[GitHub] [struts-site] lukaszlenart commented on a diff in pull request #183: Adds initial documentation on OGNL cache configuration
lukaszlenart commented on code in PR #183: URL: https://github.com/apache/struts-site/pull/183#discussion_r1083710358 ## source/core-developers/ognl-cache-configuration.md: ## @@ -0,0 +1,90 @@ +--- +layout: core-developers +title: OGNL Cache Configuration +--- + +# OGNL Cache Configuration + +The Struts framework provides two different OGNL caches, an expression cache and a BeanInfo cache. +Developers may set properties in [struts.xml](struts-xml) and/or [default.properties](default-properties) to +configure certain behaviours for the OGNL caches. The properties that can be set vary between Struts +versions, referring to the configuration files in a given version should provide guidance in that respect. + +The OGNL expression cache is enabled by default. Developers can toggle that state via default.properties: +``` +struts.ognl.enableExpressionCache=true +``` +or +``` +struts.ognl.enableExpressionCache=false +``` +The same toggle is also available via struts.xml: +``` + +``` +or +``` + +``` + +Disabling the OGNL expression cache can have a negative impact on performance, but +disabling the cache can limit memory overhead for the application (a trade-off). + +As of Struts 2.6, additional configuration properties have been made available to control the Review Comment: Could you use "6.0.0" term? ## source/core-developers/ognl-cache-configuration.md: ## @@ -0,0 +1,90 @@ +--- +layout: core-developers +title: OGNL Cache Configuration +--- + +# OGNL Cache Configuration + +The Struts framework provides two different OGNL caches, an expression cache and a BeanInfo cache. +Developers may set properties in [struts.xml](struts-xml) and/or [default.properties](default-properties) to +configure certain behaviours for the OGNL caches. The properties that can be set vary between Struts +versions, referring to the configuration files in a given version should provide guidance in that respect. + +The OGNL expression cache is enabled by default. Developers can toggle that state via default.properties: +``` +struts.ognl.enableExpressionCache=true +``` +or +``` +struts.ognl.enableExpressionCache=false +``` +The same toggle is also available via struts.xml: +``` + +``` +or +``` + +``` + +Disabling the OGNL expression cache can have a negative impact on performance, but +disabling the cache can limit memory overhead for the application (a trade-off). + +As of Struts 2.6, additional configuration properties have been made available to control the +OGNL cache configuration. These include a configureable cache size limit, and activating +an LRU (Least Recently Used) cache mode. The expression cache and BeanInfo cache can have +their properties set independently. Both caches are standard caches with a high maximum +capacity by default. The developer may override the default behaviour using the +appropriate configuration properties. + +Below are some examples of setting the cache configuration via default.properties: +``` +### Set expression and BeanInfo caches to size 1250 with standard cache mode +struts.ognl.enableExpressionCache=true +struts.ognl.expressionCacheMaxSize=1250 +struts.ognl.expressionCacheLRUMode=false +struts.ognl.beanInfoCacheMaxSize=1250 +struts.ognl.beanInfoCacheLRUMode=false +``` +``` +### Set expression and BeanInfo caches to size 1000 with LRU cache mode +struts.ognl.enableExpressionCache=true +struts.ognl.expressionCacheMaxSize=1000 +struts.ognl.expressionCacheLRUMode=true +struts.ognl.beanInfoCacheMaxSize=1000 +struts.ognl.beanInfoCacheLRUMode=true +``` + +Below are some examples of setting the cache configuration via struts.xml: +``` + + + + + + +``` +``` + + + + + + +``` + +As of Struts 2.6, developers may choose to implement their own OGNL cache factories, Review Comment: Same here, please use "6.0.0" to avoid confusing users -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@struts.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [struts] sonarcloud[bot] commented on pull request #655: Http interceptor
