Child pages
  • Version Notes 2.5.13
Skip to end of metadata
Go to start of metadata

(tick) These are the notes for the Struts 2.5.13 distribution.

(tick) For prior notes in this release series, see Version Notes 2.5.12

  • If you are a Maven user, you might want to get started using the Maven Archetype.
Maven Dependency

You can also use Struts Archetype Catalog like below

Struts Archetype Catalog
Staging Repository

Internal Changes

  • (warning) A regular expression Denial of Service when using URLValidator (similar to S2-044 & S2-047), see S2-050
  • (warning) A remote attacker may create a DoS attack by sending crafted xml request when using the Struts REST plugin, see S2-051
  • (warning) Possible Remote Code Execution attack when using the Struts REST plugin with XStream handler to handle XML payloads, see S2-052

Bug

  • [WW-4176] - Struts2 JSON Plugin: Send Map with Strings as Key to JSON Action is ignored, Numeric Keys will work and mapped
  • [WW-4813] - NP with TextProvider and wildcardmapping
  • [WW-4817] - Threads get blocked due to unnecessary synchronization in OgnlRuntime
  • [WW-4818] - Default Multipart validation regex is invalid
  • [WW-4827] - Not fully initialized ObjectFactory tries to create beans
  • [WW-4828] - http://struts.apache.org/dtds/struts-2.5.dtd missing
  • [WW-4829] - Set a global resource bundle in class
  • [WW-4830] - Override TextProvider doesnot work in struts 2.5.12
  • [WW-4831] - Array-of-null parameters are converted to string "null"
  • [WW-4839] - JakartaStreamMultiPartRequest Should Honor "struts.multipart.maxSize"
  • [WW-4840] - Build Fails Due to Unused com.sun Import
  • [WW-4841] - Struts2.5.12 - NPE in DeligatingValidatorContext
  • [WW-4842] - Struts 2 Fails to Initialize with JRebel

Improvement

  • [WW-4808] - Allow define more than one Action suffix
  • [WW-4823] - Remove jQuery from debugging interceptor views
  • [WW-4824] - update dependencies page on the struts site
  • [WW-4834] - Improve RegEx used to validate URLs
  • [WW-4835] - Make REST ContentHandlers configurable
  • [WW-4838] - expose Freemarker incompatible_improvements into FreemarkerManager and StrutsBeansWrapper

Dependency

  • [WW-4819] - Upgrade Commons Collections to 3.2.2
  • [WW-4821] - Upgrade Commons IO to 2.5
  • [WW-4826] - Upgrade to ASM version 5.2
  • [WW-4833] - Upgrade to OGNL 3.1.15
  • [WW-4836] - Upgrade xstream to the latest version
  • [WW-4844] - Upgrade to struts-master 11

 

This release contains fixes related to S2-050, S2-051 and S2-052 - please read them carefully!

 

Issue Detail

Issue List

Other resources