(tick) These are the notes for the Struts version 7.0.0-M7 distribution.

(tick) For prior notes in this release series, see Version Notes 6.4.0

Maven users

If you are a Maven user, you might want to get started using the Maven Archetype.

Maven Dependency
<dependency>
  <groupId>org.apache.struts</groupId>
  <artifactId>struts2-core</artifactId>
  <version>7.0.0-M7</version>
</dependency>

You can also use Struts Archetype Catalog like below

Struts Archetype Catalog
mvn archetype:generate -DarchetypeCatalog=http://struts.apache.org/
Staging Repository
<repositories>
  <repository>
    <id>apache.nexus</id>
    <name>ASF Nexus Staging</name>
    <url>https://repository.apache.org/content/groups/staging/</url>
  </repository>
</repositories>

Internal Changes

  • Java 17 is used as minimal supported version
  • Migrated to JakartaEE
  • Stronger security options

Improvement

  • [WW-5406] Ensure Action excluded patterns are reinjected
  • [WW-5407] Extend SecurityMemberAccess proxy detection to other proxies
  • [WW-5408] add option to not fallback to empty namespace when unresolved
  • [WW-5406] Fix injection order issue for excluded patterns
  • [WW-5409] introduce final attribute to package element which make them unextendable
  • [WW-5417] bump ognl version to fix security issue
  • [WW-5418] Forbid Enums and Jasper classes
  • [WW-5353] Stronger security defaults for 7.0
  • [WW-5421] Bump asm.version from 9.6 to 9.7
  • [WW-5420] Upgrades commons-text to ver. 1.12.0
  • [WW-5419] Fixes support for loading Tiles definitions
  • [WW-5400] Extend default configuration options for the CSP interceptor
  • [WW-5422] Fixes support for trimable locale string in request
  • [WW-5414] Always call afterInvocation even in case of exception
  • [WW-5415] Fixes accessing public constructors via expression
  • [WW-5425] Bump jackson.version from 2.16.1 to 2.17.1
  • [WW-5426] Bump org.freemarker:freemarker from 2.3.32 to 2.3.33
  • [WW-5424] Fixes ClassCastException when using short var name in s:set tag
  • [WW-5412] Upgrades struts-master to ver 15
  • [WW-5423] Fixes returning null instead of empty array in case of non-existing param
  • [WW-5400] Simplifies how CspSettings is created
  • [WW-5250] Addresses TODO in test and stops using Mock Objects

Other resources