THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
<repositories> <repository> <id>apache.nexus</id> <name>ASF Nexus Staging</name> <url>https://repository.apache.org/content/groups/staging/</url> </repository> </repositories> |
Internal Changes
Yasser's PR has been merged which contains a fix to double evaluation security vulnerability - it should solve any future attack vectors, yet it can impact your application if you have been depending on double evaluation.
How to test
- Run all your app tests, you shouldn't see any WARN log like below:
Expression [so-and-so] isn't allowed by pattern [so-and-so]! See Accepted / Excluded patterns at
https://struts.apache.org/security/
- See if following components are still functioning correctly regarding java-scripts:
forms with client side validations
doubleselect
combobox - Check also
StreamResults
,AliasInterceptors
andJasperReportResults
if they are still working as expected.
Dependency
- [WW-5170] - Upgrade Jackson-Core to version 2.10.5 and Jackson-Databind to 2.10.5.1
- [WW-5172] - Upgrade freemarker to 2.3.31
...