Re: Struts 6.8.0 & 7.1.0

Done https://github.com/apache/struts/pull/1328 śr., 10 wrz 2025 o 07:33 Łukasz Lenart napisał(a): > > pon., 8 wrz 2025 o 10:18 Greg Huber napisał(a): > > > > Would 6.8.0 include commons-fileupload 1.6.0 as I remember a cve in 1.5. > > As far I see this is a drop-in dependency, so each user can

Re: Struts 6.8.0 & 7.1.0

pon., 8 wrz 2025 o 10:18 Greg Huber napisał(a): > > Would 6.8.0 include commons-fileupload 1.6.0 as I remember a cve in 1.5. As far I see this is a drop-in dependency, so each user can do it independently. Cheers Łukasz - To un

Re: Struts 6.8.0 & 7.1.0

Would 6.8.0 include commons-fileupload 1.6.0 as I remember a cve in 1.5. On 07/09/2025 08:50, Lukasz Lenart wrote: Hi, I'm almost ready to prepare these two new test builds, there is one PR waiting review related to 6.7.0 https://github.com/apache/struts/pull/1174 All the changes in 6.8.0 - th

Re: Struts 7.0.1 JakartaMultiPartRequest

niedz., 2 lut 2025 o 12:10 Greg Huber napisał(a): > > ok. If you can post the fix I can test it. Here is the fix https://github.com/apache/struts/pull/1203 > btw, I tried the previous commit on JakartaMultiPartRequest and that > also did not allow the method, thought I tested this on 7.0.0.🙁 N

Re: Struts 7.0.1 JakartaMultiPartRequest

ok.  If you can post the fix I can test it. btw, I tried the previous commit on JakartaMultiPartRequest and that also did not allow the method, thought I tested this on 7.0.0.🙁 On 02/02/2025 11:04, Łukasz Lenart wrote: niedz., 2 lut 2025 o 11:15 Greg Huber napisał(a): I get this warning: 20

Re: Struts 7.0.1 JakartaMultiPartRequest

niedz., 2 lut 2025 o 11:15 Greg Huber napisał(a): > > I get this warning: > > 2025-02-02 10:06:49,238 WARN > org.apache.struts2.dispatcher.multipart.JakartaMultiPartRequest > JakartaMultiPartRequest:processNormalFormField - Form field > [action:myFiles!upload] is rejected! > > 2025-02-02 10:07:31,

Re: Struts 7.0.1

I agree, you are right. > Lukasz Lenart hat am 29.01.2025 10:13 CET > geschrieben: > > > Same here, Tomcat 11 is unstable and trying to build Struts to support > Jakarta 11 also produces some errors. I would wait on stable Jakarta > 11 first. > > pon., 27 sty 2025 o 08:40 Kusal Kithul-Godage

Re: Struts 7.0.1

Same here, Tomcat 11 is unstable and trying to build Struts to support Jakarta 11 also produces some errors. I would wait on stable Jakarta 11 first. pon., 27 sty 2025 o 08:40 Kusal Kithul-Godage napisał(a): > > Unless you've got a fix ready, I'd argue WW-5496 is not required for > 7.0.1 given th

Re: Struts 7.0.1

Unless you've got a fix ready, I'd argue WW-5496 is not required for 7.0.1 given the bug is specific to Tomcat 11.0 and Jakarta EE 11, neither of which are GA. On Mon, Jan 27, 2025 at 6:24 PM Günter Paul wrote: > > Hi Lukas, > > for me WW-5496 is open and WW-5495 is not solved. See my comments. >

Re: Struts 7.0.1

Hi Lukas, for me WW-5496 is open and WW-5495 is not solved. See my comments. Günter > Lukasz Lenart hat am 26.01.2025 08:23 CET > geschrieben: > > > I'm going to prepare a first patch version of Struts 7, do you miss anything? > https://issues.apache.org/jira/projects/WW/versions/12355521 >

Re: Struts 7.0.1

All good by me for both 6.7.1 and 7.0.1 On Sun, Jan 26, 2025 at 6:23 PM Lukasz Lenart wrote: > > I'm going to prepare a first patch version of Struts 7, do you miss anything? > https://issues.apache.org/jira/projects/WW/versions/12355521 > > > Cheers > Łukasz > > -

