These are the notes for the Struts 2.5.28.2 distribution.
For prior notes in this release series, see Version Notes 2.5.28.1
- If you are a Maven user, you might want to get started using the Maven Archetype.
Maven Dependency
<dependency> <groupId>org.apache.struts</groupId> <artifactId>struts2-core</artifactId> <version>2.5.28.2</version> </dependency>
You can also use Struts Archetype Catalog like below
Struts Archetype Catalog
mvn archetype:generate -DarchetypeCatalog=http://struts.apache.org/
Staging Repository
<repositories> <repository> <id>apache.nexus</id> <name>ASF Nexus Staging</name> <url>https://repository.apache.org/content/groups/staging/</url> </repository> </repositories>
Internal Changes
- Log4j has been upgrade to version 2.12.3 to address security vulnerability CVE-2021-45105, more details can be found on the Log4j page.
Please note, that the Apache Struts itself depends on the log4j-api
package only, it's users' responsibility to use a proper version of the log4j-core
package!