These are the notes for the Struts 2.3.29 distribution.
For prior notes in this release series, see Version Notes 18.104.22.168
- If you are a Maven user, you might want to get started using the Maven Archetype.
- Another quick-start entry point is the blank application. Rename and deploy the WAR as a starting point for your own development.
- There is huge number of examples you can also use as a starting point for you application here
You can also use Struts Archetype Catalog like below
- Action name clean up is error prone S2-035
- Forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution (similar to S2-029) S2-036
- Remote Code Execution can be performed when using REST Plugin S2-037
- It is possible to bypass token validation and perform a CSRF attack S2-038
- Getter as action method leads to security bypass S2-039
- Input validation bypass using existing default action method S2-040
- Possible DoS attack when using URLValidator S2-041
- [WW-4608] - Json result type breaks
- [WW-4618] - MessageStorePreResultListener doesn't store messages for 3rd-party RedirectResult subclasses
- [WW-4622] - [struts2-tiles-plugin] [2.3.28] [StrutsWildcardServletTilesApplicationContext] getRealPath
- [WW-4623] - Multiple tiles.xml in web.xml
- [WW-4624] - New Tiles version can not find tiles*.xml files in sub-directories
- [WW-4626] - EmailValidator flags .cat emails as invalid
- [WW-4627] - Struts2 JSON Plugin: messages in fieldsErrors are serialized twice since jdk1.7_80
- [WW-4629] - Tile definition Inheritance/overriding is broken in Struts2 tiles plugin 2.3.28+
- [WW-4630] - <s:submit> generates a value attribute for type=image which violates W3C
- [WW-4633] - ClassCastException while generating report using Struts 2.3.28 and jasperreports 4.5.1