THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
Yasser's PR has been merged which contains a fix to double evaluation security vulnerability - it should solve any future attack vectors, yet it can impact your application if you have been depending on double evaluation. How to test:
- Run all your app tests, you shouldn't see any WARN log like below:
...
- See if following components are still functioning correctly regarding java-scripts:
- forms with client side validations
- doubleselect
- combobox
- Check also
StreamResults
,AliasInterceptors
andJasperReportResults
if they are still working as expected.
Support to access static methods via OGNL expressions has been removed, use action instance methods instead.
Bug
- [WW-3534] - PrepareOperations.createActionContext does not detect existing context correctly
- [WW-3730] - action tag accepts only String arrays as parameters
- [WW-4723] - s:url incompatible with JDK 1.5
- [WW-4742] - Problem with escape when the key from getText has no value
- [WW-4865] - Struts s:checkbox conversion fails to List<Integer>
- [WW-4866] - ASM 5.2 and Java 9 leads to IllegalArgumentException
- [WW-4897] - KEYS, sigs and hashes should use https (SSL)
- [WW-4902] - Struts 2 fails to init Dispatcher - Tomcat Embedded
- [WW-4928] - Setting struts.devMode from system property not working as described
- [WW-4930] - SMI cannot be diasabled for action-packages found via the convention-plugin
- [WW-4941] - [jar_cache] Some jar_cache******.tmp files are generated into a temporary directory(/tmp) during web service start
- [WW-4943] - opensymphony.xwork2.util.LocalizedTextUtil can't get i18n resources
- [WW-4944] - Struts 2 REST Tiles integration issue
- [WW-4945] - TagUtils#buildNamespace should throw an exception when invocation is null
- [WW-4946] - Strtus 2 spring integrations is failing - fails to init Dispatcher - Tomcat Embedded
- [WW-4948] - Struts 2.5.16 is creating jar_cache files in temp folder
- [WW-4951] - MD5 and SHA1 should no longer be provided on download pages
- [WW-4954] - xml-validation fails since struts 2.5.17
- [WW-4957] - Update struts version from 2.5.10 to 2.5.17. LocalizedTextUtil class is removed and GlobalLocalizedTextProvider&StrutsLocalizedTextProvider cannot be used instead.
- [WW-4958] - File upload fails from certain clients
- [WW-4964] - Missing javascript in form-validate.ftl
- [WW-4968] - combining s:set and s:property where the property retrieved is null has unexpected results
- [WW-4971] - s:include tag fails with truncated content in certain circumstances
- [WW-4974] - NullPointerException in DefaultStaticContentLoader#findStaticResource
- [WW-4977] - Fixing flaky test in Jsr168DispatcherTest and Jsr286DispatcherTest
- [WW-4984] - Static files like css and js files in struts-core not properly served
- [WW-4986] - Race condition reloading config results in actions not found
- [WW-4987] - Setting Struts2 <s:select> options Css Class
- [WW-4991] - Not existing property in listValueKey throws exception
- [WW-4997] - <s:debug> can't be resolved
- [WW-4999] - Can't get OgnlValueStack log even if enable logMissingProperties
- [WW-5002] - Package Level Properties in Global Results
- [WW-5004] - No more calling of a static variable in Struts 2.8.20 available
- [WW-5006] - NullPointerException in ProxyUtil class when accessing static member
- [WW-5009] - EmptyStackException in JSON plugin due to concurrency
- [WW-5011] - Tiles bug when parsing file:// URLs including # as part of the URL
- [WW-5013] - Accessing static variable via OGNL returns nothing
- [WW-5022] - Struts 2.6 escaping behaviour change for s:a (anchor) tag
- [WW-5024] - HttpParameters.Builder can wrap objects in two layers of Parameters
- [WW-5025] - Binding Integer Array upon form submission
- [WW-5026] - Double-submit of TokenSessionStoreInterceptor broken since 2.5.16
- [WW-5027] - xerces tries to load resources from the internet
- [WW-5028] - Dispatcher prints stacktraces directly to the console
- [WW-5029] - The content allowed-methods tag of the XML configuration is sometimes truncated
- [WW-5030] - ClassNotFoundException - MockPortletResponse
- [WW-5031] - OGNL: An illegal reflective access operation has occurred
- [WW-5043] - trouble with Enum subclassing
- [WW-5054] - Debugging Interceptor debug=browser not working
- [WW-5058] - Invalid link in primer.html
- [WW-5059] - primer.html link to spring-security is broken
- [WW-5065] - AbstractMatcher adds values to the map passed into replaceParameters
- [WW-5072] - Minor bug in single file upload example of the Showcase application
- [WW-5074] - Multiple ASM jar conflict in 2.6 build
- [WW-5076] - struts2 redirecting to https to http
- [WW-5077] - Unable to set long pathname variables
- [WW-5079] - Could not find StrutsPrepareAndExecuteFilter sometime in WAS server
- [WW-5081] - Struts default textarea template fails w3c validation
- [WW-5082] - struts2 update from 2.1.6 to 2.3.37
- [WW-5086] - s:set with empty body
- [WW-5087] - AliasInterceptor doesn't properly handle Parameter.Empty
- [WW-5088] - Empty file upload gives wrong error message
- [WW-5091] - Switched hash and PGP links
- [WW-5093] - inconsistent scope for variables created with s:set and s:url
- [WW-5095] - Junit plugin does not push ACTION_MAPPING into the context resulting in NPE
- [WW-5096] - Struts2 StaticParametersInterceptor's addParametersToContext method is not working as expected.
- [WW-5100] - incorrect content-type behavior after upgrading to struts 2.5.*
- [WW-5102] - Download page issues
- [WW-5104] - Please delete old releases
- [WW-5106] - The call chains of ActionContext.getContext() in ServletActionContext are dangerious
- [WW-5107] - JQuery plugin does not handle dynamic component ids correctly
- [WW-5108] - No errors are reported locally. On linux environment, tomcat runs alone and reports java.lang.annotation.AnnotationTypeMismatchException
- [WW-5109] - Ognl issue after migrating from strut 2.3 to 2.5
- [WW-5116] - PostbackResult uses wrong regex range
- [WW-5117] - %{id} evaluates different for data-* and value attribute
- [WW-5119] - Blocking Threads in retrieving text from resource bundle
- [WW-5121] - Contention when injecting Scope.SINGLETON instances
- [WW-5123] - CheckboxTag value missing for labelposition
- [WW-5124] - Tag attribute values cached
- [WW-5125] - forbidden name attribute values (size, clone...?) in <s:textfield> using the default theme
- [WW-5129] - Dynamic Attributes are not working for doubleselect, optiontransferselect, inputtransferselect tags
- [WW-5130] - ID param not being set
- [WW-5140] - Cannot download struts from the main page
- [WW-5146] - Empty file upload ends in error
- [WW-5147] - OGNL valid expression is not cached and is parsed over again in some situations
- [WW-5160] - Template not found for name "Empty{name='templateDir'}/simple/hidden.ftl"
- [WW-5163] - Error executing FreeMarker template
- [WW-5169] - Key Technologies Primer: Broken link to ResourceBundles
...