| <!DOCTYPE html> |
| <html lang="en"> |
| <head> |
| <meta charset="UTF-8"/> |
| <meta name="viewport" content="width=device-width, initial-scale=1.0"/> |
| <meta name="Date-Revision-yyyymmdd" content="20140918"/> |
| <meta http-equiv="Content-Language" content="en"/> |
| <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1"> |
| |
| <title>Submitting patches</title> |
| |
| <link href="//fonts.googleapis.com/css?family=Source+Sans+Pro:300,400,600,700,400italic,600italic,700italic" rel="stylesheet" type="text/css"> |
| <link href="//netdna.bootstrapcdn.com/font-awesome/4.0.3/css/font-awesome.css" rel="stylesheet"> |
| <link href="/css/main.css" rel="stylesheet"> |
| <link href="/css/custom.css" rel="stylesheet"> |
| <link href="/highlighter/github-theme.css" rel="stylesheet"> |
| |
| <script src="//code.jquery.com/jquery-1.11.0.min.js"></script> |
| <script type="text/javascript" src="/bootstrap/js/bootstrap.js"></script> |
| <script type="text/javascript" src="/js/community.js"></script> |
| </head> |
| <body> |
| |
| <a href="http://github.com/apache/struts" class="github-ribbon"> |
| <img style="position: absolute; right: 0; border: 0;" src="https://s3.amazonaws.com/github/ribbons/forkme_right_red_aa0000.png" alt="Fork me on GitHub"> |
| </a> |
| |
| <header> |
| <nav> |
| <div role="navigation" class="navbar navbar-default navbar-fixed-top"> |
| <div class="container"> |
| <div class="navbar-header"> |
| <button type="button" data-toggle="collapse" data-target="#struts-menu" class="navbar-toggle"> |
| Menu |
| <span class="sr-only">Toggle navigation</span> |
| <span class="icon-bar"></span> |
| <span class="icon-bar"></span> |
| <span class="icon-bar"></span> |
| </button> |
| <a href="/index.html" class="navbar-brand logo"><img src="/img/struts-logo.svg"></a> |
| </div> |
| <div id="struts-menu" class="navbar-collapse collapse"> |
| <ul class="nav navbar-nav"> |
| <li class="dropdown"> |
| <a data-toggle="dropdown" href="#" class="dropdown-toggle"> |
| Home<b class="caret"></b> |
| </a> |
| <ul class="dropdown-menu"> |
| <li><a href="/index.html">Welcome</a></li> |
| <li><a href="/download.cgi">Download</a></li> |
| <li><a href="/releases.html">Releases</a></li> |
| <li><a href="/announce-2021.html">Announcements</a></li> |
| <li><a href="http://www.apache.org/licenses/">License</a></li> |
| <li><a href="https://www.apache.org/foundation/thanks.html">Thanks!</a></li> |
| <li><a href="https://www.apache.org/foundation/sponsorship.html">Sponsorship</a></li> |
| </ul> |
| </li> |
| <li class="dropdown"> |
| <a data-toggle="dropdown" href="#" class="dropdown-toggle"> |
| Support<b class="caret"></b> |
| </a> |
| <ul class="dropdown-menu"> |
| <li><a href="/mail.html">User Mailing List</a></li> |
| <li><a href="https://issues.apache.org/jira/browse/WW">Issue Tracker</a></li> |
| <li><a href="/security.html">Reporting Security Issues</a></li> |
| <li class="divider"></li> |
| <li><a href="https://cwiki.apache.org/confluence/display/WW/Migration+Guide">Version Notes</a></li> |
| <li><a href="https://cwiki.apache.org/confluence/display/WW/Security+Bulletins">Security Bulletins</a></li> |
| <li class="divider"></li> |
| <li><a href="/maven/project-info.html">Maven Project Info</a></li> |
| <li><a href="/maven/struts2-core/dependencies.html">Struts Core Dependencies</a></li> |
| <li><a href="/maven/struts2-plugins/modules.html">Plugin Dependencies</a></li> |
| </ul> |
| </li> |
| <li class="dropdown"> |
| <a data-toggle="dropdown" href="#" class="dropdown-toggle"> |
| Documentation<b class="caret"></b> |
| </a> |
| <ul class="dropdown-menu"> |
| <li><a href="/birdseye.html">Birds Eye</a></li> |
| <li><a href="/primer.html">Key Technologies</a></li> |
