This is an automated email from the ASF dual-hosted git repository. lukaszlenart pushed a change to branch release/struts-7-0-x in repository https://gitbox.apache.org/repos/asf/struts.git
discard c1054ada2 Merge pull request #778 from jdyer1/feature/WN-5141 omit ba45c36a9 WN-5141 omit 397c5491b Merge branch 'release/struts-7-0-x' into feature/WN-5141 omit cde3c4f12 Merge pull request #803 from apache/feature/update-htmlunit omit cbb6b91f8 Upgrades Htmlunit to version 3.6.0 omit 4e22a87b1 WN-5141 omit fde15d3b8 Merge branch 'release/struts-7-0-x' into feature/WN-5141 omit cd93e4bb9 Delete remaining deprecated plugins omit a1ff157cb Delete unused files missed in previous PR omit 886290d68 [WW-5141] Removes deprecated plugins (#798) omit 8e7dceb45 WW-5335 Reverts adding release/struts-7-0-x branch to scorecards analysis Only the main branch is supported by this action omit 0fa58eab8 WW-5335 Prepares for Java 17 & Struts 7.x omit 84ab6e966 Merge branch 'release/struts-7-0-x' into feature/WN-5141 omit bf2d85ebe [WW-5141] Removes deprecated plugins (#798) omit dd45eb9f6 Merge branch 'release/struts-7-0-x' into feature/WN-5141 omit 0321d2777 Merge pull request #797 from apache/merge-forward-master omit 219049773 Merge remote-tracking branch 'origin/master' into merge-forward-master omit 50f724e66 WN-5141 omit 3651f62f5 WN-5141 omit 646ad0f54 Revert "WN-5141" omit 0c5e9c34d WN-5141 omit 4f9febb54 WN-5141 omit 1080579db WN-5141 omit 5d19c7335 Revert "WN-5141" omit c66f2a2a9 WN-5141 omit bb4237155 Revert "WN-5141" omit 6b38a1e91 Revert "WN-5141" omit aea173c89 Revert "WN-5141" omit 9439e675c WN-5141 omit 334ed173c WN-5141 omit d6d0c5111 WN-5141 omit 7ae89828b Merge branch 'release/struts-7-0-x' into feature/WN-5141 omit e87806436 WN-5141 omit bde4eb37c WN-5141 omit 4aa8ccacf WN-5141 omit 0af312f0f WW-5335 Reverts adding release/struts-7-0-x branch to scorecards analysis Only the main branch is supported by this action omit 0845c6af6 WW-5335 Prepares for Java 17 & Struts 7.x omit ed04c009c Merge pull request #794 from apache/fix/WW-5335-scorecards omit 55a304bf0 WW-5335 Reverts adding release/struts-7-0-x branch to scorecards analysis Only the main branch is supported by this action omit 321cf4634 Merge pull request #785 from apache/feature/prepares-for-7 omit 5a34bc8e0 WN-5141 omit 89717a58c WN-5141 omit 6140e5d73 WN-5141 omit e3f463548 Revert "WN-5141" omit deebfc346 WN-5141 omit 818ca1f26 WN-5141 omit 107eeb199 WN-5141 omit bbc4d1dbb WN-5141 omit 7c81d066e Revert "WN-5141" omit 99a482d0f Revert "WN-5141" omit 010192a1e Revert "WN-5141" omit c990edad1 Revert "WN-5141" omit 62c63a676 Revert "WN-5141" omit 24519a97d Revert "WN-5141" omit 8cd3245cf WN-5141 omit 77df10b9a Merge branch 'master' into feature/WN-5141 omit f17124c23 WN-5141 omit 98665848c WN-5141 omit 1aa997474 Merge pull request #1 from tyme-dev/feature/WN-5141 omit dc13abaf8 WW-5335 Prepares for Java 17 & Struts 7.x omit 334c4090c conversion to fileupload2 omit 74cf21a4f Merge remote-tracking branch 'origin' into feature/WN-5141 omit 315eb49f0 WN-5141 omit f4bd1462e WN-5141 omit 3383ff552 WN-5141 omit 7f12f15d9 WN-5141 