Google Git
Sign in
apache / struts-site / refs/heads/asf-site / . / output / announce-2022.html
blob: 9723deea7179e9f4d2f221396672d69ff0ed4206 [file] [log] [blame]
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8"/>
<meta name="viewport" content="width=device-width, initial-scale=1.0"/>
<meta name="Date-Revision-yyyymmdd" content="20140918"/>
<meta http-equiv="Content-Language" content="en"/>
<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
<title>Announcements 2022</title>
<link href="//fonts.googleapis.com/css?family=Source+Sans+Pro:300,400,600,700,400italic,600italic,700italic" rel="stylesheet" type="text/css">
<link href="//netdna.bootstrapcdn.com/font-awesome/4.0.3/css/font-awesome.css" rel="stylesheet">
<link href="/css/main.css" rel="stylesheet">
<link href="/css/custom.css" rel="stylesheet">
<link href="/css/syntax.css" rel="stylesheet">
<script src="//code.jquery.com/jquery-1.11.0.min.js"></script>
<script type="text/javascript" src="/bootstrap/js/bootstrap.js"></script>
<script type="text/javascript" src="/js/community.js"></script>
<!-- Matomo -->
<script>
var _paq = window._paq = window._paq || [];
/* tracker methods like "setCustomDimension" should be called before "trackPageView" */
/* We explicitly disable cookie tracking to avoid privacy issues */
_paq.push(['disableCookies']);
_paq.push(['trackPageView']);
_paq.push(['enableLinkTracking']);
(function() {
var u="//analytics.apache.org/";
_paq.push(['setTrackerUrl', u+'matomo.php']);
_paq.push(['setSiteId', '41']);
var d=document, g=d.createElement('script'), s=d.getElementsByTagName('script')[0];
g.async=true; g.src=u+'matomo.js'; s.parentNode.insertBefore(g,s);
})();
</script>
<!-- End Matomo Code -->
</head>
<body>
<a href="https://github.com/apache/struts" class="github-ribbon">
<img decoding="async" loading="lazy" style="position: absolute; right: 0; border: 0;" width="149" height="149" src="https://github.blog/wp-content/uploads/2008/12/forkme_right_red_aa0000.png?resize=149%2C149" class="attachment-full size-full" alt="Fork me on GitHub" data-recalc-dims="1">
</a>
<header>
<nav>
<div role="navigation" class="navbar navbar-default navbar-fixed-top">
<div class="container">
<div class="navbar-header">
<button type="button" data-toggle="collapse" data-target="#struts-menu" class="navbar-toggle">
Menu
<span class="sr-only">Toggle navigation</span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a href="/index.html" class="navbar-brand logo"><img src="/img/struts-logo.svg"></a>
</div>
<div id="struts-menu" class="navbar-collapse collapse">
<ul class="nav navbar-nav">
<li class="dropdown">
<a data-toggle="dropdown" href="#" class="dropdown-toggle">
Home<b class="caret"></b>
</a>
<ul class="dropdown-menu">
<li><a href="/index.html">Welcome</a></li>
<li><a href="/download.cgi">Download</a></li>
<li><a href="/releases.html">Releases</a></li>
<li><a href="/announce-2024.html">Announcements</a></li>
<li><a href="http://www.apache.org/licenses/">License</a></li>
<li><a href="https://www.apache.org/foundation/thanks.html">Thanks!</a></li>
<li><a href="https://www.apache.org/foundation/sponsorship.html">Sponsorship</a></li>
<li><a href="https://privacy.apache.org/policies/privacy-policy-public.html">Privacy Policy</a></li>
</ul>
</li>
<li class="dropdown">
<a data-toggle="dropdown" href="#" class="dropdown-toggle">
Support<b class="caret"></b>
</a>
<ul class="dropdown-menu">
<li><a href="/mail.html">User Mailing List</a></li>
<li><a href="https://issues.apache.org/jira/browse/WW">Issue Tracker</a></li>
<li><a href="/security.html">Reporting Security Issues</a></li>
<li><a href="/commercial-support.html">Commercial Support</a></li>
<li class="divider"></li>
<li><a href="https://cwiki.apache.org/confluence/display/WW/Migration+Guide">Version Notes</a></li>
<li><a href="https://cwiki.apache.org/confluence/display/WW/Security+Bulletins">Security Bulletins</a></li>
<li class="divider"></li>
<li><a href="/maven/project-info.html">Maven Project Info</a></li>
