These are the notes for the Struts 2.5.12 distribution.
For prior notes in this release series, see Version Notes 2.5.10.1
- If you are a Maven user, you might want to get started using the Maven Archetype.
<dependency> <groupId>org.apache.struts</groupId> <artifactId>struts2-core</artifactId> <version>2.5.12</version> </dependency>
You can also use Struts Archetype Catalog like below
mvn archetype:generate -DarchetypeCatalog=http://struts.apache.org/
<repositories> <repository> <id>apache.nexus</id> <name>ASF Nexus Staging</name> <url>https://repository.apache.org/content/groups/staging/</url> </repository> </repositories>
Internal Changes
- Possible DoS attack when using URLValidator, see S2-047
- A DoS attack is available for Spring secured actions, see S2-049
Bug
- [WW-3171] - "double" and "Double" are not validated with the same decimal séparator
- [WW-3357] - ognl.MethodFailedException when you do not enter a value for a field mapped to an int.
- [WW-3650] - Double Value Conversion with requestLocale=de
- [WW-3659] - strange behavior of s:a tag with s:include tag inside
- [WW-3905] - The TextProvider injection in ActionSupport isn't quite integrated into the framework's core DI
- [WW-4105] - Struts2 raise java.lang.ClassCastException when Result type is chain
- [WW-4472] - @InputConfig annotation is not working when integrating with spring aop
- [WW-4528] - ChainingInterceptor does not handle lists correctly for excludes and includes
- [WW-4578] - Validators do not work for multiple values
- [WW-4581] - BigDecimal are not converted according context locale
- [WW-4663] - NullPointerException when displaying a form without action attribute
- [WW-4665] - Struts2 JSR286 Portlet fileupload not working
- [WW-4694] - AnnotationWorkflowInterceptor doesn't work with spring proxied action
- [WW-4736] - Upgrade to Log4j2 version 2.8
- [WW-4737] - Array-of-null parameters are converted to arrays containing "null"
- [WW-4739] - <s:reset> tag does not properly interpret the attribute tabindex
- [WW-4740] - NullPointer in com.opensymphony.xwork2.ActionSupport.getLocale
- [WW-4741] - Http Sessions forcefully created for all requests using I18nInterceptor with default Storage value.
- [WW-4746] - cssErrorClass attribute has no effect on label tag
- [WW-4747] - s:file generates input tag with "value" attribute
- [WW-4750] - Why JSONValidationInterceptor return Status Code 400 BAD_REQUEST instead of 200 SUCCESS
- [WW-4758] - @autowired does not work since Struts 2.3.28.1
- [WW-4772] - Convention Plugin can't use ${message}
- [WW-4773] - Mixed content https to http when upgraded to 2.3.32 or 2.5.10.1
- [WW-4774] - Upgrding Struts 2.3.1 to 2.5.10.1 - Redirect issues HTTPS to HTTP
- [WW-4775] - Action class Attributes(value stack) is not getting populated through Ajax url request parms
- [WW-4784] - <s:url tag is not working after Struts 2.5.10.1 migration
- [WW-4786] - Upgrade from struts2-tiles3-plugin to struts2-tiles-plugin gives a NoSuchDefinitionException
- [WW-4788] - Parameters which are added via ServletDispatcherResult aren't availabe in #parameters
- [WW-4790] - struts 2.5.10.1 upgrade cause more frequent garbage collection
- [WW-4794] - Subreport call "Caused by: java.lang.ClassCastException: org.apache.struts2.views.jasperreports.ValueStackDataSource cannot be cast to java.util.Collection"
- [WW-4800] - Aspects are not executed when chaining AOPed actions
- [WW-4801] - Duplicate hidden input field checkboxListHandler
- [WW-4804] - inputtransferselect does not auto-select its elements
- [WW-4810] - Calling empty locale
Improvement
- [WW-1534] - The value of checkbox getted in server-side is "false" when no any checkbox been selected.
- [WW-3924] - refactor file upload framework
- [WW-3952] - creditCard validator available in Struts 1 missing in Struts 2
- [WW-4149] - No easy way to have an empty interceptor stack if have default stack
- [WW-4210] - @TypeConversion converter attribut to class
- [WW-4714] - Convert LocalizedTextUtil into a bean with default implementation
- [WW-4743] - NPE in StrutsTilesContainerFactory when resource isn't found
- [WW-4744] - AnnotationWorkflowInterceptor should supports non-public annotated methods
- [WW-4748] - Upgrade commons-lang3 to 3.5
- [WW-4749] - Buffer/Flush behaviour in FreemarkerResult
- [WW-4751] - Struts2 should know and consider config time class of user's Actions
- [WW-4752] - getters of exclude-sets in OgnlUtil should return immutable collections
- [WW-4753] - Make DelegatingValidatorContext injectable
- [WW-4754] - Mark site-graph plugin as deprecated
- [WW-4756] - Use TextProviderFactory instead of TextProvider as bean's dependency
- [WW-4757] - Create LocaleProviderFactory and uses instead of LocaleProvider
- [WW-4761] - Improve error logging in DefaultDispatcherErrorHandler
- [WW-4762] - DefaultLocalizedTextProvider refactoring
- [WW-4764] - Make jakarta-stream multipart parser more extensbile
- [WW-4767] - Make Multipart parsers more extensible
- [WW-4768] - Add proper validation if request is a multipart request
- [WW-4769] - Make SecurityMethodAccess excluded classes & packages definitions immutable
- [WW-4771] - minor typos in confluence page "security.html"
- [WW-4780] - Upgrade to Log4j2 2.8.2
- [WW-4785] - Allow disable file upload support via an configurable option
- [WW-4787] - TestCase XWorkMapPropertyAccessorTest should be moved to src/test/java
- [WW-4791] - Stop using DefaultLocalizedTextProvider#localeFromString static util method
- [WW-4793] - Don't add JBossFileManager as a possible FileManager when not on JBoss
- [WW-4795] - There is no @LongRangeFieldValidator annotation to support LongRangeFieldValidator
- [WW-4805] - At least a DoS attack is available for Spring secured actions
- [WW-4809] - Upgrade to commons-lang 3.6
- [WW-4812] - Update commons-fileupload
New Feature
- [WW-3399] - JCR(JSR-170) Struts2 plugin
This version contains a new conversion logic which is Locale
aware and can affect your application when you are using some uncommon solutions. One of these is to use a number literals
in Freemarker template. In such case Freemarker treats them as numbers (as BigDecimal
s) and Struts logic converts them to a string with decimal zero, see the example below:
<@s.textfield name="userId" value=35/>
this snippet will produce the following Html control:
<input type="text" name="userId" value="35.0"/>
To resolves this problem you must add quotes around the value:
<@s.textfield name="userId" value="35"/>
This is due how Freemarker treats a number literals.
Issue Detail