Child pages
  • Version Notes 2.3.28
Skip to end of metadata
Go to start of metadata

(tick) These are the notes for the Struts 2.3.28 distribution.

(tick) For prior notes in this release series, see Version Notes 2.3.20

  • If you are a Maven user, you might want to get started using the Maven Archetype.
  • Another quick-start entry point is the blank application. Rename and deploy the WAR as a starting point for your own development.
  • There is huge number of examples you can also use as a starting point for you application here
Maven Dependency

You can also use Struts Archetype Catalog like below

Struts Archetype Catalog
mvn archetype:generate -DarchetypeCatalog=
Staging Repository
    <name>ASF Nexus Staging</name>

Internal Changes

  • (warning) Possible XSS vulnerability in pages not using UTF-8 was fixed, read more details in S2-028
  • (warning) Prevents possible RCE when reusing user input in tag's attributes, see more details in S2-029
  • (warning) I18NInterceptor narrows selected locale to those available in JVM to reduce possibility of another XSS vulnerability, see more details in S2-030
  • New Configurationprovider type was introduced - ServletContextAwareConfigurationProvider, see WW-4410
  • Setting status code in HttpHeaders isn't ignored anymore, see WW-4545
  • Spring BeanPostProcessor(s) are called only once to constructed objects., see WW-4554
  • OGNL was upgraded to version 3.0.13, see WW-4562
  • Tiles 2 Plugin was upgraded to latest available Tiles 2 version, see WW-4568
  • A dedicated assembly with minimal set of jars was defined, see WW-4570
  • Struts2 Rest plugin properly handles JSESSIONID with DMI, see WW-4585
  • Improved the Struts2 Rest plugin to honor Accept header, see WW-4588
  • MessageStoreInterceptor was refactored to use PreResultListener to store messages, see WW-4605
  • A new annotation was added to support configuring Tiles - @TilesDefinition, see WW-4606
  • and many other small improvements, please see the release notes


This release contains fix related to S2-028, S2-029 and S2-030 security bulletins, please read it carefully!

Issue Detail

Issue List

Other resources

  • No labels