These are the notes for the Struts 2.3.29 distribution.
For prior notes in this release series, see Version Notes 2.3.28.1
- If you are a Maven user, you might want to get started using the Maven Archetype.
- Another quick-start entry point is the blank application. Rename and deploy the WAR as a starting point for your own development.
- There is huge number of examples you can also use as a starting point for you application here
Maven Dependency
<dependency> <groupId>org.apache.struts</groupId> <artifactId>struts2-core</artifactId> <version>2.3.29</version> </dependency>
You can also use Struts Archetype Catalog like below
Struts Archetype Catalog
mvn archetype:generate -DarchetypeCatalog=http://struts.apache.org/
Staging Repository
<repositories> <repository> <id>apache.nexus</id> <name>ASF Nexus Staging</name> <url>https://repository.apache.org/content/groups/staging/</url> </repository> </repositories>
Internal Changes
Action name clean up is error prone S2-035
Forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution (similar to S2-029) S2-036
Remote Code Execution can be performed when using REST Plugin S2-037
It is possible to bypass token validation and perform a CSRF attack S2-038
Getter as action method leads to security bypass S2-039
Input validation bypass using existing default action method S2-040
Possible DoS attack when using URLValidator S2-041
- [WW-4608] - Json result type breaks
- [WW-4618] - MessageStorePreResultListener doesn't store messages for 3rd-party RedirectResult subclasses
- [WW-4622] - [struts2-tiles-plugin] [2.3.28] [StrutsWildcardServletTilesApplicationContext] getRealPath
- [WW-4623] - Multiple tiles.xml in web.xml
- [WW-4624] - New Tiles version can not find tiles*.xml files in sub-directories
- [WW-4626] - EmailValidator flags .cat emails as invalid
- [WW-4627] - Struts2 JSON Plugin: messages in fieldsErrors are serialized twice since jdk1.7_80
- [WW-4629] - Tile definition Inheritance/overriding is broken in Struts2 tiles plugin 2.3.28+
- [WW-4630] - <s:submit> generates a value attribute for type=image which violates W3C
- [WW-4633] - ClassCastException while generating report using Struts 2.3.28 and jasperreports 4.5.1