| <li><a href="/kickstart.html">Kickstart FAQ</a></li> |
| <li><a href="https://cwiki.apache.org/confluence/display/WW/Home">Wiki</a></li> |
| <li class="divider"></li> |
| <li><a href="/getting-started/">Getting Started</a></li> |
| <li><a href="/security/">Security Guide</a></li> |
| <li><a href="/core-developers/">Core Developers Guide</a></li> |
| <li><a href="/tag-developers/">Tag Developers Guide</a></li> |
| <li><a href="/maven-archetypes/">Maven Archetypes</a></li> |
| <li><a href="/plugins/">Plugins</a></li> |
| <li><a href="/maven/struts2-core/apidocs/index.html">Struts Core API</a></li> |
| <li><a href="/tag-developers/tag-reference.html">Tag reference</a></li> |
| <li><a href="https://cwiki.apache.org/confluence/display/WW/FAQs">FAQs</a></li> |
| <li><a href="http://cwiki.apache.org/S2PLUGINS/home.html">Plugin registry</a></li> |
| </ul> |
| </li> |
| <li class="dropdown"> |
| <a data-toggle="dropdown" href="#" class="dropdown-toggle"> |
| Contributing<b class="caret"></b> |
| </a> |
| <ul class="dropdown-menu"> |
| <li><a href="/youatstruts.html">You at Struts</a></li> |
| <li><a href="/helping.html">How to Help FAQ</a></li> |
| <li><a href="/dev-mail.html">Development Lists</a></li> |
| <li><a href="/contributors/">Contributors Guide</a></li> |
| <li class="divider"></li> |
| <li><a href="/submitting-patches.html">Submitting patches</a></li> |
| <li><a href="/builds.html">Source Code and Builds</a></li> |
| <li><a href="/coding-standards.html">Coding standards</a></li> |
| <li><a href="https://cwiki.apache.org/confluence/display/WW/Contributors+Guide">Contributors Guide</a></li> |
| <li class="divider"></li> |
| <li><a href="/release-guidelines.html">Release Guidelines</a></li> |
| <li><a href="/bylaws.html">PMC Charter</a></li> |
| <li><a href="/volunteers.html">Volunteers</a></li> |
| <li><a href="https://gitbox.apache.org/repos/asf?p=struts.git">Source Repository</a></li> |
| <li><a href="/updating-website.html">Updating the website</a></li> |
| </ul> |
| </li> |
| <li class="apache"><a href="http://www.apache.org/"><img src="/img/apache.png"></a></li> |
| </ul> |
| </div> |
| </div> |
| </div> |
| </nav> |
| </header> |
| |
| |
| <article class="container"> |
| <section class="col-md-12"> |
| <a class="edit-on-gh" href="https://github.com/apache/struts-site/edit/master/source/submitting-patches.md" title="Edit this page on GitHub">Edit on GitHub</a> |
| |
| <h1 class="no_toc" id="submitting-patches">Submitting patches</h1> |
| |
| <ul id="markdown-toc"> |
| <li><a href="#committers" id="markdown-toc-committers">Committers</a></li> |
| <li><a href="#non-committers" id="markdown-toc-non-committers">Non-committers</a></li> |
| <li><a href="#security-patches" id="markdown-toc-security-patches">Security patches</a></li> |
| <li><a href="#contributing-with-github" id="markdown-toc-contributing-with-github">Contributing with GitHub</a> <ul> |
| <li><a href="#how-to-merge-pull-requests" id="markdown-toc-how-to-merge-pull-requests">How to merge Pull Requests</a></li> |
| </ul> |
| </li> |
| <li><a href="#further-reading" id="markdown-toc-further-reading">Further reading</a></li> |
| <li><a href="#googles-patch-reward-program" id="markdown-toc-googles-patch-reward-program">Google’s Patch Reward program</a></li> |
| </ul> |
| |
| <h2 id="committers">Committers</h2> |
| |
| <p>Struts uses Git so you must install a git client locally and then you can clone Struts repository:</p> |
| |
| <p>either using Apache GitBox</p> |
| |
| <div class="highlighter-rouge"><div class="highlight"><pre class="highlight"><code>git clone https://gitbox.apache.org/repos/asf/struts.git |
| </code></pre></div></div> |
| |
