE struts PUBLIC -"-//Apache Software Foundation//DTD Struts Configuration 2.0//EN" -"http://struts.apache.org/dtds/struts-2.0.dtd"; -struts +struts constant name="struts.multipart.maxSize" value="100"/ action name="doUpload" class="com.example.UploadAction" @@ -525,7 +519,18 @@ receive a file that is too large. Notice the locations of both settings in the f result name="success"good_result.jsp/result /action /struts + + +Files Number Limit +Since Struts 6.2.0 a new option was added, which uses Commons FileUpload feature to limit how many files can be uploaded +at once, in one request. This option requires to use Commons FileUpload ver. 1.5 at least and by default is set to 256. +To change this value define a constant in struts.xml as follows: + +struts +constant name="struts.multipart.maxFiles" value="500"/ + +/struts File Types
[struts-site] branch asf-site updated: Automatic Site Publish by Buildbot
This is an automated email from the ASF dual-hosted git repository. git-site-role pushed a commit to branch asf-site in repository https://gitbox.apache.org/repos/asf/struts-site.git The following commit(s) were added to refs/heads/asf-site by this push: new 80b804640 Automatic Site Publish by Buildbot 80b804640 is described below commit 80b804640cbe3b7086010f07f592cc7d88fc6bf9 Author: buildbot AuthorDate: Thu Mar 2 06:38:03 2023 + Automatic Site Publish by Buildbot --- output/core-developers/configuration-provider-and-configuration.html | 2 +- output/core-developers/default-properties.html | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/output/core-developers/configuration-provider-and-configuration.html b/output/core-developers/configuration-provider-and-configuration.html index 1136d3142..be6d98308 100644 --- a/output/core-developers/configuration-provider-and-configuration.html +++ b/output/core-developers/configuration-provider-and-configuration.html @@ -155,7 +155,7 @@ through a Dispatcher’s DispatcherListener. - XmlConfigurationProvider - proprietary XWork implementation which are using xwork.xml file as source of configuration + XmlConfigurationProvider - an abstract based implementation which can use XML files as source of configuration StrutsXmlConfigurationProvider - primary configuration provider, represents struts.xml and struts-plugin.xml files PropertiesConfigurationProvider - used to load struts.properties -ServletContextAwareConfigurationProvider - marking interface allowing to inject ServletContext into provider diff --git a/output/core-developers/default-properties.html b/output/core-developers/default-properties.html index a60421390..d22a34275 100644 --- a/output/core-developers/default-properties.html +++ b/output/core-developers/default-properties.html @@ -213,6 +213,7 @@ struts.multipart.parser=jakarta ### Uses javax.servlet.context.tempdir by default struts.multipart.saveDir= struts.multipart.maxSize=2097152 +struts.multipart.maxFiles=256 ### Load custom property files (does not override struts.properties!) # struts.custom.properties=application,org/apache/struts2/extension/custom
[struts-site] branch asf-site updated: Automatic Site Publish by Buildbot
This is an automated email from the ASF dual-hosted git repository. git-site-role pushed a commit to branch asf-site in repository https://gitbox.apache.org/repos/asf/struts-site.git The following commit(s) were added to refs/heads/asf-site by this push: new 83067b728 Automatic Site Publish by Buildbot 83067b728 is described below commit 83067b728f0b7f1c6bb6484f068ef0d36e9e5c7e Author: buildbot AuthorDate: Tue Feb 28 13:25:26 2023 + Automatic Site Publish by Buildbot --- output/security/index.html | 16 +++- 1 file changed, 3 insertions(+), 13 deletions(-) diff --git a/output/security/index.html b/output/security/index.html index 3b9a29813..a3491fa29 100644 --- a/output/security/index.html +++ b/output/security/index.html @@ -357,7 +357,7 @@ really only a “style guard” for long OGNL expressions in an application). -There are three options that can be used to configure excluded packages and classes: +There are 4 options that can be used to configure excluded packages and classes: struts.excludedClasses - comma-separated list of excluded classes @@ -365,20 +365,10 @@ used in JSPs, etc. simple string comparison but it’s more flexible struts.excludedPackageNames - comma-separated list of excluded packages, it is used with simple string comparison via startWith and equals + struts.excludedPackageExemptClasses - comma-separated list of classes to exempt from any of the excluded packages or package name patterns -The defaults are as follow: - -constant name="struts.excludedClasses" - value="com.opensymphony.xwork2.ActionContext" / - -!-- this must be valid regex, each '.' in package name must be escaped! -- -!-- it's more flexible but slower than simple string comparison -- -!-- constant name="struts.excludedPackageNamePatterns" value="^java\.lang\..*,^ognl.*,^(?!javax\.servlet\..+)(javax\..+)" / -- - -!-- this is simpler version of the above used with string comparison -- -constant name="struts.excludedPackageNames" value="java.lang,ognl,javax" / - +The defaults are defined https://github.com/apache/struts/blob/master/core/src/main/resources/struts-excluded-classes.xml;>here. Any expression or target which evaluates to one of these will be blocked and you see a WARN in logs:
[struts-site] branch asf-site updated: Automatic Site Publish by Buildbot
This is an automated email from the ASF dual-hosted git repository. git-site-role pushed a commit to branch asf-site in repository https://gitbox.apache.org/repos/asf/struts-site.git The following commit(s) were added to refs/heads/asf-site by this push: new 1f30da2cb Automatic Site Publish by Buildbot 1f30da2cb is described below commit 1f30da2cb8b1881939d5eeb97c8cbd7f25823af4 Author: buildbot AuthorDate: Mon Feb 6 09:09:46 2023 + Automatic Site Publish by Buildbot --- output/core-developers/index.html | 1 + output/core-developers/interceptors.html | 4 + .../{index.html => ognl-cache-configuration.html} | 180 + output/core-developers/struts-default-xml.html | 4 + 4 files changed, 88 insertions(+), 101 deletions(-) diff --git a/output/core-developers/index.html b/output/core-developers/index.html index d94e0920d..907197c4b 100644 --- a/output/core-developers/index.html +++ b/output/core-developers/index.html @@ -167,6 +167,7 @@ and results. Each may be configured via XML o struts-default.vm + OGNL Cache Configuration Application Servers Performance Tuning Security diff --git a/output/core-developers/interceptors.html b/output/core-developers/interceptors.html index 6c499e4e8..1981cf61d 100644 --- a/output/core-developers/interceptors.html +++ b/output/core-developers/interceptors.html @@ -317,6 +317,7 @@ than reiterate the same list of Interceptors, we can bundle these Interceptors t interceptor name="multiselect" class="org.apache.struts2.interceptor.MultiselectInterceptor"/ interceptor name="noop" class="org.apache.struts2.interceptor.NoOpInterceptor"/ interceptor name="fetchMetadata" class="org.apache.struts2.interceptor.FetchMetadataInterceptor"/ +interceptor name="httpMethod" class="org.apache.struts2.interceptor.httpmethod.HttpMethodInterceptor" / !-- Empty stack - performs no operations -- interceptor-stack name="emptyStack" @@ -327,6 +328,7 @@ than reiterate the same list of Interceptors, we can bundle these Interceptors t interceptor-stack name="basicStack" interceptor-ref name="exception"/ interceptor-ref name="servletConfig"/ +interceptor-ref name="httpMethod"/ interceptor-ref name="prepare"/ interceptor-ref name="checkbox"/ interceptor-ref name="datetime"/ @@ -388,6 +390,7 @@ than reiterate the same list of Interceptors, we can bundle these Interceptors t interceptor-ref name="multiselect"/ interceptor-ref name="params"/ interceptor-ref name="servletConfig"/ +interceptor-ref name="httpMethod"/ interceptor-ref name="prepare"/ interceptor-ref name="chain"/ interceptor-ref name="modelDriven"/ @@ -419,6 +422,7 @@ than reiterate the same list of Interceptors, we can bundle these Interceptors t interceptor-ref name="exception"/ interceptor-ref name="alias"/ interceptor-ref name="servletConfig"/ +interceptor-ref name="httpMethod"/ interceptor-ref name="i18n"/ interceptor-ref name="csp" param name="disabled"false/param diff --git a/output/core-developers/index.html b/output/core-developers/ognl-cache-configuration.html similarity index 57% copy from output/core-developers/index.html copy to output/core-developers/ognl-cache-configuration.html index d94e0920d..107938eab 100644 --- a/output/core-developers/index.html +++ b/output/core-developers/ognl-cache-configuration.html @@ -7,7 +7,7 @@ - Core Developers Guide + OGNL Cache Configuration @@ -127,106 +127,84 @@ -https://github.com/apache/struts-site/edit/master/source/core-developers/index.md; title="Edit this page on GitHub">Edit on GitHub - -Core Developers Guide - -Struts 2 processes requests using three core types: interceptors, actions -and results. Each may be configured via XML or annotations. - -Developing Applications with Struts 2 - - - Nutshell - AJAX - Dependency Injection - Debugging - Development Mode - - -Configuration - - - Configuration by Convention - Annotations - Configuration Elements - - Actions, Wildcard Mappings, Beans, Constants - Exceptions, Includes, Interceptors - Namespaces, Packages, Results - Unknown Handlers, Dispatcher - - - Configuration Files - - web.xml - struts.xml - default.properties - struts-default.xml - velocity.properties - struts-default.vm - - - Application Servers - Performance Tuning - Security - Testing Actions - - https://depressedprogrammer.wordpress.com/2007/06/18/unit-testing-struts-2-actions-spring-junit/;>(arsenalist) -
[struts-site] branch asf-site updated: Automatic Site Publish by Buildbot
This is an automated email from the ASF dual-hosted git repository. git-site-role pushed a commit to branch asf-site in repository https://gitbox.apache.org/repos/asf/struts-site.git The following commit(s) were added to refs/heads/asf-site by this push: new b95ece5e2 Automatic Site Publish by Buildbot b95ece5e2 is described below commit b95ece5e21db34c21f49da483ce52c6d43b0ebb3 Author: buildbot AuthorDate: Wed Jan 11 07:53:26 2023 + Automatic Site Publish by Buildbot --- output/core-developers/coep-interceptor.html | 24 +- output/core-developers/coop-interceptor.html | 24 +- output/core-developers/csp-interceptor.html| 4 +- .../fetch-metadata-interceptor.html| 19 +- output/core-developers/interceptors.html | 310 + output/core-developers/struts-default-xml.html | 310 + 6 files changed, 59 insertions(+), 632 deletions(-) diff --git a/output/core-developers/coep-interceptor.html b/output/core-developers/coep-interceptor.html index 534449cee..6347a35a1 100644 --- a/output/core-developers/coep-interceptor.html +++ b/output/core-developers/coep-interceptor.html @@ -131,23 +131,29 @@ << back to Interceptors -Fetch Metadata Interceptor +Cross-Origin Embedder Policy Interceptor Description Interceptor that implements Cross-Origin Embedder Policy on incoming requests. -COEP prevents the document from loading any framed documents which don’t opt-in by setting the COEP header. (Cross-Origin-Embedder-Policy: require-corp). This provides protection for documents that don’t restrict framing. A document that doesn’t set COEP cannot be framed by another document with COEP. All descendents of a document with COEP will also enforce the same restrictions. +COEP prevents the document from loading any framed documents which don’t opt-in by setting the COEP header: -COEP is now supported by all major browsers. +Cross-Origin-Embedder-Policy: require-corp + + +This provides protection for documents that don’t restrict framing. A document that doesn’t set COEP cannot be framed +by another document with COEP. All descendents of a document with COEP will also enforce the same restrictions. -https://web.dev/why-coop-coep/#coep;>More information about COEP. +COEP is now supported by all major browsers. https://web.dev/why-coop-coep/#coep;>More information about COEP. Parameters - exemptedPaths - Set of opt out endpoints that are meant to serve cross-site traffic. Paths should contain leading slashes and must be relative. This field is empty by default. - enforcingMode - Boolean variable allowing the user to let COEP operate in enforcing, which blocks both resource and reports violations, or report-only mode, which only reports violations. Default value for field is false. + exemptedPaths - Set of opt out endpoints that are meant to serve cross-site traffic. Paths should contain leading + slashes and must be relative. This field is empty by default. + enforcingMode - Boolean variable allowing the user to let COEP operate in enforcing, which blocks both resource + and reports violations, or report-only mode, which only reports violations. Default value for field is false. disabled - Boolean variable disabling and enabling COEP. Default value for field is false. @@ -155,9 +161,9 @@ action name="someAction" class="com.examples.SomeAction" interceptor-ref name="defaultStack" -param name="coepInterceptor.exemptedPaths"/path1,/path2,/path3/param -param name="coepInterceptor.enforcingMode"false/param -param name="coepInterceptor.disabled"false/param +param name="coep.exemptedPaths"/path1,/path2,/path3/param +param name="coep.enforcingMode"false/param +param name="coep.disabled"false/param /interceptor-ref result name="success"good_result.ftl/result /action diff --git a/output/core-developers/coop-interceptor.html b/output/core-developers/coop-interceptor.html index 146dff091..24eff674e 100644 --- a/output/core-developers/coop-interceptor.html +++ b/output/core-developers/coop-interceptor.html @@ -135,7 +135,7 @@ Description -Interceptor that implements Cross-Origin Opener Policy on incoming requests. +Interceptor that implements Cross-Origin Opener Policy on incoming requests. COOP is a security mitigation that lets developers isolate their resources against side-channel attacks and information leaks. The COOP response header allows a document to request a new browsing context group to better isolate itself @@ -149,15 +149,19 @@ to a look-alike document to trick the user, or attempt to exploit postMessage vu to the malicious document to get access to sensitive data from the victim document, if they share an OS process. -The COOP header can have one of 3 values: same-origin, same-origin-allow-popups, unsafe-none. If the COOP values -are the same, and
[struts-site] branch asf-site updated: Automatic Site Publish by Buildbot
This is an automated email from the ASF dual-hosted git repository. git-site-role pushed a commit to branch asf-site in repository https://gitbox.apache.org/repos/asf/struts-site.git The following commit(s) were added to refs/heads/asf-site by this push: new 45bf58034 Automatic Site Publish by Buildbot 45bf58034 is described below commit 45bf580340437d43fd5bdba618a2a3008d5da69f Author: buildbot AuthorDate: Wed Nov 30 08:28:56 2022 + Automatic Site Publish by Buildbot --- output/core-developers/csp-interceptor.html | 207 output/core-developers/interceptors.html| 9 +- 2 files changed, 214 insertions(+), 2 deletions(-) diff --git a/output/core-developers/csp-interceptor.html b/output/core-developers/csp-interceptor.html new file mode 100644 index 0..187c56395 --- /dev/null +++ b/output/core-developers/csp-interceptor.html @@ -0,0 +1,207 @@ + + + + + + + + + + CSP Interceptor + + + + + + + + + + + + + +http://github.com/apache/struts; class="github-ribbon"> + https://s3.amazonaws.com/github/ribbons/forkme_right_red_aa.png; alt="Fork me on GitHub"> + + + + + + + + +Menu +Toggle navigation + + + + + + + + + + +Home + + +Welcome +Download +Releases +Announcements +http://www.apache.org/licenses/;>License +https://www.apache.org/foundation/thanks.html;>Thanks! +https://www.apache.org/foundation/sponsorship.html;>Sponsorship +https://privacy.apache.org/policies/privacy-policy-public.html;>Privacy Policy + + + + +Support + + +User Mailing List +https://issues.apache.org/jira/browse/WW;>Issue Tracker +Reporting Security Issues + +https://cwiki.apache.org/confluence/display/WW/Migration+Guide;>Version Notes +https://cwiki.apache.org/confluence/display/WW/Security+Bulletins;>Security Bulletins + +Maven Project Info +Struts Core Dependencies +Plugin Dependencies + + + + +Documentation + + +Birds Eye +Key Technologies +Kickstart FAQ +https://cwiki.apache.org/confluence/display/WW/Home;>Wiki + +Getting Started +Security Guide +Core Developers Guide +Tag Developers Guide +Maven Archetypes +Plugins +Struts Core API +Tag reference +https://cwiki.apache.org/confluence/display/WW/FAQs;>FAQs +http://cwiki.apache.org/S2PLUGINS/home.html;>Plugin registry + + + + +Contributing + + +You at Struts +How to Help FAQ +Development Lists + +Submitting patches +Source Code and Builds +Coding standards +Contributors Guide + +Release Guidelines +PMC Charter +Volunteers +https://gitbox.apache.org/repos/asf?p=struts.git;>Source Repository +Updating the website + + +http://www.apache.org/;> + + + + + + + + + + +https://github.com/apache/struts-site/edit/master/source/core-developers/csp-interceptor.md; title="Edit this page on GitHub">Edit on GitHub + +<< back to Interceptors + +Content Security Policy Interceptor + +Description + +Interceptor that implements Content Security Policy on incoming requests. + +Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, +including Cross-Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft, +to site defacement, to malware distribution. + +CSP can work in two modes, either enforce or report. In the report mode the Content-Security-Policy-Report-Only +header is sent and Content-Security-Policy header is used when using the enforce mode. + +CSP is now supported by all major browsers. + +https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP;>More information about CSP. + +Parameters + + + enforcingMode (default false) - When set to “true”, the enforce mode
[struts-site] branch asf-site updated: Automatic Site Publish by Buildbot
This is an automated email from the ASF dual-hosted git repository. git-site-role pushed a commit to branch asf-site in repository https://gitbox.apache.org/repos/asf/struts-site.git The following commit(s) were added to refs/heads/asf-site by this push: new 17196e21b Automatic Site Publish by Buildbot 17196e21b is described below commit 17196e21bf504348684b9066bf66f21db2cd249a Author: buildbot AuthorDate: Mon Nov 28 06:51:01 2022 + Automatic Site Publish by Buildbot --- output/announce-2022.html | 91 output/download.html | 171 +++--- output/index.html | 10 +-- output/releases.html | 30 4 files changed, 169 insertions(+), 133 deletions(-) diff --git a/output/announce-2022.html b/output/announce-2022.html index 74cc98fbc..a0b021c4b 100644 --- a/output/announce-2022.html +++ b/output/announce-2022.html @@ -132,6 +132,7 @@ Announcements 2022 + 28 November 2022 - Apache Struts version 6.1.3 General Availability 15 September 2022 - Apache Struts version 6.0.3 General Availability 06 June 2022 - Struts 2 ver. 6.0.0 General Availability 04 April 2022 - Struts 2.5.30 General Availability @@ -143,6 +144,96 @@ Skip to: Announcements - 2021 +28 November 2022 - Apache Struts version 6.1.3 General Availability + +The Apache Struts group is pleased to announce that Apache Struts version 6.1.1 is available as a “General Availability” +release. The GA designation is our highest quality grade. + +The Apache Struts is an elegant, extensible framework for creating enterprise-ready Java web applications. +The framework has been designed to streamline the full development cycle, from building, to deploying, +to maintaining applications over time. + +Below is a full list of all changes: + +Bug + + + WW-3529 - NamedVariablePatternMatcher does not properly escape characters + WW-3737 - Parsing of excludePattern breaks regex + WW-4514 - DefaultUrlHelper.buildParametersString appends just ? if collection is empty + WW-5145 - Checkbox with multiple values do not default correctly + WW-5214 - When value for SELECT element is greater than 2147483647, the value does not pre-select + WW-5238 - Strict Method Invocation (SMI) too strict or wrong ActionMapping? + WW-5239 - regression btw struts 2.5.30 and 6.0.30 / submit s:checkbox unchecked - NPE + WW-5241 - is generating an invalid url when used in conjunction with ExecuteAndWait interceptor + WW-5247 - Related to: [WW-5117] - %{id} evaluates different for data-* and value attribute + WW-5248 - action attribute on submit tag not working as espected + WW-5255 - and tags are broken + + +New Feature + + + WW-4173 - Add option to disable a given interceptor + + +Improvement + + + WW-2815 - No way to configure XStream engine + WW-3691 - BackgroundProcess should use a java.util.concurrent.Executor alternatively to spawning a new thread + WW-3715 - Allow for dynamic validation xml files, by building validator cache based on action AND context + WW-3725 - Remove unused tag templates from core/src/main/resources/template/archive + WW-4440 - Add basic README.md to all subprojects + WW-4567 - Drop unused dependencies or put a proper scope + WW-4692 - Extract encoding logic from UrlHelper into a dedicated bean + WW-5133 - Remove deprecated labelposition + WW-5137 - Remove class attribute + WW-5184 - Add optional parameter value check to ParametersInterceptor + WW-5219 - Move TestNGXWorkTestCase from the Core into the TestNG plugin + WW-5220 - Move XWorkJUnit4TestCase from the Core into the JUnit plugin + WW-5232 - Use Github Actions instead of Travis to build PRs + WW-5234 - Normalise DTD definitions + WW-5235 - Reduce “OGNL Expression Max Length enabled with 256” log entry to trace + WW-5240 - doubleOnchange attribute of the doubleselect tag is not supported + WW-5242 - Make “struts.mapper.action.prefix.crossNamespaces” deprecated + WW-5252 - Completely disable external entities declarations in XML config + WW-5254 - Document how to use the Async plugin + WW-5257 - output is followed by a newline in simple theme (diff to Struts 2) + WW-5259 - Extract UrlHelper#parseQueryString into a dedicated plugin + WW-5260 - Checkbox tag default value for attribute submitUnchecked + + +Dependency + + + WW-5213 - Bump javax.el from 3.0.1-b11 to 3.0.1-b12 + WW-5226 - Upgrade weld-core to version 2.4.8.Final + WW-5227 - Upgrade Apache Log4j to version 2.19.0 + WW-5228 - Upgrade dependency-check-maven from 7.1.2 to 7.2.0 + WW-5229 - Upgrade Spring to version 5.3.23 + WW-5230 - Upgrade OGNL to version 3.3.4 + WW-5231 - Upgrade apache-rat-plugin to version 0.15 + WW-5244 - Upgrade commons-text to ver. 1.10.0 + WW-5245 - Upgrade jackson-databind to version 2.13.4.1 + WW-5258 - Upgrade Struts Annotation to version 1.0.8 + + + + Please read the