sonarcloud[bot] commented on PR #655: URL: https://github.com/apache/struts/pull/655#issuecomment-1399456383 Kudos, SonarCloud Quality Gate passed! [![Quality Gate passed](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/QualityGateBadge/passed-16px.png 'Quality Gate passed')](https://sonarcloud.io/dashboard?id=apache_struts=655) [![Bug](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/bug-16px.png 'Bug')](https://sonarcloud.io/project/issues?id=apache_struts=655=false=BUG) [![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png 'A')](https://sonarcloud.io/project/issues?id=apache_struts=655=false=BUG) [0 Bugs](https://sonarcloud.io/project/issues?id=apache_struts=655=false=BUG) [![Vulnerability](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/vulnerability-16px.png 'Vulnerability')](https://sonarcloud.io/project/issues?id=apache_struts=655=false=VULNERABILITY) [![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png 'A')](https://sonarcloud.io/project/issues?id=apache_struts=655=false=VULNERABILITY) [0 Vulnerabilities](https://sonarcloud.io/project/issues?id=apache_struts=655=false=VULNERABILITY) [![Security Hotspot](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/security_hotspot-16px.png 'Security Hotspot')](https://sonarcloud.io/project/security_hotspots?id=apache_struts=655=false=SECURITY_HOTSPOT) [![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png 'A')](https://sonarcloud.io/project/security_hotspots?id=apache_struts=655=false=SECURITY_HOTSPOT) [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_struts=655=false=SECURITY_HOTSPOT) [![Code Smell](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/code_smell-16px.png 'Code Smell')](https://sonarcloud.io/project/issues?id=apache_struts=655=false=CODE_SMELL) [![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png 'A')](https://sonarcloud.io/project/issues?id=apache_struts=655=false=CODE_SMELL) [2 Code Smells](https://sonarcloud.io/project/issues?id=apache_struts=655=false=CODE_SMELL) [![83.2%](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/CoverageChart/60-16px.png '83.2%')](https://sonarcloud.io/component_measures?id=apache_struts=655=new_coverage=list) [83.2% Coverage](https://sonarcloud.io/component_measures?id=apache_struts=655=new_coverage=list) [![0.0%](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/Duplications/3-16px.png '0.0%')](https://sonarcloud.io/component_measures?id=apache_struts=655=new_duplicated_lines_density=list) [0.0% Duplication](https://sonarcloud.io/component_measures?id=apache_struts=655=new_duplicated_lines_density=list) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@struts.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [struts] sonarcloud[bot] commented on pull request #655: Http interceptor
sonarcloud[bot] commented on PR #655: URL: https://github.com/apache/struts/pull/655#issuecomment-1399550901 Kudos, SonarCloud Quality Gate passed! [![Quality Gate passed](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/QualityGateBadge/passed-16px.png 'Quality Gate passed')](https://sonarcloud.io/dashboard?id=apache_struts=655) [![Bug](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/bug-16px.png 'Bug')](https://sonarcloud.io/project/issues?id=apache_struts=655=false=BUG) [![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png 'A')](https://sonarcloud.io/project/issues?id=apache_struts=655=false=BUG) [0 Bugs](https://sonarcloud.io/project/issues?id=apache_struts=655=false=BUG) [![Vulnerability](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/vulnerability-16px.png 'Vulnerability')](https://sonarcloud.io/project/issues?id=apache_struts=655=false=VULNERABILITY) [![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png 'A')](https://sonarcloud.io/project/issues?id=apache_struts=655=false=VULNERABILITY) [0 Vulnerabilities](https://sonarcloud.io/project/issues?id=apache_struts=655=false=VULNERABILITY) [![Security Hotspot](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/security_hotspot-16px.png 'Security Hotspot')](https://sonarcloud.io/project/security_hotspots?id=apache_struts=655=false=SECURITY_HOTSPOT) [![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png 'A')](https://sonarcloud.io/project/security_hotspots?id=apache_struts=655=false=SECURITY_HOTSPOT) [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_struts=655=false=SECURITY_HOTSPOT) [![Code Smell](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/code_smell-16px.png 'Code Smell')](https://sonarcloud.io/project/issues?id=apache_struts=655=false=CODE_SMELL) [![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png 