Re: Re: Re: Re: Re: Re: Re: Struts 7: action class finder

On 16.01.25 19:03, Lukasz Lenart wrote: Could you try to define struts.allowlist.packageNames or disable it struts.allowlist.enable=false? I meant we are probably missing something around this when loading actions from JARs, as the allowlist are dynamically updated based on convention mechanism B

Re: Re: Re: Re: Re: Re: Struts 7: action class finder

śr., 15 sty 2025 o 08:51 Florian Schlittgen napisał(a): > > On 15.01.25 08:25, Lukasz Lenart wrote: > > I assume you jar > > contains only Convention based actions? > Yes, they are all Convention based actions. > Sorry, I didn't had the time to do more testing. If you want me to try > something ou

Re: Re: Re: Re: Re: Re: Struts 7: action class finder

On 15.01.25 08:25, Lukasz Lenart wrote: I assume you jar contains only Convention based actions? Yes, they are all Convention based actions. Sorry, I didn't had the time to do more testing. If you want me to try something out, just let me know. Regards, Florian smime.p7s Description: S/MIME

Re: Re: Re: Re: Re: Struts 7: action class finder

niedz., 29 gru 2024 o 10:48 Florian Schlittgen napisał(a): > I tried it with the struts-example and I could reproduce the behaviour > when I add the constant: > value=".*?/myjar.*?jar(!/)?" /> > > Can you confirm? In my real application I need action loading from an > additional jar file... I ad

Re: Re: Re: Re: Re: Struts 7: action class finder

On 24.12.24 07:51, Lukasz Lenart wrote: Other option is to define "struts.convention.package.locators.basePackage" [1] and I'm playing with this example [2] yet I was not able to reproduce behaviour described by you - even if I removed "struts.convention.package.locators.basePackage" I don't "org

Re: Struts 7.0.0 - JSP rendering is taking 3X time compare to struts 6.3.0.2

Hi Dipak, I don't believe the mailing lists support image attachments. Could you try externally hosting them and linking them instead? It would also be useful if you could additionally test with Struts 6.7.0 to further isolate when this potential regression may have been introduced. Kind regards

Re: From ??? Re: Re: Re: Struts 7: action class finder

pon., 23 gru 2024 o 21:02 Florian Schlittgen napisał(a): > > On 23.12.24 20:51, Lukasz Lenart wrote: > > Could you define your own excluded packages using constant > > "struts.convention.exclude.packages"? The problem I see the > > "com.opensymphony.xwork2" package was never excluded, so this prob

Re: From ??? Re: Re: Re: Struts 7: action class finder

On 23.12.24 20:51, Lukasz Lenart wrote: Could you define your own excluded packages using constant "struts.convention.exclude.packages"? The problem I see the "com.opensymphony.xwork2" package was never excluded, so this problem would have to occur earlier Sorry but I don't get it. How can I achi

Re: Re: Re: Struts 7: action class finder

pon., 23 gru 2024 o 19:42 Florian Schlittgen napisał(a): > Thanks for looking into it. Your examples/tests are alright, but I think this > is not the way it is being called. Please take a look at > org.apache.struts2.convention.PackageBasedActionConfigBuilder.includeClassNameInActionScan(String)

Re: Re: Re: Struts 7: action class finder

On 23.12.24 19:12, Lukasz Lenart wrote: It doesn't match because there is no ".", this works: public static void main(String[] args) { String packageExclude = "org.apache.struts2.*"; String classPackageName = "org.apache.struts2."; WildcardHelper wildcardHelper = new WildcardHelp

Re: Re: Struts 7: action class finder

czw., 19 gru 2024 o 21:42 Florian Schlittgen napisał(a): > > You're right, the package is supposed to be excluded. So I started > debugging and tracked it down to the > org.apache.struts2.util.WildcardHelper. There seems to be an issue, as > you can see in this example: > > public static void

Re: Re: Struts 7: action class finder

You're right, the package is supposed to be excluded. So I started debugging and tracked it down to the org.apache.struts2.util.WildcardHelper. There seems to be an issue, as you can see in this example:     public static void main(String[] args) {     String packageExclude = "org.apache.s

Re: Struts 7: action class finder

Hm... but classes in org.apache.struts2 are excluded from scanning https://github.com/apache/struts/blob/main/plugins/convention/src/main/resources/struts-plugin.xml#L57 Could you double check if you don't have a copy of older JARs somewhere czw., 19 gru 2024 o 17:27 Florian Schlittgen napisał(a