[struts-site] branch asf-site updated: Automatic Site Publish by Buildbot
This is an automated email from the ASF dual-hosted git repository. git-site-role pushed a commit to branch asf-site in repository https://gitbox.apache.org/repos/asf/struts-site.git The following commit(s) were added to refs/heads/asf-site by this push: new b8a6eb8f4 Automatic Site Publish by Buildbot b8a6eb8f4 is described below commit b8a6eb8f40f1d8afe0913f2b9273a21acc4407b0 Author: buildbot AuthorDate: Thu Nov 17 13:41:58 2022 + Automatic Site Publish by Buildbot --- output/core-developers/coop-interceptor.html | 25 ++--- 1 file changed, 18 insertions(+), 7 deletions(-) diff --git a/output/core-developers/coop-interceptor.html b/output/core-developers/coop-interceptor.html index 0914badb5..146dff091 100644 --- a/output/core-developers/coop-interceptor.html +++ b/output/core-developers/coop-interceptor.html @@ -131,20 +131,29 @@ << back to Interceptors -Fetch Metadata Interceptor +Cross-Origin Opener Policy Interceptor Description Interceptor that implements Cross-Origin Opener Policy on incoming requests. -COOP is a security mitigation that lets developers isolate their resources against side-channel attacks and information leaks. The COOP response header allows a document to request a new browsing context group to better isolate itself from other untrustworthy origins. Separating browsing contexts is necessary because at least two types of attacks are possible when a document shares a browsing context group and possibly an operating system process with cross-origin documents: +COOP is a security mitigation that lets developers isolate their resources against side-channel attacks and information +leaks. The COOP response header allows a document to request a new browsing context group to better isolate itself +from other untrustworthy origins. Separating browsing contexts is necessary because at least two types of attacks +are possible when a document shares a browsing context group and possibly an operating system process with cross-origin documents: - Cross-window attacks. A malicious document can open a victim document in a new window and later navigate the window to a look-alike document to trick the user, or attempt to exploit postMessage vulnerabilities in the victim document. - Process-wide attacks. Side channel and transient execution attacks like Spectre may provide an opportunity to the malicious document to get access to sensitive data from the victim document, if they share an OS process. + Cross-window attacks. A malicious document can open a victim document in a new window and later navigate the window +to a look-alike document to trick the user, or attempt to exploit postMessage vulnerabilities in the victim document. + Process-wide attacks. Side channel and transient execution attacks like Spectre may provide an opportunity +to the malicious document to get access to sensitive data from the victim document, if they share an OS process. -The COOP header can have one of 3 values: same-origin, same-origin-allow-popups, unsafe-none. If the COOP values are the same, and the origins of the documents match the relationship declared in the COOP header value, documents can interact with each other. Otherwise if at least one of the documents sets COOP, th [...] +The COOP header can have one of 3 values: same-origin, same-origin-allow-popups, unsafe-none. If the COOP values +are the same, and the origins of the documents match the relationship declared in the COOP header value, documents can +interact with each other. Otherwise, if at least one of the documents sets COOP, the browser will create a new browsing +context group severing the link between the documents. Sites can use same-origin-allow-popups to allow popups they open +to be in their browsing context group (unless the popup’s own COOP prevents this). COOP is now supported by all major browsers. @@ -153,8 +162,10 @@ Parameters - exemptedPaths - Set of opt out endpoints that are meant to serve cross-site traffic. Paths should contain leading slashes and must be relative. This field is empty by default. - mode - The policy mode COOP should follow. Available modes are same-origin, same-origin-allow-popups, unsafe-none. Default mode is same-origin. + exemptedPaths - Set of opt out endpoints that are meant to serve cross-site traffic. Paths should contain leading +slashes and must be relative. This field is empty by default. + mode - The policy mode COOP should follow. Available modes are same-origin, same-origin-allow-popups, +unsafe-none. Default mode is same-origin. Examples
[struts-site] branch asf-site updated: Automatic Site Publish by Buildbot
This is an automated email from the ASF dual-hosted git repository. git-site-role pushed a commit to branch asf-site in repository https://gitbox.apache.org/repos/asf/struts-site.git The following commit(s) were added to refs/heads/asf-site by this push: new 980506fa6 Automatic Site Publish by Buildbot 980506fa6 is described below commit 980506fa617e32ab4773882932f09f310731af5a Author: buildbot AuthorDate: Sun Nov 6 09:19:57 2022 + Automatic Site Publish by Buildbot --- output/releases.html | 33 + 1 file changed, 33 insertions(+) diff --git a/output/releases.html b/output/releases.html index 5ab7ca1f3..751627b8d 100644 --- a/output/releases.html +++ b/output/releases.html @@ -231,6 +231,39 @@ + + + Struts 6.0.3 + +15 September 2022 + + + + https://cwiki.apache.org/confluence/display/WW/Version+Notes+6.0.3;>Version notes + + + + + Struts 6.0.0 + +6 June 2022 + + + + https://cwiki.apache.org/confluence/display/WW/Version+Notes+6.0.0;>Version notes + + + + + Struts 2.5.30 + +4 April 2022 + + + + https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.5.30;>Version notes + + Struts 2.5.29
[struts-site] branch asf-site updated: Automatic Site Publish by Buildbot
This is an automated email from the ASF dual-hosted git repository. git-site-role pushed a commit to branch asf-site in repository https://gitbox.apache.org/repos/asf/struts-site.git The following commit(s) were added to refs/heads/asf-site by this push: new cc9326013 Automatic Site Publish by Buildbot cc9326013 is described below commit cc93260137a8b269687515dae30698690c496f44 Author: buildbot AuthorDate: Sun Nov 6 09:16:31 2022 + Automatic Site Publish by Buildbot --- output/core-developers/default-properties.html | 6 ++ output/core-developers/interceptors.html | 2 ++ output/core-developers/struts-default-xml.html | 2 ++ output/releases.html | 2 +- 4 files changed, 11 insertions(+), 1 deletion(-) diff --git a/output/core-developers/default-properties.html b/output/core-developers/default-properties.html index 741a47f39..c6c17eeab 100644 --- a/output/core-developers/default-properties.html +++ b/output/core-developers/default-properties.html @@ -424,6 +424,12 @@ struts.ognl.expressionMaxLength=256 ### These formatters are using a slightly different patterns, please check JavaDocs of both and more details is in WW-5016 struts.date.formatter=dateTimeFormatter +### Defines which instance of ParametersStringBuilder to use, Struts provides just one instance: +### - strutsParametersStringBuilder +### The builder is used by UrlHelp to create a proper query string out of provided parameters map +struts.url.parametersStringBuilder=strutsParametersStringBuilder + +### Defines which instances of encoder and decoder to use, Struts provides one default implementation for each struts.url.encoder=strutsUrlEncoder struts.url.decoder=strutsUrlDecoder diff --git a/output/core-developers/interceptors.html b/output/core-developers/interceptors.html index 263b0a7ef..220987ad3 100644 --- a/output/core-developers/interceptors.html +++ b/output/core-developers/interceptors.html @@ -541,6 +541,8 @@ than reiterate the same list of Interceptors, we can bundle these Interceptors t bean type="com.opensymphony.xwork2.ognl.BeanInfoCacheFactory" name="struts" class="com.opensymphony.xwork2.ognl.DefaultOgnlBeanInfoCacheFactory" scope="singleton"/ +bean type="org.apache.struts2.url.ParametersStringBuilder" name="strutsParametersStringBuilder" + class="org.apache.struts2.url.StrutsParametersStringBuilder" scope="singleton"/ bean type="org.apache.struts2.url.UrlEncoder" name="strutsUrlEncoder" class="org.apache.struts2.url.StrutsUrlEncoder" scope="singleton"/ bean type="org.apache.struts2.url.UrlDecoder" name="strutsUrlDecoder" diff --git a/output/core-developers/struts-default-xml.html b/output/core-developers/struts-default-xml.html index 6b68117a6..25eb2a378 100644 --- a/output/core-developers/struts-default-xml.html +++ b/output/core-developers/struts-default-xml.html @@ -457,6 +457,8 @@ setting in default.properties. bean type="com.opensymphony.xwork2.ognl.BeanInfoCacheFactory" name="struts" class="com.opensymphony.xwork2.ognl.DefaultOgnlBeanInfoCacheFactory" scope="singleton"/ +bean type="org.apache.struts2.url.ParametersStringBuilder" name="strutsParametersStringBuilder" + class="org.apache.struts2.url.StrutsParametersStringBuilder" scope="singleton"/ bean type="org.apache.struts2.url.UrlEncoder" name="strutsUrlEncoder" class="org.apache.struts2.url.StrutsUrlEncoder" scope="singleton"/ bean type="org.apache.struts2.url.UrlDecoder" name="strutsUrlDecoder" diff --git a/output/releases.html b/output/releases.html index 04cad2385..5ab7ca1f3 100644 --- a/output/releases.html +++ b/output/releases.html @@ -168,7 +168,7 @@ Trunk Snapshots - Get involved with the latest and greatest fixes and improvements -https://repository.apache.org/content/repositories/snapshots/org/apache/struts/struts2-assembly/2.6-SNAPSHOT/;> +https://nightlies.apache.org/struts/snapshot/;> Struts 2 Latest Snapshots from Jenkins CI
[struts-site] branch asf-site updated: Automatic Site Publish by Buildbot
This is an automated email from the ASF dual-hosted git repository. git-site-role pushed a commit to branch asf-site in repository https://gitbox.apache.org/repos/asf/struts-site.git The following commit(s) were added to refs/heads/asf-site by this push: new 7a982747d Automatic Site Publish by Buildbot 7a982747d is described below commit 7a982747d2c2d028076d12aee553959cbab6a3a8 Author: buildbot AuthorDate: Wed Oct 26 07:33:50 2022 + Automatic Site Publish by Buildbot --- output/core-developers/interceptors.html | 44 +++--- output/mail.html | 19 ++ output/tag-developers/a-tag.html | 16 output/tag-developers/actionerror-tag.html | 16 output/tag-developers/actionmessage-tag.html | 16 output/tag-developers/checkbox-tag.html| 16 output/tag-developers/checkboxlist-tag.html| 16 output/tag-developers/combobox-tag.html| 16 output/tag-developers/component-tag.html | 16 output/tag-developers/datetextfield-tag.html | 16 output/tag-developers/doubleselect-tag.html| 16 output/tag-developers/fielderror-tag.html | 16 output/tag-developers/file-tag.html| 16 output/tag-developers/form-tag.html| 16 output/tag-developers/head-tag.html| 16 output/tag-developers/hidden-tag.html | 16 output/tag-developers/inputtransferselect-tag.html | 16 output/tag-developers/label-tag.html | 16 .../tag-developers/optiontransferselect-tag.html | 16 output/tag-developers/password-tag.html| 16 output/tag-developers/radio-tag.html | 16 output/tag-developers/reset-tag.html | 16 output/tag-developers/select-tag.html | 16 output/tag-developers/submit-tag.html | 16 output/tag-developers/textarea-tag.html| 16 output/tag-developers/textfield-tag.html | 16 output/tag-developers/token-tag.html | 16 output/tag-developers/updownselect-tag.html| 16 28 files changed, 49 insertions(+), 430 deletions(-) diff --git a/output/core-developers/interceptors.html b/output/core-developers/interceptors.html index d5bf0a9cc..0e6587bcd 100644 --- a/output/core-developers/interceptors.html +++ b/output/core-developers/interceptors.html @@ -141,6 +141,7 @@ Interceptor Parameter Overriding Interceptor Parameter Overriding Inheritance Lazy parameters + Disabling interceptor Order of Interceptor Execution @@ -167,7 +168,7 @@ is pluggable, so you can decide exactly which features an Action needs to suppor the Interceptors bundled with the framework. Interceptors “set the stage” for the Action classes, doing much of the “heavy lifting” before the Action executes. -Action Lifecyle +Action Lifecycle @@ -773,7 +774,7 @@ than reiterate the same list of Interceptors, we can bundle these Interceptors t /struts -Since the struts-default.xml is included in the application’s configuration by default, all of the predefined +Since the struts-default.xml is included in the application’s configuration by default, all the predefined interceptors and stacks are available “out of the box”. Framework Interceptors @@ -1103,7 +1104,7 @@ the other params will be null. This functionality was added in Struts 2.5.9 It is possible to define an interceptor with parameters evaluated during action invocation. In such case -the interceptor must be marked with WithLazyParams interface. This must be developer’s decision as interceptor +the interceptor must be marked with WithLazyParams interface. This must be developer’s decision as interceptor must be aware of having those parameters set during invocation and not when the interceptor is created as it happens in normal way. @@ -1117,23 +1118,38 @@ in normal way. /action -public class MockLazyInterceptor extends AbstractInterceptor implements WithLazyParams { +public class MockLazyInterceptor extends AbstractInterceptor implements WithLazyParams { -private String foo = ""; +private String foo = ""; -public void setFoo(String foo) { -this.foo = foo; -} +public void setFoo(String foo) { +this.foo = foo; +} -public String intercept(ActionInvocation invocation) throws Exception { - -return invocation.invoke(); -} -} +public String intercept(ActionInvocation invocation) throws Exception { + +return invocation.invoke(); +} +} Please be aware that order of interceptors can matter when want to access parameters passed via request as those -parameters are set by
[struts-site] branch asf-site updated: Automatic Site Publish by Buildbot
This is an automated email from the ASF dual-hosted git repository. git-site-role pushed a commit to branch asf-site in repository https://gitbox.apache.org/repos/asf/struts-site.git The following commit(s) were added to refs/heads/asf-site by this push: new 7ffabcd42 Automatic Site Publish by Buildbot 7ffabcd42 is described below commit 7ffabcd42763ccb22ecd7d691a400d5e0f64b84c Author: buildbot AuthorDate: Fri Oct 21 07:55:07 2022 + Automatic Site Publish by Buildbot --- output/core-developers/static-content.html | 46 + output/core-developers/web-xml.html| 27 +++- output/plugins/rest/index.html | 66 -- 3 files changed, 89 insertions(+), 50 deletions(-) diff --git a/output/core-developers/static-content.html b/output/core-developers/static-content.html index 4f061a2a5..5944d6a46 100644 --- a/output/core-developers/static-content.html +++ b/output/core-developers/static-content.html @@ -135,17 +135,17 @@ Custom Static Content Loaders Default Content Loader Default path - Preventing Struts from Handling a Request + Preventing Struts from handling a request -Struts can serve static content like css and javascript files. This feature is enabled by default, but can be disabled +Struts can serve static content like css and javascript files. This feature is enabled by default, but can be disabled by setting: -constant name="struts.serve.static" value="false" / +constant name="struts.serve.static" value="false"/ - If you disable this feature, but use the xhtml, or css_xhtml theme, make sure that the javascript and css files + If you disable this feature, but use the xhtml, or css_xhtml theme, make sure that the javascript and css files shipped inside the core jar are extracted to your web application directory. @@ -154,21 +154,22 @@ shipped inside the core jar are extracted to your web application directory. Static content is served by an implementation of org.apache.struts2.dispatcher.StaticContentLoader. To write your own StaticContentLoader, implement StaticContentLoader and define a bean for the class: -bean type="org.apache.struts2.dispatcher.StaticContentLoader" class="MyStaticContentLoader" name="myLoader" / -constant name="struts.staticContentLoader" value="myLoader" / +bean type="org.apache.struts2.dispatcher.StaticContentLoader" class="MyStaticContentLoader" name="myLoader"/ +constant name="struts.staticContentLoader" value="myLoader"/ Default Content Loader -Struts provides a default implementation of StaticContentLoader which is org.apache.struts2.dispatcher.DefaultStaticContentLoader. -This loader will handle urls that start with “/static/” by default. +The Apache Struts provides a default implementation of StaticContentLoader which +is org.apache.struts2.dispatcher.DefaultStaticContentLoader. This loader will handle urls that start with “/static/” +by default. -This content loader can serve static content from the classpath, so when writing a plugin, you can put a file inside -your plugin’s jar like “/static/image/banner.jpg” and it will be served when the url “/static/image/banner.jpg” is +This content loader can serve static content from the classpath, so when writing a plugin, you can put a file inside +your plugin’s jar like “/static/image/banner.jpg” and it will be served when the url “/static/image/banner.jpg” is requested. - This loader is not optimized to handle static content, and to improve performance, it is recommended that you extract + This loader is not optimized to handle static content, and to improve performance, it is recommended that you extract your static content to the web application directory, and let the container handle them. @@ -182,19 +183,28 @@ your static content to the web application directory, and let the container hand This value is also used by the Default Content Loader. -Preventing Struts from Handling a Request +Preventing Struts from handling a request -If there is a request that Struts is handling as an action, and you wish to make Struts ignore it, you can do so by specifying -a comma separated list of regular expressions like: +If there is a request that Struts is handling as an action, and you wish to make Struts ignore it, +you can do so by specifying a comma separated list of regular expressions like: -constant name="struts.action.excludePattern" value="/some/content/.*?" / +constant name="struts.action.excludePattern" value="/some/content/.*,/other/content/.*"/ -These regular expression will be evaluated against the request’s URI (HttpServletRequest.getRequestURI()), and if any +These regular expression will be evaluated against the request’s URI (HttpServletRequest.getRequestURI()), and if any of them matches, then Struts will not handle the request. -To evaluate each pattern Pattern class from JDK will be used, you can find more about what kind