'A')](https://sonarcloud.io/project/issues?id=apache_struts=655=false=CODE_SMELL) [0 Code Smells](https://sonarcloud.io/project/issues?id=apache_struts=655=false=CODE_SMELL) [![95.0%](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/CoverageChart/90-16px.png '95.0%')](https://sonarcloud.io/component_measures?id=apache_struts=655=new_coverage=list) [95.0% Coverage](https://sonarcloud.io/component_measures?id=apache_struts=655=new_coverage=list) [![0.0%](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/Duplications/3-16px.png '0.0%')](https://sonarcloud.io/component_measures?id=apache_struts=655=new_duplicated_lines_density=list) [0.0% Duplication](https://sonarcloud.io/component_measures?id=apache_struts=655=new_duplicated_lines_density=list) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@struts.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [struts] sonarcloud[bot] commented on pull request #655: Http interceptor
sonarcloud[bot] commented on PR #655: URL: https://github.com/apache/struts/pull/655#issuecomment-1399556887 Kudos, SonarCloud Quality Gate passed! [![Quality Gate passed](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/QualityGateBadge/passed-16px.png 'Quality Gate passed')](https://sonarcloud.io/dashboard?id=apache_struts=655) [![Bug](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/bug-16px.png 'Bug')](https://sonarcloud.io/project/issues?id=apache_struts=655=false=BUG) [![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png 'A')](https://sonarcloud.io/project/issues?id=apache_struts=655=false=BUG) [0 Bugs](https://sonarcloud.io/project/issues?id=apache_struts=655=false=BUG) [![Vulnerability](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/vulnerability-16px.png 'Vulnerability')](https://sonarcloud.io/project/issues?id=apache_struts=655=false=VULNERABILITY) [![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png 'A')](https://sonarcloud.io/project/issues?id=apache_struts=655=false=VULNERABILITY) [0 Vulnerabilities](https://sonarcloud.io/project/issues?id=apache_struts=655=false=VULNERABILITY) [![Security Hotspot](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/security_hotspot-16px.png 'Security Hotspot')](https://sonarcloud.io/project/security_hotspots?id=apache_struts=655=false=SECURITY_HOTSPOT) [![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png 'A')](https://sonarcloud.io/project/security_hotspots?id=apache_struts=655=false=SECURITY_HOTSPOT) [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_struts=655=false=SECURITY_HOTSPOT) [![Code Smell](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/code_smell-16px.png 'Code Smell')](https://sonarcloud.io/project/issues?id=apache_struts=655=false=CODE_SMELL) [![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png 'A')](https://sonarcloud.io/project/issues?id=apache_struts=655=false=CODE_SMELL) [0 Code Smells](https://sonarcloud.io/project/issues?id=apache_struts=655=false=CODE_SMELL) [![96.0%](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/CoverageChart/90-16px.png '96.0%')](https://sonarcloud.io/component_measures?id=apache_struts=655=new_coverage=list) [96.0% Coverage](https://sonarcloud.io/component_measures?id=apache_struts=655=new_coverage=list) [![0.0%](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/Duplications/3-16px.png '0.0%')](https://sonarcloud.io/component_measures?id=apache_struts=655=new_duplicated_lines_density=list) [0.0% Duplication](https://sonarcloud.io/component_measures?id=apache_struts=655=new_duplicated_lines_density=list) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@struts.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [struts] lukaszlenart commented on pull request #655: Http interceptor
lukaszlenart commented on PR #655: URL: https://github.com/apache/struts/pull/655#issuecomment-1399560432 @jogep @davelnewton please take a look in a spare time as you had been commenting on the previous PRs with the same :) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@struts.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Commented] (WW-4404) Implement HttpInterceptor
