These are the notes for the Struts 2.3.20 distribution.
For prior notes in this release series, see Version Notes 2.3.20
- If you are a Maven user, you might want to get started using the Maven Archetype.
- Another quick-start entry point is the blank application. Rename and deploy the WAR as a starting point for your own development.
<dependency> <groupId>org.apache.struts</groupId> <artifactId>struts2-core</artifactId> <version>2.3.20.1</version> </dependency>
You can also use Struts Archetype Catalog like below
mvn archetype:generate -DarchetypeCatalog=http://struts.apache.org/
<repositories> <repository> <id>apache.nexus</id> <name>ASF Nexus Staging</name> <url>https://repository.apache.org/content/groups/staging/</url> </repository> </repositories>
Internal Changes
This release contains fix related to S2-024 security bulletin, please read it carefully!
Please read information about new internal security mechanism introduced with this version, it can have impact on your application! With version 2.3.20 new internal security mechanism was introduced, if you were setting excludeParams
in your struts.xml
you should remove it as this overlaps those patterns defined by the framework itself. Read more here.