Child pages
  • Version Notes 2.3.29
Skip to end of metadata
Go to start of metadata

(tick) These are the notes for the Struts 2.3.29 distribution.

(tick) For prior notes in this release series, see Version Notes

  • If you are a Maven user, you might want to get started using the Maven Archetype.
  • Another quick-start entry point is the blank application. Rename and deploy the WAR as a starting point for your own development.
  • There is huge number of examples you can also use as a starting point for you application here
Maven Dependency

You can also use Struts Archetype Catalog like below

Struts Archetype Catalog
mvn archetype:generate -DarchetypeCatalog=
Staging Repository
    <name>ASF Nexus Staging</name>

Internal Changes

  • (warning) Action name clean up is error prone S2-035
  • (warning) Forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution (similar to S2-029) S2-036
  • (warning) Remote Code Execution can be performed when using REST Plugin S2-037
  • (warning) It is possible to bypass token validation and perform a CSRF attack S2-038
  • (warning) Getter as action method leads to security bypass S2-039
  • (warning) Input validation bypass using existing default action method S2-040
  • (warning) Possible DoS attack when using URLValidator S2-041
  • [WW-4608] - Json result type breaks
  • [WW-4618] - MessageStorePreResultListener doesn't store messages for 3rd-party RedirectResult subclasses
  • [WW-4622] - [struts2-tiles-plugin] [2.3.28] [StrutsWildcardServletTilesApplicationContext] getRealPath
  • [WW-4623] - Multiple tiles.xml in web.xml
  • [WW-4624] - New Tiles version can not find tiles*.xml files in sub-directories
  • [WW-4626] - EmailValidator flags .cat emails as invalid
  • [WW-4627] - Struts2 JSON Plugin: messages in fieldsErrors are serialized twice since jdk1.7_80
  • [WW-4629] - Tile definition Inheritance/overriding is broken in Struts2 tiles plugin 2.3.28+
  • [WW-4630] - <s:submit> generates a value attribute for type=image which violates W3C
  • [WW-4633] - ClassCastException while generating report using Struts 2.3.28 and jasperreports 4.5.1


This release contains fixe related to S2-035S2-036, S2-037, S2-038, S2-039, S2-040 and S2-041 security bulletins, please read it carefully!

Issue Detail

Issue List

Other resources

  • No labels