Re: Struts / CVE-2024-53677

(adding dev@struts.a.o) On Thu, Dec 19, 2024 at 11:00 AM Jarek Potiuk wrote: > While this might be a popular feature, It's pretty well handled by the > Struts team IMHO I agree! > https://cwiki.apache.org/confluence/display/WW/S2-066, the 2.5 is not > marked as EOL (but it is EOL in fact alread

Re: Struts 6.7.0, StrutsResultSupport conditionalParse uses com.opensymphony.xwork2.ActionInvocation invocation

Looks like I overlooked that specific method. And yes the old type can be cast directly to the new type. ActionInvocation#adapt will allow you to go the other way. On Wed, Dec 11, 2024 at 7:48 PM i...@flyingfischer.ch wrote: > > When upgrading from 6.6.1 to 6.7.0, I run into an issue with an > ov

Re: Struts v7.0.0-M10 missing from Maven Central

czw., 12 gru 2024 o 13:32 Burton Rhodes napisał(a): > > It appears that 7.0.0-M10 is no longer available in Maven Central. > Should I be pointing to a different version? The latest versions I see > in the repository are: 6.7.0 and 7.0.0-M9 > > >org.apache.struts >struts2-core >7.0.0-M

Re: Struts v7.0.0-M10 missing from Maven Central

default Thanks, Burton -- Original Message -- From "Greg Huber" To dev@struts.apache.org Date 12/12/2024 6:45:37 AM Subject Re: Struts v7.0.0-M10 missing from Maven Central Version 7 is out for release 7.0.0 Although I can only find them in staging https://repository.apach

Re: Struts v7.0.0-M10 missing from Maven Central

Version 7 is out for release 7.0.0 Although I can only find them in staging https://repository.apache.org/content/groups/staging/ On 12/12/2024 12:30, Burton Rhodes wrote: It appears that 7.0.0-M10 is no longer available in Maven Central. Should I be pointing to a different version? The lates

Re: Struts 7 release plan

Branch has been renamed, below commands to update your local copy: git branch -m master main git fetch origin git branch -u origin/main main git remote set-head origin -a sob., 30 lis 2024 o 00:31 Kusal Kithul-Godage napisał(a): > > Sounds good > > On Fri, Nov 29, 2024 at 8:06 PM Lukasz Lenart

Re: Struts 7 release plan

pon., 9 gru 2024 o 15:37 Orifhon Zunnunov napisał(a): > Is there a target GA release date for Struts 7 ? No, but except this issue [1] we are ready to prepare the first release [1] https://issues.apache.org/jira/browse/INFRA-26325 Cheers Lukasz

Re: Struts 7 release plan

Hi folks, Is there a target GA release date for Struts 7 ? -- Best Regards Orif

Re: Struts 7 release plan

Sounds good On Fri, Nov 29, 2024 at 8:06 PM Lukasz Lenart wrote: > > Struts 6.7.0 is out, I'm going to cut off a new release/struts-6-7-x > branch, then merge Struts 7 PR into master. Any objections? > > pon., 18 lis 2024 o 08:12 Lukasz Lenart napisał(a): > > > > Thanks Kusal, you are right! > >

Re: Struts 7 release plan

Struts 6.7.0 is out, I'm going to cut off a new release/struts-6-7-x branch, then merge Struts 7 PR into master. Any objections? pon., 18 lis 2024 o 08:12 Lukasz Lenart napisał(a): > > Thanks Kusal, you are right! > > pon., 18 lis 2024 o 02:00 Kusal Kithul-Godage > napisał(a): > > > > I'm concer

Re: Struts 7 release plan

Thanks Kusal, you are right! pon., 18 lis 2024 o 02:00 Kusal Kithul-Godage napisał(a): > > I'm concerned it will do more harm than good. With the release of > Struts 6.7 we have a decent upgrade path as most > Actions/Interceptors/Results can now be made forwards compatible with > 7.0. It leaves

Re: Struts 7 release plan

I'm concerned it will do more harm than good. With the release of Struts 6.7 we have a decent upgrade path as most Actions/Interceptors/Results can now be made forwards compatible with 7.0. It leaves limited additional work when upgrading to 7.0. By renaming the packages again we'd be breaking that

