ackbutton.co.uk for more details.
> https://backbutton.co.uk/
>
>
>
>
> On Thu, 13 Aug 2020, 11:18 Rene Gielen, wrote:
>
>> Two new Struts Security Bulletins have been issued for Struts 2 by the
>> Apache Struts Security Team: [1]
>>
>> S2-059 - For
Two new Struts Security Bulletins have been issued for Struts 2 by the
Apache Struts Security Team: [1]
S2-059 - Forced double OGNL evaluation, when evaluated on raw user input
in tag attributes, may lead to remote code execution (CVE-2019-0230) [2]
S2-060 - Access permission override causing a
On behalf the ASF Diversity & Inclusion Committee:
Hello everyone,
If you have an apache.org email, you should have received an email with
an invitation to take the 2020 ASF Community Survey. Please take 15
minutes to complete it.
If you do not have an apache.org email address or you didn’t
The Apache Struts Security Team would like to announce that a number of
historic Struts Security Bulletins [1] and related CVE database entries
contained incorrect affected release version ranges.
The issue was reported by Christopher Fearon and the Black Duck Research
Team within the Synopsys
Extending on behalf of the Apache Travel Committee.
---
The Travel Assistance Committee (TAC) are pleased to announce that
travel assistance applications for ApacheCon NA 2019 are now open!
We will be supporting ApacheCon NA Las Vegas, Nevada on 9th - 12th
September 2019
TAC exists to help
Reminder that travel assistance applications for ApacheCon NA 2018 are
still open but only for another*2 weeks*!
Please get your applications in NOW.
We will be supporting ApacheCon NA Montréal, Canada on 24th - 29th
September 2018
TAC exists to help those that would like to attend ApacheCon
Hi folks,
has anyone seen this before?
http://jodd.org/doc/madvoc/index.html
Looks like they are taking basic Struts 2 concepts and mixing it with
some Spring MVC and Seam.
It might be interesting to evaluate which of their concepts might be
nice to integrate in S2.5/3 - just sayin' ... :)
-
Looks like you have some work ahead of you:
http://struts.apache.org/docs/migration-guide.html
It is highly recommended to upgrade ASAP. 2.3.20 is recommended over
2.3.16.3
- René
Am 31.01.15 um 17:05 schrieb viswanathan.sugu...@accenture.com:
Hi,
I have application running on struts
Hi,
Struts 1 is out of maintenance. I have no information whether
commons-fileupload 1.3.1 works as a drop-in replacement for 1.1.1 in
Struts 1.3 based applications. Most probably you will have to give it a
test drive.
Regards,
René
Am 30.04.14 02:02, schrieb Leopoldo Miranda
As confirmed in our last announcement, the Apache Struts 1 framework in
all versions is affected by a ClassLoader manipulation vulnerability
(CVE-2014-0114) similar to a recently fixed vulnerability in Struts 2
(CVE-2014-0112, CVE-2014-0094) [1].
Thanks to the efforts of Alvaro Munoz and the HP
The Apache Struts project team confirms that Struts 1 in all versions is
affected by a ClassLoader manipulation vulnerability similar to a
recently fixed vulnerability in Struts 2 (CVE-2014-0112, CVE-2014-0094) [1].
This is a different underlying flaw. For future reference, please use
In Struts 2.3.16.1, an issue with ClassLoader manipulation via request
parameters was supposed to be resolved. Unfortunately, the correction
wasn't sufficient.
A security fix release fully addressing this issue is in preparation and
will be released as soon as possible.
Once the release is
below as well? Thank you!
On 04/24/2014 11:32 AM, Rene Gielen wrote:
In Struts 2.3.16.1, an issue with ClassLoader manipulation via request
parameters was supposed to be resolved. Unfortunately, the correction
wasn't sufficient.
A security fix release fully addressing this issue
The Apache Struts group is pleased to announce that Struts 2.3.15.1 is
available as a General Availability release. The GA designation is
our highest quality grade.
Apache Struts 2 is an elegant, extensible framework for creating
enterprise-ready Java web applications. The framework is designed
The Apache Struts group is pleased to announce that Struts 2.3.14.2 is
available as a General Availability release. The GA designation is
our highest quality grade.
Apache Struts 2 is an elegant, extensible framework for creating
enterprise-ready Java web applications. The framework is designed
The Apache Struts Project Team would like to inform you that the Struts
1.x web framework has reached its end of life and is no longer
officially supported.
Started in 2000, Struts 1 had its last release - version 1.3.10 - in
December 2008. In the meantime the Struts community has focused on
Hi there,
ACEU 2012 in Sinsheim has started. Several Struts team members will be
present at the conference, such as Johannes Geppert (@jogep), Christian
Grobmeier (@grobmeier) and me (@rgielen).
