THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
<repositories> <repository> <id>apache.nexus</id> <name>ASF Nexus Staging</name> <url>https://repository.apache.org/content/groups/staging/</url> </repository> </repositories> |
Internal Changes
- Possible XSS vulnerability in pages not using UTF-8 was fixed, read more details in S2-028 Action name clean up is error prone S2-035
- Forced double OGNL evaluation, when evaluated on raw Prevents possible RCE when reusing user input in tag 's attributes, see more details in may lead to remote code execution (similar to S2-029
- Fixed all reported issues related to new version of the Apache Tiles, see WW-4622, WW-4623, WW-4624
MessageStoreInterceptor
was extended to support 3rd-partyRedirectResult
subclasses, see WW-4618EmailValidator
supports.cat
domain, see WW-4626- ) S2-036
- Remote Code Execution can be performed when using REST Plugin S2-037
- It is possible to bypass token validation and perform a CSRF attack S2-038
- Getter as action method leads to security bypass S2-039
- Input validation bypass using existing default action method S2-040
- Possible DoS attack when using URLValidator S2-041
- [WW-4608] - Json result type breaks
- [WW-4618] - MessageStorePreResultListener doesn't store messages for 3rd-party RedirectResult subclasses
- [WW-4622] - [struts2-tiles-plugin] [2.3.28] [StrutsWildcardServletTilesApplicationContext] getRealPath
- [WW-4623] - Multiple tiles.xml in web.xml
- [WW-4624] - New Tiles version can not find tiles*.xml files in sub-directories
- [WW-4626] - EmailValidator flags .cat emails as invalid
- [WW-4627] - Struts2 JSON Plugin: messages in fieldsErrors are serialized twice since jdk1.7_80
- [WW-4629] - Tile definition Inheritance/overriding is broken in Struts2 tiles plugin 2.3.28+
- [WW-4630] - <s:submit> generates a value attribute for type=image which violates W3C
- [WW-4633] - ClassCastException while generating report using Struts 2.3.28 and jasperreports 4.5.1and few other small improvements, please see the release notes
Note |
---|
This release contains fix fixe related to S2-028035, S2-036, S2-037, S2-038, S2-039, S2-029040 and S2-030041 security bulletins, please read it carefully! |
Issue Detail
Issue List
...