These are the notes for the Struts 2.3.28 distribution.
For prior notes in this release series, see Version Notes 2.3.20
- If you are a Maven user, you might want to get started using the Maven Archetype.
- Another quick-start entry point is the blank application. Rename and deploy the WAR as a starting point for your own development.
- There is huge number of examples you can also use as a starting point for you application here
You can also use Struts Archetype Catalog like below
- Possible XSS vulnerability in pages not using UTF-8 was fixed, read more details in S2-028
- Prevents possible RCE when reusing user input in tag's attributes, see more details in S2-029
I18NInterceptornarrows selected locale to those available in JVM to reduce possibility of another XSS vulnerability, see more details in S2-030
Configurationprovidertype was introduced - ServletContextAwareConfigurationProvider, see WW-4410
- Setting status code in
HttpHeadersisn't ignored anymore, see WW-4545
BeanPostProcessor(s)are called only once to constructed objects., see WW-4554
- OGNL was upgraded to version 3.0.13, see WW-4562
- Tiles 2 Plugin was upgraded to latest available Tiles 2 version, see WW-4568
- A dedicated assembly with minimal set of jars was defined, see WW-4570
- Struts2 Rest plugin properly handles JSESSIONID with DMI, see WW-4585
- Improved the Struts2 Rest plugin to honor Accept header, see WW-4588
MessageStoreInterceptorwas refactored to use
PreResultListenerto store messages, see WW-4605
- A new annotation was added to support configuring Tiles -
@TilesDefinition, see WW-4606
- and many other small improvements, please see the release notes