Child pages
  • Version Notes 2.5.12
Skip to end of metadata
Go to start of metadata

(tick) These are the notes for the Struts 2.5.12 distribution.

(tick) For prior notes in this release series, see Version Notes

  • If you are a Maven user, you might want to get started using the Maven Archetype.
Maven Dependency

You can also use Struts Archetype Catalog like below

Struts Archetype Catalog
mvn archetype:generate -DarchetypeCatalog=
Staging Repository
    <name>ASF Nexus Staging</name>

Internal Changes

  • (warning) Possible DoS attack when using URLValidator, see S2-047
  • (warning) A DoS attack is available for Spring secured actions, see S2-049
  • Bug

    • [WW-3171] - "double" and "Double" are not validated with the same decimal séparator
    • [WW-3357] - ognl.MethodFailedException when you do not enter a value for a field mapped to an int.
    • [WW-3650] - Double Value Conversion with requestLocale=de
    • [WW-3659] - strange behavior of s:a tag with s:include tag inside
    • [WW-3905] - The TextProvider injection in ActionSupport isn't quite integrated into the framework's core DI
    • [WW-4105] - Struts2 raise java.lang.ClassCastException when Result type is chain
    • [WW-4472] - @InputConfig annotation is not working when integrating with spring aop
    • [WW-4528] - ChainingInterceptor does not handle lists correctly for excludes and includes
    • [WW-4578] - Validators do not work for multiple values
    • [WW-4581] - BigDecimal are not converted according context locale
    • [WW-4663] - NullPointerException when displaying a form without action attribute
    • [WW-4665] - Struts2 JSR286 Portlet fileupload not working
    • [WW-4694] - AnnotationWorkflowInterceptor doesn't work with spring proxied action
    • [WW-4736] - Upgrade to Log4j2 version 2.8
    • [WW-4737] - Array-of-null parameters are converted to arrays containing "null"
    • [WW-4739] - <s:reset> tag does not properly interpret the attribute tabindex
    • [WW-4740] - NullPointer in com.opensymphony.xwork2.ActionSupport.getLocale
    • [WW-4741] - Http Sessions forcefully created for all requests using I18nInterceptor with default Storage value.
    • [WW-4746] - cssErrorClass attribute has no effect on label tag
    • [WW-4747] - s:file generates input tag with "value" attribute
    • [WW-4750] - Why JSONValidationInterceptor return Status Code 400 BAD_REQUEST instead of 200 SUCCESS
    • [WW-4758] - @autowired does not work since Struts
    • [WW-4772] - Convention Plugin can't use ${message}
    • [WW-4773] - Mixed content https to http when upgraded to 2.3.32 or
    • [WW-4774] - Upgrding Struts 2.3.1 to - Redirect issues HTTPS to HTTP
    • [WW-4775] - Action class Attributes(value stack) is not getting populated through Ajax url request parms
    • [WW-4784] - <s:url tag is not working after Struts migration
    • [WW-4786] - Upgrade from struts2-tiles3-plugin to struts2-tiles-plugin gives a NoSuchDefinitionException
    • [WW-4788] - Parameters which are added via ServletDispatcherResult aren't availabe in #parameters
    • [WW-4790] - struts upgrade cause more frequent garbage collection
    • [WW-4794] - Subreport call "Caused by: java.lang.ClassCastException: org.apache.struts2.views.jasperreports.ValueStackDataSource cannot be cast to java.util.Collection"
    • [WW-4800] - Aspects are not executed when chaining AOPed actions
    • [WW-4801] - Duplicate hidden input field checkboxListHandler
    • [WW-4804] - inputtransferselect does not auto-select its elements
    • [WW-4810] - Calling empty locale


    • [WW-1534] - The value of checkbox getted in server-side is "false" when no any checkbox been selected.
    • [WW-3924] - refactor file upload framework
    • [WW-3952] - creditCard validator available in Struts 1 missing in Struts 2
    • [WW-4149] - No easy way to have an empty interceptor stack if have default stack
    • [WW-4210] - @TypeConversion converter attribut to class
    • [WW-4714] - Convert LocalizedTextUtil into a bean with default implementation
    • [WW-4743] - NPE in StrutsTilesContainerFactory when resource isn't found
    • [WW-4744] - AnnotationWorkflowInterceptor should supports non-public annotated methods
    • [WW-4748] - Upgrade commons-lang3 to 3.5
    • [WW-4749] - Buffer/Flush behaviour in FreemarkerResult
    • [WW-4751] - Struts2 should know and consider config time class of user's Actions
    • [WW-4752] - getters of exclude-sets in OgnlUtil should return immutable collections
    • [WW-4753] - Make DelegatingValidatorContext injectable
    • [WW-4754] - Mark site-graph plugin as deprecated
    • [WW-4756] - Use TextProviderFactory instead of TextProvider as bean's dependency
    • [WW-4757] - Create LocaleProviderFactory and uses instead of LocaleProvider
    • [WW-4761] - Improve error logging in DefaultDispatcherErrorHandler
    • [WW-4762] - DefaultLocalizedTextProvider refactoring
    • [WW-4764] - Make jakarta-stream multipart parser more extensbile
    • [WW-4767] - Make Multipart parsers more extensible
    • [WW-4768] - Add proper validation if request is a multipart request
    • [WW-4769] - Make SecurityMethodAccess excluded classes & packages definitions immutable
    • [WW-4771] - minor typos in confluence page "security.html"
    • [WW-4780] - Upgrade to Log4j2 2.8.2
    • [WW-4785] - Allow disable file upload support via an configurable option
    • [WW-4787] - TestCase XWorkMapPropertyAccessorTest should be moved to src/test/java
    • [WW-4791] - Stop using DefaultLocalizedTextProvider#localeFromString static util method
    • [WW-4793] - Don't add JBossFileManager as a possible FileManager when not on JBoss
    • [WW-4795] - There is no @LongRangeFieldValidator annotation to support LongRangeFieldValidator
    • [WW-4805] - At least a DoS attack is available for Spring secured actions
    • [WW-4809] - Upgrade to commons-lang 3.6
    • [WW-4812] - Update commons-fileupload

    New Feature

    • [WW-3399] - JCR(JSR-170) Struts2 plugin


This release contains fixes related to S2-047 and S2-049, please read them carefully!

This version contains a new conversion logic which is Locale aware and can affect your application when you are using some uncommon solutions. One of these is to use a number literals in Freemarker template. In such case Freemarker treats them as numbers (as BigDecimals) and Struts logic converts them to a string with decimal zero, see the example below:

<@s.textfield name="userId" value=35/>

this snippet will produce the following Html control:

<input type="text" name="userId" value="35.0"/>

To resolves this problem you must add quotes around the value:

<@s.textfield name="userId" value="35"/>

This is due how Freemarker treats a number literals.


Issue Detail

Issue List

Other resources