[ https://issues.apache.org/jira/browse/WW-4404?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17679608#comment-17679608 ] ASF subversion and git services commented on WW-4404: - Commit 5b4987a706fde45ca0096cc62047d9971f0cf1b0 in struts's branch refs/heads/http-interceptor from Lukasz Lenart [ https://gitbox.apache.org/repos/asf?p=struts.git;h=5b4987a70 ] WW-4404 Implements HttpInterceptor > Implement HttpInterceptor > - > > Key: WW-4404 > URL: https://issues.apache.org/jira/browse/WW-4404 > Project: Struts 2 > Issue Type: Improvement > Components: Core Interceptors >Affects Versions: 2.3.20 >Reporter: Lukasz Lenart >Priority: Minor > Fix For: 6.2.0 > > > Allows limit access to actions based on used Http method type > https://github.com/apache/struts/pull/25 -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (WW-4404) Implement HttpInterceptor
[ https://issues.apache.org/jira/browse/WW-4404?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17679600#comment-17679600 ] ASF subversion and git services commented on WW-4404: - Commit 6bc5b3f4ab2bfa4db9c3b3d8c48d1a54e64d2fae in struts's branch refs/heads/http-interceptor from Lukasz Lenart [ https://gitbox.apache.org/repos/asf?p=struts.git;h=6bc5b3f4a ] WW-4404 Implements HttpInterceptor > Implement HttpInterceptor > - > > Key: WW-4404 > URL: https://issues.apache.org/jira/browse/WW-4404 > Project: Struts 2 > Issue Type: Improvement > Components: Core Interceptors >Affects Versions: 2.3.20 >Reporter: Lukasz Lenart >Priority: Minor > Fix For: 6.2.0 > > > Allows limit access to actions based on used Http method type > https://github.com/apache/struts/pull/25 -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (WW-4404) Implement HttpInterceptor
[ https://issues.apache.org/jira/browse/WW-4404?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17679543#comment-17679543 ] ASF subversion and git services commented on WW-4404: - Commit 6159a2e642e625d904e2b7fa77b7323178e3986d in struts's branch refs/heads/http-interceptor from Lukasz Lenart [ https://gitbox.apache.org/repos/asf?p=struts.git;h=6159a2e64 ] WW-4404 Implements HttpInterceptor > Implement HttpInterceptor > - > > Key: WW-4404 > URL: https://issues.apache.org/jira/browse/WW-4404 > Project: Struts 2 > Issue Type: Improvement > Components: Core Interceptors >Affects Versions: 2.3.20 >Reporter: Lukasz Lenart >Priority: Minor > Fix For: 6.2.0 > > > Allows limit access to actions based on used Http method type > https://github.com/apache/struts/pull/25 -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Work logged] (WW-5276) Cleanup method of request is not called
[ https://issues.apache.org/jira/browse/WW-5276?focusedWorklogId=840847=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-840847 ] ASF GitHub Bot logged work on WW-5276: -- Author: ASF GitHub Bot Created on: 22/Jan/23 10:12 Start Date: 22/Jan/23 10:12 Worklog Time Spent: 10m Work Description: sonarcloud[bot] commented on PR #654: URL: https://github.com/apache/struts/pull/654#issuecomment-1399446215 Kudos, SonarCloud Quality Gate passed! [![Quality Gate passed](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/QualityGateBadge/passed-16px.png 'Quality Gate passed')](https://sonarcloud.io/dashboard?id=apache_struts=654) [![Bug](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/bug-16px.png 'Bug')](https://sonarcloud.io/project/issues?id=apache_struts=654=false=BUG) [![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png 'A')](https://sonarcloud.io/project/issues?id=apache_struts=654=false=BUG) [0 Bugs](https://sonarcloud.io/project/issues?id=apache_struts=654=false=BUG) [![Vulnerability](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/vulnerability-16px.png 'Vulnerability')](https://sonarcloud.io/project/issues?id=apache_struts=654=false=VULNERABILITY) [![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png 'A')](https://sonarcloud.io/project/issues?id=apache_struts=654=false=VULNERABILITY) [0 Vulnerabilities](https://sonarcloud.io/project/issues?id=apache_struts=654=false=VULNERABILITY) [![Security Hotspot](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/security_hotspot-16px.png 'Security Hotspot')](https://sonarcloud.io/project/security_hotspots?id=apache_struts=654=false=SECURITY_HOTSPOT) [![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png 'A')](https://sonarcloud.io/project/security_hotspots?id=apache_struts=654=false=SECURITY_HOTSPOT) [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_struts=654=false=SECURITY_HOTSPOT) [![Code