If you are attending and interested in a chat about Struts 2 or the
state of the universe in general,
PM, Rene Gielen wrote:
No worries, always good to question - review - rethink
If there is serious interest in an alternative servlet dispatcher besides
FilterDispatcher, contributions are welcome. From the top of my head, the
old dispatcher is still around as deprecated, and most
I think I see the use case - while accessing /cart/ should be a valid request
to the cart topic landing page (index), default action might map to a default
unknown URI page, which has say a humble error message and some suggestions
what URIs the user would want to access.
--
Sent from my
The key attribute is for simple resource properties lookup only, without
MessageFormat. The s:text tag is able to deal with MessageFormat in
particular.
In your case you could either use specialized properties in your bundle:
reject.to=Reject to
reject.to.larry=%{getText('reject.to')} Larry
or
from BlackBerry® on Airtel
-Original Message-
From: Rene Gielen rgie...@apache.org
Date: Mon, 13 Aug 2012 20:00:04
To: Struts Users Mailing Listuser@struts.apache.org
Reply-To: Struts Users Mailing List user@struts.apache.org
Subject: Re: Benefits of using Filter as front controller
We currently seem to have some issues with the export from Confluence,
going to check this - thanks for the notice!
As a workaround, here is the direct link to the notes in Confluence:
https://cwiki.apache.org/confluence/display/WW/Version%20Notes%202.3.4.1
Thanks,
- René
Am 14.08.12 18:14,
.
- Original Message -
From: Rene Gielen rgie...@apache.org
To: Struts Users Mailing List user@struts.apache.org
Cc:
Sent: Tuesday, August 14, 2012 12:10:56 PM
Subject: Re: Benefits of using Filter as front controller
So far I fail to see where Struts 2 deviates from or violates the spec
Grabbed me a copy of Servlet Spec 2.4:
quote
SRV.6.1 What is a filter?
A filter is a reusable piece of code that can transform the content of
HTTP requests, responses, and header information. Filters do not
generally create a response or respond to a request as servlets do,
rather they modify or
The Apache Struts group is pleased to announce that Struts 2.3.4.1 is
available as a General Availability release. The GA designation is
our highest quality grade.
Apache Struts 2 is an elegant, extensible framework for creating
enterprise-ready Java web applications. The framework is designed to
Please remember that the HTTP session is not synchronized. Thus, using the
session.put is a critical method. Most likely, what you really want to do is
counter = session.get(counter);
counter.increment (or incrementAndGet)
In this way you ensure exactly the same object is accessed and incremted /
Chad,
so far not too mcuh discussion has happened on improved OSGI support in
future Struts 2 versions. But as always, someone needs to kick things
off and share ideas :)
That said, you might want to consider moving this discussion over to
dev@struts.a.o, which is the better place for talking
Hi Emi,
see inline
On 24.01.12 21:29, Emi Lu wrote:
Thank you everyone!
The problem is fixed.
ognl3.0.4 is a must and can be the only ognl jar!
The following are some background info:
==
. struts2.3.1.1 allows ognl3.0.2.jar +
+1, all the way
On 24.01.12 18:24, Wes Wannemacher wrote:
I have nothing but good things to say about IntelliJ IDEA's Struts 2
support... I have not used Struts 1 in a while, but I can tell you
that I really appreciate the following features:
1. It is aware that class files are Actions
The Apache Struts Team likes to inform you that the Struts 2.0 branch has
reached it's end of life and is no longer supported. All users of Struts
2.0.14 or earlier Struts 2 versions are strongly advised to update their
existing applications to Struts 2.3.x.
Struts 2.0.14 was for some time
Forwarded on behalf of the Travel Assistance Committee:
Hi All,
Just a friendly (and final) reminder that applications for financial
help to attend ApacheCon NA 2011 in Vancouver close this coming Friday
8th July (2200 BST : UTC+1)
Financial assistance is available for Travel (planes, trains,
The Apache Software Foundation (ASF)'s Travel Assistance Committee (TAC)
is now accepting applications for ApacheCon North America 2011, 7-11
November in Vancouver BC, Canada.
The TAC is seeking individuals from the Apache community at-large
--users, developers, educators, students, Committers,
Sorry, postings can not be deleted - that's the nature of a mailing list.
On 18.05.11 22:54, Alexandru wrote:
I kindly ask all the moderators to delete this and previous message that came
from this account.
Thank you in advance!!