Re: Struts 7 release plan

niedz., 17 lis 2024 o 12:00 Kusal Kithul-Godage napisał(a): > > Curious what the use case for having both Struts 6 and 7 in the same > WAR would be? In some cases you must rewrite part of your actions and this might help by running two versions of the framework in parallel. It's one of the strate

Re: Struts 7 release plan

Curious what the use case for having both Struts 6 and 7 in the same WAR would be? On Sun, Nov 17, 2024 at 8:30 PM Lukasz Lenart wrote: > > I'm going to prepare a test build of Struts 6.7 and I wonder if we > shouldn't use "org.apache.struts7" as a base package name for Struts 7 > to allow two ve

Re: Struts 7 release plan

I'm going to prepare a test build of Struts 6.7 and I wonder if we shouldn't use "org.apache.struts7" as a base package name for Struts 7 to allow two versions of the framework to coexist in one war archive. Does that make sense? śr., 6 lis 2024 o 11:10 Kusal Kithul-Godage napisał(a): > > Yep sou

Re: Struts 7 release plan

Yep sounds good to me On Wed, Nov 6, 2024 at 7:56 PM Lukasz Lenart wrote: > > Thanks, I think we are good to release Struts 6.7 as there is a lot of > changes which should help in migration into Struts 7 > > pon., 4 lis 2024 o 02:07 Kusal Kithul-Godage > napisał(a): > > > > Actually, nevermind t

Re: Struts 7 release plan

Thanks, I think we are good to release Struts 6.7 as there is a lot of changes which should help in migration into Struts 7 pon., 4 lis 2024 o 02:07 Kusal Kithul-Godage napisał(a): > > Actually, nevermind that last message, it's more complicated than I > anticipated > > On Mon, Nov 4, 2024 at 11

Re: Struts 7 release plan

Actually, nevermind that last message, it's more complicated than I anticipated On Mon, Nov 4, 2024 at 11:35 AM Kusal Kithul-Godage wrote: > > Also, I'm going to create 1 more deprecation PR for Struts 6.7 to > provide a couple more replacement APIs. > > On Mon, Nov 4, 2024 at 12:48 AM Lukasz Len

Re: Struts 7 release plan

Also, I'm going to create 1 more deprecation PR for Struts 6.7 to provide a couple more replacement APIs. On Mon, Nov 4, 2024 at 12:48 AM Lukasz Lenart wrote: > > I'm going to release a new milestone - M10, hopefully the last one. > Also I want to create a dedicated branch "release/struts-6-7-x"

Re: Struts 7 release plan

Sounds good. Hmm maybe merge [1] then recreate 'release/struts-7-0-x' during the final 7.0 release? And then increment master to 7.1.0-SNAPSHOT On Mon, Nov 4, 2024 at 12:48 AM Lukasz Lenart wrote: > > I'm going to release a new milestone - M10, hopefully the last one. > Also I want to create a de

Re: Struts 7 release plan

I'm going to release a new milestone - M10, hopefully the last one. Also I want to create a dedicated branch "release/struts-6-7-x" and use it to maintain Struts 6. Not sure what to do with the master branch, merge [1] and use it to support Struts 7? Or rather ignore (or remove) and use "release/st

Re: [struts-community-plugins/struts2-jquery] Update dependency org.springframework:spring-context to v6 [SECURITY] (PR #554)

This upgrade won't work.  Needs to stay on 5x. On 19/10/2024 00:30, renovate[bot] wrote: This PR contains the following updates: Package Change Age AdoptionPassing Confidence org.springframework:spring-context

Re: Struts 7 release plan

I upgrades struts-examples to use Struts 7 M9 and discovered issues with @StrutsParameter https://issues.apache.org/jira/browse/WW-5468 sob., 5 paź 2024 o 15:54 Lukasz Lenart napisał(a): > > pt., 27 wrz 2024 o 10:46 Johannes Geppert napisał(a): > > > > Thanks, Lukasz! Looking forward to seeing t

Re: Struts 7 release plan

pt., 27 wrz 2024 o 10:46 Johannes Geppert napisał(a): > > Thanks, Lukasz! Looking forward to seeing the next release. > > Will this issue be part of the next release? > https://issues.apache.org/jira/browse/WW-5452 Looking into it right now. Another thing, I opt to deprecate the current Sitemesh

Re: Struts 7 release plan

Thanks, Lukasz! Looking forward to seeing the next release. Will this issue be part of the next release? https://issues.apache.org/jira/browse/WW-5452 Johannes # web: https://www.jgeppert.com Am Di., 24. Sept. 2024 um 08:11 Uhr schrieb Lukasz Len

