This Confluence has been LDAP enabled, if you are an ASF Committer, please use your LDAP Credentials to login. Any problems file an INFRA jira ticket please.

Child pages
  • Version Notes 2.3.33

Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


  • (warning) Possible RCE in the Struts Showcase app in the Struts 1 plugin example in Struts 2.3.x series, see S2-048
  • (warning) A DoS attack is available for Spring secured actions, see S2-049
  • Bug

    • [WW-4735] - EmailValidator does not accept new domain suffixes
    • [WW-4770] - Revision number still missing from dojo.js and dojo.js.uncompressed.js
    • [WW-4802] - Strange Behavior Parsing Action Requests


    • [WW-4805] - At least a DoS attack is available for Spring secured actions



This release contains a fix fixes related to S2-048 and S2-049, please read them carefully!