Re: FW: Apache Struts Upgrade to version 2.3.31

2016-12-21 Thread Lukasz Lenart 
Hi,

It looks like you want to upgrade from Struts 1 to Struts 2 which are two
totally different beasts. In such case replacing JARs won't work, you must
rewrite the web layer part.

Read these
http://struts.apache.org/docs/migration-guide.html#MigrationGuide-Struts1toStruts2
http://stackoverflow.com/questions/7817323/migration-from-struts1-to-struts2


Regards
-- 
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/

2016-12-21 6:11 GMT+01:00 Muthiraparambil Somasundaram, Jeril <
jeril.somasunda...@cba.com.au>:

> Hi Lukasz/Team,
>
>
>
> We do not use Maven. Do you think replacing struts jar file in the below
> location should suffice?
>
>
>
>
>
>
>
>
>
> Below is from version 2.3.31 package. Would you be able to advise which of
> these jar files needs to be used to replace the current one for an upgrade?
>
>
>
>
>
>
>
> Thanks,
>
> Jeril
>
> +61450204750 <+61%20450%20204%20750>
>
>
>
>
>
> *From:* Lukasz Lenart [mailto:lukaszlen...@apache.org
> ]
> *Sent:* Friday, 2 December 2016 7:42 PM
> *To:* Davis, Geethu 
> *Cc:* secur...@struts.apache.org; Muthiraparambil Somasundaram, Jeril <
> jeril.somasunda...@cba.com.au>; Kannoly, Arathy  >
> *Subject:* Re: Apache Struts Upgrade to version 2.3.31
>
>
>
> Hi,
>
>
>
> It all depends how do you manage dependencies, do you use Maven or
> manually by putting jars in WEB-INF/lib? In most cases replacing jars
> should be enough. And please ask such common questions via Struts Users
> Mailing List  as this list is used to report and
> discuss security vulnerabilities.
>
>
>
>
>
> Regards
>
> --
>
> Łukasz
> + 48 606 323 122 <606%20323%20122> http://www.lenart.org.pl/
>
>
>
> 2016-12-02 7:01 GMT+01:00 Davis, Geethu :
>
> Hi team,
>
>
>
> Could you please help with this request?
>
>
>
> Thanks,
>
> Geethu
>
> *Commonwealth* Bank
>
> [image: ITSMO_Logo]
>
> *ITSMO, driving an Always Available Bank*
>
>
>
> *Geethu Davis*
>
> *TCS Equities Support*
>
> IT Service Management and Operations
>
> Enterprise Services
>
> P: +91 484 6189534 <+91%20484%20618%209534>
>
> E  geethu.da...@cba.com.au
>
>
>
> *Our vision is **to excel at securing and enhancing the financial
> wellbeing of people, businesses and communities*
>
>
>
> *From:* Davis, Geethu
> *Sent:* Wednesday, 30 November 2016 12:40 AM
> *To:* 'Johannes Geppert' ; secur...@struts.apache.org
> *Cc:* Muthiraparambil Somasundaram, Jeril 
> *Subject:* RE: Apache Struts Upgrade to version 2.3.31
>
>
>
> Hi Johannes,
>
>
>
> Thanks for the link. However, could you please provide step wise
> instructions for the installation?
>
>
>
> Thanks,
>
> Geethu
>
> *Commonwealth* Bank
>
> [image: ITSMO_Logo]
>
> *ITSMO, driving an Always Available Bank*
>
>
>
> *Geethu Davis*
>
> *TCS Equities Support*
>
> IT Service Management and Operations
>
> Enterprise Services
>
> P: +91 484 6189534 <+91%20484%20618%209534>
>
> E  geethu.da...@cba.com.au
>
>
>
> *Our vision is **to excel at securing and enhancing the financial
> wellbeing of people, businesses and communities*
>
>
>
> *From:* Johannes Geppert [mailto:jo...@apache.org ]
> *Sent:* Tuesday, 15 November 2016 8:04 PM
> *To:* secur...@struts.apache.org; Davis, Geethu 
> *Subject:* Re: Apache Struts Upgrade to version 2.3.31
>
>
>
> Hi Geethu,
>
>
>
> Just click on the link "Version Notes" to see the release notes for this
> special release.
>
>
>
> http://struts.apache.org/docs/version-notes-2331.html
>
>
>
> Best Regards
>
>
>
> Johannes
>
>
> #
>
> web: http://www.jgeppert.com
>
> twitter: http://twitter.com/jogep
>
>
>
>
>
> 2016-11-15 15:18 GMT+01:00 Davis, Geethu :
>
> Hi Team,
>
>
>
> One of the Windows 2008 R2 servers managed by our team has been found to
> have Apache Struts version 2.3.16.3 installed in it. As our security team
> has informed that this version has multiple security remote code execution
> vulnerabilities, we are planning to upgrade this to version 2.3.31.
>
>
> We have downloaded the zip file from the below page. Could you please
> provide us with any release notes/instructions on re-installation so that
> we could prepare a runsheet for the same? This is to be handed over to the
> server support team. Any assistance is appreciated.
>
>
>
> http://struts.apache.org/download.cgi
>
> [image: cid:image002.jpg@01D24CBD.B50D8DE0]
>
>
>
> Thanks,
> Geethu
>
> *Commonwealth* Bank
>
> [image: ITSMO_Logo]
>
> *ITSMO, driving an Always Available Bank*
>
>
>
> *Geethu Davis*
>
> *TCS Equities Support*
>
> IT Service Management and Operations
>
> Enterprise Services
>
> P: +91 484 6189534 <+91%20484%20618%209534>
>
> E  geethu.da...@cba.com.au
>
>
>
> *Our vision is **to excel at securing and enhancing the financial
> wellbeing of people, businesses and communities*
>
>
>
>
>

Re: Does stxx supports Struts 2

2016-12-21 Thread Venky 
Does struts 2 supports the XML input and output when we are using in
conjunction with XSLT as return type and no JSPs involved.