Re: Struts 7 release plan

This is the last PR [1] I want to merge into Struts 6.x (and probably release 6.6.1), then I will reverse merge the master into Struts 7 branch, and apply this PR [2] with renaming packages and I think we are good to go :) [1] https://github.com/apache/struts/pull/1060 [2] https://github.com/apach

Re: Struts 7 release plan

No objections here. Thanks, Burton -- Original Message -- From "Lukasz Lenart" To "Struts Developers List" Date 9/2/2024 2:20:28 AM Subject Struts 7 release plan Hi, I would like to release Struts 7 soon (there are a few outstanding issues I would like to address first) and switch

Re: (struts) 01/01: Merge pull request #958 from apache/dependabot/maven/commons-validator-commons-validator-1.9.0

unsubscribe On Monday 24 June 2024 at 06:42:13 BST, wrote: This is an automated email from the ASF dual-hosted git repository. lukaszlenart pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/struts.git commit 100ef07a449451894a6fd158c09fd4eec55af5fc Merg

Re: Struts 2.5.x EOL

I would like to officially announce EOL of Struts 2.5.x, any objections? https://struts.apache.org/announce-2023#a20231030 niedz., 8 paź 2023 o 17:29 Lukasz Lenart napisał(a): > > śr., 4 paź 2023 o 08:40 napisał(a): > > for my taste it's too short - the last EOL Announcement (2.3) was over a >

Re: Struts 7.0 Update?

Thanks for the update. Your work is much appreciated. -- Original Message -- From "Lukasz Lenart" To "Struts Developers List" Date 4/7/2024 1:04:08 AM Subject Re: Struts 7.0 Update? pt., 5 kwi 2024 o 15:04 Burton Rhodes napisał(a): Lukasz, I just thought

Re: Struts 7.0 Update?

pt., 5 kwi 2024 o 15:04 Burton Rhodes napisał(a): > > Lukasz, > I just thought I would check in to see how the S2 7.0.0 update was > coming along. There was a lot of activity there for awhile, but things > have been pretty quiet lately. Anything I can help with? FWIW, I have > been running 7.0.

Re: Struts 6.4.0

No objections so I'm going to prepare a new release. There are a lot of changes and I expect some complaints :\ czw., 29 lut 2024 o 09:20 Lukasz Lenart napisał(a): > > How do we feel about releasing a new version? Kusal do you still have > some concerns? > > wt., 2 sty 2024 o 13:48 Lukasz Lenart

Re: Struts 6.4.0

How do we feel about releasing a new version? Kusal do you still have some concerns? wt., 2 sty 2024 o 13:48 Lukasz Lenart napisał(a): > > Hi, > > I would like to issue a new release [1]. There are still plenty of > tasks to solve yet there were a few major changes and it would be good > to get u

Re: Struts OGNL Allowlist and Parameter Annotation

I think probably give it 1 more month before releasing 6.4.0 as Atlassian should have collected any relevant feedback and have received the results of the security audit by then. I also have a handful more minor patches to contribute :) On Fri, 9 Feb 2024 at 17:18, Lukasz Lenart wrote: > This is

Re: Struts OGNL Allowlist and Parameter Annotation

This is great news and thanks a lot for your contribution! Also it's time to prepare a new release then :D Cheers Lukasz pt., 9 lut 2024 o 03:31 Kusal Kithul-Godage napisał(a): > > Hi all, > > Atlassian is very excited to have shipped the Struts OGNL Allowlist and > Parameter Annotation features

Re: Struts 2.5.x EOL

śr., 4 paź 2023 o 08:40 napisał(a): > for my taste it's too short - the last EOL Announcement (2.3) was over a > half year. That's why I posted this question, 6 months is fair enough :) Regards -- Łukasz + 48 606 323 122 http://www.lenart.org.pl/

Re: Struts 2.5.x EOL

śr., 4 paź 2023 o 09:09 Greg Huber napisał(a): > > +1. > > If we are going to create a plugin for the Jakarta changes, would > make it easier. It's not the case ... many other libs like commons-fileupload or sitemesh3 based directly on JakartaEE - I already posted another topic how to move to

Re: Struts 2.5.x EOL

Spring 5 Framework has an EOL of 2024-12-31, and 6 is Java 17+. * Spring Framework 6.1.x: Jakarta EE 9-11 (jakarta namespace) * Spring Framework 6.0.x: Jakarta EE 9-10 (jakarta namespace) * Spring Framework 5.3.x: Java EE 7-8 (javax namespace) On 04/10/2023 05:32, Lukasz Lenart wrote: Hi,

Re: Struts 2.5.x EOL

+1. If we are going to create a plugin for the Jakarta changes, would make it easier. On 04/10/2023 05:32, Lukasz Lenart wrote: Hi, I would like to announce that we end support for Struts 2.5.x branch. Is setting this date to the 1st of the new year ok? Not too short a period of time?