| <p>or GitHub</p> |
| |
| <div class="highlighter-rouge"><div class="highlight"><pre class="highlight"><code>git clone https://github.com/apache/struts.git |
| </code></pre></div></div> |
| |
| <p>and done!</p> |
| |
| <p>Please remember that the <code class="highlighter-rouge">master</code> branch should be used only for small fast commits, if you are working on a large |
| change it is better to do it on a dedicated branch via GitHub. Please remember that pushing other branches to the repo |
| will replicate them to all the clones, that’s why using GitHub is a preferred way.</p> |
| |
| <h2 id="non-committers">Non-committers</h2> |
| |
| <p>If you aren’t a committer you can still clone the repo from Apache Gitbox but you won’t be able push any changes to it. |
| That’s why it is better to use GitHub</p> |
| |
| <div class="highlighter-rouge"><div class="highlight"><pre class="highlight"><code>git clone https://gitbox.apache.org/repos/asf/struts.git |
| </code></pre></div></div> |
| |
| <h2 id="security-patches">Security patches</h2> |
| |
| <p><strong>Please read carefully, this is very important!</strong></p> |
| |
| <p>If you prepared a patch to solve security issue in the Apache Struts, in the first step contact us via |
| <a href="mailto:security@struts.apache.org">Security Mailing List</a>. <strong>Don’t publish any information about possible vulnerability</strong>. |
| Thus will allow us coordinate the work and review if the information about issue can be disclosed publicly. |
| We don’t want to inform hackers before we can protect our users :-)</p> |
| |
| <p><strong>Be responsible!!!</strong></p> |
| |
| <h2 id="contributing-with-github">Contributing with GitHub</h2> |
| |
| <p>Using GitHub mirror is the simplest way to contribute to the Apache Struts if you are not a member |
| of the Struts Committers group.</p> |
| |
| <p>First you must have an account created at GitHub to be able perform the next step. If you don’t, |
| go ahead and create one just right now! Please remember to setup |
| <a href="https://help.github.com/articles/generating-ssh-keys">SSH keys</a> and test them! You don’t have to use SSH Keys |
| and base only on user/password authentication.</p> |
| |
| <p>When ready go to <a href="https://github.com/apache/struts">https://github.com/apache/struts</a> and click <code class="highlighter-rouge">Fork</code> button |
| in top right corner. This will fork the Apache Struts’ repository and will create your private (but public) repository |
| with the source code.</p> |
| |
| <p>Next step is to clone the original repo locally</p> |
| |
| <div class="highlighter-rouge"><div class="highlight"><pre class="highlight"><code>git clone https://github.com/apache/struts.git |
| </code></pre></div></div> |
| |
| <p>This will be an <code class="highlighter-rouge">origin</code>, you cannot push changes to the <code class="highlighter-rouge">origin</code> but don’t worry, you will use your fork.</p> |
| |
| <p>Now is time to add your fork as a remote</p> |
| |
| <div class="highlighter-rouge"><div class="highlight"><pre class="highlight"><code>git remote add fork https://github.com/my-username/struts.git |
| </code></pre></div></div> |
| |
| <p>Right now you should have two remotes defined for the repo, <code class="highlighter-rouge">origin</code> and <code class="highlighter-rouge">fork</code>, use below command to confirm that</p> |
| |
| <div class="highlighter-rouge"><div class="highlight"><pre class="highlight"><code>git remote -v |
| </code></pre></div></div> |
| |
| <p>Now you are ready to work with the Apache Struts’ code base. Start with switching to <code class="highlighter-rouge">master</code> branch (if not already on it)</p> |
