Versions Compared

Old Version 6

changes.mady.by.user Lukasz Lenart

Saved on

compared with

New Version 7

changes.mady.by.user Lukasz Lenart

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

You can be surprised by the version change, previously we have been using Struts 2.5.x versioning schema, but this was a bit misleading. Struts 2 is a different framework than Struts 1 and its versioning supposed to start with 1.0.0, yet that never happened. With each breaking changes release (like Struts 2.5), we had been only upgrading the MINOR part of the versioning schema. To fix that problem as from Struts 2 ver. 6.0.0  (aka Struts 2.6) we adopt a proper SemVer to avoid such confusion.

Internal Changes

...

The framework requires Java 8 at runtime.

Yasser's PR has been merged which contains a fix to double evaluation security vulnerability - it should solve any future attack vectors, yet it can impact your application if you have been depending on double evaluation.

How to test

  • Run all your app tests, you shouldn't see any WARN log like below:

Expression [so-and-so] isn't allowed by pattern [so-and-so]! See Accepted / Excluded patterns at
https://struts.apache.org/security/

    • See if following components are still functioning correctly regarding java-scripts:
      forms with client side validations
      doubleselect
      combobox
    • Check also StreamResults, AliasInterceptors and JasperReportResults if they are still working as expected.

Bug

  • [WW-3534] - PrepareOperations.createActionContext does not detect existing context correctly
  • [WW-3730] - action tag accepts only String arrays as parameters
  • [WW-4723] - s:url incompatible with JDK 1.5
  • [WW-4742] - Problem with escape when the key from getText has no value
  • [WW-4865] - Struts s:checkbox conversion fails to List<Integer>
  • [WW-4866] - ASM 5.2 and Java 9 leads to IllegalArgumentException
  • [WW-4897] - KEYS, sigs and hashes should use https (SSL)
  • [WW-4902] - Struts 2 fails to init Dispatcher - Tomcat Embedded
  • [WW-4928] - Setting struts.devMode from system property not working as described
  • [WW-4930] - SMI cannot be diasabled for action-packages found via the convention-plugin
  • [WW-4941] - [jar_cache] Some jar_cache******.tmp files are generated into a temporary directory(/tmp) during web service start
  • [WW-4943] - opensymphony.xwork2.util.LocalizedTextUtil can't get i18n resources
  • [WW-4944] - Struts 2 REST Tiles integration issue
  • [WW-4945] - TagUtils#buildNamespace should throw an exception when invocation is null
  • [WW-4946] - Strtus 2 spring integrations is failing - fails to init Dispatcher - Tomcat Embedded
  • [WW-4948] - Struts 2.5.16 is creating jar_cache files in temp folder
  • [WW-4951] - MD5 and SHA1 should no longer be provided on download pages
  • [WW-4954] - xml-validation fails since struts 2.5.17
  • [WW-4957] - Update struts version from 2.5.10 to 2.5.17. LocalizedTextUtil class is removed and GlobalLocalizedTextProvider&StrutsLocalizedTextProvider cannot be used instead.
  • [WW-4958] - File upload fails from certain clients
  • [WW-4964] - Missing javascript in form-validate.ftl
  • [WW-4968] - combining s:set and s:property where the property retrieved is null has unexpected results
  • [WW-4971] - s:include tag fails with truncated content in certain circumstances
  • [WW-4974] - NullPointerException in DefaultStaticContentLoader#findStaticResource
  • [WW-4977] - Fixing flaky test in Jsr168DispatcherTest and Jsr286DispatcherTest
  • [WW-4984] - Static files like css and js files in struts-core not properly served
  • [WW-4986] - Race condition reloading config results in actions not found
  • [WW-4987] - Setting Struts2 <s:select> options Css Class
  • [WW-4991] - Not existing property in listValueKey throws exception
  • [WW-4997] - <s:debug> can't be resolved
  • [WW-4999] - Can't get OgnlValueStack log even if enable logMissingProperties