omit f2459c07c WN-5141 omit 908d06483 WN-5141 omit cb476c8a9 WN-5141 omit 46a0037a3 WN-5141 omit 4e8dbe0c9 WN-5141 omit f0df35f2e WN-5141 omit e4fa6e40e WN-5141 omit ea722cb35 WN-5141 omit 1c43fd1dc WN-5141 omit 8d465c66a WN-5141 omit 73b6a5831 IPAGE-5141 omit 27a2a4390 WN-5141 omit c322f7f4a WN-5141 omit 261cfe549 WN-5141 omit ba75db010 WN-5141 omit 861e8f98b WN-5141 omit eb16ed49a WN-5141 omit 9d873e506 Revert "WN-5141" omit 57032d9d1 WN-5141 omit 5d1aa6edc WN-5141 omit cdb0820e6 WN-5141 omit d5e766e43 WN-5141 omit 8d3880a67 WN-5141 omit 1c66e692c WN-5141 omit 1fc70af56 WN-5141 omit def5254a5 WN-5141 omit 3a4c1dd6f WN-5141 omit 625a81e59 Revert "WN-5141" omit b8b9f8aa3 WN-5141 omit 5ccaf2449 WN-5141 omit d132c4386 WN-5141 omit 6f609dea6 WN-5141 omit b10b49160 WN-5141 omit 20f8a0096 WN-5141 omit 33c1afad0 WN-5141 omit 0295f0728 WN-5141 omit e00457ee4 WN-5141 omit a900d7b7d WN-5141 omit 666e17845 WN-5141 omit 307829c5f WN-5141 omit af70ececd IPAGE-5141 omit 81a765cde WN-5141 omit c4cc465e1 WN-5141 omit 9ea5ffc5c Merge remote-tracking branch 'origin/master' into feature/WN-5141 omit 86c72097c WN-5141 add 79ffc86b6 WW-5343 Delete unused code and consolidate constructors add 082532995 WW-5343 Extract ConfigParseUtil add b0b80bac7 WW-5343 Extract deprecated methods as default interface methods add 9e556e9ed WW-5343 Deprecate unnecessary setter add 90344b381 WW-5343 Make SecurityMemberAccess a prototype bean add 7e92a8d7b WW-5343 Refactor OgnlValueStackFactory to utilise SecurityMemberAccess bean add b518635e2 WW-5343 Update OgnlUtil#createDefaultContext to utilise SecurityMemberAccess bean add 4490d9d77 WW-5343 Move configuration injection from OgnlUtil to SecurityMemberAccess add 8bf47b367 WW-5343 Fix OgnlUtilTest#testBeanMapExpressions add 62988f783 WW-5343 Fix unit test compilation errors add ceff6cde0 WW-5343 Remove unnecessary method add f87d7d734 WW-5343 Add missing license add a402e5c80 WW-5343 Revert and fix serializability add d0d10d938 WW-5343 Fix MemberAccess access blocked tests add 68f5584d9 WW-5343 Remove defunct test now that constant is required add 05a99733f Merge branch 'master' into WW-5343-sec-extend add 9640f5bde WW-5343 Migrate tests to SecurityMemberAccessTest add eba79a784 WW-5343 Fix final test add 85d2c742c WW-5343 Clean up bootstrap constants add 7929d8634 WW-5343 Address SonarCloud code smells add a60842af7 Merge pull request #791 from apache/WW-5343-sec-extend add cf4523fba Bump actions/setup-java from 3 to 4 (#804) add ebdf01995 WW-5364 Modify XmlDocConfigurationProvider to be able to load into allowlist add 1d76bff95 WW-5364 Make allowlist classloader specific add 198812fe8 WW-5364 Implement provider allowlist add 3bf3e5f8d WW-5364 Inject ProviderAllowlist into SecurityMemberAccess add ee442db9e WW-5364 Enable allowlist for showcase add 39c3e332d WW-5364 Add Struts components to allowlist add 6657e01f9 WW-5364 Don't throw ConfigurationException on unloadable action or interceptor classes add d7df9ce99 WW-5364 Replace some allowlist classes with packages add 0566a207f Merge branch 'WW-5343-sec-extend' into WW-5364-populate-allowlist add d030532d6 