(tick) These are the notes for the Struts 2.5.22 distribution.

(tick) For prior notes in this release series, see Version Notes 2.5.20

  • If you are a Maven user, you might want to get started using the Maven Archetype.
Maven Dependency
<dependency>
  <groupId>org.apache.struts</groupId>
  <artifactId>struts2-core</artifactId>
  <version>2.5.22</version>
</dependency>

You can also use Struts Archetype Catalog like below

Struts Archetype Catalog
mvn archetype:generate -DarchetypeCatalog=http://struts.apache.org/
Staging Repository
<repositories>
  <repository>
    <id>apache.nexus</id>
    <name>ASF Nexus Staging</name>
    <url>https://repository.apache.org/content/groups/staging/</url>
  </repository>
</repositories>

Internal Changes

Please be aware of new security enhancements added to the version of Struts, they are disabled by default but please consider enabling them to increase safety of you application. You will find more details in our Security Guide.

Bug

  • [WW-4958] - File upload fails from certain clients
  • [WW-4991] - Not existing property in listValueKey throws exception
  • [WW-4999] - Can't get OgnlValueStack log even if enable logMissingProperties
  • [WW-5004] - No more calling of a static variable in Struts 2.8.20 available
  • [WW-5006] - NullPointerException in ProxyUtil class when accessing static member
  • [WW-5009] - EmptyStackException in JSON plugin due to concurrency
  • [WW-5011] - Tiles bug when parsing file:// URLs including # as part of the URL
  • [WW-5013] - Accessing static variable via OGNL returns nothing
  • [WW-5024] - HttpParameters.Builder can wrap objects in two layers of Parameters
  • [WW-5025] - Binding Integer Array upon form submission
  • [WW-5026] - Double-submit of TokenSessionStoreInterceptor broken since 2.5.16
  • [WW-5027] - xerces tries to load resources from the internet
  • [WW-5028] - Dispatcher prints stacktraces directly to the console
  • [WW-5029] - The content allowed-methods tag of the XML configuration is sometimes truncated
  • [WW-5031] - OGNL: An illegal reflective access operation has occurred
  • [WW-5040] - java.lang.reflect.InvocationTargetException - Class: com.opensymphony.xwork2.inject.ContainerImpl$ConstructorInjector

New Feature

  • [WW-5005] - Struts2 convention plugin lacks Java 11 support

Improvement

  • [WW-5023] - Upgrade SLF4J to latest 1.7.x version
  • [WW-5034] - Minor enhancement/fix to AbstractLocalizedTextProvider
  • [WW-5035] - Provide mechanism to clear OgnlUtil caches

Task

  • [WW-5015] - Struts 2 unit testing using StrutTestCase class

Dependency

  • [WW-5007] - Upgrade Jackson library to the latest version
  • [WW-5008] - Upgrade to OGNL version 3.1.22
  • [WW-5033] - Update a few Struts 2.5.x libraries to more recent versions
  • [WW-5037] - Upgrade commons-beanutils to version 1.9.4
  • [WW-5038] - Upgrade jackson-databind to version 2.9.9.3
  • [WW-5041] - Upgrade to OGNL 3.1.26 and adapt to its new features

Issue Detail

Issue List

Other resources