--
René Gielen
http://twitter.com/rgielen
Hi,
in addition to what others said:
On 18.05.11 02:57, prashid wrote:
Hi,
I am new to Java but learning it fast. I have been working in ASP.NET C# for
a long time now. Just want to learn Java EE.
Just started Strut2 reading online material. Took lots of time to configure
Netbeans 7 to
Problem:
A security vulnerability affecting all versions of Struts 2 before
Struts 2.2.3 has been reported by Dr. Marian Ventuneac (Genworth). The
vulnerability allows an attacker to inject malicious client side
Javascript code in Struts 2 based applications that have Dynamic Method
The Apache Struts group is pleased to announce that Struts 2.2.1 is
available as a General Availability release. The GA designation is our
highest quality grade.
Apache Struts 2 is an elegant, extensible framework for creating
enterprise-ready Java web applications. The framework is designed to
Hi Greg,
the thing about ModelDriven is that the model object gets pushed on the
value stack _before_ your action method is executed. To initialize the
model object before the ModelDrivenInterceptor comes into play, just
implement Preparable and do your initialization in prepare() (as Lukasz
or spring documentation about
CRUD
association between two entities on the same jsp page.
best regards
bruno
--
From: Rene Gielen gie...@it-neering.net
Sent: Wednesday, March 31, 2010 7:12 PM
To: Struts Users Mailing List user
Hi,
see
http://struts.apache.org/2.1.8.1/docs/formatting-dates-and-numbers.html
It is important to know that Struts 2 has always a locale context
request for each request, which affects both formating and parsing dates
and numbers. The request locale is determined as follows:
1. Request
Hi,
(copied from an earlier thread on numbers)
see
http://struts.apache.org/2.1.8.1/docs/formatting-dates-and-numbers.html
It is important to know that Struts 2 has always a locale context
request for each request, which affects both formating and parsing dates
and numbers. The request locale
it
automatically.
On Wed, Mar 31, 2010 at 7:21 AM, Rene Gielen gie...@it-neering.net wrote:
Hi,
(copied from an earlier thread on numbers)
see
http://struts.apache.org/2.1.8.1/docs/formatting-dates-and-numbers.html
It is important to know that Struts 2 has always a locale context
I'm not sure if I understand what your actual question is, nor whether
it is particularly Struts 2 related (rather than just Hibernate) - but
you might want to have a look in the CRUD demo section of the Struts 2
showcase application. Maybe you will also find this demo useful:
The main downside is that you will have nothing injected into your
action by the time the constructor code is executed. Also, the params
interceptor (as others placed before preparable) should not have taken
any effects when action is instantiated.
Another advantage of the prepare interceptor is
Filed https://issues.apache.org/struts/browse/WW-3121
Added better error message with hint to disable class reloading.
Correct fix needs addtional XWork work, will check tomorrow.
Musachy Barroso schrieb:
to add to what Lukasz said, don't rely too much on the reloading class
loader which is
http://struts.apache.org/2.1.6/docs/formatting-dates-and-numbers.html
Jon Pearson schrieb:
Right, but I don't want to specify the format explicitely, since it should
depend on the localization of the browser. But when I don't specify it, I don't
get the time included in the output. Is there a
You should consider to have a look into the paramsPrepareParams pattern
(see struts-default.xml for a brief description) and to write and use a
TransactionInterceptor. The latter one gives you the same cross cutting
TX approach you want from your @Transational annotation, but in addition
to
http://struts.apache.org/2.1.6/docs/tabular-inputs.html
cm132005 schrieb:
s:form action=Example.do method=post
couple of fields and buttons/
couple of fields and buttons/
s:iterator id=aVO value=listAVOs
s:property value=aId/
s:hidden name=aId /
s:property
Probably the biggest European Java conference, Devoxx (formerly known as
Javapolis) is happening next week in Antwerp, Belgium.
At least two Struts2 developers, namely Rainer Hermanns and me, will be
attending. Are any Struts2 users also attending? If yes, how about
scheduling an informal
The Apache Struts group is pleased to announce that Struts 2.0.14 is
available as a General Availability release. The GA designation is our
highest quality grade.
Apache Struts 2 is an elegant, extensible framework for creating
enterprise-ready Java web applications. The framework is designed to
Due to a lack of internet connection, Rainer will not be able to do a
xwork release before monday. As soon as we have it out, a 2.0.14 build
will follow.
Musachy Barroso schrieb:
We don't have a full 2.0.14 build yet, we will provide a snapshot of
xwork(or you can build it yourself, it is not
The release notes at
http://cwiki.apache.org/confluence/display/WW/Release+Notes+2.0.12
point to the closed issues for that release:
https://issues.apache.org/struts/secure/ReleaseNote.jspa?projectId=10030styleName=Htmlversion=21870
The issue you are looking for is
David,
the latest problem with conversion errors not being copied to the safe
stack is fixed in xwork svn, and we need it to be released before we
could promote a 2.0.14 build.