Re: Struts 6.2.0

This is the last PR I want to close and I can prepare a new release :) https://github.com/apache/struts/pull/692 śr., 17 maj 2023 o 09:22 Lukasz Lenart napisał(a): > > śr., 17 maj 2023 o 09:21 Greg Huber napisał(a): > > Maybe a separate release immediately after 6.2.0? It is only a > > refactor

Re: Struts 6.2.0

śr., 17 maj 2023 o 09:21 Greg Huber napisał(a): > Maybe a separate release immediately after 6.2.0? It is only a > refactor, with no code changes, but might have missed something > especially if using velocity heavily. Exactly, I thought about the same - so that's the plan ;-) Regards -- Łuka

Re: Struts 6.2.0

Maybe a separate release immediately after 6.2.0?  It is only a refactor, with no code changes, but might have missed something especially if using velocity heavily. On 16/05/2023 19:56, Lukasz Lenart wrote: Hi, I think it's time to release a new version which addresses over 50 issues [1] and

Re: Struts 6.1.0

;-))) Thanks Łukasz for this huge work! Looking forward to test the bits. Markus Am 08.11.22 um 07:45 schrieb Lukasz Lenart: Hi, I'm ready to prepare a new test build as preparation for releasing Struts 6.1.0 - all the issues have been addressed :) Cheers -- Łukasz pt., 21 paź 2022 o 11:4

Re: Struts 6.1.0

Hi, I'm ready to prepare a new test build as preparation for releasing Struts 6.1.0 - all the issues have been addressed :) Cheers -- Łukasz pt., 21 paź 2022 o 11:44 Lukasz Lenart napisał(a): > > Hi, > > I'm working on the next release which should include 30 fixes, I also > cleaned up the bac

Re: [struts] branch WW-2815-xstream updated: WW-2815 Drops unused import

unsubscribe From: lukaszlen...@apache.org Sent: October 17, 2022 4:55 AM To: comm...@struts.apache.org Subject: [struts] branch WW-2815-xstream updated: WW-2815 Drops unused import This is an automated email from the ASF dual-hosted git repository. lukaszlenart

Re: [struts] branch lukaszlenart-patch-1 created (now 7183d32ca)

Unsubscribe  Sent from Yahoo Mail on Android On Sun, Sep 25, 2022 at 3:09 AM, lukaszlen...@apache.org wrote: This is an automated email from the ASF dual-hosted git repository. lukaszlenart pushed a change to branch lukaszlenart-patch-1 in repository https://gitbox.apache.org/repos/asf/s

Re: Struts 6.0.1

Everything is almost done, just one issue left, yet it's less important and can be released latter https://issues.apache.org/jira/projects/WW/versions/12351837 If no objections I will draft a new test build tomorrow Cheers Łukasz niedz., 7 sie 2022 o 10:50 Lukasz Lenart napisał(a): > > Hi, > >

Re: Struts repository 2-5-x branch, recent version tag typo for next development iteration

śr., 5 sty 2022 o 22:29 J. Chaplin napisał(a): > > Hi Struts Dev Team. > > As an FYI, it looks like the 2-5-x branch version tag for the 2021/12/31 > "[maven-release-plugin] prepare for next development iteration" activity > had a typo. > > It was set to: 2.5.9-SNAPSHOT , instead of: > 2.5.29-SNAP

Re: Struts archetypes

pon., 18 maj 2020 o 00:49 James Chaplin napisał(a): > > Hi Łukasz. > > Following the most recent changes, everything seems to build correctly > now for the archetypes. I think (hope) that we have found all the issues > now. :) > > I think the struts2-archetypes are ready for their ne

