These are the notes for the Struts 126.96.36.199 distribution.
For prior notes in this release series, see Version Notes 188.8.131.52
- If you are a Maven user, you might want to get started using the Maven Archetype.
- Another quick-start entry point is the blank application. Rename and deploy the WAR as a starting point for your own development.
- There is huge number of examples you can also use as a starting point for you application here
<dependency> <groupId>org.apache.struts</groupId> <artifactId>struts2-core</artifactId> <version>184.108.40.206</version> </dependency>
You can also use Struts Archetype Catalog like below
Struts Archetype Catalog
mvn archetype:generate -DarchetypeCatalog=http://struts.apache.org/
<repositories> <repository> <id>apache.nexus</id> <name>ASF Nexus Staging</name> <url>https://repository.apache.org/content/groups/staging/</url> </repository> </repositories>
- Forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution, read more details in S2-029
- Possible RCE vulnerability in
XSLTResultwas fixed, read more details in S2-031
- Prevents execution of chained expressions based on new
isSequenceflag introduce in appropriated OGNL versions, it's related to S2-032