Hi, for cases like yours a new librariy has been created: "Struts 2 Secure Jakarta Multipart parser plugin".
With that you can fix recent security issue in your app with your current version of struts. That buys you more time to do migration or refactoring necessary to upgrade struts. http://struts.apache.org/download.cgi#struts-extras https://github.com/apache/struts-extras Regards, Christoph > From: "Gopal, Siva Prakash (US - Mechanicsburg)" <sigo...@deloitte.com> > To: "user@struts.apache.org" <user@struts.apache.org>, > Date: 24.03.2017 04:49 > Subject: Re: RE: Struts upgrade issue > > Hi All, > > > we have identified issues between radio button generation under > RadioHandler.java under struts2-javatemplates-plugin-2.3.20 and > struts2-javatemplates-plugin-2.3.32 > > struts2-javatemplates-plugin-2.3.20 > ------------------------------------------------ > for(Iterator itt = MakeIterator.convert(listObj); itt.hasNext(); stack.pop()) > { > Object item = itt.next(); > stack.push(item); > Object itemKey = findValue(listKey == null ? "top" : listKey); > String itemKeyStr = StringUtils.defaultString(itemKey != null ? > itemKey.toString() : null); > Object itemValue = findValue(listValue == null ? "top" : listValue); > String itemValueStr = StringUtils.defaultString(itemValue != null ? > itemValue.toString() : null); > String id = (new StringBuilder()).append(params.get("id")).append > (itemKeyStr).toString(); > Here id is generated by appending with key value > > struts2-javatemplates-plugin-2.3.32 > ------------------------------------------------- > for(Iterator itt = MakeIterator.convert(listObj); itt.hasNext(); stack.pop()) > { > Object item = itt.next(); > stack.push(item); > Object itemKey = findValue(listKey == null ? "top" : listKey); > String itemKeyStr = StringUtils.defaultString(itemKey != null ? > itemKey.toString() : null); > Object itemValue = findValue(listValue == null ? "top" : listValue); > String itemValueStr = StringUtils.defaultString(itemValue != null ? > itemValue.toString() : null); > String id = (new StringBuilder()).append(params.get("id")).append > (Integer.toString(cnt++)).toString(); > Here id is generated by appending with count of list items > > Because of these changes, we need to modify the jsp/javascription > function in all our application. > > if we are not upgrading to next struts 2.3.20 (using struts2- > javatemplates-plugin-2.3.20 along with strut2-cord 2.3.32 version) > > we are getting below error > > Caused by: java.lang.NoSuchMethodError: org/apache/struts2/util/ > ComponentUtils.isExpression(Ljava/lang/Object;)Z > at > org.apache.struts2.views.java.simple.DynamicAttributesHandler.processDynamicAttributes > (DynamicAttributesHandler.java:48) > at > org.apache.struts2.views.java.simple.DynamicAttributesHandler.start > (DynamicAttributesHandler.java:41) > > Do we have any alternate option to resolve this issue > > > Thanks, > Siva > > This message (including any attachments) contains confidential > information intended for a specific individual and purpose, and is > protected by law. If you are not the intended recipient, you should > delete this message and any disclosure, copying, or distribution of > this message, or the taking of any action based on it, by you is > strictly prohibited. > > v.E.1 This Email was scanned by Sophos Anti Virus
