These are the notes for the Struts version 6.4.0 distribution.
For prior notes in this release series, see Version Notes 6.3.0.2
Maven users
If you are a Maven user, you might want to get started using the Maven Archetype.
Maven Dependency
<dependency> <groupId>org.apache.struts</groupId> <artifactId>struts2-core</artifactId> <version>6.4.0</version> </dependency>
You can also use Struts Archetype Catalog like below
Struts Archetype Catalog
mvn archetype:generate -DarchetypeCatalog=http://struts.apache.org/
Internal changes
This version uses Caffeine, which "is a high performance, near optimal caching library" that implements the W-TinyLfu algorithm. More details can be found in WW-5355 and PR #766
Bug
- [WW-5192] - Radio tag not setting enum key values
- [WW-5319] - StrutsUtils is not defined in validation.js
- [WW-5357] - Struts anchor tag doesn't support "disabled" even though docs indicate it does
- [WW-5365] - Radio tag does not support value objects of type Boolean when setting the default value
- [WW-5373] - CspReportAction JavaDoc wrong
- [WW-5382] - Stale configuration persists after configuration reload
- [WW-5387] - ApplicationMap.remove does not remove the entry from the ServletContext
- [WW-5392] - Tiles-Plugin unable to load tiles definition XML if the file names are specified with wild char
- [WW-5396] - Javatemplates s:file shows server/file location
- [WW-5403] - Struts 2.5 to 6.x migration issues caused by removal of deprecated code within a minor release
New Feature
- [WW-5402] - Auto loading the Tiles definition files from the classpath dependent JAR
Improvement
- [WW-5225] - add accessor to the original filename into JakartaMultiPartRequest & MultiPartRequestWrapper
- [WW-5328] - Removes deprecated methods from SecurityMemberAccess & MemberAccessValueStack
- [WW-5333] - Refactor AttributeMap
- [WW-5338] - Remove deprecated OgnlTool
- [WW-5339] - Mitigate against custom class ASTMap node construction
- [WW-5340] - Introduce optional AST node exclusion list
- [WW-5341] - Ensure exclusion list applies to objects from all ClassLoaders
- [WW-5342] - Block classes in default package
- [WW-5343] - Make SecurityMemberAccess extensible and a prototype bean
- [WW-5346] - CDI Plugin: Replace deprecated BeanManager::createInjectionTarget
- [WW-5348] - Allow overriding of logging behaviour in DefaultAcceptedPatternsChecker
- [WW-5349] - Remove core dependency on ognl.ASTVarRef
- [WW-5350] - Implement optional strict class/package allowlist for OGNL
- [WW-5352] - Implement annotation mechanism for injectable fields via parameters
- [WW-5354] - Add actionErrors, actionMessages, fieldErrors to parameter excluded patterns
- [WW-5355] - Integrate and use WTLFU cache by default
- [WW-5358] - Expand exclusion list
- [WW-5359] - Improved the StrutsUrlDecoder so that charset retrieval is performed only once
- [WW-5360] - Struts 2 and JDK 17 numbers of iterator tag when using different locale
- [WW-5362] - Remove type attribute out of <s:script/> tag
- [WW-5363] - Look up Stack last in Velocity context
- [WW-5364] - Automatically populate OGNL allowlist
- [WW-5369] - Re-define a minimal library set for Struts 6.x
- [WW-5370] - Make HttpParameters case-insensitive
- [WW-5371] - Use action based callback to transfer information about uploaded files
- [WW-5374] - CspInterceptor reportUri with context
- [WW-5377] - trouble with Struts tags nested within <s:script> one
- [WW-5378] - Add option to not fallback to context lookup when finding value in OgnlValueStack
- [WW-5379] - Implement alternative mechanism for Velocity directives to obtain stack
- [WW-5381] - Introduce extension points for CompoundRootAccessor and MethodAccessor
- [WW-5383] - Exclude JAR files by default when scanning for actions on JDK9+
- [WW-5391] - Add interface for VelocityManager extension point
- [WW-5401] - Adds more logging statements around validating and accepting MultiPartRequest
Task
- [WW-5394] - Use request encoding in rest plugin
Dependency
- [WW-5344] - Un-deprecate the Sitemesh plugin and upgrade Sitemesh to ver. 2.5.0
- [WW-5347] - Upgrade to commons-digester3 version 3.2
- [WW-5389] - Upgrade Log4j to version 2.21.1
- [WW-5395] - Upgrade commons-logging:commons-logging from 1.2 to 1.3.0
- [WW-5397] - Upgrade net.sf.jasperreports:jasperreports from 6.20.6 to 6.21.0
- [WW-5398] - Upgrade commons-validator:commons-validator from 1.6 to 1.8.0
- [WW-5399] - Upgrade org.apache.commons:commons-compress from 1.25.0 to 1.26.0
- [WW-5404] - Bump log4j2.version from 2.21.1 to 2.23.1