[struts-site] branch asf-site updated: Automatic Site Publish by Buildbot
This is an automated email from the ASF dual-hosted git repository. git-site-role pushed a commit to branch asf-site in repository https://gitbox.apache.org/repos/asf/struts-site.git The following commit(s) were added to refs/heads/asf-site by this push: new 85409 Automatic Site Publish by Buildbot 85409 is described below commit 854092a088af0e8b972e7582ab11fb857b40 Author: buildbot AuthorDate: Sat Sep 17 07:20:12 2022 + Automatic Site Publish by Buildbot --- output/mail.html | 9 + 1 file changed, 9 insertions(+) diff --git a/output/mail.html b/output/mail.html index 3db484dc4..1fa11f777 100644 --- a/output/mail.html +++ b/output/mail.html @@ -181,6 +181,15 @@ Archives if you are looking for older discussions. There are many other archives If you want to discuss patches or contribute to Struts you should subscribe to the developers list. +Moderators + +Users with the moderate right to the above lists can check subscribers, subscribe and unsubscribe given users, +check https://infra.apache.org/mailing-list-moderation.html;>Mailing list moderation for more details, basically +to unsubscribe someone you can email: + +{listname}-unsubscribe-badboy=menace@tlp.apache.org + + Guidelines Mailing lists provide a simple and effective communication mechanism. With potentially thousands of subscribers, there
[struts-site] branch asf-site updated: Automatic Site Publish by Buildbot
This is an automated email from the ASF dual-hosted git repository. git-site-role pushed a commit to branch asf-site in repository https://gitbox.apache.org/repos/asf/struts-site.git The following commit(s) were added to refs/heads/asf-site by this push: new a85054578 Automatic Site Publish by Buildbot a85054578 is described below commit a850545788ba79b98c64eeeb17054e3290589f3e Author: buildbot AuthorDate: Fri Sep 16 06:29:48 2022 + Automatic Site Publish by Buildbot --- output/announce-2022.html | 70 ++ output/core-developers/interceptors.html | 8 ++- output/core-developers/struts-default-xml.html | 8 ++- output/download.html | 44 output/index.html | 33 output/releases.html | 2 +- 6 files changed, 114 insertions(+), 51 deletions(-) diff --git a/output/announce-2022.html b/output/announce-2022.html index 60536c49d..993eab096 100644 --- a/output/announce-2022.html +++ b/output/announce-2022.html @@ -132,6 +132,7 @@ Announcements 2022 + 15 September 2022 - Apache Struts version 6.0.3 General Availability 06 June 2022 - Struts 2 ver. 6.0.0 General Availability 04 April 2022 - Struts 2.5.30 General Availability 22 January 2022 - Struts 2.5.29 General Availability @@ -142,6 +143,75 @@ Skip to: Announcements - 2021 +15 September 2022 - Apache Struts version 6.0.3 General Availability + +The Apache Struts group is pleased to announce that Apache Struts version 6.0.3 is available as a “General Availability” +release. The GA designation is our highest quality grade. + +Apache Struts 2 is an elegant, extensible framework for creating enterprise-ready Java web applications. +The framework has been designed to streamline the full development cycle, from building, to deploying, +to maintaining applications over time. + +Below is a full list of all changes: + +Bug + + + WW-5185 - TilesDefinition is not found and the request for a Struts action fails after an upgrade from Struts 2.5.30 to Struts 6.0. + WW-5189 - Add missing struts-6.0.dtd + WW-5190 - StackOverflowError when dispatching to JSP + WW-5191 - template/simple/textarea.ftl not rendering parameters correctly + WW-5192 - radiomap.ftl not setting enum key values + WW-5194 - UIBean.evaluateParams() throws an IllegalStateException when getting the nonce out of a session that has been invalidated. + WW-5195 - Dispatcher: Infinite loop with dispatcher FORWARD + WW-5197 - java.lang.UnsupportedOperationException in the date component + WW-5198 - textarea’s maxlength attribute displays in tag’s body + WW-5203 - lazyPolicyBuilder in DefaultCspSettings is not lazy + WW-5205 - REST plugin cannot start due to injection error + WW-5207 - Convention Plugin - support for ASM 9 + WW-5215 - CspInterceptor assumes Session was already created + WW-5216 - Freemarker Checkbox error after migrating from Struts 2.5.29 to 2.5.30 + + +New Feature + + + WW-5187 - java.lang.NoClassDefFoundError: org/apache/struts2/views/velocity/VelocityManager Improvement + WW-5173 - Implement additional OGNL cache configuration controls + WW-5188 - Use 6.0 marker instead of 2.6 + WW-5218 - Allow to disable CSP related interceptors + + +Dependency + + + WW-5193 - Use proper hibernate-validator groupId and upgrade to version 6.1.3.Final + WW-5201 - Bump Log4j2 to 2.18.0 + WW-5202 - Update jasperreports to 6.19.1 and exclude optional itext from jasperreports + WW-5204 - Upgrade to OGNL 3.3.3 + WW-5208 - Update hibernate-validator to 6.2.4 + WW-5212 - Upgrade Spring to version 5.3.22 + + + + Please read the https://cwiki.apache.org/confluence/display/WW/Version+Notes+6.0.3;>Version Notes to find more details about performed +bug fixes and improvements. Also, a dedicated https://cwiki.apache.org/confluence/display/WW/Struts+2.5+to+6.0.0+migration;>migration guide has been prepared. + + +Apache Struts 2 is an elegant, extensible framework for creating enterprise-ready Java web applications. +The framework has been designed to streamline the full development cycle, from building, to deploying, +to maintaining applications over time. + +All developers are strongly advised to perform this upgrade. + +The 6.x series of the Apache Struts framework has a minimum requirement of the following specification versions: +Servlet API 3.1, JSP API 2.1, and Java 8. + +Should any issues arise with your use of any version of the Struts framework, please post your comments to the user list, +and, if appropriate, file https://issues.apache.org/jira/projects/WW/;>a tracking ticket. + +You can download this version from our download page. + 06 June 2022 - Struts 2 ver. 6.0.0 General Availability The Apache Struts group is pleased to announce that Apache Struts 2 ver. 6.0.0 is available as a “General Availability” diff --git
[struts-site] branch asf-site updated: Automatic Site Publish by Buildbot
This is an automated email from the ASF dual-hosted git repository. git-site-role pushed a commit to branch asf-site in repository https://gitbox.apache.org/repos/asf/struts-site.git The following commit(s) were added to refs/heads/asf-site by this push: new e59312061 Automatic Site Publish by Buildbot e59312061 is described below commit e59312061e8ff9c8f7feb2c0325de439c9342b60 Author: buildbot AuthorDate: Mon Aug 22 04:33:21 2022 + Automatic Site Publish by Buildbot --- output/core-developers/default-properties.html | 4 ++-- output/core-developers/interceptors.html | 4 ++-- output/core-developers/struts-default-xml.html | 4 ++-- output/tag-developers/struts-tags.html | 28 +- 4 files changed, 20 insertions(+), 20 deletions(-) diff --git a/output/core-developers/default-properties.html b/output/core-developers/default-properties.html index 6149a2365..dacfb741b 100644 --- a/output/core-developers/default-properties.html +++ b/output/core-developers/default-properties.html @@ -376,8 +376,8 @@ struts.ognl.enableExpressionCache=true ### Specify the OGNL expression cache factory and BeanInfo cache factory to use. ### Currently, the default implementations are used, but can be replaced with custom ones if desired. -struts.ognl.expressionCacheFactory=defaultOgnlExpressionCacheFactory -struts.ognl.beanInfoCacheFactory=defaultOgnlBeanInfoCacheFactory +# struts.ognl.expressionCacheFactory=customOgnlExpressionCacheFactory +# struts.ognl.beanInfoCacheFactory=customOgnlBeanInfoCacheFactory ### Specify a limit to the number of entries in the OGNL expressionCache. ### For the standard expressionCache mode, when the limit is exceeded the entire cache's diff --git a/output/core-developers/interceptors.html b/output/core-developers/interceptors.html index 671950b69..74bb362bf 100644 --- a/output/core-developers/interceptors.html +++ b/output/core-developers/interceptors.html @@ -458,8 +458,8 @@ than reiterate the same list of Interceptors, we can bundle these Interceptors t bean type="org.apache.struts2.components.date.DateFormatter" name="simpleDateFormatter" class="org.apache.struts2.components.date.SimpleDateFormatAdapter" scope="singleton"/ bean type="org.apache.struts2.components.date.DateFormatter" name="dateTimeFormatter" class="org.apache.struts2.components.date.DateTimeFormatterAdapter" scope="singleton"/ -bean type="com.opensymphony.xwork2.ognl.OgnlCacheFactory" name="ognlExpressionCacheFactory" class="com.opensymphony.xwork2.ognl.DefaultOgnlExpressionCacheFactory" scope="singleton"/ -bean type="com.opensymphony.xwork2.ognl.OgnlCacheFactory" name="ognlBeanInfoCacheFactory" class="com.opensymphony.xwork2.ognl.DefaultOgnlBeanInfoCacheFactory" scope="singleton"/ +bean type="com.opensymphony.xwork2.ognl.ExpressionCacheFactory" name="struts" class="com.opensymphony.xwork2.ognl.DefaultOgnlExpressionCacheFactory" scope="singleton" / +bean type="com.opensymphony.xwork2.ognl.BeanInfoCacheFactory" name="struts" class="com.opensymphony.xwork2.ognl.DefaultOgnlBeanInfoCacheFactory" scope="singleton" / package name="struts-default" abstract="true" result-types diff --git a/output/core-developers/struts-default-xml.html b/output/core-developers/struts-default-xml.html index 053ed461d..a3a831b20 100644 --- a/output/core-developers/struts-default-xml.html +++ b/output/core-developers/struts-default-xml.html @@ -375,8 +375,8 @@ setting in default.properties. bean type="org.apache.struts2.components.date.DateFormatter" name="simpleDateFormatter" class="org.apache.struts2.components.date.SimpleDateFormatAdapter" scope="singleton"/ bean type="org.apache.struts2.components.date.DateFormatter" name="dateTimeFormatter" class="org.apache.struts2.components.date.DateTimeFormatterAdapter" scope="singleton"/ -bean type="com.opensymphony.xwork2.ognl.OgnlCacheFactory" name="ognlExpressionCacheFactory" class="com.opensymphony.xwork2.ognl.DefaultOgnlExpressionCacheFactory" scope="singleton"/ -bean type="com.opensymphony.xwork2.ognl.OgnlCacheFactory" name="ognlBeanInfoCacheFactory" class="com.opensymphony.xwork2.ognl.DefaultOgnlBeanInfoCacheFactory" scope="singleton"/ +bean type="com.opensymphony.xwork2.ognl.ExpressionCacheFactory" name="struts" class="com.opensymphony.xwork2.ognl.DefaultOgnlExpressionCacheFactory" scope="singleton" / +bean type="com.opensymphony.xwork2.ognl.BeanInfoCacheFactory" name="struts" class="com.opensymphony.xwork2.ognl.DefaultOgnlBeanInfoCacheFactory" scope="singleton" / package name="struts-default" abstract="true" result-types diff --git a/output/tag-developers/struts-tags.html b/output/tag-developers/struts-tags.html index 9cb257f55..7965ff8ca 100644 --- a/output/tag-developers/struts-tags.html +++ b/output/tag-developers/struts-tags.html @@ -133,15 +133,15 @@ Struts Tags -The framework provides a tag library decoupled from
[struts-site] branch asf-site updated: Automatic Site Publish by Buildbot
This is an automated email from the ASF dual-hosted git repository. git-site-role pushed a commit to branch asf-site in repository https://gitbox.apache.org/repos/asf/struts-site.git The following commit(s) were added to refs/heads/asf-site by this push: new 9e7354de4 Automatic Site Publish by Buildbot 9e7354de4 is described below commit 9e7354de4999c54ddaa6e5f13d4522a8bc38846d Author: buildbot AuthorDate: Sun Aug 7 08:47:18 2022 + Automatic Site Publish by Buildbot --- .../getting-started/how-to-create-a-struts2-web-application.html | 7 +++ 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/output/getting-started/how-to-create-a-struts2-web-application.html b/output/getting-started/how-to-create-a-struts2-web-application.html index ef9852371..61e3f2ce2 100644 --- a/output/getting-started/how-to-create-a-struts2-web-application.html +++ b/output/getting-started/how-to-create-a-struts2-web-application.html @@ -379,10 +379,6 @@ mapping to web.xml. Below is how the xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance; xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd; display-nameBasic Struts2/display-name - welcome-file-list - welcome-fileindex/welcome-file - /welcome-file-list - filter filter-namestruts2/filter-name filter-classorg.apache.struts2.dispatcher.filter.StrutsPrepareAndExecuteFilter/filter-class @@ -393,6 +389,9 @@ mapping to web.xml. Below is how the url-pattern/*/url-pattern /filter-mapping + welcome-file-list + welcome-fileindex/welcome-file + /welcome-file-list /web-app
[struts-site] branch asf-site updated: Automatic Site Publish by Buildbot
This is an automated email from the ASF dual-hosted git repository. git-site-role pushed a commit to branch asf-site in repository https://gitbox.apache.org/repos/asf/struts-site.git The following commit(s) were added to refs/heads/asf-site by this push: new c41f4d28c Automatic Site Publish by Buildbot c41f4d28c is described below commit c41f4d28c5780da85bde6fddd857b7af84e21973 Author: buildbot AuthorDate: Wed Jul 20 05:34:29 2022 + Automatic Site Publish by Buildbot --- output/.htaccess | 1 + 1 file changed, 1 insertion(+) diff --git a/output/.htaccess b/output/.htaccess index 5e9a4d175..bd1ae9474 100644 --- a/output/.htaccess +++ b/output/.htaccess @@ -7,6 +7,7 @@ RewriteCond %{REQUEST_URI} !^/dtds/? [NC] RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R,L] RedirectMatch \/docs\/version\-notes\-25([0-9]{1,2})+\.html https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.5.$1 +RedirectMatch \/docs\/version\-notes\-25\.html https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.5 RedirectMatch \/docs\/version\-notes\-23([0-9]{1,2})+\.html https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.3.$1 RedirectMatch \/docs\/version\-notes\-22([0-9]{1,2})+\.html https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.2.$1 RedirectMatch \/docs\/version\-notes\-21([0-9]{1,2})+\.html https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.1.$1
[struts-site] branch asf-site updated: Automatic Site Publish by Buildbot
This is an automated email from the ASF dual-hosted git repository. git-site-role pushed a commit to branch asf-site in repository https://gitbox.apache.org/repos/asf/struts-site.git The following commit(s) were added to refs/heads/asf-site by this push: new 28e9920d7 Automatic Site Publish by Buildbot 28e9920d7 is described below commit 28e9920d76b16a680f6f73a8faabe710f56d4f87 Author: buildbot AuthorDate: Fri Jul 8 05:31:55 2022 + Automatic Site Publish by Buildbot --- output/contributors/building-normal-release.html | 6 ++ 1 file changed, 6 insertions(+) diff --git a/output/contributors/building-normal-release.html b/output/contributors/building-normal-release.html index 10ef62cb5..004eecc7b 100644 --- a/output/contributors/building-normal-release.html +++ b/output/contributors/building-normal-release.html @@ -147,6 +147,7 @@ Wait for rsync Update site Post announcements + Update Struts releases Getting ready @@ -380,6 +381,11 @@ push to GitHub), see https://gitbox.apache.org/setup/;>https://gitbox.a samples are available at Sample announcements page. +Update Struts releases + +Login into https://reporter.apache.org/addrelease.html?struts;>Apache Committee Report Helper and add release version +with date. +
[struts-site] branch asf-site updated: Automatic Site Publish by Buildbot
This is an automated email from the ASF dual-hosted git repository. git-site-role pushed a commit to branch asf-site in repository https://gitbox.apache.org/repos/asf/struts-site.git The following commit(s) were added to refs/heads/asf-site by this push: new 8184c1d57 Automatic Site Publish by Buildbot 8184c1d57 is described below commit 8184c1d57364ac877d8475c289db946ed966ebea Author: buildbot AuthorDate: Mon Jun 27 05:54:03 2022 + Automatic Site Publish by Buildbot --- output/plugins/index.html | 5 + 1 file changed, 5 insertions(+) diff --git a/output/plugins/index.html b/output/plugins/index.html index 4da1790af..04f7751cd 100644 --- a/output/plugins/index.html +++ b/output/plugins/index.html @@ -286,6 +286,11 @@ Several plugins are bundled with the framework, and others are available from th 2.5 removed since 2.5 + + Velocity Plugin + 6.0.0 + +
[struts-site] branch asf-site updated: Automatic Site Publish by Buildbot
This is an automated email from the ASF dual-hosted git repository. git-site-role pushed a commit to branch asf-site in repository https://gitbox.apache.org/repos/asf/struts-site.git The following commit(s) were added to refs/heads/asf-site by this push: new 356819120 Automatic Site Publish by Buildbot 356819120 is described below commit 35681912054e9d12e9a1c1c10b434c626c17d718 Author: buildbot AuthorDate: Mon Jun 27 05:52:43 2022 + Automatic Site Publish by Buildbot --- output/core-developers/velocity-result.html| 52 -- .../velocity/index.html} | 64 -- 2 files changed, 20 insertions(+), 96 deletions(-) diff --git a/output/core-developers/velocity-result.html b/output/core-developers/velocity-result.html index 47496d169..0a1ac1245 100644 --- a/output/core-developers/velocity-result.html +++ b/output/core-developers/velocity-result.html @@ -131,59 +131,27 @@ https://github.com/apache/struts-site/edit/master/source/core-developers/velocity-result.md; title="Edit this page on GitHub">Edit on GitHub Velocity Result - - - Using the Servlet container's {@link JspFactory}, this result mocks a JSP - - execution environment and then displays a Velocity template that will be - - streamed directly to the servlet output. - - - +Using the Servlet container’s {@link JspFactory}, this result mocks a JSP execution environment and then displays +a Velocity template that will be streamed directly to the servlet output. Parameters - - - - - - - location (default) - the location of the template to process. - - - - parse - true by default. If set to false, the location param will + + location (default) - the location of the template to process. + parse (true by default) - if set to false, the location param will not be parsed for Ognl expressions. + - not be parsed for Ognl expressions. - - - - - - - - This result follows the same rules from {@link StrutsResultSupport}. - - - - - +This result follows the same rules from {@link StrutsResultSupport}. Examples - - result name="success" type="velocity" - - param name="location"foo.vm/param - - /result +result name="success" type="velocity" +param name="location"foo.vm/param +/result - diff --git a/output/core-developers/velocity-result.html b/output/plugins/velocity/index.html similarity index 85% copy from output/core-developers/velocity-result.html copy to output/plugins/velocity/index.html index 47496d169..4cb82135f 100644 --- a/output/core-developers/velocity-result.html +++ b/output/plugins/velocity/index.html @@ -7,7 +7,7 @@ - Velocity Result + Velocity plugin @@ -127,62 +127,18 @@ -<< back to Core Developers Guide -https://github.com/apache/struts-site/edit/master/source/core-developers/velocity-result.md; title="Edit this page on GitHub">Edit on GitHub -Velocity Result +https://github.com/apache/struts-site/edit/master/source/plugins/velocity/index.md; title="Edit this page on GitHub">Edit on GitHub + +<< back to Plugins + +Velocity Plugin - +The Velocity plugin provides integration with the https://velocity.apache.org;>Velocity a Java-based template engine. - Using the Servlet container's {@link JspFactory}, this result mocks a JSP - - execution environment and then displays a Velocity template that will be - - streamed directly to the servlet output. - - - - -Parameters - - - - - - - - location (default) - the location of the template to process. - - - - parse - true by default. If set to false, the location param will - - not be parsed for Ognl expressions. - - - - - - - - This result follows the same rules from {@link StrutsResultSupport}. - - - - - - -Examples - - - result name="success" type="velocity" - - param name="location"foo.vm/param - - /result - - - +This plugin provides a dedicated Result, all the Struts tags +based on Velocity templates and all other Velocity related features. +You must include this plugin in your pom.xml to use those features.
