DUE TO SPAM, SIGN-UP IS DISABLED. Goto Selfserve wiki signup and request an account.
These are the notes for the Struts version 6.8.0 distribution.
For prior notes in this release series, see Version Notes 6.7.4
Maven users
If you are a Maven user, you might want to get started using the Maven Archetype.
Maven Dependency
<dependency> <groupId>org.apache.struts</groupId> <artifactId>struts2-core</artifactId> <version>6.8.0</version> </dependency>
You can also use Struts Archetype Catalog like below
Struts Archetype Catalog
mvn archetype:generate -DarchetypeCatalog=http://struts.apache.org/
Breaking changes
- A new mechanism has been introduced to configure CSP Nonce, see WW-5504.
- Improved excluded name patterns which should be more strict, see WW-5501.
Bug
- [WW-5494] - Using struts2.ActionSupport instead of xwork2.ActionSupport cause interceptors stack corrupted
- [WW-5504] - CSP Nonce changes within a page
- [WW-5523] - StrutsPrepareAndExecuteFilter, wrappedRequest or request when no action mapping is found?
- [WW-5524] - Dependency injection not working in custom StrutsTypeConverter(s)
- [WW-5528] - Multipart uploads with invalid characters in file or field name are silently dropped
- [WW-5542] - Encoding issue in javascript included in JSPs
- [WW-5546] - NPE in AbstractFileUploadInterceptor
- [WW-5559] - NotSerializableException: com.opensymphony.xwork2.conversion.impl.ConversionData
Improvement
- [WW-5501] - Exclude malicious names
- [WW-5511] - Remove deprecated CspSettings#addCspHeaders()
- [WW-5513] - Struts 6.4.0 performance issue in jdk 21
- [WW-5544] - Mark org.apache.struts2.util.reflection.ReflectionContextFactory
Dependency
- [WW-5564] - Upgrade commons-fileupload to version 1.6.0
- [WW-5567] - Bump log4j2.version from 2.24.1 to 2.25.1
- [WW-5568] - Bump jackson.version from 2.18.0 to 2.20.0
- [WW-5570] - Bump org.apache.commons:commons-collections4 from 4.4 to 4.5.0
- [WW-5571] - Bump org.apache.commons:commons-compress from 1.27.1 to 1.28.0