These are the notes for the Struts 2.3.24.2 3 distribution.
For prior notes in this release series, see Version Notes 2.3.24.1
...
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
<dependency> <groupId>org.apache.struts</groupId> <artifactId>struts2-core</artifactId> <version>2.3.24.2<3</version> </dependency> |
You can also use Struts Archetype Catalog like below
...
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
<repositories> <repository> <id>apache.nexus</id> <name>ASF Nexus Staging</name> <url>https://repository.apache.org/content/groups/staging/</url> </repository> </repositories> |
Internal Changes
- Forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution, read more details in S2-029
- Possible RCE vulnerability in
XSLTResult
was fixed, read more details in S2-031 - Prevents execution of chained expressions based on new
isSequence
flag introduce in appropriated OGNL versions, it's related to S2-032
Note |
---|
This release contains fixes related to S2-029, S2-031 and S2-032 security bulletins, please read them carefully! |
Issue Detail
Issue List
Other resources
...