Child pages
  • Version Notes 2.5.13
Skip to end of metadata
Go to start of metadata

(tick) These are the notes for the Struts 2.5.13 distribution.

(tick) For prior notes in this release series, see Version Notes 2.5.12

  • If you are a Maven user, you might want to get started using the Maven Archetype.
Maven Dependency

You can also use Struts Archetype Catalog like below

Struts Archetype Catalog
mvn archetype:generate -DarchetypeCatalog=
Staging Repository
    <name>ASF Nexus Staging</name>

Internal Changes

  • (warning) A regular expression Denial of Service when using URLValidator (similar to S2-044 & S2-047), see S2-050
  • (warning) A remote attacker may create a DoS attack by sending crafted xml request when using the Struts REST plugin, see S2-051
  • (warning) Possible Remote Code Execution attack when using the Struts REST plugin with XStream handler to handle XML payloads, see S2-052


  • [WW-4176] - Struts2 JSON Plugin: Send Map with Strings as Key to JSON Action is ignored, Numeric Keys will work and mapped
  • [WW-4813] - NP with TextProvider and wildcardmapping
  • [WW-4817] - Threads get blocked due to unnecessary synchronization in OgnlRuntime
  • [WW-4818] - Default Multipart validation regex is invalid
  • [WW-4827] - Not fully initialized ObjectFactory tries to create beans
  • [WW-4828] - missing
  • [WW-4829] - Set a global resource bundle in class
  • [WW-4830] - Override TextProvider doesnot work in struts 2.5.12
  • [WW-4831] - Array-of-null parameters are converted to string "null"
  • [WW-4839] - JakartaStreamMultiPartRequest Should Honor "struts.multipart.maxSize"
  • [WW-4840] - Build Fails Due to Unused com.sun Import
  • [WW-4841] - Struts2.5.12 - NPE in DeligatingValidatorContext
  • [WW-4842] - Struts 2 Fails to Initialize with JRebel


  • [WW-4808] - Allow define more than one Action suffix
  • [WW-4823] - Remove jQuery from debugging interceptor views
  • [WW-4824] - update dependencies page on the struts site
  • [WW-4834] - Improve RegEx used to validate URLs
  • [WW-4835] - Make REST ContentHandlers configurable
  • [WW-4838] - expose Freemarker incompatible_improvements into FreemarkerManager and StrutsBeansWrapper


  • [WW-4819] - Upgrade Commons Collections to 3.2.2
  • [WW-4821] - Upgrade Commons IO to 2.5
  • [WW-4826] - Upgrade to ASM version 5.2
  • [WW-4833] - Upgrade to OGNL 3.1.15
  • [WW-4836] - Upgrade xstream to the latest version
  • [WW-4844] - Upgrade to struts-master 11


This release contains fixes related to S2-050, S2-051 and S2-052 - please read them carefully!


Issue Detail

Issue List

Other resources