[struts-site] branch asf-site updated: Automatic Site Publish by Buildbot
This is an automated email from the ASF dual-hosted git repository. git-site-role pushed a commit to branch asf-site in repository https://gitbox.apache.org/repos/asf/struts-site.git The following commit(s) were added to refs/heads/asf-site by this push: new c528f5102 Automatic Site Publish by Buildbot c528f5102 is described below commit c528f510247be2b86e3c901c8b8088e9d978ad5a Author: buildbot AuthorDate: Mon Jun 27 05:34:16 2022 + Automatic Site Publish by Buildbot --- output/plugins/sitemesh/index.html | 4 1 file changed, 4 insertions(+) diff --git a/output/plugins/sitemesh/index.html b/output/plugins/sitemesh/index.html index 469275bb7..0054bdcbb 100644 --- a/output/plugins/sitemesh/index.html +++ b/output/plugins/sitemesh/index.html @@ -203,6 +203,10 @@ framework to aid in creating large sites consisting of many pages for which a co Velocity + + NOTE: Please include the Struts Velocity plugin in your pom.xml before using this functionality + + From 2.2+ the recommended way to use Velocity with Sitemesh is through the org.apache.struts2.sitemesh.VelocityDecoratorServlet servlet, which can be configured like this in web.xml:
[struts-site] branch asf-site updated: Automatic Site Publish by Buildbot
This is an automated email from the ASF dual-hosted git repository. git-site-role pushed a commit to branch asf-site in repository https://gitbox.apache.org/repos/asf/struts-site.git The following commit(s) were added to refs/heads/asf-site by this push: new 05179c639 Automatic Site Publish by Buildbot 05179c639 is described below commit 05179c63945571b4fe0c8ea4a727a141c3eb029a Author: buildbot AuthorDate: Mon Jun 27 05:32:05 2022 + Automatic Site Publish by Buildbot --- output/tag-developers/velocity.html | 5 + 1 file changed, 5 insertions(+) diff --git a/output/tag-developers/velocity.html b/output/tag-developers/velocity.html index 1f24302da..3c5128a04 100644 --- a/output/tag-developers/velocity.html +++ b/output/tag-developers/velocity.html @@ -143,6 +143,11 @@ of a Servlet container. The framework uses FreeMarker internally since it has be Developers may also like that FreeMarker supports JSP taglibs. However, both are good alternatives to JSP. + + NOTE: Since Struts 6.0.0 support for Velocity has been moved into a dedicated plugin, +you must include the plugin in your pom.xml to use Velocity in your application. + + Getting Started Getting started with Velocity is as simple as ensuring all the dependencies are included in your project’s classpath.
[struts-site] branch asf-site updated: Automatic Site Publish by Buildbot
This is an automated email from the ASF dual-hosted git repository. git-site-role pushed a commit to branch asf-site in repository https://gitbox.apache.org/repos/asf/struts-site.git The following commit(s) were added to refs/heads/asf-site by this push: new 60ab80401 Automatic Site Publish by Buildbot 60ab80401 is described below commit 60ab804018ae318f5bd375542f1341c821671db5 Author: buildbot AuthorDate: Tue Jun 21 08:42:55 2022 + Automatic Site Publish by Buildbot --- output/core-developers/interceptors.html | 4 +- output/core-developers/struts-default-xml.html | 4 +- output/dtds/struts-6.0.dtd | 157 + 3 files changed, 161 insertions(+), 4 deletions(-) diff --git a/output/core-developers/interceptors.html b/output/core-developers/interceptors.html index 4f5f8c96a..671950b69 100644 --- a/output/core-developers/interceptors.html +++ b/output/core-developers/interceptors.html @@ -258,8 +258,8 @@ than reiterate the same list of Interceptors, we can bundle these Interceptors t and {@link com.opensymphony.xwork2.inject.Inject} -- !DOCTYPE struts PUBLIC -"-//Apache Software Foundation//DTD Struts Configuration 2.6//EN" -"http://struts.apache.org/dtds/struts-2.6.dtd"; +"-//Apache Software Foundation//DTD Struts Configuration 6.0//EN" +"struts-6.0.dtd" struts diff --git a/output/core-developers/struts-default-xml.html b/output/core-developers/struts-default-xml.html index 1a54d6be4..053ed461d 100644 --- a/output/core-developers/struts-default-xml.html +++ b/output/core-developers/struts-default-xml.html @@ -175,8 +175,8 @@ setting in default.properties. and {@link com.opensymphony.xwork2.inject.Inject} -- !DOCTYPE struts PUBLIC -"-//Apache Software Foundation//DTD Struts Configuration 2.6//EN" -"http://struts.apache.org/dtds/struts-2.6.dtd"; +"-//Apache Software Foundation//DTD Struts Configuration 6.0//EN" +"struts-6.0.dtd" struts diff --git a/output/dtds/struts-6.0.dtd b/output/dtds/struts-6.0.dtd new file mode 100644 index 0..3df027de9 --- /dev/null +++ b/output/dtds/struts-6.0.dtd @@ -0,0 +1,157 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
[struts-site] branch asf-site updated: Automatic Site Publish by Buildbot
This is an automated email from the ASF dual-hosted git repository. git-site-role pushed a commit to branch asf-site in repository https://gitbox.apache.org/repos/asf/struts-site.git The following commit(s) were added to refs/heads/asf-site by this push: new 1653a9821 Automatic Site Publish by Buildbot 1653a9821 is described below commit 1653a9821aa35edebe5f97d788ee3af699ffeee2 Author: buildbot AuthorDate: Mon Jun 13 05:31:20 2022 + Automatic Site Publish by Buildbot --- output/plugins/convention/index.html | 10 +- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/output/plugins/convention/index.html b/output/plugins/convention/index.html index fff242539..8308534c4 100644 --- a/output/plugins/convention/index.html +++ b/output/plugins/convention/index.html @@ -611,12 +611,12 @@ an even number of elements in the form {"key0", import org.apache.struts2.convention.annotation.Actions; public class HelloWorld extends ActionSupport { - @Action(interceptorRefs=@InterceptorRef(value="validation",params={"programmatic", "false", "declarative [...] - public String execute() { -return SUCCESS; - } + @Action(interceptorRefs=@InterceptorRef(value="validation",params={"programmatic", "false", "declarative [...] + public String execute() { +return SUCCESS; + } - @Action("url") + @Action("url") public String doSomething() { return SUCCESS; }
[struts-site] branch asf-site updated: Automatic Site Publish by Buildbot
This is an automated email from the ASF dual-hosted git repository. git-site-role pushed a commit to branch asf-site in repository https://gitbox.apache.org/repos/asf/struts-site.git The following commit(s) were added to refs/heads/asf-site by this push: new 312e6b3c6 Automatic Site Publish by Buildbot 312e6b3c6 is described below commit 312e6b3c6bf2c6e6e3f2557490c538b99d11b9fc Author: buildbot AuthorDate: Tue Jun 7 08:08:09 2022 + Automatic Site Publish by Buildbot --- output/announce-2022.html | 318 + output/core-developers/default-properties.html | 44 +++- output/core-developers/interceptors.html | 3 + output/core-developers/struts-default-xml.html | 3 + output/download.html | 44 ++-- output/index.html | 10 +- output/releases.html | 2 +- 7 files changed, 389 insertions(+), 35 deletions(-) diff --git a/output/announce-2022.html b/output/announce-2022.html index 6b0dd9ff9..60536c49d 100644 --- a/output/announce-2022.html +++ b/output/announce-2022.html @@ -132,6 +132,7 @@ Announcements 2022 + 06 June 2022 - Struts 2 ver. 6.0.0 General Availability 04 April 2022 - Struts 2.5.30 General Availability 22 January 2022 - Struts 2.5.29 General Availability 02 January 2022 - Struts 2.5.28.3 General Availability @@ -141,6 +142,323 @@ Skip to: Announcements - 2021 +06 June 2022 - Struts 2 ver. 6.0.0 General Availability + +The Apache Struts group is pleased to announce that Apache Struts 2 ver. 6.0.0 is available as a “General Availability” +release. The GA designation is our highest quality grade. + +Version change + +You can be surprised by the version change, previously we have been using Struts 2.5.x versioning schema, but this was +a bit misleading. Struts 2 is a different framework than Struts 1 and its versioning is supposed to start with 1.0.0, +yet that never happened. With each breaking changes release (like Struts 2.5), we had been only upgrading the MINOR +part of the versioning schema. To fix that problem as from Struts 2 ver. 6.0.0 (aka Struts 2.6) we adopt a proper SemVer +to avoid such confusion. + +Internal Changes + +The framework requires Java 8 at runtime. Also Servlet API 3.1 capable container is required. + +OGNL expressions are limited to 256 characters by default. See https://issues.apache.org/jira/browse/WW-5179;>WW-5179 +and https://struts.apache.org/security/#apply-a-maximum-allowed-length-on-ognl-expressions;>docs for more details. + +Yasser’s PR has been merged which contains a fix to double evaluation security vulnerability - it should solve any future +attack vectors, yet it can impact your application if you have been depending on double evaluation. + +How to test + + + Run all your app tests, you shouldn’t see any WARN log like below: + + Expression [so-and-so] isn’t allowed by pattern [so-and-so]! See Accepted / Excluded patterns at https://struts.apache.org/security/ + + + See if following components are still functioning correctly regarding java-scripts: + + forms with client side validations + doubleselect + combobox + + + Check also StreamResults, AliasInterceptor and JasperReportResults if they are still working as expected. + + +Support to access static methods via OGNL expressions has been removed, use action instance methods instead. + +Bug + + + WW-3534 - PrepareOperations.createActionContext does not detect existing context correctly + WW-3730 - action tag accepts only String arrays as parameters + WW-4723 - s:url incompatible with JDK 1.5 + WW-4742 - Problem with escape when the key from getText has no value + WW-4865 - Struts s:checkbox conversion fails to List + WW-4866 - ASM 5.2 and Java 9 leads to IllegalArgumentException + WW-4897 - KEYS, sigs and hashes should use https (SSL) + WW-4902 - Struts 2 fails to init Dispatcher - Tomcat Embedded + WW-4928 - Setting struts.devMode from system property not working as described + WW-4930 - SMI cannot be diasabled for action-packages found via the convention-plugin + WW-4941 - [jar_cache] Some jar_cache**.tmp files are generated into a temporary directory(/tmp) during web service start + WW-4943 - opensymphony.xwork2.util.LocalizedTextUtil can’t get i18n resources + WW-4944 - Struts 2 REST Tiles integration issue + WW-4945 - TagUtils#buildNamespace should throw an exception when invocation is null + WW-4946 - Strtus 2 spring integrations is failing - fails to init Dispatcher - Tomcat Embedded + WW-4948 - Struts 2.5.16 is creating jar_cache files in temp folder + WW-4951 - MD5 and SHA1 should no longer be provided on download pages + WW-4954 - xml-validation fails since struts 2.5.17 + WW-4957 - Update struts version from 2.5.10 to 2.5.17. LocalizedTextUtil class is removed and GlobalLocalizedTextProviderStrutsLocalizedTextProvider cannot
[struts-site] branch asf-site updated: Automatic Site Publish by Buildbot
This is an automated email from the ASF dual-hosted git repository. git-site-role pushed a commit to branch asf-site in repository https://gitbox.apache.org/repos/asf/struts-site.git The following commit(s) were added to refs/heads/asf-site by this push: new 003daeda0 Automatic Site Publish by Buildbot 003daeda0 is described below commit 003daeda08da3fb680563f5079df4d84c4d8f417 Author: buildbot AuthorDate: Thu Apr 7 12:35:58 2022 + Automatic Site Publish by Buildbot --- output/core-developers/using-field-validators.html | 113 ++--- .../using-non-field-validators.html| 109 +--- 2 files changed, 106 insertions(+), 116 deletions(-) diff --git a/output/core-developers/using-field-validators.html b/output/core-developers/using-field-validators.html index 12eb3e674..5f4387223 100644 --- a/output/core-developers/using-field-validators.html +++ b/output/core-developers/using-field-validators.html @@ -149,8 +149,7 @@ Create the jsp page - -h3All Field Errors Will Appear Here/h3 +h3All Field Errors Will Appear Here/h3 s:fielderror/ hr/ @@ -277,61 +276,61 @@ Create the validator.xml. validators - field name="requiredValidatorField" - field-validator type="required" - message![CDATA[ required ]]/message - /field-validator - /field - field name="requiredStringValidatorField" - field-validator type="requiredstring" - param name="trim"true/param - message![CDATA[ required and must be string ]]/message - /field-validator - /field - field name="integerValidatorField" - field-validator type="int" - param name="min"1/param - param name="max"10/param - message![CDATA[ must be integer min 1 max 10 if supplied ]]/message - /field-validator - /field - field name="dateValidatorField" - field-validator type="date" - param name="min"01/01/1990/param - param name="max"01/01/2000/param - message![CDATA[ must be a min 01-01-1990 max 01-01-2000 if supplied ]]/message - /field-validator - /field - field name="emailValidatorField" - field-validator type="email" - message![CDATA[ must be a valid email if supplied ]]/message - /field-validator - /field - field name="urlValidatorField" - field-validator type="url" - message![CDATA[ must be a valid url if supplied ]]/message - /field-validator - /field - field name="stringLengthValidatorField" - field-validator type="stringlength" - param name="maxLength"4/param - param name="minLength"2/param - param name="trim"true/param - message![CDATA[ must be a String of a specific greater than 1 less than 5 if specified ]]/message - /field-validator - /field - field name="regexValidatorField" - field-validator type="regex" - param name="regex"![CDATA[ [^]+ ]]/param - message![CDATA[ regexValidatorField must match a regexp (.*.txt) if specified ]]/message - /field-validator - /field - field name="fieldExpressionValidatorField" - field-validator type="fieldexpression" - param name="expression"(fieldExpressionValidatorField == requiredValidatorField)/param - message![CDATA[ must be the same as the Required Validator Field if specified ]]/message - /field-validator - /field +field name="requiredValidatorField" +field-validator type="required" +message![CDATA[ required ]]/message +/field-validator +/field +field name="requiredStringValidatorField" +field-validator type="requiredstring" +param name="trim"true/param +message![CDATA[ required and must be string ]]/message +/field-validator +/field +field name="integerValidatorField" +field-validator type="int" +param name="min"1/param +param name="max"10/param +message![CDATA[ must be integer min 1 max 10 if supplied ]]/message +/field-validator +/field +field name="dateValidatorField" +field-validator type="date" +param name="min"01/01/1990/param +param name="max"01/01/2000/param +message![CDATA[ must be a min 01-01-1990 max 01-01-2000 if supplied ]]/message +/field-validator +/field +field name="emailValidatorField" +field-validator type="email" +message![CDATA[ must be a
[struts-site] branch asf-site updated: Automatic Site Publish by Buildbot
This is an automated email from the ASF dual-hosted git repository. git-site-role pushed a commit to branch asf-site in repository https://gitbox.apache.org/repos/asf/struts-site.git The following commit(s) were added to refs/heads/asf-site by this push: new 4b53154fe Automatic Site Publish by Buildbot 4b53154fe is described below commit 4b53154fea8c8e3038f6c02b50682409216c4b74 Author: buildbot AuthorDate: Thu Apr 7 07:07:01 2022 + Automatic Site Publish by Buildbot --- .../using-visitor-field-validator.html | 28 +++--- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/output/core-developers/using-visitor-field-validator.html b/output/core-developers/using-visitor-field-validator.html index 24fb0faab..38cba553d 100644 --- a/output/core-developers/using-visitor-field-validator.html +++ b/output/core-developers/using-visitor-field-validator.html @@ -165,15 +165,15 @@ public class VisitorValidatorsExampleAction extends AbstractValidationActionSupport { - private User user; +private User user; - public User getUser() { - return user; - } +public User getUser() { +return user; +} - public void setUser(User user) { - this.user = user; - } +public void setUser(User user) { +this.user = user; +} } @@ -182,13 +182,13 @@ Create the validator.xml. validators - field name="user" - field-validator type="visitor" - param name="context"userContext/param - param name="appendPrefix"true/param - messageUser:/message - /field-validator - /field +field name="user" +field-validator type="visitor" +param name="context"userContext/param +param name="appendPrefix"true/param +messageUser:/message +/field-validator +/field /validators
[struts-site] branch asf-site updated: Automatic Site Publish by Buildbot