Re: Struts archetypes

Hi Łukasz. Following the most recent changes, everything seems to build correctly now for the archetypes. I think (hope) that we have found all the issues now. :) I think the struts2-archetypes are ready for their next release. Does anyone else have any objections or comments ? Re

Re: Struts archetypes

Thanks James! I think me & you addressed all the problems and we can release the archetypes, any thoughts? Regards -- Łukasz + 48 606 323 122 http://www.lenart.org.pl/ niedz., 10 maj 2020 o 00:58 James Chaplin napisał(a): > > Hello Lukasz. > > I tried to test out the 2.5.21-SNAPSHOT vers

Re: Struts archetypes

Hello Lukasz. I tried to test out the 2.5.21-SNAPSHOT version of the struts2-archetypes, to provide some feedback. I used NetBeans 11 and JDK11 to test the struts2-archetype-x items, with "Version: 2.5.21-SNAPSHOT". Here are the results: - Starter, Plugin, DBPortlet, Convention, Bl

Re: Struts benchmarking

le.com/javase/7/docs/technotes/guides/management/jconsole.html clear as mud? m. From: Lukasz Lenart Sent: Thursday, April 23, 2020 2:43 AM To: Struts Developers List Subject: Re: Struts benchmarking Here are some comparisons, does anybody now how to read this? Str

Re: Struts benchmarking

Interesting bug. It looks like each test run is sending 5000 requests in total using 100 "client threads". During the test at some interval (it seems random) it's printing out a summary of the test so far. Each summary seems to contain: - Number of requests sent since last summary - The total r

Re: Struts benchmarking

Here are some comparisons, does anybody now how to read this? Struts 2.5.22 Starting standalone test @ Thu Apr 23 08:36:14 CEST 2020 (1587623774966) Waiting for possible Shutdown/StopTestNow/HeapDump/ThreadDump message on port 4445 summary + 2695 in 00:00:15 = 181.9/s Avg: 537 Min:99 Max

Re: Struts 2.5.22 test build is ready

I assume I can call for a Vote as no objections were mailed :) Regards -- Łukasz + 48 606 323 122 http://www.lenart.org.pl/ wt., 19 lis 2019 o 09:05 Greg Huber napisał(a): > > Works well for me, thanks, +1(b) > > On Sun, 17 Nov 2019 at 19:42, Lukasz Lenart wrote: > > > Hi, > > > > Please take

Re: Struts 2.5.22 test build is ready

Works well for me, thanks, +1(b) On Sun, 17 Nov 2019 at 19:42, Lukasz Lenart wrote: > Hi, > > Please take a time and test the bits - any help is appreciated. Please > report any problems. I'll call for a vote in a few days if no problems > will be spotted. > > Staging Maven repo > https://reposi

Re: Struts 2.5.22 test build is ready

Seems to run fine too. Thanks! Markus Am 17.11.19 um 20:42 schrieb Lukasz Lenart: > Hi, > > Please take a time and test the bits - any help is appreciated. Please > report any problems. I'll call for a vote in a few days if no problems > will be spotted. > > Staging Maven repo > https://repositor

Re: Struts 2.5.21 test build is ready

Hello I am running 2.5.21 in production in several projects. Everything is running fine and smooth. No issues so far. Markus Am 18.11.19 um 02:30 schrieb J C: > Hello. > > Did some testing of the showcase and rest-showcase applications in the 2.5.21 > test build (and a very quick test of the 2.

Re: Struts 2.5.21 test build is ready

Hello. Did some testing of the showcase and rest-showcase applications in the 2.5.21 test build (and a very quick test of the 2.5.22 test build as well). Things seemed to work properly in both cases with no obvious errors seen in the console or via browser navigation. The tests also included

Re: Struts 2.5.21 test build is ready

; > Regards. > >> -Original Message- >> From: J C >> Sent: Saturday, November 9, 2019 8:13 AM >> To: Struts Developers List >> Subject: Re: Struts 2.5.21 test build is ready >> >> Hello Markus (and Struts Developers List). >> >&g

RE: Struts 2.5.21 test build is ready

9, 2019 8:13 AM >To: Struts Developers List >Subject: Re: Struts 2.5.21 test build is ready > > Hello Markus (and Struts Developers List). > >Thanks for confirming that changing the expressionMaxLength value to 1024 did >actually suppress the exception behaviour and warning out