Smell](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/code_smell-16px.png 'Code Smell')](https://sonarcloud.io/project/issues?id=apache_struts=654=false=CODE_SMELL) [![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png 'A')](https://sonarcloud.io/project/issues?id=apache_struts=654=false=CODE_SMELL) [0 Code Smells](https://sonarcloud.io/project/issues?id=apache_struts=654=false=CODE_SMELL) [![94.7%](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/CoverageChart/90-16px.png '94.7%')](https://sonarcloud.io/component_measures?id=apache_struts=654=new_coverage=list) [94.7% Coverage](https://sonarcloud.io/component_measures?id=apache_struts=654=new_coverage=list) [![0.0%](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/Duplications/3-16px.png '0.0%')](https://sonarcloud.io/component_measures?id=apache_struts=654=new_duplicated_lines_density=list) [0.0% Duplication](https://sonarcloud.io/component_measures?id=apache_struts=654=new_duplicated_lines_density=list) Issue Time Tracking --- Worklog Id: (was: 840847) Time Spent: 20m (was: 10m) > Cleanup method of request is not called > --- > > Key: WW-5276 > URL: https://issues.apache.org/jira/browse/WW-5276 > Project: Struts 2 > Issue Type: Bug >Affects Versions: 6.1.1 >Reporter: Mirek Hankus >Priority: Major > Fix For: 6.2.0 > > Time Spent: 20m > Remaining Estimate: 0h > > After upgrading to 6.1.1 we have noticed that cleanup method of custom > MultiPartRequest is not called by struts. > > > It may be related to > [https://github.com/apache/struts/commit/69102e907551a87335231656320c8484072bdecb] > > as before variable "request" was overwritten with wrapped request and cleanup > was called in finally section > > After this commit new variable is created called "wrappedRequest", but > cleanup is called only on original request, and new wrappedRequest is not > cleaned up at all. > > Below is respective code fragment > {code:java} > HttpServletRequest wrappedRequest = prepare.wrapRequest(request); > ActionMapping mapping = > prepare.findActionMapping(wrappedRequest, response, true); > if (mapping == null) { > LOG.trace("Cannot find mapping for {}, passing to > other filters", uri); > chain.doFilter(request, response); > }
[jira] [Commented] (WW-5276) Cleanup method of request is not called
[ https://issues.apache.org/jira/browse/WW-5276?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17679537#comment-17679537 ] Lukasz Lenart commented on WW-5276: --- [~mhankus] could you review the proposed change in the linked PR? > Cleanup method of request is not called > --- > > Key: WW-5276 > URL: https://issues.apache.org/jira/browse/WW-5276 > Project: Struts 2 > Issue Type: Bug >Affects Versions: 6.1.1 >Reporter: Mirek Hankus >Priority: Major > Fix For: 6.2.0 > > Time Spent: 10m > Remaining Estimate: 0h > > After upgrading to 6.1.1 we have noticed that cleanup method of custom > MultiPartRequest is not called by struts. > > > It may be related to > [https://github.com/apache/struts/commit/69102e907551a87335231656320c8484072bdecb] > > as before variable "request" was overwritten with wrapped request and cleanup > was called in finally section > > After this commit new variable is created called "wrappedRequest", but > cleanup is called only on original request, and new wrappedRequest is not > cleaned up at all. > > Below is respective code fragment > {code:java} > HttpServletRequest wrappedRequest = prepare.wrapRequest(request); > ActionMapping mapping = > prepare.findActionMapping(wrappedRequest, response, true); > if (mapping == null) { > LOG.trace("Cannot find mapping for {}, passing to > other filters", uri); > chain.doFilter(request, response); > } else { > LOG.trace("Found mapping {} for {}", mapping, uri); > execute.executeAction(wrappedRequest, response, > mapping); > } > } > } > } finally { > prepare.cleanupRequest(request); > }{code} > > This bug causes a lot of resource problems, and can result in denial of > service condition for application (or making application not compliant - as > sensitive information is not properly discarded). > > > > > > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (WW-5276) Cleanup method of request is not called
