Versions Compared

Old Version 2

changes.mady.by.user Lukasz Lenart

Saved on

compared with

New Version 3

changes.mady.by.user Yasser Zamani

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: add how to test

...

Yasser's PR has been merged which contains a fix to double evaluation security vulnerability - it should solve any future attack vectors, yet it can impact your application if you have been depending on double evaluation.

How to test

  • Run all your app tests, you shouldn't see any WARN log like below:

Expression [so-and-so] isn't allowed by pattern [so-and-so]! See Accepted / Excluded patterns at
https://struts.apache.org/security/

  • See if following components are still functioning correctly regarding java-scripts:
    forms with client side validations
    doubleselect
    combobox
  • Check also StreamResults, AliasInterceptors and JasperReportResults if they are still working as expected.

Dependency

  • [WW-5170] - Upgrade Jackson-Core to version 2.10.5 and Jackson-Databind to 2.10.5
  • [WW-5172] - Upgrade freemarker to 2.3.31

...