[VOTE] Struts 2.3.26

The Apache Struts 2.3.26 test build is now available. With this release: - Possible XSS vulnerability in pages not using UTF-8 was fixed, read more details in S2-028 - Prevents possible RCE when reusing user input in tag's attributes, see more details in S2-029 - I18NInterceptor narrows selected lo

[VOTE] Struts 2.3.27

This is a third call in row with tiny fix discovered during test period so I'm going to speed things up as there are three security bulletins addressed with this release. The Apache Struts 2.3.26 test build is now available. With this release: - Possible XSS vulnerability in pages not using UTF-8

Re: [VOTE] Struts 2.3.26

> [ ] Leave at test build > [ ] Alpha > [ ] Beta > [X] General Availability (GA) +1 (binding) Best Regards Johannes # web: http://www.jgeppert.com twitter: http://twitter.com/jogep 2016-03-17 18:28 GMT+01:00 Lukasz Lenart : > 2016-03-16 18:05 G

Re: [VOTE] Struts 2.3.27

No other choice, as I would rather have my interceptors working. quick fix, could leave it in both methods and call it only if preResultListeners != null? Fix it in properly struts next. On 18 March 2016 at 14:04, Lukasz Lenart wrote: > I see no other way just revert that change and change

Re: [VOTE] Struts 2.3.26

>From page https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.3.26 These cannot be read as it wants a login? S2-029 and S2-030 On 1

Build failed in Jenkins: Struts-JDK8-master #111

See -- Started by an SCM change [EnvInject] - Loading node environment variables. Building remotely on H11 (docker Ubuntu ubuntu yahoo-not-h2) in workspace

Build failed in Jenkins: Struts-JDK7-master #445

See -- [...truncated 2066 lines...] Generating Generating

Re: [VOTE] Struts 2.3.27

That may work out :) Let me finish with grass and I will dig into this :) (mobile) 18 mar 2016 16:38 "Greg Huber" napisał(a): > The reason why its not working it needs to know whether it is an > instanceof ServletRedirectResult in MessageStorePreResultListener. > > Rather than use the result (wh

Build failed in Jenkins: Struts-JDK7-master #446

See -- [...truncated 3892 lines...] Generating Generating

Re: [VOTE] Struts 2.3.26

+1 not binding [ ] Leave at test build [ ] Alpha [ ] Beta [X] General Availability (GA) --- Regards, Aleksandr - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.

[CANCELED] Re: [VOTE] Struts 2.3.27

I will call for another vote soon 2016-03-18 10:01 GMT+01:00 Lukasz Lenart : > This is a third call in row with tiny fix discovered during test > period so I'm going to speed things up as there are three security > bulletins addressed with this release. > > The Apache Struts 2.3.26 test build is n

Re: [VOTE] Struts 2.3.27

I see no other way just revert that change and change that was introduced to fix the original issue Regards -- Łukasz + 48 606 323 122 http://www.lenart.org.pl/ 2016-03-18 14:26 GMT+01:00 Greg Huber : > Sorry forget the last email, its rubbish. Won't work. Thought the code was > part of the mo

Re: [VOTE] Struts 2.3.27

OK. Have tested it. bit tidier ... based on DefaultActionInvocation! Map results = null; ResultConfig resultConfig = null; try { results = invocation.getProxy().getConfig().getResults(); resultConfig = results.get(resultCode); } catch (NullP

Re: [VOTE] Struts 2.3.26

2016-03-17 9:58 GMT+01:00 Greg Huber : > From page > > https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.3.26 > > These cannot be read as it wants a login? Greg I've added your username - ghuber - to struts-committers group in Confluence so you should be able to access those pages.

[CANCELED ]Re: [VOTE] Struts 2.3.26

New call for vote will start soon 2016-03-16 18:05 GMT+01:00 Lukasz Lenart : > The Apache Struts 2.3.26 test build is now available. With this release: > - Possible XSS vulnerability in pages not using UTF-8 was fixed, read > more details in S2-028 > - Prevents possible RCE when reusing user input

Re: Struts 2.3.26

> Great! Thanks a lot! > > So let's start vote! > [ ] Leave at test build [ ] Alpha [ ] Beta [X] General Availability (GA) +1, binding Regards, Christoph This Email was scanned by Sophos Anti Virus

