These are the notes for the Struts 2.3.21 24 distribution.
For prior notes in this release series, see Version Notes 2.3.20
- If you are a Maven user, you might want to get started using the Maven Archetype.
- Another quick-start entry point is the blank application. Rename and deploy the WAR as a starting point for your own development.
Code Block |
---|
| xml |
---|
| xml |
---|
title | Maven Dependencyxml |
---|
|
<dependency>
<groupId>org.apache.struts</groupId>
<artifactId>struts2-core</artifactId>
<version>2.3.21<24</version>
</dependency>
|
You can also use Struts Archetype Catalog like below
Code Block |
---|
language | text |
---|
title | Struts Archetype Catalog |
---|
|
mvn archetype:generate -DarchetypeCatalog=http://struts.apache.org/ |
Code Block |
---|
| xml |
---|
| xml |
---|
title | Staging Repository | xml |
---|
|
<repositories>
<repository>
<id>apache.nexus</id>
<name>ASF Nexus Staging</name>
<url>https://repository.apache.org/content/groups/staging/</url>
</repository>
</repositories> |
Internal Changes
- fixed fixed flow in
DefaultActionInvocation
and when using the Convention Plugin, see Jira |
---|
server | Issues |
---|
key | WW-4433 - defined defined new plugin to support Java 8, check Java 8 Support Plugin and
Jira |
---|
server | Issues |
---|
key | and see WW-4435 - fixed problem with
style
attribute, see Jira |
---|
server | Issues |
---|
key | see WW-4430 - fixed problem with converting values from
ActionContext
, see WW-4427 - converters are again applied to values coming from the context, see WW-4427
struts.ognl.allowStaticMethodAccess
works again, see WW-4429- fixed memory leak in CDI plugin, see WW-4441
- fixed problem with hidden field which silently drops 'label' attribute, see WW-4447
- fixed parameters encoding in
ServletRedirectAction
before checking for valid URI, see WW-4448 css_xhtml
hidden input adding table row markup, see WW-4454- FreeMarker was upgraded to the latest available version - 2.3.22, see WW-4484 - which means you can enable incompatible improvements
- support for Log4j2 was added, see WW-4492
Jira |
---|
server | Issues |
---|
key | WW-4427 - and many other improvements, please check the version notes
...
Note |
---|
Please read information about new internal security mechanism introduced with the previous version and extended in this version! |
Security Note
This version moves all excluded parameters from struts-default.xml
into DefaultExcludedPatternsChecker.java
- if you cannot migrate to the latest version it's highly recommendated to re-define defaultStack
from struts-default.xml
to this one below (or any other which is used in your application and drop excludeParams
parameter):
Code Block |
---|
language | xml |
---|
title | Redefined defaultStack |
---|
|
<interceptor-stack name="myDefaultStack">
<interceptor-ref name="exception"/>
<interceptor-ref name="alias"/>
<interceptor-ref name="servletConfig"/>
<interceptor-ref name="i18n"/>
<interceptor-ref name="prepare"/>
<interceptor-ref name="chain"/>
<interceptor-ref name="scopedModelDriven"/>
<interceptor-ref name="modelDriven"/>
<interceptor-ref name="fileUpload"/>
<interceptor-ref name="checkbox"/>
<interceptor-ref name="datetime"/>
<interceptor-ref name="multiselect"/>
<interceptor-ref name="staticParams"/>
<interceptor-ref name="actionMappingParams"/>
<interceptor-ref name="params"/>
<interceptor-ref name="conversionError"/>
<interceptor-ref name="validation">
<param name="excludeMethods">input,back,cancel,browse</param>
</interceptor-ref>
<interceptor-ref name="workflow">
<param name="excludeMethods">input,back,cancel,browse</param>
</interceptor-ref>
<interceptor-ref name="debugging"/>
<interceptor-ref name="deprecation"/>
</interceptor-stack> |
and define the following constant in struts.xml
Code Block |
---|
|
<constant name="struts.additional.excludedPatterns" value="^(action|method):.*"/> |
Issue Detail
Issue List
Other resources
...