Child pages
  • Version Notes
Skip to end of metadata
Go to start of metadata

(tick) These are the notes for the Struts distribution.

(tick) For prior notes in this release series, see Version Notes 2.3.1

  • If you are a Maven user, you might want to get started using the Maven Archetype.
  • Another quick-start entry point is the blank application. Rename and deploy the WAR as a starting point for your own development.
Maven Dependency

You can also use Struts Archetype Catalog like below

Struts Archetype Catalog
mvn archetype:generate -DarchetypeCatalog=
Staging Repository
    <name>ASF Nexus Staging</name>

Internal Changes

  • Strict DMI mode was improved and now it should work correctly, you can find more details here
  • Default acceptedParamNames were updated to more restrictive values to solve security vulnerabilities in ParameterInterceptor - support for param names with withe spaces was dropped! Also a new configuration was added to CookieInterceptor call acceptCookieNames to prevent remote code execution with cookies. There is a security weaknesses in DebuggingInterceptor as a wanted feature in Development Mode, which anyway should not be used it in a production environment!

Issue Detail

Issue List

Other resources

  • No labels