These are the notes for the Struts 2.5.30 distribution.
For prior notes in this release series, see Version Notes 2.5.29
- If you are a Maven user, you might want to get started using the Maven Archetype.
You can also use Struts Archetype Catalog like below
Yasser's PR has been merged which contains a fix to double evaluation security vulnerability - it should solve any future attack vectors, yet it can impact your application if you have been depending on double evaluation.
How to test
- Run all your app tests, you shouldn't see any WARN log like below:
Expression [so-and-so] isn't allowed by pattern [so-and-so]! See Accepted / Excluded patterns at
- See if following components are still functioning correctly regarding java-scripts:
forms with client side validations
- Check also
JasperReportResultsif they are still working as expected.
- [WW-5170] - Upgrade Jackson-Core to version 2.10.5 and Jackson-Databind to 126.96.36.199
- [WW-5172] - Upgrade freemarker to 2.3.31