For now, you could check out the current xwork 2.0.x branch and build a
jar which you could use as a drop in
The Apache Struts group is pleased to announce that Struts 2.0.12 is
available as a General Availability release. The GA designation is our
highest quality grade.
Apache Struts 2 is an elegant, extensible framework for creating
enterprise-ready Java web applications. The framework is designed to
Apache Struts 2.0.11.2 is now available from
http://struts.apache.org/download.cgi#struts20112.
This release is a fast track security fix release, including a security
fixed version 2.0.5 of XWork, which corrects a serious vulnerability in
ParametersInterceptor allowing malicious users to
Rene Gielen schrieb:
You might want to read here:
http://struts.apache.org/2.x/docs/formatting-dates-and-numbers.html
Cheers,
Rene
akinss wrote:
I'm trying to use a textfield tag for date input. I need to format this
in
the form dd/MM/ HH:mm:ss
The teaxtfield tag formats
s:url value=%{getText('anon.page.home.banner')}/
should do the trick.
JM schrieb:
Greetings,
I want to get the text of an url from a resource bundle. I have the
following test snippet from a jsp:
s:text name=anon.page.home.banner id=test1/
ol
litest: s:url
Try to provide an id for the s:form tag
Andvar Woo schrieb:
When I try to use s:doubleselect/ ,it does not work.
below is a segment of the exception thrown
Expression parameters.formName is undefined on line 76, column 43 in
template/simple/doubleselect.ftl.
The problematic instruction:
,
It sounds you are are saying that there IS a way, using this
s:doubleselct Correct?
Rene Gielen wrote:
Indeed there is no way without Javascript. The s2 tag Skip is searching
for is
http://cwiki.apache.org/confluence/display/WW/doubleselect
Zoran Avtarovski schrieb:
Any solution has
You might want to read here:
http://cwiki.apache.org/confluence/display/WW/RestfulActionMapper
http://cwiki.apache.org/confluence/display/WW/Zero+Configuration
http://cwiki.apache.org/confluence/display/WW/Codebehind+Plugin
Brian Mc schrieb:
I want to be able to send this URL:
Indeed there is no way without Javascript. The s2 tag Skip is searching
for is
http://cwiki.apache.org/confluence/display/WW/doubleselect
Zoran Avtarovski schrieb:
Any solution has to be javascript based. The question is wether you want a
server side visit or not. And that is dependant on how
Session,
please make sure your read (at least) the following chapters carefully:
http://struts.apache.org/2.x/docs/crud-demo-i.html
http://struts.apache.org/2.x/docs/type-conversion.html
After that, it would be quite good to have a look into the showcase app
distributed with struts2. Most of
commands, e-mail: [EMAIL PROTECTED]
--
Rene Gielen | http://it-neering.net/
Aachen | PGP-ID: BECB785A
Germany | gielen at it-neering.net
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL
Could it be that you are looking for I18nInterceptor?
http://struts.apache.org/2.x/docs/i18n-interceptor.html
Ray Clough schrieb:
The first page of my app is a Login page. Every other page is correctly
localized, because the app gets the user's preferred locale from a DB, and
Struts handles
Nils, I love you for that :)
It was on my wishlist for so long, but I never found the time to get
into it.
Cheers,
Rene
Nils-Helge Garli schrieb:
I think I've managed to get all the steps written down:
http://portletwork.blogspot.com/2007/07/mvnjetty-and-portlets.html
Also, I took a struts
I pretty much like the webfx stuff:
http://webfx.eae.net/
They recently changed their license from GPL to ASL2, so no licensing
issues here.
Note: one of my what-i-would-do-if-i-only-had-time-list point was
encapsulating the webfx menu stuff into some s2 tags...
Regards,
Rene
James Holmes
Since entering a NAN value for a number property should result in
conversion errors, you might want to checkout this:
http://cwiki.apache.org/confluence/display/WW/conversion+validator
Richard Sayre schrieb:
Is there a way to use the XML validation to check to see if a field is
a number? I
You are right, there is no bundled BigDecimal related validator in
place, but it should be quite easy to implement (eg. extend
FieldValidatorSupport). For registering, see
http://cwiki.apache.org/confluence/display/WW/Validation
BTW, is it really validation you are searching for, or is it
You should definitely have a look into the struts2-jasperreports-plugin
- both for checking out how to write own results and evaluating if you
might want to use jasper over FOP, since full s2 result support is
already available for jasper.
