Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

(tick) These are the notes for the Struts 2.3.24.2 3 distribution.

(tick) For prior notes in this release series, see Version Notes 2.3.24.1

...

Code Block
xml
xml
titleMaven Dependency
<dependency>
  <groupId>org.apache.struts</groupId>
  <artifactId>struts2-core</artifactId>
  <version>2.3.24.2<3</version>
</dependency>

You can also use Struts Archetype Catalog like below

...

Code Block
xml
xml
titleStaging Repository
<repositories>
  <repository>
    <id>apache.nexus</id>
    <name>ASF Nexus Staging</name>
    <url>https://repository.apache.org/content/groups/staging/</url>
  </repository>
</repositories>

Internal Changes

  • (warning) Forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution, read more details in S2-029
  • (warning) Possible RCE vulnerability in XSLTResult was fixed, read more details in S2-031
  • (warning) Prevents execution of chained expressions based on new isSequence flag introduce in appropriated OGNL versions, it's related to S2-032

Note

This release contains fixes related to S2-029, S2-031 and S2-032 security bulletins, please read them carefully!

Issue Detail

Issue List

Other resources

...