[ https://issues.apache.org/jira/browse/WW-5276?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17679536#comment-17679536 ] ASF subversion and git services commented on WW-5276: - Commit 05d7196e6cf451426eb301effc0416b2554b20f3 in struts's branch refs/heads/WW-5276-cleanup from Lukasz Lenart [ https://gitbox.apache.org/repos/asf?p=struts.git;h=05d7196e6 ] WW-5276 Cleans up also wrapper request to avoid resource leak and potential DoS attack > Cleanup method of request is not called > --- > > Key: WW-5276 > URL: https://issues.apache.org/jira/browse/WW-5276 > Project: Struts 2 > Issue Type: Bug >Affects Versions: 6.1.1 >Reporter: Mirek Hankus >Priority: Major > Fix For: 6.2.0 > > > After upgrading to 6.1.1 we have noticed that cleanup method of custom > MultiPartRequest is not called by struts. > > > It may be related to > [https://github.com/apache/struts/commit/69102e907551a87335231656320c8484072bdecb] > > as before variable "request" was overwritten with wrapped request and cleanup > was called in finally section > > After this commit new variable is created called "wrappedRequest", but > cleanup is called only on original request, and new wrappedRequest is not > cleaned up at all. > > Below is respective code fragment > {code:java} > HttpServletRequest wrappedRequest = prepare.wrapRequest(request); > ActionMapping mapping = > prepare.findActionMapping(wrappedRequest, response, true); > if (mapping == null) { > LOG.trace("Cannot find mapping for {}, passing to > other filters", uri); > chain.doFilter(request, response); > } else { > LOG.trace("Found mapping {} for {}", mapping, uri); > execute.executeAction(wrappedRequest, response, > mapping); > } > } > } > } finally { > prepare.cleanupRequest(request); > }{code} > > This bug causes a lot of resource problems, and can result in denial of > service condition for application (or making application not compliant - as > sensitive information is not properly discarded). > > > > > > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Work logged] (WW-5276) Cleanup method of request is not called
[ https://issues.apache.org/jira/browse/WW-5276?focusedWorklogId=840846=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-840846 ] ASF GitHub Bot logged work on WW-5276: -- Author: ASF GitHub Bot Created on: 22/Jan/23 10:05 Start Date: 22/Jan/23 10:05 Worklog Time Spent: 10m Work Description: lukaszlenart opened a new pull request, #654: URL: https://github.com/apache/struts/pull/654 Fixes [WW-5276](https://issues.apache.org/jira/browse/WW-5276) Issue Time Tracking --- Worklog Id: (was: 840846) Remaining Estimate: 0h Time Spent: 10m > Cleanup method of request is not called > --- > > Key: WW-5276 > URL: https://issues.apache.org/jira/browse/WW-5276 > Project: Struts 2 > Issue Type: Bug >Affects Versions: 6.1.1 >Reporter: Mirek Hankus >Priority: Major > Fix For: 6.2.0 > > Time Spent: 10m > Remaining Estimate: 0h > > After upgrading to 6.1.1 we have noticed that cleanup method of custom > MultiPartRequest is not called by struts. > > > It may be related to > [https://github.com/apache/struts/commit/69102e907551a87335231656320c8484072bdecb] > > as before variable "request" was overwritten with wrapped request and cleanup > was called in finally section > > After this commit new variable is created called "wrappedRequest", but > cleanup is called only on original request, and new wrappedRequest is not > cleaned up at all. > > Below is respective code fragment > {code:java} > HttpServletRequest wrappedRequest = prepare.wrapRequest(request); > ActionMapping mapping = > prepare.findActionMapping(wrappedRequest, response, true); > if (mapping == null) { > LOG.trace("Cannot find mapping for {}, passing to > other filters", uri); > chain.doFilter(request, response); > } else { > LOG.trace("Found mapping {} for {}", mapping, uri); > execute.executeAction(wrappedRequest, response, > mapping); > } > } > } > } finally { > prepare.cleanupRequest(request); > }{code} > > This bug causes a lot of resource problems, and can result in denial of > service condition for application (or making application not compliant - as > sensitive information is not properly discarded). > > > > > > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Work logged] (WW-5274) Mark Pell Multipart plugin as deprecated