The plugin is part of the struts2 source distribution.
You can place your jsps in the WEB-INF directory. They will be
accessible for the Struts request dispatcher then, but not by direct
user call.
M.Liang Liu schrieb:
I just would like to block users to get to the login.jsp through the
url:http://somedomain.com/login.jsp.
Instead,users can login
Yes. I use this for years now , works perfect
M.Liang Liu schrieb:
Sounds good.
My friend said that spring mvc prefer this style.
How can I deal with the *result* mapping then ?
thanks.
Rene Gielen wrote:
You can place your jsps in the WEB-INF directory. They will be
accessible
If you look into the resulting html source rendered from your page, you
will notice a dojo.event.connect javascript call for the form submit
event (originated at
struts2-core/src/main/resource/template/simple/form-close.ftl).
You can use this kind of event model yourself for the onclick events of
. The interceptors
parameters given in struts.xml are only set once per instance, which
means that there are no thread safety issues with interceptor instance
variables.
HTH,
Rene
Rene Gielen schrieb:
Uahhh,
thanks for pointing out this information, I was way to fast to reply on
the said
with Rene's finding, as I am sure
others will also find this unclear and concerning.
Thank you again!
-Original Message-
From: Rene Gielen [mailto:[EMAIL PROTECTED]
Sent: Tuesday, July 10, 2007 2:38 AM
To: Struts Users Mailing List
Subject: Re: [S2] Interceptor Question (Thread Safety
[...]
[this] means that there are no thread safety issues
*of the discussed kind* with interceptor instance variables.
[...]
should have been clear from the discussion context, but thanks for
further clarification :)
Dave Newton schrieb:
--- Rene Gielen [EMAIL PROTECTED] wrote:
[this] means
Safety
Interceptors must be thread-safe!
A Struts 2 Action instance is created for every request and do not need
to be thread-safe. Conversely, Interceptors are shared between requests
and must be thread-safe.
-Original Message-
From: Rene Gielen [mailto:[EMAIL PROTECTED]
Sent
. Thank you. Premier Inc.
--
Rene Gielen | http://it-neering.net/
Aachen | PGP-ID: BECB785A
Germany | gielen at it-neering.net
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL
is always null after submit no matter what I do.
I've done nothing special in the struts config files to desginate that this
property is an array. Could that be it?
Thanks
Mike
--
Rene Gielen | http://it-neering.net/
Aachen | PGP-ID: BECB785A
Germany | gielen at it-neering.net
and be alerted to new email wherever you're surfing.
http://new.toolbar.yahoo.com/toolbar/features/mail/index.php
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
--
Rene Gielen
Bill Johnson schrieb:
I'm having the same problem and it appears to be
because the default theme is requiring DOJO to
automatically select all the select options before
submitting the form. I'm not sure if there is a JIRA
bug opened for this or not, but there probably should
be. The default
With s2, you can do tabular forms quite elegantly. Although the page
needs some updates (will try to get on this the next days), the basic
principle is shown here:
http://cwiki.apache.org/confluence/display/WW/Tabular+inputs
You might want to make sure you understand type conversion principles
Ken,
there is no problem at all since s2 interceptor instances, as well as
action instances, are created per ActionInvokation, which means they are
always operated in a single thread.
Regards,
Rene
Hoying, Ken schrieb:
From what I understand from reading the documentation, interceptors are
On Thu, 3 May 2007 22:29:26 -0700 (PDT), Struts2 Fan [EMAIL PROTECTED] wrote:
Yes I checked them. I didn't write any validation for these fields. Struts
2
controls double, int, date fields and if they are not valid it writes the
message Invalid field value for field property.intValue . I
Forgot to mention:
http://struts.apache.org/2.x/docs/type-conversion.html
at the very end ...
Am Fr, 4.05.2007, 12:14, schrieb Rene Gielen:
On Thu, 3 May 2007 22:29:26 -0700 (PDT), Struts2 Fan
[EMAIL PROTECTED] wrote:
Yes I checked them. I didn't write any validation for these fields
Maybe this is the option you are searching for:
struts.xml:
---
action name=action1 class=acme.Action1
result${targetUrl}/result
/action
in your acme.Action1 class:
---
String targetUrl;
public String getTargetUrl() {
return this.targetUrl;
}
public
Maybe this is the option you are searching for:
struts.xml:
---
action name=action1 class=acme.Action1
result${targetUrl}/result
/action
in your acme.Action1 class:
---
String targetUrl;
public String getTargetUrl() {
return this.targetUrl;
}
public
85 matches
Mail list logo