These are the notes for the Struts 2.3.35 distribution.
For prior notes in this release series, see Version Notes 2.3.34
- If you are a Maven user, you might want to get started using the Maven Archetype.
- Another quick-start entry point is the blank application. Rename and deploy the WAR as a starting point for your own development.
- There is huge number of examples you can also use as a starting point for you application here
Maven Dependency
<dependency> <groupId>org.apache.struts</groupId> <artifactId>struts2-core</artifactId> <version>2.3.35</version> </dependency>
You can also use Struts Archetype Catalog like below
Struts Archetype Catalog
mvn archetype:generate -DarchetypeCatalog=http://struts.apache.org/
Staging Repository
<repositories>
<repository>
<id>apache.nexus</id>
<name>ASF Nexus Staging</name>
<url>https://repository.apache.org/content/groups/staging/</url>
</repository>
</repositories>
Internal Changes
Possible Remote Code Execution when using results with no namespace and in same time, its upper action(s) have no or wildcard namespace. Same possibility when using url tag which doesn’t have value and action set, see S2-057- Critical overall proactive security improvements
Dependency
- [WW-4949] - Upgrade freemarker to 2.3.28
This release contains critical overall proactive security improvements in addition to fixes related to S2-057 (please read it carefully also!).