[ https://issues.apache.org/jira/browse/WW-5274?focusedWorklogId=840845=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-840845 ] ASF GitHub Bot logged work on WW-5274: -- Author: ASF GitHub Bot Created on: 22/Jan/23 10:00 Start Date: 22/Jan/23 10:00 Worklog Time Spent: 10m Work Description: sonarcloud[bot] commented on PR #653: URL: https://github.com/apache/struts/pull/653#issuecomment-1399443972 Kudos, SonarCloud Quality Gate passed! [![Quality Gate passed](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/QualityGateBadge/passed-16px.png 'Quality Gate passed')](https://sonarcloud.io/dashboard?id=apache_struts=653) [![Bug](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/bug-16px.png 'Bug')](https://sonarcloud.io/project/issues?id=apache_struts=653=false=BUG) [![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png 'A')](https://sonarcloud.io/project/issues?id=apache_struts=653=false=BUG) [0 Bugs](https://sonarcloud.io/project/issues?id=apache_struts=653=false=BUG) [![Vulnerability](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/vulnerability-16px.png 'Vulnerability')](https://sonarcloud.io/project/issues?id=apache_struts=653=false=VULNERABILITY) [![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png 'A')](https://sonarcloud.io/project/issues?id=apache_struts=653=false=VULNERABILITY) [0 Vulnerabilities](https://sonarcloud.io/project/issues?id=apache_struts=653=false=VULNERABILITY) [![Security Hotspot](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/security_hotspot-16px.png 'Security Hotspot')](https://sonarcloud.io/project/security_hotspots?id=apache_struts=653=false=SECURITY_HOTSPOT) [![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png 'A')](https://sonarcloud.io/project/security_hotspots?id=apache_struts=653=false=SECURITY_HOTSPOT) [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_struts=653=false=SECURITY_HOTSPOT) [![Code Smell](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/code_smell-16px.png 'Code Smell')](https://sonarcloud.io/project/issues?id=apache_struts=653=false=CODE_SMELL) [![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png 'A')](https://sonarcloud.io/project/issues?id=apache_struts=653=false=CODE_SMELL) [0 Code Smells](https://sonarcloud.io/project/issues?id=apache_struts=653=false=CODE_SMELL) [![No Coverage information](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/CoverageChart/NoCoverageInfo-16px.png 'No Coverage information')](https://sonarcloud.io/component_measures?id=apache_struts=653=coverage=list) No Coverage information [![0.0%](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/Duplications/3-16px.png '0.0%')](https://sonarcloud.io/component_measures?id=apache_struts=653=new_duplicated_lines_density=list) [0.0% Duplication](https://sonarcloud.io/component_measures?id=apache_struts=653=new_duplicated_lines_density=list) Issue Time Tracking --- Worklog Id: (was: 840845) Time Spent: 20m (was: 10m) > Mark Pell Multipart plugin as deprecated > > > Key: WW-5274 > URL: https://issues.apache.org/jira/browse/WW-5274 > Project: Struts 2 > Issue Type: Dependency > Components: Plugin - Pell >Reporter: Lukasz Lenart >Priority: Major > Fix For: 6.2.0 > > Time Spent: 20m > Remaining Estimate: 0h > > This plugin is using library which isn't support nor actively developed -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (WW-5274) Mark Pell Multipart plugin as deprecated
[ https://issues.apache.org/jira/browse/WW-5274?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17679534#comment-17679534 ] ASF subversion and git services commented on WW-5274: - Commit 474a340553189dec4af293d80def60d9728ebd1b in struts's branch refs/heads/WW-5274-pell from Lukasz Lenart [ https://gitbox.apache.org/repos/asf?p=struts.git;h=474a34055 ] WW-5274 Marks the Pell multipart plugin as deprecated > Mark Pell Multipart plugin as deprecated > > > Key: WW-5274 > URL: https://issues.apache.org/jira/browse/WW-5274 > Project: Struts 2 > Issue Type: Dependency > Components: Plugin - Pell >Reporter: Lukasz Lenart >Priority: Major > Fix For: 6.2.0 > > > This plugin is using library which isn't support nor actively developed -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Work logged] (WW-5274) Mark Pell Multipart plugin as deprecated