This is an automated email from the ASF dual-hosted git repository. git-site-role pushed a commit to branch asf-site in repository https://gitbox.apache.org/repos/asf/struts-site.git The following commit(s) were added to refs/heads/asf-site by this push: new 92c3369c6 Automatic Site Publish by Buildbot 92c3369c6 is described below commit 92c3369c60d443b657c7ea96b3671814f7013ca2 Author: buildbot AuthorDate: Tue Apr 5 07:31:16 2022 + Automatic Site Publish by Buildbot --- output/plugins/extending-an-application-with-custom-plugins.html | 2 +- output/plugins/index.html| 2 +- output/plugins/plugins-architecture.html | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/output/plugins/extending-an-application-with-custom-plugins.html b/output/plugins/extending-an-application-with-custom-plugins.html index b39519398..f3ecf4c40 100644 --- a/output/plugins/extending-an-application-with-custom-plugins.html +++ b/output/plugins/extending-an-application-with-custom-plugins.html @@ -7,7 +7,7 @@ - Plugins + Extending an Application with Custom Plugins diff --git a/output/plugins/index.html b/output/plugins/index.html index 0471b5fa9..62aa214cc 100644 --- a/output/plugins/index.html +++ b/output/plugins/index.html @@ -135,7 +135,7 @@ adding a JAR to the application’s classpath. Since plugins are contained in a Several plugins are bundled with the framework, and others are available from third-party sources. - Plugins + Plugins Architecture Extending an Application with Custom Plugins diff --git a/output/plugins/plugins-architecture.html b/output/plugins/plugins-architecture.html index 8e307c320..376064cf5 100644 --- a/output/plugins/plugins-architecture.html +++ b/output/plugins/plugins-architecture.html @@ -7,7 +7,7 @@ - Plugins + Plugins Architecture @@ -130,7 +130,7 @@ << back to Plugins -Plugins +Plugins architecture Static resources
[struts-site] branch asf-site updated: Automatic Site Publish by Buildbot
This is an automated email from the ASF dual-hosted git repository. git-site-role pushed a commit to branch asf-site in repository https://gitbox.apache.org/repos/asf/struts-site.git The following commit(s) were added to refs/heads/asf-site by this push: new 9f30af49e Automatic Site Publish by Buildbot 9f30af49e is described below commit 9f30af49ed63599f316bec7095f44aeeefe76719 Author: buildbot AuthorDate: Tue Apr 5 06:27:01 2022 + Automatic Site Publish by Buildbot --- output/plugins/index.html | 4 +- .../{plugins.html => plugins-architecture.html}| 161 +++-- 2 files changed, 148 insertions(+), 17 deletions(-) diff --git a/output/plugins/index.html b/output/plugins/index.html index 4ee850aeb..0471b5fa9 100644 --- a/output/plugins/index.html +++ b/output/plugins/index.html @@ -130,12 +130,12 @@ Plugin Developers Guide -Apache Struts 2 provides a simple plugin architecture so that developers can extend the framework just by +Apache Struts 2 provides a simple plugin architecture so that developers can extend the framework just by adding a JAR to the application’s classpath. Since plugins are contained in a JAR, they are easy to share with others. Several plugins are bundled with the framework, and others are available from third-party sources. - Plugins + Plugins Extending an Application with Custom Plugins diff --git a/output/plugins/plugins.html b/output/plugins/plugins-architecture.html similarity index 67% rename from output/plugins/plugins.html rename to output/plugins/plugins-architecture.html index 54e541737..8e307c320 100644 --- a/output/plugins/plugins.html +++ b/output/plugins/plugins-architecture.html @@ -126,7 +126,7 @@ -https://github.com/apache/struts-site/edit/master/source/plugins/plugins.md; title="Edit this page on GitHub">Edit on GitHub +https://github.com/apache/struts-site/edit/master/source/plugins/plugins-architecture.md; title="Edit this page on GitHub">Edit on GitHub << back to Plugins @@ -140,6 +140,11 @@ Tiles plugin + Developing new extension point + Extension point provided by the Core + Extension point provided by a plugin + + Plugin Registry @@ -149,17 +154,10 @@ whatever dependencies the plugin itself may have. To configure the plugin, the J file, which follows the same format as an ordinary struts.xml file. Since a plugin can contain the struts-plugin.xml file, it has the ability to: - - -Define new packages with results, interceptors, and/or actions - - -Override framework constants - - -Introduce new extension point implementation classes - + Define new packages with results, interceptors, and/or actions + Override framework constants + Introduce new extension point implementation classes Many popular but optional features of the framework are distributed as plugins. An application can retain all the plugins @@ -185,7 +183,7 @@ with the distribution, or any other plugins available to an application. Static resources To include static resources in your plugins add them under “/static” in your jar. And include them in your page using -“/struts” as the path, like in the following example: +“/static” as the path, like in the following example: !-- Assuming /static/main.css is inside a plugin jar, to add it to the page: -- @@ -193,7 +191,7 @@ with the distribution, or any other plugins available to an application. link rel="stylesheet" type="text/css" href="%{#css}" / -Read also https://struts.apache.org/maven/struts2-core/apidocs/org/apache/struts2/dispatcher/StaticContentLoader;>StaticContentLoader JavaDoc. +Read also Static Content and JavaDoc of https://struts.apache.org/maven/struts2-core/apidocs/org/apache/struts2/dispatcher/StaticContentLoader;>StaticContentLoader. Extension Points @@ -452,6 +450,12 @@ For example, a plugin could provide a new class to create Action classes or map singleton com.opensymphony.xwork2.LocalizedTextProvider + + struts.date.formatter + Allow define a date formatter used by s:date/ tag (since 6.0.0) + singleton + org.apache.struts2.components.date.DateFromatter + @@ -484,8 +488,6 @@ points, it does need to know what settings have been enabled in the Struts frame ?xml version="1.0" encoding="UTF-8" ? !-- /* - * $Id$ - * * Licensed to the Apache Software Foundation (ASF) under one * or more contributor license agreements. See the NOTICE file * distributed with this work for additional information @@ -542,6 +544,135 @@ a common look-and-feel to an application’s pages by breaking the page down int Since the Tiles Plugin does need to register configuration elements, a result class, it provides a struts-plugin.xml file. +Developing new extension point + +An extension point it’s a name which will be used to locate other
[struts-site] branch asf-site updated: Automatic Site Publish by Buildbot
This is an automated email from the ASF dual-hosted git repository. git-site-role pushed a commit to branch asf-site in repository https://gitbox.apache.org/repos/asf/struts-site.git The following commit(s) were added to refs/heads/asf-site by this push: new 9aa84eb6a Automatic Site Publish by Buildbot 9aa84eb6a is described below commit 9aa84eb6a0b2879dd8aecd026ac76c4a6ce328fe Author: buildbot AuthorDate: Mon Apr 4 06:33:31 2022 + Automatic Site Publish by Buildbot --- output/announce-2022.html | 8 +--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/output/announce-2022.html b/output/announce-2022.html index 38a1a91e4..101618a25 100644 --- a/output/announce-2022.html +++ b/output/announce-2022.html @@ -167,9 +167,11 @@ https://struts.apache.org/security/ Check also StreamResult, AliasInterceptor and JasperReportResult if they are still working as expected. -Dependency: -[WW-5170] - Upgrade Jackson-Core to version 2.10.5 and Jackson-Databind to 2.10.5.1 -[WW-5172] - Upgrade freemarker to 2.3.31 +Dependency: + + [WW-5170] - Upgrade Jackson-Core to version 2.10.5 and Jackson-Databind to 2.10.5.1 + [WW-5172] - Upgrade freemarker to 2.3.31 + Please read the https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.5.30;>Version Notes to find more details about performed
[struts-site] branch asf-site updated: Automatic Site Publish by Buildbot
This is an automated email from the ASF dual-hosted git repository. git-site-role pushed a commit to branch asf-site in repository https://gitbox.apache.org/repos/asf/struts-site.git The following commit(s) were added to refs/heads/asf-site by this push: new 1f5f57ac4 Automatic Site Publish by Buildbot 1f5f57ac4 is described below commit 1f5f57ac4619039437c40516727d5881ec820d41 Author: buildbot AuthorDate: Mon Apr 4 06:32:04 2022 + Automatic Site Publish by Buildbot --- output/announce-2022.html | 9 + 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/output/announce-2022.html b/output/announce-2022.html index 964d795a3..38a1a91e4 100644 --- a/output/announce-2022.html +++ b/output/announce-2022.html @@ -150,8 +150,9 @@ release. The GA designation is our highest quality grade. Yasser’s PR has been merged which contains a fix to double evaluation security vulnerability - it should solve any future attack vectors, yet it can impact your application if you have been depending on double evaluation. -How to test -Run all your app tests, you shouldn’t see any WARN log like below: +How to test + +Run all your app tests, you shouldn’t see any WARN log like below: Expression [so-and-so] isn't allowed by pattern [so-and-so]! See Accepted / Excluded patterns at https://struts.apache.org/security/ @@ -160,8 +161,8 @@ https://struts.apache.org/security/ See if following components are still functioning correctly regarding java-scripts: forms with client side validations - doubleselect - combobox + doubleselect tag + combobox tag Check also StreamResult, AliasInterceptor and JasperReportResult if they are still working as expected.
[struts-site] branch asf-site updated: Automatic Site Publish by Buildbot
This is an automated email from the ASF dual-hosted git repository. git-site-role pushed a commit to branch asf-site in repository https://gitbox.apache.org/repos/asf/struts-site.git The following commit(s) were added to refs/heads/asf-site by this push: new cd328a253 Automatic Site Publish by Buildbot cd328a253 is described below commit cd328a253a29c6c31668e6aed93c06632b47d137 Author: buildbot AuthorDate: Mon Apr 4 06:31:04 2022 + Automatic Site Publish by Buildbot --- output/announce-2022.html | 8 +++- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/output/announce-2022.html b/output/announce-2022.html index 80b0f0676..964d795a3 100644 --- a/output/announce-2022.html +++ b/output/announce-2022.html @@ -132,8 +132,6 @@ 04 April 2022 - Struts 2.5.30 General Availability - Internal Changes: - Dependency: 22 January 2022 - Struts 2.5.29 General Availability 02 January 2022 - Struts 2.5.28.3 General Availability @@ -147,7 +145,7 @@ The Apache Struts group is pleased to announce that Struts 2.5.30 is available as a “General Availability” release. The GA designation is our highest quality grade. -Internal Changes: +Internal Changes: Yasser’s PR has been merged which contains a fix to double evaluation security vulnerability - it should solve any future attack vectors, yet it can impact your application if you have been depending on double evaluation. @@ -168,8 +166,8 @@ https://struts.apache.org/security/ Check also StreamResult, AliasInterceptor and JasperReportResult if they are still working as expected. -Dependency: -[WW-5170] - Upgrade Jackson-Core to version 2.10.5 and Jackson-Databind to 2.10.5.1 +Dependency: +[WW-5170] - Upgrade Jackson-Core to version 2.10.5 and Jackson-Databind to 2.10.5.1 [WW-5172] - Upgrade freemarker to 2.3.31
[struts-site] branch asf-site updated: Automatic Site Publish by Buildbot
This is an automated email from the ASF dual-hosted git repository. git-site-role pushed a commit to branch asf-site in repository https://gitbox.apache.org/repos/asf/struts-site.git The following commit(s) were added to refs/heads/asf-site by this push: new b7273f1e0 Automatic Site Publish by Buildbot b7273f1e0 is described below commit b7273f1e0a4f13afe08e9e0645b95c615307af33 Author: buildbot AuthorDate: Mon Apr 4 06:20:53 2022 + Automatic Site Publish by Buildbot --- output/announce-2022.html | 52 +++ output/download.html | 44 +++ output/index.html | 10 - output/releases.html | 2 +- 4 files changed, 80 insertions(+), 28 deletions(-) diff --git a/output/announce-2022.html b/output/announce-2022.html index 2155f888a..80b0f0676 100644 --- a/output/announce-2022.html +++ b/output/announce-2022.html @@ -131,6 +131,9 @@ Announcements 2022 + 04 April 2022 - Struts 2.5.30 General Availability + Internal Changes: + Dependency: 22 January 2022 - Struts 2.5.29 General Availability 02 January 2022 - Struts 2.5.28.3 General Availability @@ -139,6 +142,55 @@ Skip to: Announcements - 2021 +04 April 2022 - Struts 2.5.30 General Availability + +The Apache Struts group is pleased to announce that Struts 2.5.30 is available as a “General Availability” +release. The GA designation is our highest quality grade. + +Internal Changes: + +Yasser’s PR has been merged which contains a fix to double evaluation security vulnerability - it should solve any future +attack vectors, yet it can impact your application if you have been depending on double evaluation. + +How to test +Run all your app tests, you shouldn’t see any WARN log like below: + +Expression [so-and-so] isn't allowed by pattern [so-and-so]! See Accepted / Excluded patterns at +https://struts.apache.org/security/ + + +See if following components are still functioning correctly regarding java-scripts: + + forms with client side validations + doubleselect + combobox + + +Check also StreamResult, AliasInterceptor and JasperReportResult if they are still working as expected. + +Dependency: +[WW-5170] - Upgrade Jackson-Core to version 2.10.5 and Jackson-Databind to 2.10.5.1 +[WW-5172] - Upgrade freemarker to 2.3.31 + + + Please read the https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.5.30;>Version Notes to find more details about performed +bug fixes and improvements. + + +Apache Struts 2 is an elegant, extensible framework for creating enterprise-ready Java web applications. +The framework has been designed to streamline the full development cycle, from building, to deploying, +to maintaining applications over time. + +All developers are strongly advised to perform this upgrade. + +The 2.5.x series of the Apache Struts framework has a minimum requirement of the following specification versions: +Servlet API 2.4, JSP API 2.0, and Java 7. + +Should any issues arise with your use of any version of the Struts framework, please post your comments to the user list, +and, if appropriate, file https://issues.apache.org/jira/projects/WW/;>a tracking ticket. + +You can download this version from our download page. + 22 January 2022 - Struts 2.5.29 General Availability The Apache Struts group is pleased to announce that Struts 2.5.29 is available as a “General Availability” diff --git a/output/download.html b/output/download.html index 6f6bcc00f..685984168 100644 --- a/output/download.html +++ b/output/download.html @@ -190,26 +190,26 @@ Full Releases -Struts 2.5.29 +Struts 2.5.30 - https://struts.apache.org/;>Apache Struts 2.5.29 is an elegant, extensible + https://struts.apache.org/;>Apache Struts 2.5.30 is an elegant, extensible framework for creating enterprise-ready Java web applications. It is available in a full distribution, or as separate library, source, example and documentation distributions. - Struts 2.5.29 is the "best available" version of Struts in the 2.5 series. + Struts 2.5.30 is the "best available" version of Struts in the 2.5 series. -https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.5.29;>Version Notes +https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.5.30;>Version Notes Full Distribution: -struts-2.5.29-all.zip (65MB) -[https://downloads.apache.org/struts/2.5.29/struts-2.5.29-all.zip.asc;>PGP] -[https://downloads.apache.org/struts/2.5.29/struts-2.5.29-all.zip.sha256;>SHA256] +struts-2.5.30-all.zip (65MB) +[https://downloads.apache.org/struts/2.5.30/struts-2.5.30-all.zip.asc;>PGP] +[https://downloads.apache.org/struts/2.5.30/struts-2.5.30-all.zip.sha256;>SHA256] @@ -217,9 +217,9 @@ Example Applications: -struts-2.5.29-apps.zip (35MB) -
[struts-site] branch asf-site updated: Automatic Site Publish by Buildbot
This is an automated email from the ASF dual-hosted git repository. git-site-role pushed a commit to branch asf-site in repository https://gitbox.apache.org/repos/asf/struts-site.git The following commit(s) were added to refs/heads/asf-site by this push: new 777c806 Automatic Site Publish by Buildbot 777c806 is described below commit 777c806c99f45693f45edea28b162d04046ce9b3 Author: buildbot AuthorDate: Sat Apr 2 08:19:33 2022 + Automatic Site Publish by Buildbot --- output/core-developers/file-upload.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/output/core-developers/file-upload.html b/output/core-developers/file-upload.html index b6b25c1..4c6af77 100644 --- a/output/core-developers/file-upload.html +++ b/output/core-developers/file-upload.html @@ -629,7 +629,7 @@ follow: ^multipart/form-data(?:\\s*;\\s*boundary=[0-9a-zA-Z'()+_,\\-./:=?]{1,70})?(?:\\s*;\\s*charset=[a-zA-Z\\-0-9]{3,14})? -Please read https://www.w3.org/Protocols/rfc1341/7\_2\_Multipart;>RFC1341 the Multipart section for more details, +Please read https://www.w3.org/Protocols/rfc1341/7_2_Multipart.html;>RFC1341 the Multipart section for more details, existing Struts Multipart parsers support only multipart/form-data content type. This option is available since Struts 2.3.11.
