These are the notes for the Struts 2.3.24 distribution.
For prior notes in this release series, see Version Notes 2.3.20
- If you are a Maven user, you might want to get started using the Maven Archetype.
- Another quick-start entry point is the blank application. Rename and deploy the WAR as a starting point for your own development.
You can also use Struts Archetype Catalog like below
- fixed flow in
DefaultActionInvocationand when using the Convention Plugin, see WW-4433
- defined new plugin to support Java 8, check Java 8 Support Plugin and see WW-4435
- fixed problem with
styleattribute, see WW-4430
- fixed problem with converting values from
ActionContext, see WW-4427
- converters are again applied to values coming from the context, see WW-4427
struts.ognl.allowStaticMethodAccessworks again, see WW-4429
- fixed memory leak in CDI plugin, see WW-4441
- fixed problem with hidden field which silently drops 'label' attribute, see WW-4447
- fixed parameters encoding in
ServletRedirectActionbefore checking for valid URI, see WW-4448
css_xhtmlhidden input adding table row markup, see WW-4454
- FreeMarker was upgraded to the latest available version - 2.3.22, see WW-4484 - which means you can enable incompatible improvements
- support for Log4j2 was added, see WW-4492
- and many other improvements, please check the version notes
Please read information about new internal security mechanism introduced with the previous version and extended in this version!
This version moves all excluded parameters from
DefaultExcludedPatternsChecker.java - if you cannot migrate to the latest version it's highly recommendated to re-define
struts-default.xml to this one below (or any other which is used in your application and drop
and define the following constant in