WW-5343 Collect bootstrap factories add 9aff37a83 Merge branch 'master' into WW-5364-populate-allowlist add 5e33c7f2c WW-5343 Add unit test coverage for ProviderAllowlist add 16f822a2b WW-5343 Move JUnit4 test case into Struts-core add a26823386 WW-5343 Add integration tests for ConfigurationProvider populating ProviderAllowlist add 589219baa WW-5343 Add missing licenses add a7d273c1f WW-5343 Make StrutsTestCase extend same package add 80e83616b Merge pull request #800 from apache/WW-5364-populate-allowlist add 48a82fead WW-5339 Make ClassResolver a bean add 002e598b7 WW-5339 Add option to block custom OGNL maps add 6fcb50122 Merge pull request #806 from apache/WW-5339-astmap-block add 13d972d6e WW-5370 Makes HttpParameters case-insensitive add c40978f8c WW-5370 Uses TreeMap with case-insensitive comparator add 4eaab8a79 WW-5370 Simplifies code add 102e040e0 WW-5370 Adds proper logic to handle null add f684effd9 Merge pull request #807 from apache/feature/http-params-case add 0bc0217b9 WW-5371 Implements action based file upload add dc4103bcb WW-5371 Uses the new upload mechanism in Showcase app add 3ce3f8264 WW-5371 Simplifies file upload logic and extracts constants add 3ef9ade89 WW-5371 Document how to use the new file upload logic add 64c13cc74 WW-5370 Simplifies error handling logic add f4501846c Merge pull request #808 from apache/feature/WW-5371-modern-upload add 2202e5fbb WW-5141 add 6d2eb2e02 WN-5141 add eac1e0efa WW-5141 add 0c35a6bf8 IPAGE-5141 add 3a73c2ab2 WN-5141 add 7eda1745a WW-5141 remove code for "pell multipart plugin" add 20eb2ebbf WN-5141 add 6dc2cba32 WN-5141 add 857c36c3c WN-5141 add 08c669320 WN-5141 add a5c139114 WN-5141 add 841313ec1 WN-5141 add 534142474 WN-5141 add 11284a042 WN-5141 add 697e18553 WN-5141 add 2e528eb66 WN-5141 add 09feb9bf0 Revert "WN-5141" add 42fed67a8 WW-5141 TODO: TEMPORARY comment-out incomaptible commons-upload old version code add 8726288bd WN-5141 add 0566cc58c WN-5141 add fed840b6a WN-5141 add 54a9ef85e WN-5141 add 0cee06f5a WN-5141 add 37e179467 WN-5141 add 416dd7e22 WN-5141 add 380b157be WN-5141 add bbdeb2d45 Revert "WN-5141" add 752597832 WN-5141 add 459fd74dc WN-5141 add 6ad0ad512 WN-5141 add 07792bd0e WN-5141 add 54564c9aa WN-5141 add 2e6d912ac WN-5141 add 14ecd5c7f IPAGE-5141 add a7618112f WN-5141 add 85529bf0a WN-5141 add 0802707a3 WW-5141 fix security test add 792357e6f WN-5141 add b21be7570 WW-5141 temp IGNORE test require commons-upload upgrade add 92cc4f859 WN-5141 add 143be3f17 WN-5141 add 8fecaa2c3 WN-5141 add 7dd2e817e WN-5141 add 6c0a97cfa WN-5141 add 63828c0e8 WN-5141 add ec8ac50b6 WN-5141 add dba63742a WN-5141 add 72e1ff74f WN-5141 add 2e0ba0873 WW-5141 conversion to fileupload2 add 06228a729 WN-5141 add bd6f347db WN-5141 add b365b58e3 WN-5141 add b52f18ced Revert "WN-5141" add 0b9ca66f5 Revert "WN-5141" add bafcccc3b Revert "WN-5141" add a9edf7479 Revert "WN-5141" add ec6c96e16 Revert "WN-5141" add 730e5829d Revert "WN-5141" add d36a76c95 WN-5141 add 38c51d255 WN-5141 add 48b8a3b54 WN-5141 add e9c6ce019 WN-5141 add 712fa7fba Revert "WN-5141" add 72d07f838 WN-5141 add 6e76a3abc WN-5141 add d20972c13 