Version Notes 2.5.14.1

These are the notes for the Struts 2.5.14.1 distribution.

For prior notes in this release series, see Version Notes 2.5.14

If you are a Maven user, you might want to get started using the Maven Archetype.

Maven Dependency

<dependency>
  <groupId>org.apache.struts</groupId>
  <artifactId>struts2-core</artifactId>
  <version>2.5.14.1</version>
</dependency>

You can also use Struts Archetype Catalog like below

Struts Archetype Catalog

mvn archetype:generate -DarchetypeCatalog=http://struts.apache.org/

Staging Repository

<repositories>
  <repository>
    <id>apache.nexus</id>
    <name>ASF Nexus Staging</name>
    <url>https://repository.apache.org/content/groups/staging/</url>
  </repository>
</repositories>

Internal Changes

A crafted JSON request can be used to perform a DoS attack when using the Struts REST plugin, see S2-054
Vulnerability in the Jackson JSON library, see S2-055

Improvement

[WW-4892] - Use Jackson handler to handle JSON by default

Dependency

[WW-4893] - Upgrade Jackson to version 2.9.2

This release contains fixes related to S2-054 and S2-055 - please read them carefully!

Issue Detail

JIRA Release Notes 2.5.14.1

Issue List

Other resources

Child pages