Child pages
  • Version Notes 2.3.34
Skip to end of metadata
Go to start of metadata

(tick) These are the notes for the Struts 2.3.34 distribution.

(tick) For prior notes in this release series, see Version Notes 2.3.33

  • If you are a Maven user, you might want to get started using the Maven Archetype.
  • Another quick-start entry point is the blank application. Rename and deploy the WAR as a starting point for your own development.
  • There is huge number of examples you can also use as a starting point for you application here
Maven Dependency

You can also use Struts Archetype Catalog like below

Struts Archetype Catalog
Staging Repository

Internal Changes

  • (warning) A regular expression Denial of Service when using URLValidator (similar to S2-044 & S2-047), see S2-050
  • (warning) A remote attacker may create a DoS attack by sending crafted xml request when using the Struts REST plugin, see S2-051
  • (warning) Possible Remote Code Execution attack when using the Struts REST plugin with XStream handler to handle XML payloads, see S2-052
  • (warning) A possible Remote Code Execution attack when using an unintentional expression in Freemarker tag instead of string literals, see S2-053

Bug

  • [WW-4176] - Struts2 JSON Plugin: Send Map with Strings as Key to JSON Action is ignored, Numeric Keys will work and mapped
  • [WW-4817] - Threads get blocked due to unnecessary synchronization in OgnlRuntime

Dependency

  • [WW-4832] - Upgrade to OGNL 3.0.21
  • [WW-4844] - Upgrade to struts-master 11

Improvement

  • [WW-4834] - Improve RegEx used to validate URLs

 

This release contains fixes related to S2-050, S2-051, S2-052 and S2-053 - please read them carefully!

Issue Detail

Issue List

Other resources



  • No labels