WW-5141 fix formatting problems add 79138e185 WW-5335 Prepares for Java 17 & Struts 7.x add b8d07f422 WW-5335 Reverts adding release/struts-7-0-x branch to scorecards analysis Only the main branch is supported by this action add 8b501aa21 WN-5141 add baddd368c WN-5141 add df56821ab WN-5141 add 2fe7a91bd WW-5335 Prepares for Java 17 & Struts 7.x add 8c906f3c8 WW-5335 Reverts adding release/struts-7-0-x branch to scorecards analysis Only the main branch is supported by this action add 7d835bfa4 WN-5141 add 519b8bd98 WN-5141 add 1295c5945 WN-5141 add 71c2fe0ef Revert "WN-5141" add 147f0ca8a Revert "WN-5141" add 94c166f22 Revert "WN-5141" add 0e6d31729 WN-5141 add eb4387521 Revert "WN-5141" add c59ba68e1 WN-5141 add e95a07fcf WN-5141 add 3f2b8c526 WN-5141 add 8cd0dc9cc Revert "WN-5141" add b372ac9e9 WN-5141 add bed0db347 WN-5141 add 6f35c02fb [WW-5141] Removes deprecated plugins (#798) add 60794037d WW-5335 Prepares for Java 17 & Struts 7.x add e6e057799 WW-5335 Reverts adding release/struts-7-0-x branch to scorecards analysis Only the main branch is supported by this action add 0fa8cdd3e [WW-5141] Removes deprecated plugins (#798) add a20d26fc3 Delete unused files missed in previous PR add 97dbdc1c9 Delete remaining deprecated plugins add 8b8de96b4 WN-5141 fix whitespace issues add 6ce1e9ea3 Upgrades Htmlunit to version 3.6.0 add 5e187ad12 WN-5141 This update added new revisions after undoing existing revisions. That is to say, some revisions that were in the old version of the branch are not in the new version. This situation occurs when a user --force pushes a change and generates a repository containing something like this: * -- * -- B -- O -- O -- O (c1054ada2) \ N -- N -- N refs/heads/release/struts-7-0-x (5e187ad12) You should already have received notification emails for all of the O revisions, and so the following emails describe only the N revisions from the common base, B. Any revisions marked "omit" are not gone; other references still refer to them. Any revisions marked "discard" are gone forever. No new revisions were added by this update. Summary of changes: .github/workflows/maven.yml | 2 +- .github/workflows/sonar.yml | 2 +- apps/showcase/pom.xml | 2 +- .../showcase/fileupload/FileUploadAction.java | 122 +++--- apps/showcase/src/main/resources/struts.xml | 13 + .../webapp/WEB-INF/fileupload/upload-success.jsp | 9 +- apps/showcase/src/main/webapp/WEB-INF/web.xml | 2 +- .../apache/struts2/showcase/FileUploadTest.java | 3 - assembly/src/main/assembly/all.xml | 4 + assembly/src/main/assembly/docs.xml | 4 + bom/pom.xml | 5 + .../opensymphony/xwork2}/XWorkJUnit4TestCase.java | 3 +- .../xwork2/config/impl/DefaultConfiguration.java | 108 +++--- .../xwork2/config/impl/MockConfiguration.java | 2 - .../StrutsDefaultConfigurationProvider.java | 169 ++------- .../providers/XmlDocConfigurationProvider.java | 88 +++-- .../com/opensymphony/xwork2/ognl/OgnlUtil.java | 235 +++++------- .../opensymphony/xwork2/ognl/OgnlValueStack.java | 109 ++++-- .../xwork2/ognl/OgnlValueStackFactory.java | 36 +- .../xwork2/ognl/SecurityMemberAccess.java | 156 ++++---- .../xwork2/ognl/accessor/CompoundRootAccessor.java | 15 +- .../opensymphony/xwork2/util/ConfigParseUtil.java | 105 ++++++ .../xwork2/util/MemberAccessValueStack.java | 8 +- .../xwork2/util/location/LocationImpl.java | 40 +- .../java/org/apache/struts2/StrutsConstants.java | 4 + .../config/StrutsBeanSelectionProvider.java | 2 + .../apache/struts2/dispatcher/HttpParameters.java | 32 +- .../org/apache/struts2/dispatcher/Parameter.java | 13 + .../multipart/JakartaMultiPartRequest.java | 6 +- .../multipart/JakartaStreamMultiPartRequest.java | 42 ++- .../dispatcher/multipart/StrutsUploadedFile.java | 64 +++- .../struts2/dispatcher/multipart/UploadedFile.java | 8 +- .../interceptor/AbstractFileUploadInterceptor.java | 263 +++++++++++++ .../interceptor/ActionFileUploadInterceptor.java | 191 ++++++++++ .../struts2/interceptor/FileUploadInterceptor.java | 264 ++----------- .../org/apache/struts2/ognl/ProviderAllowlist.java | 73 ++++ .../org/apache/struts2/default.properties | 7 - .../apache/struts2/struts-messages_en.properties | 17 +- core/src/main/resources/struts-beans.xml | 7 +- core/src/main/resources/struts-default.xml | 11 +- .../src/main/resources/struts-excluded-classes.xml | 12 +- .../ConfigurationProviderOgnlAllowlistTest.java | 114 ++++++ .../xwork2/ognl/OgnlUtilStrutsTest.java | 27 -- .../com/opensymphony/xwork2/ognl/OgnlUtilTest.java | 291 ++------------- .../xwork2/ognl/OgnlValueStackTest.java | 73 +--- .../xwork2/ognl/SecurityMemberAccessTest.java | 259 ++++++++----- .../conversion/UploadedFileConverterTest.java | 19 +- .../struts2/dispatcher/HttpParametersTest.java | 78 ++++ ...t.java => ActionFileUploadInterceptorTest.java} | 415 ++++++++++----------- .../interceptor/FileUploadInterceptorTest.java | 182 ++++----- .../apache/struts2/ognl/ProviderAllowlistTest.java | 88 +++++ .../util/SecurityMemberAccessInServletsTest.java | 3 - .../org/apache/struts2/junit/StrutsTestCase.java | 1 - .../apache/struts2/junit/XWorkJUnit4TestCase.java | 71 +--- plugins/pom.xml | 4 +- .../xwork2/ognl/SecurityMemberAccessProxyTest.java | 2 +- .../com/test/SecurityMemberAccessProxyTest.java | 49 +-- pom.xml | 10 +- 58 files changed, 2173 insertions(+), 1771 deletions(-) copy {plugins/junit/src/main/java/org/apache/struts2/junit => core/src/main/java/com/opensymphony/xwork2}/XWorkJUnit4TestCase.java (97%) create mode 100644 core/src/main/java/com/opensymphony/xwork2/util/ConfigParseUtil.java create mode 100644 core/src/main/java/org/apache/struts2/interceptor/AbstractFileUploadInterceptor.java create mode 100644 core/src/main/java/org/apache/struts2/interceptor/ActionFileUploadInterceptor.java create mode 100644 core/src/main/java/org/apache/struts2/ognl/ProviderAllowlist.java create mode 100644 core/src/test/java/com/opensymphony/xwork2/config/providers/ConfigurationProviderOgnlAllowlistTest.java create mode 100644 core/src/test/java/org/apache/struts2/dispatcher/HttpParametersTest.java copy core/src/test/java/org/apache/struts2/interceptor/{FileUploadInterceptorTest.java => ActionFileUploadInterceptorTest.java} (55%) create mode 100644 core/src/test/java/org/apache/struts2/ognl/ProviderAllowlistTest.java