[struts-site] branch asf-site updated: Automatic Site Publish by Buildbot
This is an automated email from the ASF dual-hosted git repository. git-site-role pushed a commit to branch asf-site in repository https://gitbox.apache.org/repos/asf/struts-site.git The following commit(s) were added to refs/heads/asf-site by this push: new 34c61e2 Automatic Site Publish by Buildbot 34c61e2 is described below commit 34c61e2abf855182264e37c231b7895bc9477364 Author: buildbot AuthorDate: Sat Apr 2 08:13:50 2022 + Automatic Site Publish by Buildbot --- output/core-developers/file-upload.html | 33 + 1 file changed, 29 insertions(+), 4 deletions(-) diff --git a/output/core-developers/file-upload.html b/output/core-developers/file-upload.html index e30496d..b6b25c1 100644 --- a/output/core-developers/file-upload.html +++ b/output/core-developers/file-upload.html @@ -128,10 +128,35 @@ << back to Core Developers Guide https://github.com/apache/struts-site/edit/master/source/core-developers/file-upload.md; title="Edit this page on GitHub">Edit on GitHub -File Upload - - - Will be replaced with the ToC, excluding a header {:toc} +File Upload + + + Dependencies + Struts 2.0.x File Upload Dependencies + Struts 2.1.x File Upload Dependencies + + + Basic Usage + Example action mapping: + Example JSP form tags: + Example Action class: + + + Uploading Multiple Files + Uploading Multiple Files using Arrays + Uploading Multiple Files using Lists + + + Advanced Configuration + File Size Limits + File Types + Error Messages + Temporary Directories + Alternate Libraries + Request validation + Disabling file upload support + + The Struts 2 framework provides built-in support for processing file uploads that conform
[struts-site] branch asf-site updated: Automatic Site Publish by Buildbot
This is an automated email from the ASF dual-hosted git repository. git-site-role pushed a commit to branch asf-site in repository https://gitbox.apache.org/repos/asf/struts-site.git The following commit(s) were added to refs/heads/asf-site by this push: new 89c4de7 Automatic Site Publish by Buildbot 89c4de7 is described below commit 89c4de70942db670ee4b68bf317c300eb05d88bc Author: buildbot AuthorDate: Sat Apr 2 08:11:56 2022 + Automatic Site Publish by Buildbot --- output/core-developers/file-upload.html | 174 +++- 1 file changed, 173 insertions(+), 1 deletion(-) diff --git a/output/core-developers/file-upload.html b/output/core-developers/file-upload.html index c1723f0..e30496d 100644 --- a/output/core-developers/file-upload.html +++ b/output/core-developers/file-upload.html @@ -1,4 +1,134 @@ -File Upload + + + + + + + + + + File Upload + + + + + + + + + + + + + +http://github.com/apache/struts; class="github-ribbon"> + https://s3.amazonaws.com/github/ribbons/forkme_right_red_aa.png; alt="Fork me on GitHub"> + + + + + + + + +Menu +Toggle navigation + + + + + + + + + + +Home + + +Welcome +Download +Releases +Announcements +http://www.apache.org/licenses/;>License +https://www.apache.org/foundation/thanks.html;>Thanks! +https://www.apache.org/foundation/sponsorship.html;>Sponsorship + + + + +Support + + +User Mailing List +https://issues.apache.org/jira/browse/WW;>Issue Tracker +Reporting Security Issues + +https://cwiki.apache.org/confluence/display/WW/Migration+Guide;>Version Notes +https://cwiki.apache.org/confluence/display/WW/Security+Bulletins;>Security Bulletins + +Maven Project Info +Struts Core Dependencies +Plugin Dependencies + + + + +Documentation + + +Birds Eye +Key Technologies +Kickstart FAQ +https://cwiki.apache.org/confluence/display/WW/Home;>Wiki + +Getting Started +Security Guide +Core Developers Guide +Tag Developers Guide +Maven Archetypes +Plugins +Struts Core API +Tag reference +https://cwiki.apache.org/confluence/display/WW/FAQs;>FAQs +http://cwiki.apache.org/S2PLUGINS/home.html;>Plugin registry + + + + +Contributing + + +You at Struts +How to Help FAQ +Development Lists + +Submitting patches +Source Code and Builds +Coding standards +Contributors Guide + +Release Guidelines +PMC Charter +Volunteers +https://gitbox.apache.org/repos/asf?p=struts.git;>Source Repository +Updating the website + + +http://www.apache.org/;> + + + + + + + + + + +<< back to Core Developers Guide +https://github.com/apache/struts-site/edit/master/source/core-developers/file-upload.md; title="Edit this page on GitHub">Edit on GitHub +File Upload Will be replaced with the ToC, excluding a header {:toc} @@ -487,3 +617,45 @@ Struts 2.3.11. With this constant in place, Struts will ignore a Content-Type header and will treat each request as an ordinary http request. This option is available since Struts 2.3.11. + + + + + + + +Copyright 2000-2021 http://www.apache.org/;>The Apache Software Foundation . +All Rights Reserved. + + +Apache Struts, Struts, Apache, the Apache feather logo, and the Apache Struts project logos are +trademarks of The Apache Software Foundation. + + Logo and website design donated by https://softwaremill.com/;>SoftwareMill. + + +!function (d, s, id) { + var js, fjs = d.getElementsByTagName(s)[0]; + if (!d.getElementById(id)) { +js = d.createElement(s); +js.id = id; +js.src = "//platform.twitter.com/widgets.js"; +fjs.parentNode.insertBefore(js, fjs); + } +}(document, "script", "twitter-wjs"); +https://apis.google.com/js/platform.js"
[struts-site] branch asf-site updated: Automatic Site Publish by Buildbot
This is an automated email from the ASF dual-hosted git repository. git-site-role pushed a commit to branch asf-site in repository https://gitbox.apache.org/repos/asf/struts-site.git The following commit(s) were added to refs/heads/asf-site by this push: new 67f8d6c Automatic Site Publish by Buildbot 67f8d6c is described below commit 67f8d6cf6accc1b76ab3db9915d7040b38856cc7 Author: buildbot AuthorDate: Sat Apr 2 08:10:13 2022 + Automatic Site Publish by Buildbot --- output/core-developers/file-upload.html | 611 1 file changed, 220 insertions(+), 391 deletions(-) diff --git a/output/core-developers/file-upload.html b/output/core-developers/file-upload.html index 5bf597a..c1723f0 100644 --- a/output/core-developers/file-upload.html +++ b/output/core-developers/file-upload.html @@ -1,175 +1,21 @@ - - - - - - - - - - File Upload - - - - - - - - - - - - - -http://github.com/apache/struts; class="github-ribbon"> - https://s3.amazonaws.com/github/ribbons/forkme_right_red_aa.png; alt="Fork me on GitHub"> - - - - - - - - -Menu -Toggle navigation - - - - - - - - - - -Home - - -Welcome -Download -Releases -Announcements -http://www.apache.org/licenses/;>License -https://www.apache.org/foundation/thanks.html;>Thanks! -https://www.apache.org/foundation/sponsorship.html;>Sponsorship - - - - -Support - - -User Mailing List -https://issues.apache.org/jira/browse/WW;>Issue Tracker -Reporting Security Issues - -https://cwiki.apache.org/confluence/display/WW/Migration+Guide;>Version Notes -https://cwiki.apache.org/confluence/display/WW/Security+Bulletins;>Security Bulletins - -Maven Project Info -Struts Core Dependencies -Plugin Dependencies - - - - -Documentation - - -Birds Eye -Key Technologies -Kickstart FAQ -https://cwiki.apache.org/confluence/display/WW/Home;>Wiki - -Getting Started -Security Guide -Core Developers Guide -Tag Developers Guide -Maven Archetypes -Plugins -Struts Core API -Tag reference -https://cwiki.apache.org/confluence/display/WW/FAQs;>FAQs -http://cwiki.apache.org/S2PLUGINS/home.html;>Plugin registry - - - - -Contributing - - -You at Struts -How to Help FAQ -Development Lists - -Submitting patches -Source Code and Builds -Coding standards -Contributors Guide - -Release Guidelines -PMC Charter -Volunteers -https://gitbox.apache.org/repos/asf?p=struts.git;>Source Repository -Updating the website - - -http://www.apache.org/;> - - - - - - - - - - -<< back to Core Developers Guide -https://github.com/apache/struts-site/edit/master/source/core-developers/file-upload.md; title="Edit this page on GitHub">Edit on GitHub -File Upload - - - Dependencies - Struts 2.0.x File Upload Dependencies - Struts 2.1.x File Upload Dependencies - - - Basic Usage - Example action mapping: - Example JSP form tags: - Example Action class: - - - Uploading Multiple Files - Uploading Multiple Files using Arrays - Uploading Multiple Files using Lists - - - Advanced Configuration - File Size Limits - File Types - Error Messages - Temporary Directories - Alternate Libraries - Request validation - Disabling file upload support - - +File Upload + + + Will be replaced with the ToC, excluding a header {:toc} -The Struts 2 framework provides built-in support for processing file uploads that conform to http://www.ietf.org/rfc/rfc1867.txt;>RFC 1867, -“Form-based File Upload in HTML”. When correctly configured the framework will pass uploaded file(s) into your Action class. -Support for individual and multiple file
[struts-site] branch asf-site updated: Automatic Site Publish by Buildbot
This is an automated email from the ASF dual-hosted git repository. git-site-role pushed a commit to branch asf-site in repository https://gitbox.apache.org/repos/asf/struts-site.git The following commit(s) were added to refs/heads/asf-site by this push: new 699b7c6 Automatic Site Publish by Buildbot 699b7c6 is described below commit 699b7c69606af9e3e003509fb42a04b3ffca4748 Author: buildbot AuthorDate: Tue Mar 29 05:32:15 2022 + Automatic Site Publish by Buildbot --- output/.htaccess | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/output/.htaccess b/output/.htaccess index 88755ec..5e9a4d1 100644 --- a/output/.htaccess +++ b/output/.htaccess @@ -24,6 +24,6 @@ RedirectMatch \/2.*\/(.*)? http://struts.apache.org/$1 # page downloads.html was renamed to releases.html RedirectMatch \/downloads /releases -RedirectMatch \/announce.html(#a[0-9]+)? /announce-2020.html$1 +RedirectMatch \/announce.html(#a[0-9]+)? /announce-2022.html$1 ErrorDocument 404 /404
[struts-site] branch asf-site updated: Automatic Site Publish by Buildbot
This is an automated email from the ASF dual-hosted git repository. git-site-role pushed a commit to branch asf-site in repository https://gitbox.apache.org/repos/asf/struts-site.git The following commit(s) were added to refs/heads/asf-site by this push: new 0e96f6d Automatic Site Publish by Buildbot 0e96f6d is described below commit 0e96f6db53ec69aae4a7073d1abe7b0369186dcc Author: buildbot AuthorDate: Tue Mar 29 05:24:56 2022 + Automatic Site Publish by Buildbot --- output/announce-2015.html | 2 +- output/builds.html | 6 +++--- output/contributors/building-the-framework-from-source.html | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/output/announce-2015.html b/output/announce-2015.html index acc809e..1d58ab1 100644 --- a/output/announce-2015.html +++ b/output/announce-2015.html @@ -188,7 +188,7 @@ please post your comments to the user list, and, if appropriate, file a tracking Thanks to Taki Uchiyama from JPCERT/CC who reported two potential XSS vulnerabilities available in older versions of The Apache Struts 2. Please read the mentioned security bulletin for more details -and also reading our Security guideline will help you secure your application +and also reading our Security guideline will help you secure your application 31 July 2015 - Struts 2.5-BETA1 (BETA) diff --git a/output/builds.html b/output/builds.html index b106d33..aa79d0b 100644 --- a/output/builds.html +++ b/output/builds.html @@ -184,15 +184,15 @@ your own applications!) Maven will automatically download any dependencies as needed. For more about using Maven to build Struts 2, see -Building the framework from source in the -Struts 2 Contributors Guide. +Building the framework from source in the +Struts 2 Contributors Guide. For more about using Maven to build Struts 1, see our http://wiki.apache.org/struts/StrutsMaintenanceMaven;>Maven wiki page. Nightly Builds As part of our continuous integration practice, we also make available each morning the -https://nightlies.apache.org/x1/dist/struts/;>latest stable development build. +https://nightlies.apache.org/struts/snapshot/;>latest stable development build. Again: Use at your own risk! diff --git a/output/contributors/building-the-framework-from-source.html b/output/contributors/building-the-framework-from-source.html index 2161825..6eda83e 100644 --- a/output/contributors/building-the-framework-from-source.html +++ b/output/contributors/building-the-framework-from-source.html @@ -151,7 +151,7 @@ your own tweak or patch. If you just want to use the latest development build, perhaps because a patch you need has been applied, you can -also http://ci.apache.org/projects/struts/nightlies/;>download a nightly build. +also https://nightlies.apache.org/struts/snapshot/;>download a nightly build. Getting the Sources
[struts-site] branch asf-site updated: Automatic Site Publish by Buildbot
This is an automated email from the ASF dual-hosted git repository. git-site-role pushed a commit to branch asf-site in repository https://gitbox.apache.org/repos/asf/struts-site.git The following commit(s) were added to refs/heads/asf-site by this push: new 4a7855f Automatic Site Publish by Buildbot 4a7855f is described below commit 4a7855f5f81501f963e08769e961d39d828cfa56 Author: buildbot AuthorDate: Fri Mar 4 11:13:00 2022 + Automatic Site Publish by Buildbot --- output/core-developers/default-properties.html | 6 ++ output/core-developers/interceptors.html | 5 - output/core-developers/struts-default-xml.html | 5 - output/core-developers/type-conversion-annotation.html | 4 ++-- output/core-developers/type-conversion.html| 11 ++- 5 files changed, 22 insertions(+), 9 deletions(-) diff --git a/output/core-developers/default-properties.html b/output/core-developers/default-properties.html index 50f59a8..dc68dfc 100644 --- a/output/core-developers/default-properties.html +++ b/output/core-developers/default-properties.html @@ -387,6 +387,12 @@ struts.handle.exception=true ### NOTE: The sample line below is *INTENTIONALLY* commented out, as this feature is disabled by default. # struts.ognl.expressionMaxLength=256 +### Defines which named instance of DateFormatter to use, there are two instances: +### - simpleDateFormatter (based on SimpleDateFormat) +### - dateTimeFormatter (based on Java 8 Date/Time API) +### These formatters are using a slightly different patterns, please check JavaDocs of both and more details is in WW-5016 +struts.date.formatter=dateTimeFormatter + ### END SNIPPET: complete_file diff --git a/output/core-developers/interceptors.html b/output/core-developers/interceptors.html index 214bd40..55db706 100644 --- a/output/core-developers/interceptors.html +++ b/output/core-developers/interceptors.html @@ -442,7 +442,7 @@ than reiterate the same list of Interceptors, we can bundle these Interceptors t bean type="com.opensymphony.xwork2.UnknownHandlerManager" class="com.opensymphony.xwork2.DefaultUnknownHandlerManager" name="struts" / bean type="org.apache.struts2.dispatcher.DispatcherErrorHandler" name="struts" class="org.apache.struts2.dispatcher.DefaultDispatcherErrorHandler" / - + !-- Silly workarounds for OGNL since there is currently no way to flush its internal caches -- bean type="ognl.PropertyAccessor" name="java.util.ArrayList" class="com.opensymphony.xwork2.ognl.accessor.XWorkListPropertyAccessor" / bean type="ognl.PropertyAccessor" name="java.util.HashSet" class="com.opensymphony.xwork2.ognl.accessor.XWorkCollectionPropertyAccessor" / @@ -454,6 +454,9 @@ than reiterate the same list of Interceptors, we can bundle these Interceptors t bean type="com.opensymphony.xwork2.config.providers.ValueSubstitutor" class="com.opensymphony.xwork2.config.providers.EnvsValueSubstitutor" scope="singleton"/ +bean type="org.apache.struts2.components.date.DateFormatter" name="simpleDateFormatter" class="org.apache.struts2.components.date.SimpleDateFormatAdapter" scope="singleton"/ +bean type="org.apache.struts2.components.date.DateFormatter" name="dateTimeFormatter" class="org.apache.struts2.components.date.DateTimeFormatterAdapter" scope="singleton"/ + package name="struts-default" abstract="true" result-types result-type name="chain" class="com.opensymphony.xwork2.ActionChainResult"/ diff --git a/output/core-developers/struts-default-xml.html b/output/core-developers/struts-default-xml.html index f654149..fdf26eb 100644 --- a/output/core-developers/struts-default-xml.html +++ b/output/core-developers/struts-default-xml.html @@ -359,7 +359,7 @@ setting in default.properties. bean type="com.opensymphony.xwork2.UnknownHandlerManager" class="com.opensymphony.xwork2.DefaultUnknownHandlerManager" name="struts" / bean type="org.apache.struts2.dispatcher.DispatcherErrorHandler" name="struts" class="org.apache.struts2.dispatcher.DefaultDispatcherErrorHandler" / - + !-- Silly workarounds for OGNL since there is currently no way to flush its internal caches -- bean type="ognl.PropertyAccessor" name="java.util.ArrayList" class="com.opensymphony.xwork2.ognl.accessor.XWorkListPropertyAccessor" / bean type="ognl.PropertyAccessor" name="java.util.HashSet" class="com.opensymphony.xwork2.ognl.accessor.XWorkCollectionPropertyAccessor" / @@ -371,6 +371,9 @@ setting in default.properties. bean type="com.opensymphony.xwork2.config.providers.ValueSubstitutor" class="com.opensymphony.xwork2.config.providers.EnvsValueSubstitutor" scope="singleton"/ +bean type="org.apache.struts2.components.date.DateFormatter" name="simpleDateFormatter" class="org.apache.struts2.components.date.SimpleDateFormatAdapter" scope="singleton"/ +bean type="org.apache.struts2.components.date.DateFormatter"
[struts-site] branch asf-site updated: Automatic Site Publish by Buildbot
This is an automated email from the ASF dual-hosted git repository. git-site-role pushed a commit to branch asf-site in repository https://gitbox.apache.org/repos/asf/struts-site.git The following commit(s) were added to refs/heads/asf-site by this push: new 31443fb Automatic Site Publish by Buildbot 31443fb is described below commit 31443fb8b7fc7ef719d1b5d4c925200fcaa5ff19 Author: buildbot AuthorDate: Tue Feb 15 13:35:46 2022 + Automatic Site Publish by Buildbot --- output/birdseye.html | 18 +- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/output/birdseye.html b/output/birdseye.html index 7b168b5..3583f9f 100644 --- a/output/birdseye.html +++ b/output/birdseye.html @@ -139,16 +139,16 @@ The Apache Struts web framework The Apache Struts web framework is a free open-source solution for -creating Java web applications. +creating dynamic web applications using Java. -Web applications differ from conventional websites in that web applications -can create a dynamic response. Many websites deliver only static pages. +Web applications differ from conventional websites in a way that web applications +can create dynamic response. Many websites deliver only static pages. A web application can interact with databases and business logic engines to customize a response. Web applications based on JavaServer Pages sometimes commingle database code, page design code, and control flow code. In practice, we find that -unless these concerns are separated, larger applications become +unless and until these concerns are separated, larger applications become difficult to maintain. One way to separate concerns in a software application is to use a @@ -190,8 +190,8 @@ is the best choice for teams who value elegant solutions to difficult problems.< Why should you use Apache Struts? -Apache Struts is a modern, maintained and full-featured web framework. It has been there -for years and give the huge user base it is unlikely it will go away anytime soon +Apache Struts is a modern, well-maintained and full-featured web framework. It has been there +for years and given the huge user base, it is unlikely it will go away anytime soon in the future. Not only that we have dedicated users and developers on the project. Apache Struts is licensed to the Apache License 2.0 and this will not change. We maintain a clean IP and you are “safe” to use the project. Sometimes you are not “safe” to use @@ -205,10 +205,10 @@ core team too. using an ORM like Apache Cayenne, Hibernate or JDBC you will not have any restrictions. Apache Struts is not even tied too much to a frontend technology. In old days it was JSP, then came Velocity and Freemarker. Nowadays you might build your web application -with just static HTML and AngularJS. Or you want to use Sitemesh or Tiles. This all -is no problem due to Struts elegant and easy to use extension mechanisms. +with just static HTML and AngularJS or you want to use Sitemesh or Tiles. All of these pose no problem +due to Struts’ elegant and easy to use extension mechanisms. -Unlike other, component oriented frameworks, we do not aim to hide the stateless nature +Unlike other component oriented frameworks, we do not aim to hide the stateless nature of the web. We think it is perfectly acceptable to build upon a Request/Response cycle. We also think the MVC pattern is not so bad, just because it is old. In fact, we believe the Apache Struts architecture is clean and easy to understand.