| |
| <div class="highlighter-rouge"><div class="highlight"><pre class="highlight"><code>git checkout master |
| </code></pre></div></div> |
| |
| <p>now is time to fetch any changes from remote repository</p> |
| |
| <div class="highlighter-rouge"><div class="highlight"><pre class="highlight"><code>git fetch |
| git pull |
| </code></pre></div></div> |
| |
| <p>you should create a branch to keep your changes and it must be done off the <code class="highlighter-rouge">master</code> branch</p> |
| |
| <div class="highlighter-rouge"><div class="highlight"><pre class="highlight"><code>git checkout -b my-branch |
| </code></pre></div></div> |
| |
| <p>Do your changes and commit them to <code class="highlighter-rouge">my-branch</code>, when you’re done you can push the changes to GitHub, to your fork.</p> |
| |
| <div class="highlighter-rouge"><div class="highlight"><pre class="highlight"><code>git push -u fork my-branch |
| </code></pre></div></div> |
| |
| <p>If you still need to change something, please remember to commit and push changes, but this time you can use just</p> |
| |
| <div class="highlighter-rouge"><div class="highlight"><pre class="highlight"><code>git push |
| </code></pre></div></div> |
| |
| <p>as <code class="highlighter-rouge">my-branch</code> was already connected with the remote branch.</p> |
| |
| <p>The final step is to open a Pull Request (short: PR) against the original Apache Struts repo. Go to the |
| <a href="https://github.com/apache/struts">Apache Struts mirror</a>, then to <a href="https://github.com/apache/struts/pulls">Pull request</a> |
| and hit <a href="https://github.com/apache/struts/compare/">New Pull Request</a> button.</p> |
| |
| <p>If not already selected, click on <code class="highlighter-rouge">compare across forks.</code> Right now you must select from the dropdowns on right |
| your fork and branch to compare the differences with the Apache Struts’ <code class="highlighter-rouge">master</code> branch.</p> |
| |
| <p>Finally hit <code class="highlighter-rouge">Create Pull Request</code> button and you are done!</p> |
| |
| <p>After your PR got accepted and merged you must clean up your local repo, please switch your current branch to <code class="highlighter-rouge">master</code></p> |
| |
| <div class="highlighter-rouge"><div class="highlight"><pre class="highlight"><code>git checkout master |
| </code></pre></div></div> |
| |
| <p>and fetch updates from remote</p> |
| |
| <div class="highlighter-rouge"><div class="highlight"><pre class="highlight"><code>git fetch -p |
| git pull |
| </code></pre></div></div> |
| |
| <p>and now you can delete your local branch</p> |
| |
| <div class="highlighter-rouge"><div class="highlight"><pre class="highlight"><code>git branch -d my-branch |
| </code></pre></div></div> |
| |
| <p>and you are ready to start working on another feature/issue.</p> |
| |
| <h3 id="how-to-merge-pull-requests">How to merge Pull Requests</h3> |
| |
| <p>The Apache Struts is using the Apache <a href="https://gitbox.apache.org/">Gitbox</a> - a bidirectional service to mirror repos |
| between Apache and GitHub.</p> |
| |
| <p>First of all you must have an account on GitHub and <a href="https://gitbox.apache.org/setup/">link it</a> to your Apache account. |
| After that you can directly merge PRs using GitHub’s UI.</p> |
| |
| <h2 id="further-reading">Further reading</h2> |
| |
| <ul> |
| <li><a href="http://wiki.apache.org/general/GitAtApache">Git at Apache</a></li> |
| </ul> |
| |
| <h2 id="googles-patch-reward-program">Google’s Patch Reward program</h2> |
| |
| <p>During <a href="http://www.meetup.com/sfhtml5/">SFHTML5</a> Google announced that they adding the Apache Struts project to |