[ https://issues.apache.org/jira/browse/WW-5274?focusedWorklogId=840844=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-840844 ] ASF GitHub Bot logged work on WW-5274: -- Author: ASF GitHub Bot Created on: 22/Jan/23 09:54 Start Date: 22/Jan/23 09:54 Worklog Time Spent: 10m Work Description: lukaszlenart opened a new pull request, #653: URL: https://github.com/apache/struts/pull/653 Closes [WW-5274](https://issues.apache.org/jira/browse/WW-5274) Issue Time Tracking --- Worklog Id: (was: 840844) Remaining Estimate: 0h Time Spent: 10m > Mark Pell Multipart plugin as deprecated > > > Key: WW-5274 > URL: https://issues.apache.org/jira/browse/WW-5274 > Project: Struts 2 > Issue Type: Dependency > Components: Plugin - Pell >Reporter: Lukasz Lenart >Priority: Major > Fix For: 6.2.0 > > Time Spent: 10m > Remaining Estimate: 0h > > This plugin is using library which isn't support nor actively developed -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (WW-5277) Upgrade Freemarker to version 3.2.32
[ https://issues.apache.org/jira/browse/WW-5277?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17679530#comment-17679530 ] ASF subversion and git services commented on WW-5277: - Commit cde1753341557e0c767e8acf45adb3ac2bf51503 in struts's branch refs/heads/master from Lukasz Lenart [ https://gitbox.apache.org/repos/asf?p=struts.git;h=cde175334 ] WW-5277 Upgrades Freemarker to version 2.3.32 > Upgrade Freemarker to version 3.2.32 > > > Key: WW-5277 > URL: https://issues.apache.org/jira/browse/WW-5277 > Project: Struts 2 > Issue Type: Dependency > Components: Core >Reporter: Lukasz Lenart >Priority: Minor > Fix For: 6.2.0 > > Time Spent: 0.5h > Remaining Estimate: 0h > > The Apache FreeMarker community is pleased to announce the release of > Apache FreeMarker 2.3.32. > https://freemarker.apache.org/docs/versions_2_3_32.html -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Work logged] (WW-5277) Upgrade Freemarker to version 3.2.32
[ https://issues.apache.org/jira/browse/WW-5277?focusedWorklogId=840843=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-840843 ] ASF GitHub Bot logged work on WW-5277: -- Author: ASF GitHub Bot Created on: 22/Jan/23 09:46 Start Date: 22/Jan/23 09:46 Worklog Time Spent: 10m Work Description: lukaszlenart merged PR #651: URL: https://github.com/apache/struts/pull/651 Issue Time Tracking --- Worklog Id: (was: 840843) Time Spent: 0.5h (was: 20m) > Upgrade Freemarker to version 3.2.32 > > > Key: WW-5277 > URL: https://issues.apache.org/jira/browse/WW-5277 > Project: Struts 2 > Issue Type: Dependency > Components: Core >Reporter: Lukasz Lenart >Priority: Minor > Fix For: 6.2.0 > > Time Spent: 0.5h > Remaining Estimate: 0h > > The Apache FreeMarker community is pleased to announce the release of > Apache FreeMarker 2.3.32. > https://freemarker.apache.org/docs/versions_2_3_32.html -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (WW-5277) Upgrade Freemarker to version 3.2.32
[ https://issues.apache.org/jira/browse/WW-5277?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17679531#comment-17679531 ] ASF subversion and git services commented on WW-5277: - Commit 46738c970ef20c64d997122c6f15caf2b76f0653 in struts's branch refs/heads/master from Lukasz Lenart [ https://gitbox.apache.org/repos/asf?p=struts.git;h=46738c970 ] Merge pull request #651 from apache/WW-5277-freemarker [WW-5277] Upgrades Freemarker to version 2.3.32 > Upgrade Freemarker to version 3.2.32 > > > Key: WW-5277 > URL: https://issues.apache.org/jira/browse/WW-5277 > Project: Struts 2 > Issue Type: Dependency > Components: Core >Reporter: Lukasz Lenart >Priority: Minor > Fix For: 6.2.0 > > Time Spent: 0.5h > Remaining Estimate: 0h > > The Apache FreeMarker community is pleased to announce the release of > Apache FreeMarker 2.3.32. > https://freemarker.apache.org/docs/versions_2_3_32.html -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Resolved] (WW-5277) Upgrade Freemarker to version 3.2.32
[ https://issues.apache.org/jira/browse/WW-5277?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Lukasz Lenart resolved WW-5277. --- Resolution: Fixed > Upgrade Freemarker to version 3.2.32 > > > Key: WW-5277 > URL: https://issues.apache.org/jira/browse/WW-5277 > Project: Struts 2 > Issue Type: Dependency > Components: Core >Reporter: Lukasz Lenart >Priority: Minor > Fix For: 6.2.0 > > Time Spent: 0.5h > Remaining Estimate: 0h > > The Apache FreeMarker community is pleased to announce the release of > Apache FreeMarker 2.3.32. > https://freemarker.apache.org/docs/versions_2_3_32.html -- This message was sent by Atlassian Jira (v8.20.10#820010)