[struts-site] branch asf-site updated: Automatic Site Publish by Buildbot
This is an automated email from the ASF dual-hosted git repository. git-site-role pushed a commit to branch asf-site in repository https://gitbox.apache.org/repos/asf/struts-site.git The following commit(s) were added to refs/heads/asf-site by this push: new cdc13cf Automatic Site Publish by Buildbot cdc13cf is described below commit cdc13cf8f98f3bc485d96d643ed82bd181508d47 Author: buildbot AuthorDate: Tue Feb 8 15:19:33 2022 + Automatic Site Publish by Buildbot --- output/core-developers/default-properties.html | 7 ++- output/primer.html | 6 +++--- output/tag-developers/a-tag.html | 2 +- output/tag-developers/submit-tag.html | 2 +- 4 files changed, 11 insertions(+), 6 deletions(-) diff --git a/output/core-developers/default-properties.html b/output/core-developers/default-properties.html index 0d600f7..50f59a8 100644 --- a/output/core-developers/default-properties.html +++ b/output/core-developers/default-properties.html @@ -295,6 +295,11 @@ struts.ui.theme.expansion.token=~~~ ### Sets the default template type. Either ftl, vm, or jsp struts.ui.templateSuffix=ftl +### Sets a global flag which will escape html body of Anchor, Submit and Component tag +### You can control this flag per tag, e.g.: s:a ... escapeHtmlTag="true".../s:a +### and this take precedence over the global flag +# struts.ui.escapeHtmlBody=true + ### Configuration reloading ### This will cause the configuration to reload struts.xml when it is changed # struts.configuration.xml.reload=false @@ -374,7 +379,7 @@ struts.handle.exception=true ### Applies maximum length allowed on OGNL expressions for security enhancement (optional) ### -### **WARNING**: If developers enable this option (by configuration) they should make sure that they understand the implications of setting +### **WARNING**: If developers enable this option (by configuration) they should make sure that they understand the implications of setting ### struts.ognl.expressionMaxLength. They must choose a value large enough to permit ALL valid OGNL expressions used within the application. ### Values larger than the 200-400 range have diminishing security value (at which point it is really only a "style guard" for long OGNL ### expressions in an application. Setting a value of null or "" will also disable the feature. diff --git a/output/primer.html b/output/primer.html index 00e3e09..886a9f7 100644 --- a/output/primer.html +++ b/output/primer.html @@ -261,16 +261,16 @@ Struts, it will help you when your application grows and becomes more complex.Properties Files and ResourceBundles Java applications, including web applications, are often -configured using http://docs.oracle.com/javase/6/docs/api/java/util/Properties;>Properties +configured using https://docs.oracle.com/javase/8/docs/api/java/util/Properties.html;>Properties files. Properties files are the basis for the -http://docs.oracle.com/javase/6/docs/api/java/util/ResourceBundle;>ResourceBundles +https://docs.oracle.com/javase/8/docs/api/java/util/ResourceBundle.html;>ResourceBundles that the framework uses to provide message resources to an application. The Java Tutorials provide a http://docs.oracle.com/javase/tutorial/essential/environment/properties;>great introduction to Properties. Java ResourceBundles use one or more Properties files to provide internationalized messages -to users based their http://docs.oracle.com/javase/6/docs/api/java/util/Locale;>Locale. +to users based their https://docs.oracle.com/javase/8/docs/api/java/util/Locale.html;>Locale. Support for localizing an application was built into the framework from the ground-up. Again the Java Tutorials provide diff --git a/output/tag-developers/a-tag.html b/output/tag-developers/a-tag.html index 075e025..d6063ba 100644 --- a/output/tag-developers/a-tag.html +++ b/output/tag-developers/a-tag.html @@ -257,7 +257,7 @@ using the param tag. escapeHtmlBody false -true +false false Boolean Specifies whether to HTML-escape the tag body or not diff --git a/output/tag-developers/submit-tag.html b/output/tag-developers/submit-tag.html index cadf669..a69f59e 100644 --- a/output/tag-developers/submit-tag.html +++ b/output/tag-developers/submit-tag.html @@ -251,7 +251,7 @@ shown on the button face, but has issues with Microsoft Internet Explorer at lea escapeHtmlBody false -true +false false Boolean Specifies whether to HTML-escape the tag body or not
[struts-site] branch asf-site updated: Automatic Site Publish by Buildbot
This is an automated email from the ASF dual-hosted git repository. git-site-role pushed a commit to branch asf-site in repository https://gitbox.apache.org/repos/asf/struts-site.git The following commit(s) were added to refs/heads/asf-site by this push: new 5c963d2 Automatic Site Publish by Buildbot 5c963d2 is described below commit 5c963d2a0881baa162d3d94ced1119c1476b8df1 Author: buildbot AuthorDate: Sun Jan 23 12:01:36 2022 + Automatic Site Publish by Buildbot --- output/tag-developers/tag-syntax.html | 80 ++- 1 file changed, 50 insertions(+), 30 deletions(-) diff --git a/output/tag-developers/tag-syntax.html b/output/tag-developers/tag-syntax.html index b202998..ea58e4b 100644 --- a/output/tag-developers/tag-syntax.html +++ b/output/tag-developers/tag-syntax.html @@ -149,6 +149,7 @@ Passing a literal value the right way Expression Language Notations Disallowed property names + Escaping body of a tag The tags are designed to display dynamic data. To create a input field that displays the property “postalCode”, @@ -156,8 +157,8 @@ we’d pass the String “postalCode” to the textfield tag. Creating a dynamic input field -s:textfield name="postalCode"/ - +s:textfield name="postalCode"/ + If there is a “postalCode” property on the value stack, its value will be set to the input field. When the field is submitted back to the framework, the value of the control will be set back to the “postalCode” property. @@ -169,8 +170,8 @@ The expression escape sequence is %{ ... }Using an expression to set the label -s:textfield key="postalCode.label" name="postalCode"/ - +s:textfield key="postalCode.label" name="postalCode"/ + The expression language (OGNL) lets us call methods and evaluate properties. The method getText is provided by ActionSupport, which is the base class for most Actions. Since the Action is on the stack, we can call any of its @@ -184,8 +185,8 @@ In this case, you do not need to use the escape notation. (But, if you do anyway Evaluating booleans -s:select key="state.label" name="state" multiple="true"/ - +s:select key="state.label" name="state" multiple="true"/ + Since the attribute multiple maps to a boolean property, the framework does not interpret the value as a String. The value is evaluated as an expression and automtically converted to a boolean. @@ -194,18 +195,18 @@ The value is evaluated as an expression and automtically converted to a boolean. Evaluating booleans (verbose) -s:select key="state.label" name="state" multiple="%{true}"/ - +s:select key="state.label" name="state" multiple="%{true}"/ + Evaluating booleans (with property) -s:select key="state.label" name="state" multiple="allowMultiple"/ - +s:select key="state.label" name="state" multiple="allowMultiple"/ + Evaluating booleans (verbose with property) -s:select key="state.label" name="state" multiple="%{allowMultiple}"/ - +s:select key="state.label" name="state" multiple="%{allowMultiple}"/ + value is an Object! @@ -219,8 +220,8 @@ property to call to set the value. But, i Probably wrong! -s:textfield key="state.label" name="state" value="ca"/ - +s:textfield key="state.label" name="state" value="ca"/ + If a textfield is passed the value attribute ca, the framework will look for a property named getCa. Generally, this is not what we mean. What we mean to do is pass a literal String. In the expression language, literals are placed @@ -228,8 +229,8 @@ within quotes Passing a literal value the right way -s:textfield key="state.label" name="state" value="%{'ca'}" / - +s:textfield key="state.label" name="state" value="%{'ca'}" / + Another approach would be to use the idiom value="'ca'", but, in this case, using the expression notation is recommended. @@ -248,24 +249,24 @@ within quotes A JavaBean object in a standard context in Freemarker, Velocity, or JSTL EL (Not OGNL). -Username: ${user.username} - +Username: ${user.username} + A username property on the Value Stack. -s:textfield name="username"/ - +s:textfield name="username"/ + Another way to refer to a property placed on the Value Stack. -s:url var="es" action="Hello" - s:param name="request_locale"es/s:param -/s:url -s:a href="%{es}"Espanol/s:a - +s:url var="es" action="Hello" + s:param name="request_locale"es/s:param +/s:url +s:a href="%{es}"Espanol/s:a + A static Map, as in put("username","trillian"). -s:property value="#session.user.username" / -s:select label="FooBar" name="foo" list="#{'username':'trillian', 'username':'zaphod'}" / - +s:property value="#session.user.username" / +s:select label="FooBar" name="foo" list="#{'username':'trillian', 'username':'zaphod'}" / + @@ -285,8 +286,8 @@ within quotes The below code will not work: -s:iterator value="parameters"/ - +s:iterator value="parameters"/ + public class
[struts-site] branch asf-site updated: Automatic Site Publish by Buildbot
This is an automated email from the ASF dual-hosted git repository. git-site-role pushed a commit to branch asf-site in repository https://gitbox.apache.org/repos/asf/struts-site.git The following commit(s) were added to refs/heads/asf-site by this push: new d2d5728 Automatic Site Publish by Buildbot d2d5728 is described below commit d2d57284495b40789161233094fe7dca9bf328ca Author: buildbot AuthorDate: Sat Jan 22 11:25:42 2022 + Automatic Site Publish by Buildbot --- output/announce-2022.html | 34 +- output/css/main.css | 4 ++-- output/download.html | 44 ++-- output/index.html | 37 ++--- output/releases.html | 2 +- 5 files changed, 76 insertions(+), 45 deletions(-) diff --git a/output/announce-2022.html b/output/announce-2022.html index a10a294..6d83c27 100644 --- a/output/announce-2022.html +++ b/output/announce-2022.html @@ -131,6 +131,7 @@ Announcements 2022 + 22 January 2022 - Struts 2.5.29 General Availability 02 January 2022 - Struts 2.5.28.3 General Availability @@ -138,6 +139,37 @@ Skip to: Announcements - 2021 +22 January 2022 - Struts 2.5.29 General Availability + +The Apache Struts group is pleased to announce that Struts 2.5.29 is available as a “General Availability” +release. The GA designation is our highest quality grade. + +Bugs: + + [WW-5117] - %{id} evaluates different for data-* and value attribute + [WW-5160] - Template not found for name “Empty{name=’templateDir’}/simple/hidden.ftl” + [WW-5163] - Error executing FreeMarker template + + + + Please read the https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.5.29;>Version Notes to find more details about performed +bug fixes and improvements. + + +Apache Struts 2 is an elegant, extensible framework for creating enterprise-ready Java web applications. +The framework has been designed to streamline the full development cycle, from building, to deploying, +to maintaining applications over time. + +All developers are strongly advised to perform this upgrade. + +The 2.5.x series of the Apache Struts framework has a minimum requirement of the following specification versions: +Servlet API 2.4, JSP API 2.0, and Java 7. + +Should any issues arise with your use of any version of the Struts framework, please post your comments to the user list, +and, if appropriate, file https://issues.apache.org/jira/projects/WW/;>a tracking ticket. + +You can download this version from our download page. + 02 January 2022 - Struts 2.5.28.3 General Availability The Apache Struts group is pleased to announce that Struts 2.5.28.3 is available as a “General Availability” @@ -150,7 +182,7 @@ by using the latest Log4j ver. 2.12.4 (Java 1.7 compatible). to use a proper version of the log4j-core package! - Please read the https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.5.28.2;>Version Notes to find more details about performed + Please read the https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.5.28.3;>Version Notes to find more details about performed bug fixes and improvements. diff --git a/output/css/main.css b/output/css/main.css index 89f1346..6fc1377 100644 --- a/output/css/main.css +++ b/output/css/main.css @@ -6906,7 +6906,7 @@ body > .container.index > section { text-align: left; } -.contact-channels .channels .twitter-btn, .contact-channels .channels .gplus-btn, .contact-channels .channels .facebook-btn, .contact-channels .channels .irc-btn { +.contact-channels .channels .twitter-btn, .contact-channels .channels .github-btn, .contact-channels .channels .facebook-btn, .contact-channels .channels .irc-btn { padding: .5rem 0; vertical-align: middle } @@ -6965,7 +6965,7 @@ footer.container > .col-md-12 { text-align: center; } - .contact-channels .channels .twitter-btn, .contact-channels .channels .gplus-btn, .contact-channels .channels .facebook-btn, .contact-channels .channels .irc-btn { + .contact-channels .channels .twitter-btn, .contact-channels .channels .github-btn, .contact-channels .channels .facebook-btn, .contact-channels .channels .irc-btn { margin-right: 30px; display: inline-block } diff --git a/output/download.html b/output/download.html index 4a81dee..443a344 100644 --- a/output/download.html +++ b/output/download.html @@ -190,26 +190,26 @@ Full Releases -Struts 2.5.28.3 +Struts 2.5.29 - https://struts.apache.org/;>Apache Struts 2.5.28.3 is an elegant, extensible + https://struts.apache.org/;>Apache Struts 2.5.29 is an elegant, extensible framework for creating enterprise-ready Java web applications. It is available in a full distribution, or as separate library, source, example and documentation distributions. - Struts 2.5.28.3 is the "best available" version of Struts in the 2.5 series. + Struts 2.5.29 is the "best available"
[struts-site] branch asf-site updated: Automatic Site Publish by Buildbot
This is an automated email from the ASF dual-hosted git repository. git-site-role pushed a commit to branch asf-site in repository https://gitbox.apache.org/repos/asf/struts-site.git The following commit(s) were added to refs/heads/asf-site by this push: new cc09830 Automatic Site Publish by Buildbot cc09830 is described below commit cc098307de324da513b83736d078b09b10053456 Author: buildbot AuthorDate: Sun Jan 2 13:54:32 2022 + Automatic Site Publish by Buildbot --- output/core-developers/localization.html | 4 1 file changed, 4 insertions(+) diff --git a/output/core-developers/localization.html b/output/core-developers/localization.html index f304d39..8afdbc6 100644 --- a/output/core-developers/localization.html +++ b/output/core-developers/localization.html @@ -292,6 +292,10 @@ will search the default bundles first. In some cases this can improve overall ap constant name="struts.i18n.search.defaultbundles.first" value="true"/ + + More details can be found in https://issues.apache.org/jira/browse/WW-5112;>WW-5112 and the linked PR. + + Using only global bundles If you don’t need to use the package-scan-functionality and only base on the global bundles (those provided by
[struts-site] branch asf-site updated: Automatic Site Publish by Buildbot
This is an automated email from the ASF dual-hosted git repository. git-site-role pushed a commit to branch asf-site in repository https://gitbox.apache.org/repos/asf/struts-site.git The following commit(s) were added to refs/heads/asf-site by this push: new 1b18619 Automatic Site Publish by Buildbot 1b18619 is described below commit 1b186198be7201418d0c856ceecda411853f2f8d Author: buildbot AuthorDate: Sun Jan 2 13:50:33 2022 + Automatic Site Publish by Buildbot --- output/core-developers/localization.html | 41 ++-- 1 file changed, 29 insertions(+), 12 deletions(-) diff --git a/output/core-developers/localization.html b/output/core-developers/localization.html index 85c203c..f304d39 100644 --- a/output/core-developers/localization.html +++ b/output/core-developers/localization.html @@ -145,6 +145,7 @@ Global Resources (struts.custom.i18n.resources) in struts.properties Formatting Dates and Numbers Comparison with Struts 1 + Search in default bundles first Using only global bundles Custom TextProvider and TextProviderFactory @@ -155,8 +156,9 @@ the UI Tags - Messages and Errors from the http://struts.apache.org/struts2-core/apidocs/index.html?com/opensymphony/xwork2/ValidationAware;>ValidationAware - Within action classes that extend http://struts.apache.org/struts2-core/apidocs/index.html?com/opensymphony/xwork2/ActionSupport;>ActionSupport through the getText() method + Messages and Errors from the http://struts.apache.org/maven/struts2-core/apidocs/index.html?com/opensymphony/xwork2/ValidationAware;>ValidationAware + Within action classes that extend http://struts.apache.org/maven/struts2-core/apidocs/index.html?com/opensymphony/xwork2/ActionSupport;>ActionSupport +through the getText() method Resource Bundle Search Order @@ -173,8 +175,8 @@ global resource properties -This is how it is implemented in a default implementation of the LocalizedTextProvider interface. You can provide your -own implementation using TextProvider and TextProviderFactory interfaces. +This is how it is implemented in a default implementation of the LocalizedTextProvider interface. You can provide your +own implementation using TextProvider and TextProviderFactory interfaces. To clarify #5, while traversing the package hierarchy, Struts 2 will look for a file package.properties: @@ -201,12 +203,12 @@ own implementation using TextProvider and /action -it will use a default class defined with default-class-ref in struts-default.xml which is +it will use a default class defined with default-class-ref in struts-default.xml which is com.opensymphony.xwork2.ActionSupport. It means you have two options here to get I18N working in that case: - define com/opensymphony/xwork2/ActionSupport.properties and put messages there - point default-class-ref to your base class and then defined appropriated .properties file (corresponding to + define com/opensymphony/xwork2/ActionSupport.properties and put messages there + point default-class-ref to your base class and then defined appropriated .properties file (corresponding to class’ name or package) @@ -278,22 +280,37 @@ class, and you may end up with duplicated messages in those resource bundles. A called ActionSupport.properties in com/opensymphony/xwork2 and put it on your classpath. This will only work well if all your actions subclass XWork2’s ActionSupport. +Search in default bundles first + +Since Struts 2.6 it is possible to enable searching in default bundles first instead of performing a full class hierarchy +scan and then default bundles. + +By setting the below flag to true the default implementation of https://struts.apache.org/maven/struts2-core/apidocs/index.html?com/opensymphony/xwork2/LocalizedTextProvider.html;>LocalizedTextProvider +(which is https://struts.apache.org/maven/struts2-core/apidocs/index.html?com/opensymphony/xwork2/util/StrutsLocalizedTextProvider.html;>StrutsLocalizedTextProvider) +will search the default bundles first. In some cases this can improve overall application performance. + +constant name="struts.i18n.search.defaultbundles.first" value="true"/ + + Using only global bundles If you don’t need to use the package-scan-functionality and only base on the global bundles (those provided by -the framework and via struts.custom.i18n.resources) you can use existing GlobalLocalizedTextProvider -implementation. To use this please define the following option in your struts.xml: +the framework and via struts.custom.i18n.resources) you can use existing https://struts.apache.org/maven/struts2-core/apidocs/index.html?com/opensymphony/xwork2/util/GlobalLocalizedTextProvider.html;>GlobalLocalizedTextProvider +implementation. To use this please define the following option in your struts.xml: constant name="struts.localizedTextProvider" value="global-only" / Custom TextProvider and TextProviderFactory -If you want
[struts-site] branch asf-site updated: Automatic Site Publish by Buildbot
This is an automated email from the ASF dual-hosted git repository. git-site-role pushed a commit to branch asf-site in repository https://gitbox.apache.org/repos/asf/struts-site.git The following commit(s) were added to refs/heads/asf-site by this push: new c370100 Automatic Site Publish by Buildbot c370100 is described below commit c370100fc23c74f02036b9153eb768c518d6dc09 Author: buildbot AuthorDate: Sun Jan 2 11:21:08 2022 + Automatic Site Publish by Buildbot --- output/{index.html => announce-2022.html} | 152 +++--- output/download.html | 44 - output/index.html | 10 +- output/releases.html | 2 +- 4 files changed, 82 insertions(+), 126 deletions(-) diff --git a/output/index.html b/output/announce-2022.html similarity index 62% copy from output/index.html copy to output/announce-2022.html index 29bade0..a10a294 100644 --- a/output/index.html +++ b/output/announce-2022.html @@ -7,11 +7,13 @@ - Welcome to the Apache Struts project + Announcements 2022 + + @@ -122,104 +124,58 @@ - - - - -Apache Struts -Apache Struts is a free, open-source, MVC framework for creating elegant, - modern Java web applications. It favors convention over configuration, is - extensible using a plugin architecture, and ships with plugins to support - REST, AJAX and JSON. - - - Download - - - Technology Primer - - - - - - - -Apache Struts 2.5.28.2 GA - - Apache Struts 2.5.28.2 GA has been releasedon 23 December 2021. - -Read more in Announcement or in -https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.5.28.2;>Version notes - - -Security Advice on Log4j 2.12.2/2.16.0 - - The Apache Struts Security team would like to announce that all the users using - the latest Struts 2.5.x series should either upgrade to Apache Struts 2.5.28.1 which - uses Log4j 2.12.2 version that addresses https://logging.apache.org/log4j/2.x/security.html#CVE-2021-45046;>CVE-2021-45046 - or upgrade Log4j to version 2.12.2 (when running on Java 1.7) or 2.16.0 (when running on Java 8+). - Read more in Announcement - - - -Google's Patch Reward program -During http://www.meetup.com/sfhtml5/;>SFHTML5 Google announced that - they extend their program to cover the Apache Struts project as well. Now you can earn - money preparing patches for us! - read more - - - - - -Apache Struts 2.3.x EOL - - The Apache Struts Team informs about discontinuing support for Struts 2.3.x branch, we recommend migration - to the latest version of Struts, read more in - Announcement - - - -Apache Struts 2.3.37 GA - - It's the latest release of Struts 2.3.x which contains the latest security fixes, - released on 30 December 2018. Read more in Announcement or in - https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.3.37;>Version notes - - - -Immediately upgrade commons-fileupload to version 1.3.3 - - The Apache Struts Team recommends to immediately upgrade your Struts 2 - based projects to use the latest released version of Commons - FileUpload library, which is currently 1.3.3. - Announcement - - - - - - - - - Keep in touch: + + +https://github.com/apache/struts-site/edit/master/source/announce-2022.md; title="Edit this page on GitHub">Edit on GitHub + +Announcements 2022 - - IRC: #struts - -https://www.facebook.com/apachestruts; data-width="250" data-layout="button_count" - data-action="like" data-show-faces="false" data-share="true" class="fb-like"> - - -http://struts.apache.org/; - class="g-plusone"> - - https://twitter.com/TheApacheStruts; data-show-count="false" data-lang="en" - data-width="240px" data-align="left" class="twitter-follow-button">Follow -@TheApacheStruts - - - + + 02 January 2022 - Struts 2.5.28.3 General Availability + + + + Skip to: Announcements - 2021 + + +02 January 2022 - Struts 2.5.28.3 General Availability + +The Apache Struts group is pleased to announce that Struts 2.5.28.3 is available as a “General Availability” +release. The GA designation is our highest quality grade. + +This release addresses Log4j vulnerability https://logging.apache.org/log4j/2.x/security.html#CVE-2021-44832;>CVE-2021-44832 +by using the latest Log4j ver. 2.12.4 (Java 1.7 compatible). + +Please note, that the Apache Struts itself depends on
[struts-site] branch asf-site updated: Automatic Site Publish by Buildbot
This is an automated email from the ASF dual-hosted git repository. git-site-role pushed a commit to branch asf-site in repository https://gitbox.apache.org/repos/asf/struts-site.git The following commit(s) were added to refs/heads/asf-site by this push: new 2bac798 Automatic Site Publish by Buildbot 2bac798 is described below commit 2bac7986af8de29a550e7a01f8ea1b7b6aadbf37 Author: buildbot AuthorDate: Thu Dec 23 07:28:04 2021 + Automatic Site Publish by Buildbot --- output/announce-2021.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/output/announce-2021.html b/output/announce-2021.html index cf7b5c1..69c7ae6 100644 --- a/output/announce-2021.html +++ b/output/announce-2021.html @@ -149,7 +149,7 @@ release. The GA designation is our highest quality grade. This release addresses Log4j vulnerability https://logging.apache.org/log4j/2.x/security.html#CVE-2021-45105;>CVE-2021-45105 -by using the latest Log4j 2.12.3 version (Java 1.7 compatible). +by using the latest Log4j ver. 2.12.3 (Java 1.7 compatible). Please note, that the Apache Struts itself depends on the log4j-api package only, it’s users’ responsibility to use a proper version of the log4j-core package!
