These are the notes for the Struts version 6.56.0 distribution.
For prior notes in this release series, see Version Notes 6.4.0
Table of Contents |
---|
Maven users
If you are a Maven user, you might want to get started using the Maven Archetype.
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
<dependency> <groupId>org.apache.struts</groupId> <artifactId>struts2-core</artifactId> <version>6.56.0</version> </dependency> |
...
Code Block | ||||
---|---|---|---|---|
| ||||
mvn archetype:generate -DarchetypeCatalog=http://struts.apache.org/ |
Internal changes
Improved security by updating OGNL member access criteria, see WW-5417 and extending SecurityMemberAccess proxy detection to Hibernate proxies, see WW-5407
Bug
- [WW-5060] - Struts 2 Rest Plugin Conversion Issue
- [WW-5310] - s:url does not handle equal sign correctly
- [WW-5406] - Action excluded patterns are not updated following a configuration reload
- [WW-5414] - AfterInvocation of BackgroundProcess is not called when an exception occurs when using ExecuteAndWaitInterceptor
- [WW-5415] - Struts2 Validator is failing in OGNL with constructor call
- [WW-5417] - Update OGNL member access criteria
- [WW-5418] - Forbid Enums and Jasper classes
- [WW-5419] - Autoloading of tiles.xml fails in Struts-6.4.0
- [WW-5422] - I18nInterceptor and invalid locale
- [WW-5424] - ClassCastException with tag "set" when variable name has length=1
- [WW-5436] - Select tag NOT working when using list of org.apache.commons.beanutils.LazyDynaBean
- [WW-5437] - EnvsValueSubstitutor ignores Environment variables if default value is present
Improvement
- [WW-5250] - Address TODO in DefaultActionValidatorManagerTest
- [WW-5400] - CSP interceptor only allows very limited configuration
- [WW-5407] - Extend SecurityMemberAccess proxy detection to Hibernate proxies
- [WW-5408] - Add option to NOT fallback to empty namespace when unresolved
- [WW-5409] - Introduce final attribute to package elements which makes them unextendable
- [WW-5412] - Upgrade to Apache Struts Master 15
- [WW-5428] - Allowlist capability should resolve Hibernate proxies when disableProxyObjects is not set
- [WW-5429] - Log parameter annotation issues at ERROR level when in DevMode
- [WW-5431] - Mark as deprecated unused constants in FreemarkerManager
- [WW-5432] - Replace ClassTemplateLoader with WebappClassTemplateLoader
- [WW-5439] - Fix and clean up DevMode excluded class configuration
- [WW-5442] - Enforce allowlist for OgnlReflectionProvider
Dependency
- [WW-5420] - Upgrade commons-text to ver. 1.12.0
- [WW-5421] - Upgrade ASM to version 9.7
- [WW-5425] - Bump jackson.version from 2.16.1 to 2.17.1
- [WW-5426] - Upgrade Apache FreeMarker to version 2.3.33
- [WW-5434] - Bump commons-validator:commons-validator from 1.8.0 to 1.9.0
- [WW-5435] - Bump org.apache.felix:org.apache.felix.main from 6.0.3 to 7.0.5
- [WW-5441] - Bump net.sf.jasperreports:jasperreports from 6.21.0 to 6.21.3
- [WW-5443] - Bump Spring dependencies from 5.3.31 to 5.3.37
Issue Detail
Issue List
Other resources
...