These are the notes for the Struts 22.214.171.124 distribution.
For prior notes in this release series, see Version Notes 2.3.1
- If you are a Maven user, you might want to get started using the Maven Archetype.
- Another quick-start entry point is the blank application. Rename and deploy the WAR as a starting point for your own development.
You can also use Struts Archetype Catalog like below
- Strict DMI mode was improved and now it should work correctly, you can find more details here
- Default acceptedParamNames were updated to more restrictive values to solve security vulnerabilities in ParameterInterceptor - support for param names with withe spaces was dropped! Also a new configuration was added to CookieInterceptor call acceptCookieNames to prevent remote code execution with cookies. There is a security weaknesses in DebuggingInterceptor as a wanted feature in Development Mode, which anyway should not be used it in a production environment!