Re: [VOTE] Struts 2.3.27

The reason why its not working it needs to know whether it is an instanceof ServletRedirectResult in MessageStorePreResultListener. Rather than use the result (which do do not have) a possible solution is to construct what its looking for from the invocation and the use an equals. Map results =

Re: [VOTE] Struts 2.3.28

Thanks, redirect messages and interceptor switching correctly now. [ ] Leave at test build [ ] Alpha [ ] Beta [x] General Availability (GA) +1 binding On 18 March 2016 at 20:46, Lukasz Lenart wrote: > The Apache Struts 2.3.28 test build is now available. With this release: > - Possible XSS vul

Re: [VOTE] Struts 2.3.27

2016-03-18 12:11 GMT+01:00 Greg Huber : > checking the source. Here is the change https://github.com/apache/struts/commit/9c7b8336685d810a657f3f3c56ad8662dcc85dbf#diff-5 right now a result is created early, before "PreResultListener"s will be called. Previously the result was created in "exec

Re: [VOTE] Struts 2.3.27

just checked the source, and does need reinstating, for me. // this is needed because the result will be executed, then control will return to the Interceptor, which will // return above and flow through again if (!executed) { result = createResult(); <<

[VOTE] Struts 2.3.28

The Apache Struts 2.3.28 test build is now available. With this release: - Possible XSS vulnerability in pages not using UTF-8 was fixed, read more details in S2-028 - Prevents possible RCE when reusing user input in tag's attributes, see more details in S2-029 - I18NInterceptor narrows selected lo

Re: [VOTE] Struts 2.3.27

STORE Does moving the create result to the invoke negate the pre-result listener, just to a result listener? ## Here is the interceptor that I use. Maybe I can move it around? /** * Adds -mobile to the result. * * .Tiles-mobile * */ public class MobileAwareInterceptor extends MethodFilter

Re: [VOTE] Struts 2.3.27

I have tested it without the change (to DefaultActionInvocation) and the messages work on the redirects. Unless it is confirmed that it is required ie it does not work in its original position, its best not to change such a key program. In my opinion. On 18 March 2016 at 11:20, Lukasz Lenart wro

Re: [VOTE] Struts 2.3.26

[ ] Leave at test build [ ] Alpha [ ] Beta [x] General Availability (GA) +1 binding Thanks. On 16 March 2016 at 17:05, Lukasz Lenart wrote: > The Apache Struts 2.3.26 test build is now available. With this release: > - Possible XSS vulnerability in pages not using UTF-8 was fixed, read > more

Jenkins build is back to normal : Struts-JDK7-master #447

See - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org

Jenkins build is back to normal : Struts-JDK8-master #112

See - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org

Re: [VOTE] Struts 2.3.26

>The Apache Struts 2.3.26 test build is now available. [ ] Leave at test build [ ] Alpha [ ] Beta [X] General Availability (GA) +1, binding Regards, Christoph This Email was scanned by Sophos Anti Virus

Re: [VOTE] Struts 2.3.27

+1 GA (binding) - René Am 18.03.16 um 10:01 schrieb Lukasz Lenart: > This is a third call in row with tiny fix discovered during test > period so I'm going to speed things up as there are three security > bulletins addressed with this release. > > The Apache Struts 2.3.26 test build is now avail

Re: [VOTE] Struts 2.3.26

2016-03-16 18:05 GMT+01:00 Lukasz Lenart : > [ ] Leave at test build > [ ] Alpha > [ ] Beta > [X] General Availability (GA) +1 (binding) Regards -- Łukasz + 48 606 323 122 http://www.lenart.org.pl/ - To unsubscribe, e-mail: de

Re: [VOTE] Struts 2.3.27

Sorry forget the last email, its rubbish. Won't work. Thought the code was part of the mod, which it is not. On 18 March 2016 at 11:45, Lukasz Lenart wrote: > 2016-03-18 12:29 GMT+01:00 Greg Huber : > > I have tested it without the change (to DefaultActionInvocation) and the > > messages work o

Re: [VOTE] Struts 2.3.27

Re-testing this... did the result = createResult(); get reinstated in the DefaultActionInvocation.executeResult(), as my views are not switching correctly. The message on the redirect works OK. Part of the pre result listener mods. On 18 March 2016 at 09:01, Lukasz Lenart wrote: > This is a