Re: Struts 2.5.21 test build is ready

Hello Markus (and Struts Developers List). Thanks for confirming that changing the expressionMaxLength value to 1024 did actually suppress the exception behaviour and warning output you original received with the test build of 2.5.21. That suggestion was more to confirm that changing the value

Re: Struts 2.5.21 test build is ready

Hi Yasser thanks for reconsidering and your detailed answers. I appreciate your detailed feedback very much. And thanks for specifying that there _is_ an option to disable the restrictions by using: I suspect it will never be possible with such an approach to find a general correct balance betw

Re: Struts 2.5.21 test build is ready

Hi Markus, Sorry for inconvenience - yes that was my genius idea ;) ensued from my vision on our security reports and in the first place, it didn't look bad to me because I'd seen similar practices in variety of places for example in http, tomcat, nginx and etc. However, I also shared and disc

Re: Struts 2.5.21 test build is ready

Or maybe even use some very large number and reduce it to 256 in Struts 2.6 :thinking: pt., 8 lis 2019 o 08:02 Lukasz Lenart napisał(a): > > pt., 8 lis 2019 o 02:02 J C napisał(a): > > If you have expressions in your application longer than the default limit > > in 2.5.21 (200), that may be cau

Re: Struts 2.5.21 test build is ready

pt., 8 lis 2019 o 00:06 Dave napisał(a): > I just did a build of Apache Roller 6 (not yet released) using Struts > 2.5.21 test bits (pulled from the staging repo) and so far, things seem to > be working fine. Roller 6 requires Java 11 and with Struts 2.5.20 I was > getting an irritating ERROR abou

Re: Struts 2.5.21 test build is ready

czw., 7 lis 2019 o 23:12 i...@flyingfischer.ch napisał(a): > > See new errors like this: > > Caused by: java.lang.SecurityException: This expression exceeded maximum > allowed length:.. > > followed by a longer OGNL expression in JSP. Thanks a lot Markus, this is due to a new max expression lengt

Re: Struts 2.5.21 test build is ready

pt., 8 lis 2019 o 02:02 J C napisał(a): > If you have expressions in your application longer than the default limit in > 2.5.21 (200), that may be causing the exception (and hopefully also the WARN > output). > > Please try applying a configuration change for your application (replace 1024 > wi

Re: Struts 2.5.21 test build is ready

Hello JC thanks for replying. There are several flaws with the idea to limit the length of a OGNL expression string due to secutity reasons: First: the parsing of the expression will be BLOCKED, as intended, and an exception is being thrown: ognl.OgnlException: Parsing blocked due to security re

Re: Struts 2.5.21 test build is ready

Sorry - theree is a typo I missed in copy/paste. That should have been: (if using struts.xml) - James. On Thursday, November 7, 2019, 8:02:13 p.m. EST, J C wrote: (Sorry about the separate thread for reply) Hello Markus. If you have expressions in your application longer than the d

Re: Struts 2.5.21 test build is ready

(Sorry about the separate thread for reply) Hello Markus. If you have expressions in your application longer than the default limit in 2.5.21 (200), that may be causing the exception (and hopefully also the WARN output). Please try applying a configuration change for your application (replace

Re: Struts 2.5.21 test build is ready

I just did a build of Apache Roller 6 (not yet released) using Struts 2.5.21 test bits (pulled from the staging repo) and so far, things seem to be working fine. Roller 6 requires Java 11 and with Struts 2.5.20 I was getting an irritating ERROR about "requires ASM7" but everything seemed to work fi

Re: Struts 2.5.21 test build is ready

It is reported in WARN level: WARN com.opensymphony.xwork2.ognl.OgnlValueStack - Could not evaluate this expression due to security constraints: Markus Am 07.11.19 um 23:12 schrieb i...@flyingfischer.ch: > See new errors like this: > > Caused by: java.lang.SecurityException: This expression exce

Re: Struts 2.5.21 test build is ready

See new errors like this: Caused by: java.lang.SecurityException: This expression exceeded maximum allowed length:.. followed by a longer OGNL expression in JSP. Markus Am 07.11.19 um 20:57 schrieb Lukasz Lenart: > Hi, > > Please take a time and test the bits - any help is appreciated. Please >

Re: Struts 2.5.21

On 10/31/2019 10:24 PM, Lukasz Lenart wrote: > I think we are ready to release a new version, if no objections I will > start the process in a week or so. I think so. Thanks! Regards.

  1   2   3   4   5   6   7   8   9   10   >