  • [WW-5002] - Package Level Properties in Global Results
  • [WW-5004] - No more calling of a static variable in Struts 2.8.20 available
  • [WW-5006] - NullPointerException in ProxyUtil class when accessing static member
  • [WW-5009] - EmptyStackException in JSON plugin due to concurrency
  • [WW-5011] - Tiles bug when parsing file:// URLs including # as part of the URL
  • [WW-5013] - Accessing static variable via OGNL returns nothing
  • [WW-5022] - Struts 2.6 escaping behaviour change for s:a (anchor) tag
  • [WW-5024] - HttpParameters.Builder can wrap objects in two layers of Parameters
  • [WW-5025] - Binding Integer Array upon form submission
  • [WW-5026] - Double-submit of TokenSessionStoreInterceptor broken since 2.5.16
  • [WW-5027] - xerces tries to load resources from the internet
  • [WW-5028] - Dispatcher prints stacktraces directly to the console
  • [WW-5029] - The content allowed-methods tag of the XML configuration is sometimes truncated
  • [WW-5030] - ClassNotFoundException - MockPortletResponse
  • [WW-5031] - OGNL: An illegal reflective access operation has occurred
  • [WW-5043] - trouble with Enum subclassing
  • [WW-5054] - Debugging Interceptor debug=browser not working
  • [WW-5058] - Invalid link in primer.html
  • [WW-5059] - primer.html link to spring-security is broken
  • [WW-5065] - AbstractMatcher adds values to the map passed into replaceParameters
  • [WW-5072] - Minor bug in single file upload example of the Showcase application
  • [WW-5074] - Multiple ASM jar conflict in 2.6 build
  • [WW-5076] - struts2 redirecting to https to http
  • [WW-5077] - Unable to set long pathname variables
  • [WW-5079] - Could not find StrutsPrepareAndExecuteFilter sometime in WAS server
  • [WW-5081] - Struts default textarea template fails w3c validation
  • [WW-5082] - struts2 update from 2.1.6 to 2.3.37
  • [WW-5086] - s:set with empty body
  • [WW-5087] - AliasInterceptor doesn't properly handle Parameter.Empty
  • [WW-5088] - Empty file upload gives wrong error message
  • [WW-5091] - Switched hash and PGP links
  • [WW-5093] - inconsistent scope for variables created with s:set and s:url
  • [WW-5095] - Junit plugin does not push ACTION_MAPPING into the context resulting in NPE
  • [WW-5096] - Struts2 StaticParametersInterceptor's addParametersToContext method is not working as expected.
  • [WW-5100] - incorrect content-type behavior after upgrading to struts 2.5.*
  • [WW-5102] - Download page issues
  • [WW-5104] - Please delete old releases
  • [WW-5106] - The call chains of ActionContext.getContext() in ServletActionContext are dangerious
  • [WW-5107] - JQuery plugin does not handle dynamic component ids correctly
  • [WW-5108] - No errors are reported locally. On linux environment, tomcat runs alone and reports java.lang.annotation.AnnotationTypeMismatchException
  • [WW-5109] - Ognl issue after migrating from strut 2.3 to 2.5
  • [WW-5116] - PostbackResult uses wrong regex range
  • [WW-5117] - %{id} evaluates different for data-* and value attribute
  • [WW-5119] - Blocking Threads in retrieving text from resource bundle
  • [WW-5121] - Contention when injecting Scope.SINGLETON instances
  • [WW-5123] - CheckboxTag value missing for labelposition
  • [WW-5124] - Tag attribute values cached
  • [WW-5125] - forbidden name attribute values (size, clone...?) in <s:textfield> using the default theme
  • [WW-5129] - Dynamic Attributes are not working for doubleselect, optiontransferselect, inputtransferselect tags
  • [WW-5130] - ID param not being set
  • [WW-5140] - Cannot download struts from the main page
  • [WW-5146] - Empty file upload ends in error
  • [WW-5147] - OGNL valid expression is not cached and is parsed over again in some situations
  • [WW-5160] - Template not found for name "Empty{name='templateDir'}/simple/hidden.ftl"
  • [WW-5163] - Error executing FreeMarker template
  • [WW-5169] - Key Technologies Primer: Broken link to ResourceBundles

...