...
Struts 7.x.x requires a servlet container which supports Jakarta Servlet API 6 at least, it won't work with older versions.
Stronger security
The following constants have changed to increase the overall security of the framework. These are breaking changes, and can stop your application:
| Code Block |
|---|
struts.ognl.allowStaticFieldAccess=false
struts.ognl.expressionMaxLength=150
struts.disallowDefaultPackageAccess=true
struts.disallowProxyMemberAccess=true
struts.parameters.requireAnnotations=true
struts.ognl.disallowCustomOgnlMap=true
struts.allowlist.enable=true |
Please read more details in OGNL Member Access and Struts OGNL Guard.
New constants
| Constant name | Description |
|---|---|
...