| <a href="https://www.google.com/about/appsecurity/patch-rewards/">the Google’s Security Patch Reward Program</a>.</p> |
| |
| <p>What does it mean?</p> |
| |
| <p>If you prepared a patch that eliminates a security vulnerability or improves existing security mechanism |
| you can get a bounty :-) You will find more details on |
| <a href="http://googleonlinesecurity.blogspot.com/2013/10/going-beyond-vulnerability-rewards.html">the Google’s blog</a> |
| or under the link above, just to give you a quick guideline how does it work:</p> |
| |
| <ul> |
| <li>if you found a way to improve security of the framework but this isn’t a vulnerability: |
| <ul> |
| <li>prepare a patch and submit it to our <a href="https://issues.apache.org/jira/browse/WW">JIRA</a>, |
| it can be a Pull Request on GitHub as well, but must reference the JIRA ticket.</li> |
| <li>let us know that you did something great, post a message to <a href="dev-mail.html">Struts Dev mailing list</a></li> |
| </ul> |
| </li> |
| <li>if you found a vulnerability and prepared a patch that fixes the vulnerability: |
| <ul> |
| <li>please contact us using the Security Mailing list <a href="mailto:security@struts.apache.org">security@struts.apache.org</a></li> |
| <li>keep all information in secret, do not publish any data about the vulnerability nor Proof-of-Concept, etc.</li> |
| </ul> |
| </li> |
| <li>we will review the patch and if it’s a real great thing then we will merge it into our code base</li> |
| <li>just wait on official release of the Apache Struts and now you can request the reward from Google :-)</li> |
| </ul> |
| |
| <p class="alert alert-success">Please be aware that the committee is focused on awarding patches that are more significant than individual bug fixes. |
| It means that the contribution should have <em>demonstrable</em>, <em>significant</em>, and <em>proactive</em> impact on security.</p> |
| |
| <p><strong>NOTE</strong></p> |
| |
| <p>If you are concerned that your patch can disclose a security vulnerability, instead of submitting it as a ticket, |
| send it directly to the <a href="mailto:security@struts.apache.org">Struts Security team</a>. This will give us the possibility |
| to prepare a new release with your patch in secret.</p> |
| |
| <p>Have fun and code!</p> |
| |
| </section> |
| </article> |
| |
| |
| <footer class="container"> |
| <div class="col-md-12"> |
| Copyright © 2000-2018 <a href="http://www.apache.org/">The Apache Software Foundation </a>. |
| All Rights Reserved. |
| </div> |
| <div class="col-md-12"> |
| Apache Struts, Struts, Apache, the Apache feather logo, and the Apache Struts project logos are |
| trademarks of The Apache Software Foundation. |
| </div> |
| <div class="col-md-12">Logo and website design donated by <a href="https://softwaremill.com/">SoftwareMill</a>.</div> |
| </footer> |
| |
| <script>!function (d, s, id) { |
| var js, fjs = d.getElementsByTagName(s)[0]; |
| if (!d.getElementById(id)) { |
| js = d.createElement(s); |
| js.id = id; |
| js.src = "//platform.twitter.com/widgets.js"; |
| fjs.parentNode.insertBefore(js, fjs); |
| } |
| }(document, "script", "twitter-wjs");</script> |
| <script src="https://apis.google.com/js/platform.js" async="async" defer="defer"></script> |
| |
| <div id="fb-root"></div> |
| |
| <script>(function (d, s, id) { |
| var js, fjs = d.getElementsByTagName(s)[0]; |
| if (d.getElementById(id)) return; |
| js = d.createElement(s); |
| js.id = id; |
| js.src = "//connect.facebook.net/en_GB/all.js#xfbml=1"; |
| fjs.parentNode.insertBefore(js, fjs); |
| }(document, 'script', 'facebook-jssdk'));</script> |
| |
| |
| </body> |
| </html> |