Child pages
  • Version Notes 2.3.20.3
Skip to end of metadata
Go to start of metadata

(tick) These are the notes for the Struts 2.3.20.3 distribution.

(tick) For prior notes in this release series, see Version Notes 2.3.20.1

  • If you are a Maven user, you might want to get started using the Maven Archetype.
  • Another quick-start entry point is the blank application. Rename and deploy the WAR as a starting point for your own development.
  • There is huge number of examples you can also use as a starting point for you application here
Maven Dependency
<dependency>
  <groupId>org.apache.struts</groupId>
  <artifactId>struts2-core</artifactId>
  <version>2.3.20.3</version>
</dependency>

You can also use Struts Archetype Catalog like below

Struts Archetype Catalog
mvn archetype:generate -DarchetypeCatalog=http://struts.apache.org/
Staging Repository
<repositories>
  <repository>
    <id>apache.nexus</id>
    <name>ASF Nexus Staging</name>
    <url>https://repository.apache.org/content/groups/staging/</url>
  </repository>
</repositories>

Internal Changes

  • (warning) Forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution, read more details in S2-029
  • (warning) Possible RCE vulnerability in XSLTResult was fixed, read more details in S2-031
  • (warning) Prevents execution of chained expressions based on new isSequence flag introduce in appropriated OGNL versions, it's related to S2-032

This release contains fixes related to S2-029, S2-031 and S2-032 security bulletins, please read them carefully!

Issue Detail

Issue List

Other resources



  • No labels