[struts-site] branch asf-site updated: Automatic Site Publish by Buildbot
This is an automated email from the ASF dual-hosted git repository. git-site-role pushed a commit to branch asf-site in repository https://gitbox.apache.org/repos/asf/struts-site.git The following commit(s) were added to refs/heads/asf-site by this push: new 87176f2 Automatic Site Publish by Buildbot 87176f2 is described below commit 87176f25dcf64aeec00d15317b66445c19c65578 Author: buildbot AuthorDate: Thu Dec 23 07:26:22 2021 + Automatic Site Publish by Buildbot --- output/announce-2021.html | 3 +++ 1 file changed, 3 insertions(+) diff --git a/output/announce-2021.html b/output/announce-2021.html index 0a74317..cf7b5c1 100644 --- a/output/announce-2021.html +++ b/output/announce-2021.html @@ -151,6 +151,9 @@ release. The GA designation is our highest quality grade. This release addresses Log4j vulnerability https://logging.apache.org/log4j/2.x/security.html#CVE-2021-45105;>CVE-2021-45105 by using the latest Log4j 2.12.3 version (Java 1.7 compatible). +Please note, that the Apache Struts itself depends on the log4j-api package only, it’s users’ responsibility +to use a proper version of the log4j-core package! + Please read the https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.5.28.2;>Version Notes to find more details about performed bug fixes and improvements.
[struts-site] branch asf-site updated: Automatic Site Publish by Buildbot
This is an automated email from the ASF dual-hosted git repository. git-site-role pushed a commit to branch asf-site in repository https://gitbox.apache.org/repos/asf/struts-site.git The following commit(s) were added to refs/heads/asf-site by this push: new 53f2541 Automatic Site Publish by Buildbot 53f2541 is described below commit 53f254116f43e90dc2722e330bb456f1219bb8c3 Author: buildbot AuthorDate: Thu Dec 23 07:24:01 2021 + Automatic Site Publish by Buildbot --- output/announce-2021.html | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/output/announce-2021.html b/output/announce-2021.html index 5efa054..0a74317 100644 --- a/output/announce-2021.html +++ b/output/announce-2021.html @@ -148,8 +148,8 @@ The Apache Struts group is pleased to announce that Struts 2.5.28.2 is available as a “General Availability” release. The GA designation is our highest quality grade. -This release addresses Log4j vulnerability https://logging.apache.org/log4j/2.x/security.html#CVE-2021-45046;>CVE-2021-45046 -by using the latest Log4j 2.12.2 version (Java 1.7 compatible). +This release addresses Log4j vulnerability https://logging.apache.org/log4j/2.x/security.html#CVE-2021-45105;>CVE-2021-45105 +by using the latest Log4j 2.12.3 version (Java 1.7 compatible). Please read the https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.5.28.2;>Version Notes to find more details about performed
[struts-site] branch asf-site updated: Automatic Site Publish by Buildbot
This is an automated email from the ASF dual-hosted git repository. git-site-role pushed a commit to branch asf-site in repository https://gitbox.apache.org/repos/asf/struts-site.git The following commit(s) were added to refs/heads/asf-site by this push: new b0fb37b Automatic Site Publish by Buildbot b0fb37b is described below commit b0fb37bf967b7b0ec6fab4934bf31fa49e8fa7e1 Author: buildbot AuthorDate: Thu Dec 23 07:20:12 2021 + Automatic Site Publish by Buildbot --- output/announce-2021.html | 28 output/download.html | 44 ++-- output/index.html | 10 +- output/releases.html | 2 +- 4 files changed, 56 insertions(+), 28 deletions(-) diff --git a/output/announce-2021.html b/output/announce-2021.html index bcd1eac..5efa054 100644 --- a/output/announce-2021.html +++ b/output/announce-2021.html @@ -131,6 +131,7 @@ Announcements 2021 + 23 December 2021 - Struts 2.5.28.2 General Availability 17 December 2021 - Struts 2.5.28.1 General Availability 12 December 2021 - Security Advice on Log4j 2.15.0 12 December 2021 - Struts 2.5.28 General Availability @@ -142,6 +143,33 @@ Skip to: Announcements - 2020 +23 December 2021 - Struts 2.5.28.2 General Availability + +The Apache Struts group is pleased to announce that Struts 2.5.28.2 is available as a “General Availability” +release. The GA designation is our highest quality grade. + +This release addresses Log4j vulnerability https://logging.apache.org/log4j/2.x/security.html#CVE-2021-45046;>CVE-2021-45046 +by using the latest Log4j 2.12.2 version (Java 1.7 compatible). + + + Please read the https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.5.28.2;>Version Notes to find more details about performed +bug fixes and improvements. + + +Apache Struts 2 is an elegant, extensible framework for creating enterprise-ready Java web applications. +The framework has been designed to streamline the full development cycle, from building, to deploying, +to maintaining applications over time. + +All developers are strongly advised to perform this upgrade. + +The 2.5.x series of the Apache Struts framework has a minimum requirement of the following specification versions: +Servlet API 2.4, JSP API 2.0, and Java 7. + +Should any issues arise with your use of any version of the Struts framework, please post your comments to the user list, +and, if appropriate, file https://issues.apache.org/jira/projects/WW/;>a tracking ticket. + +You can download this version from our download page. + 17 December 2021 - Struts 2.5.28.1 General Availability The Apache Struts group is pleased to announce that Struts 2.5.28.1 is available as a “General Availability” diff --git a/output/download.html b/output/download.html index 6cfaf5d..8566790 100644 --- a/output/download.html +++ b/output/download.html @@ -190,26 +190,26 @@ Full Releases -Struts 2.5.28.1 +Struts 2.5.28.2 - https://struts.apache.org/;>Apache Struts 2.5.28.1 is an elegant, extensible + https://struts.apache.org/;>Apache Struts 2.5.28.2 is an elegant, extensible framework for creating enterprise-ready Java web applications. It is available in a full distribution, or as separate library, source, example and documentation distributions. - Struts 2.5.28.1 is the "best available" version of Struts in the 2.5 series. + Struts 2.5.28.2 is the "best available" version of Struts in the 2.5 series. -https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.5.28.1;>Version Notes +https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.5.28.2;>Version Notes Full Distribution: -struts-2.5.28.1-all.zip (65MB) -[https://downloads.apache.org/struts/2.5.28.1/struts-2.5.28.1-all.zip.asc;>PGP] -[https://downloads.apache.org/struts/2.5.28.1/struts-2.5.28.1-all.zip.sha256;>SHA256] +struts-2.5.28.2-all.zip (65MB) +[https://downloads.apache.org/struts/2.5.28.2/struts-2.5.28.2-all.zip.asc;>PGP] +[https://downloads.apache.org/struts/2.5.28.2/struts-2.5.28.2-all.zip.sha256;>SHA256] @@ -217,9 +217,9 @@ Example Applications: -struts-2.5.28.1-apps.zip (35MB) -[https://downloads.apache.org/struts/2.5.28.1/struts-2.5.28.1-apps.zip.asc;>PGP] -[https://downloads.apache.org/struts/2.5.28.1/struts-2.5.28.1-apps.zip.sha256;>SHA256] +struts-2.5.28.2-apps.zip (35MB) +[https://downloads.apache.org/struts/2.5.28.2/struts-2.5.28.2-apps.zip.asc;>PGP] +[https://downloads.apache.org/struts/2.5.28.2/struts-2.5.28.2-apps.zip.sha256;>SHA256] @@ -227,9 +227,9 @@ Essential Dependencies Only: -struts-2.5.28.1-min-lib.zip (4MB) -[https://downloads.apache.org/struts/2.5.28.1/struts-2.5.28.1-min-lib.zip.asc;>PGP] -
[struts-site] branch asf-site updated: Automatic Site Publish by Buildbot
This is an automated email from the ASF dual-hosted git repository. git-site-role pushed a commit to branch asf-site in repository https://gitbox.apache.org/repos/asf/struts-site.git The following commit(s) were added to refs/heads/asf-site by this push: new caf8da3 Automatic Site Publish by Buildbot caf8da3 is described below commit caf8da3a7d15600dc8beae4e0d563e1a6e4b2fb6 Author: buildbot AuthorDate: Fri Dec 17 17:52:34 2021 + Automatic Site Publish by Buildbot --- output/index.html | 8 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/output/index.html b/output/index.html index de6f5b9..7717011 100644 --- a/output/index.html +++ b/output/index.html @@ -152,12 +152,12 @@ https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.5.28.1;>Version notes -Security Advice on Log4j 2.15.0 +Security Advice on Log4j 2.12.2/2.16.0 The Apache Struts Security team would like to announce that all the users using - the latest Struts 2.5.x series should upgrade Log4j library to the - latest 2.15.0 version which addresses the Remote-Code-Execution - vulnerability - CVE-2021-44228. . + the latest Struts 2.5.x series should either upgrade to Apache Struts 2.5.28.1 which + uses Log4j 2.12.2 version that addresses https://logging.apache.org/log4j/2.x/security.html#CVE-2021-45046;>CVE-2021-45046 + or upgrade Log4j to version 2.12.2 (when running on Java 1.7) or 2.16.0 (when running on Java 8+). Read more in Announcement
[struts-site] branch asf-site updated: Automatic Site Publish by Buildbot
This is an automated email from the ASF dual-hosted git repository. git-site-role pushed a commit to branch asf-site in repository https://gitbox.apache.org/repos/asf/struts-site.git The following commit(s) were added to refs/heads/asf-site by this push: new 5c5efe1 Automatic Site Publish by Buildbot 5c5efe1 is described below commit 5c5efe11b10d9031717e3d7c20f0976163d03d01 Author: buildbot AuthorDate: Fri Dec 17 16:50:04 2021 + Automatic Site Publish by Buildbot --- output/announce-2021.html | 28 output/download.html | 44 ++-- output/index.html | 10 +- output/releases.html | 2 +- 4 files changed, 56 insertions(+), 28 deletions(-) diff --git a/output/announce-2021.html b/output/announce-2021.html index 007eb7d..bcd1eac 100644 --- a/output/announce-2021.html +++ b/output/announce-2021.html @@ -131,6 +131,7 @@ Announcements 2021 + 17 December 2021 - Struts 2.5.28.1 General Availability 12 December 2021 - Security Advice on Log4j 2.15.0 12 December 2021 - Struts 2.5.28 General Availability 16 November 2021 - Struts 2.5.27 General Availability @@ -141,6 +142,33 @@ Skip to: Announcements - 2020 +17 December 2021 - Struts 2.5.28.1 General Availability + +The Apache Struts group is pleased to announce that Struts 2.5.28.1 is available as a “General Availability” +release. The GA designation is our highest quality grade. + +This release addresses Log4j vulnerability https://logging.apache.org/log4j/2.x/security.html#CVE-2021-45046;>CVE-2021-45046 +by using the latest Log4j 2.12.2 version (Java 1.7 compatible). + + + Please read the https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.5.28.1;>Version Notes to find more details about performed +bug fixes and improvements. + + +Apache Struts 2 is an elegant, extensible framework for creating enterprise-ready Java web applications. +The framework has been designed to streamline the full development cycle, from building, to deploying, +to maintaining applications over time. + +All developers are strongly advised to perform this upgrade. + +The 2.5.x series of the Apache Struts framework has a minimum requirement of the following specification versions: +Servlet API 2.4, JSP API 2.0, and Java 7. + +Should any issues arise with your use of any version of the Struts framework, please post your comments to the user list, +and, if appropriate, file https://issues.apache.org/jira/projects/WW/;>a tracking ticket. + +You can download this version from our download page. + 12 December 2021 - Security Advice on Log4j 2.15.0 The Apache Struts Security team would like to announce that all the users using the latest Struts 2.5.x series diff --git a/output/download.html b/output/download.html index d8e89a5..6cfaf5d 100644 --- a/output/download.html +++ b/output/download.html @@ -190,26 +190,26 @@ Full Releases -Struts 2.5.28 +Struts 2.5.28.1 - https://struts.apache.org/;>Apache Struts 2.5.28 is an elegant, extensible + https://struts.apache.org/;>Apache Struts 2.5.28.1 is an elegant, extensible framework for creating enterprise-ready Java web applications. It is available in a full distribution, or as separate library, source, example and documentation distributions. - Struts 2.5.28 is the "best available" version of Struts in the 2.5 series. + Struts 2.5.28.1 is the "best available" version of Struts in the 2.5 series. -https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.5.28;>Version Notes +https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.5.28.1;>Version Notes Full Distribution: -struts-2.5.28-all.zip (65MB) -[https://downloads.apache.org/struts/2.5.28/struts-2.5.28-all.zip.asc;>PGP] -[https://downloads.apache.org/struts/2.5.28/struts-2.5.28-all.zip.sha256;>SHA256] +struts-2.5.28.1-all.zip (65MB) +[https://downloads.apache.org/struts/2.5.28.1/struts-2.5.28.1-all.zip.asc;>PGP] +[https://downloads.apache.org/struts/2.5.28.1/struts-2.5.28.1-all.zip.sha256;>SHA256] @@ -217,9 +217,9 @@ Example Applications: -struts-2.5.28-apps.zip (35MB) -[https://downloads.apache.org/struts/2.5.28/struts-2.5.28-apps.zip.asc;>PGP] -[https://downloads.apache.org/struts/2.5.28/struts-2.5.28-apps.zip.sha256;>SHA256] +struts-2.5.28.1-apps.zip (35MB) +[https://downloads.apache.org/struts/2.5.28.1/struts-2.5.28.1-apps.zip.asc;>PGP] +[https://downloads.apache.org/struts/2.5.28.1/struts-2.5.28.1-apps.zip.sha256;>SHA256] @@ -227,9 +227,9 @@ Essential Dependencies Only: -struts-2.5.28-min-lib.zip (4MB) -[https://downloads.apache.org/struts/2.5.28/struts-2.5.28-min-lib.zip.asc;>PGP] -