Thanks
Venky

On Wed, Dec 21, 2016 at 1:54 AM, Lukasz Lenart 
wrote:

> There is XSL result type which should be similar to Stxx as far I
> understand what Stxx does
>
> https://struts.apache.org/docs/xsl-result.html
>
>
> Regards
> Lukasz
>
> 2016-12-20 15:32 GMT+01:00 Venky :
> > Hi,
> >
> > Is there any chance of Stxx support to Struts 2 as I don't find much
> > documentation online. As Stxx is dead and we are working so far on Struts
> > 1.x by using .
> >
> > Or If there any alternatives to Stxx, that would be helpful.
> >
> > Thanks in advance
> > Venky
>
> -
> To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
> For additional commands, e-mail: user-h...@struts.apache.org
>
>

Re: Does stxx supports Struts 2

2016-12-21 Thread Lukasz Lenart 
I have never used it but it should be possible, check this out
http://blog.mark-mclaren.info/2007/09/part-i-struts-2-xml-experiments-using_4642.html
http://blog.mark-mclaren.info/2007/09/part-ii-struts-2-xml-experiments-using_4798.html

2016-12-21 15:13 GMT+01:00 Venky :
> Does struts 2 supports the XML input and output when we are using in
> conjunction with XSLT as return type and no JSPs involved.
>
> Thanks
> Venky
>
> On Wed, Dec 21, 2016 at 1:54 AM, Lukasz Lenart 
> wrote:
>
>> There is XSL result type which should be similar to Stxx as far I
>> understand what Stxx does
>>
>> https://struts.apache.org/docs/xsl-result.html
>>
>>
>> Regards
>> Lukasz
>>
>> 2016-12-20 15:32 GMT+01:00 Venky :
>> > Hi,
>> >
>> > Is there any chance of Stxx support to Struts 2 as I don't find much
>> > documentation online. As Stxx is dead and we are working so far on Struts
>> > 1.x by using .
>> >
>> > Or If there any alternatives to Stxx, that would be helpful.
>> >
>> > Thanks in advance
>> > Venky
>>
>> -
>> To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
>> For additional commands, e-mail: user-h...@struts.apache.org
>>
>>

-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org

Re: problem Migrating from Struts 2.3 to 2.5

2016-12-21 Thread Lukasz Lenart 
2016-12-22 6:53 GMT+01:00 John Aylward :
> I'm trying to migrate my struts application from 2.3.31 to 2.5.8 but it 
> appears that my struts.xml is not getting loaded. My web.xml is pretty 
> standard:

Please try to use Struts 2.5.5

> 
>"-//Apache Software Foundation//DTD Struts Configuration 2.3//EN"
>   "http://struts.apache.org/dtds/struts-2.3.dtd;>

Change 2.3 to 2.5

> 
>
>

You don't need that, Struts will automatically load any
struts-default.xml and struts-plugin.xml

> 
>  "-//Apache Software Foundation//DTD Struts Configuration 2.3//EN"
> "http://struts.apache.org/dtds/struts-2.3.dtd;>

Same here, replace 2.3 with 2.5

Anyway, this can be related to
https://issues.apache.org/jira/browse/WW-4727 but I cannot reproduce
this with my example app


Regards
-- 
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/

-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org

problem Migrating from Struts 2.3 to 2.5

2016-12-21 Thread John Aylward 
I'm trying to migrate my struts application from 2.3.31 to 2.5.8 but it appears 
that my struts.xml is not getting loaded. My web.xml is pretty standard:


http://java.sun.com/xml/ns/javaee; 
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance;
  xsi:schemaLocation="http://java.sun.com/xml/ns/javaee 
http://www.oracle.com/webfolder/technetwork/jsc/xml/ns/javaee/web-app_3_0.xsd;
>
  app-name
  
  
  
index.html
  
  
struts2

org.apache.struts2.dispatcher.filter.StrutsPrepareAndExecuteFilter
  
  
struts2
*.action
  

Then my struts.xml which worked fine in 2.3.31 but is not working in 2.5.8


http://struts.apache.org/dtds/struts-2.3.dtd;>

   
   

   
   

   
   

   
   



The struts.xml file is in my resources directory, and I verified it's being 
copied properly to webapp/WEB-INF/classes. However, when I start up my 
application in Tomcat, the StrutsPrepareAndExecuteFilter init method is called, 
but my actions as defined in my-json-actions.xml are not initialized. It 
appears that the struts.xml file is not loaded at all. I'm also not seeing any 
exceptions or error messages output.

Do I need to do something different in 2.5 to get my actions loading? My action 
definitions look something like this:


http://struts.apache.org/dtds/struts-2.3.dtd;>

   
   
 

 

Any help would be greatly appreciated! Thanks

--
John