THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
Yasser's PR has been merged which contains a fix to double evaluation security vulnerability - it should solve any future attack vectors, yet it can impact your application if you have been depending on double evaluation.
How to test
- Run all your app tests, you shouldn't see any WARN log like below:
Expression [so-and-so] isn't allowed by pattern [so-and-so]! See Accepted / Excluded patterns at
https://struts.apache.org/security/
- See if following components are still functioning correctly regarding java-scripts:
forms with client side validations
doubleselect
combobox - Check also StreamResults, AliasInterceptors and JasperReportResults if they are still working as expected.
Dependency
- [WW-5170] - Upgrade Jackson-Core to version 2.10.5 and Jackson-Databind to 2.10.5
- [WW-5172] - Upgrade freemarker to 2.3.31
...