<li><a href="/maven/struts2-core/dependencies.html">Struts Core Dependencies</a></li>
<li><a href="/maven/struts2-plugins/modules.html">Plugin Dependencies</a></li>
</ul>
</li>
<li class="dropdown">
<a data-toggle="dropdown" href="#" class="dropdown-toggle">
Documentation<b class="caret"></b>
</a>
<ul class="dropdown-menu">
<li><a href="/birdseye.html">Birds Eye</a></li>
<li><a href="/primer.html">Key Technologies</a></li>
<li><a href="/kickstart.html">Kickstart FAQ</a></li>
<li><a href="https://cwiki.apache.org/confluence/display/WW/Home">Wiki</a></li>
<li class="divider"></li>
<li><a href="/getting-started/">Getting Started</a></li>
<li><a href="/security/">Security Guide</a></li>
<li><a href="/core-developers/">Core Developers Guide</a></li>
<li><a href="/tag-developers/">Tag Developers Guide</a></li>
<li><a href="/maven-archetypes/">Maven Archetypes</a></li>
<li><a href="/plugins/">Plugins</a></li>
<li><a href="/maven/struts2-core/apidocs/index.html">Struts Core API</a></li>
<li><a href="/tag-developers/tag-reference.html">Tag reference</a></li>
<li><a href="https://cwiki.apache.org/confluence/display/WW/FAQs">FAQs</a></li>
<li><a href="http://cwiki.apache.org/S2PLUGINS/home.html">Plugin registry</a></li>
</ul>
</li>
<li class="dropdown">
<a data-toggle="dropdown" href="#" class="dropdown-toggle">
Contributing<b class="caret"></b>
</a>
<ul class="dropdown-menu">
<li><a href="/youatstruts.html">You at Struts</a></li>
<li><a href="/helping.html">How to Help FAQ</a></li>
<li><a href="/dev-mail.html">Development Lists</a></li>
<li class="divider"></li>
<li><a href="/submitting-patches.html">Submitting patches</a></li>
<li><a href="/builds.html">Source Code and Builds</a></li>
<li><a href="/coding-standards.html">Coding standards</a></li>
<li><a href="/contributors/">Contributors Guide</a></li>
<li class="divider"></li>
<li><a href="/release-guidelines.html">Release Guidelines</a></li>
<li><a href="/bylaws.html">PMC Charter</a></li>
<li><a href="/volunteers.html">Volunteers</a></li>
<li><a href="https://gitbox.apache.org/repos/asf?p=struts.git">Source Repository</a></li>
<li><a href="/updating-website.html">Updating the website</a></li>
</ul>
</li>
<li class="apache"><a href="http://www.apache.org/"><img src="/img/apache.png"></a></li>
</ul>
</div>
</div>
</div>
</nav>
</header>
<article class="container">
<section class="col-md-12">
<a class="edit-on-gh" href="https://github.com/apache/struts-site/edit/master/source/announce-2022.md" title="Edit this page on GitHub">Edit on GitHub</a>
<h1 class="no_toc" id="announcements-2022">Announcements 2022</h1>
<p class="pull-right">
Skip to: <a href="announce-2021">Announcements - 2021</a>
</p>
<h4 id="a20221128">28 November 2022 - Apache Struts version 6.1.1 General Availability</h4>
<p>The Apache Struts group is pleased to announce that Apache Struts version 6.1.1 is available as a “General Availability”
release. The GA designation is our highest quality grade.</p>
<p>The Apache Struts is an elegant, extensible framework for creating enterprise-ready Java web applications.
The framework has been designed to streamline the full development cycle, from building, to deploying,
to maintaining applications over time.</p>
<p>Below is a full list of all changes:</p>
<p><strong>Bug</strong></p>
<ul>
<li>WW-3529 - NamedVariablePatternMatcher does not properly escape characters</li>
<li>WW-3737 - Parsing of excludePattern breaks regex</li>
<li>WW-4514 - DefaultUrlHelper.buildParametersString appends just ? if collection is empty</li>
<li>WW-5145 - Checkbox with multiple values do not default correctly</li>
<li>WW-5214 - When value for SELECT element is greater than 2147483647, the value does not pre-select</li>
<li>WW-5238 - Strict Method Invocation (SMI) too strict or wrong ActionMapping?</li>
<li>WW-5239 - regression btw struts 2.5.30 and 6.0.30 / submit s:checkbox unchecked -&gt; NPE</li>
<li>WW-5241 - <s:url includeParams="all"> is generating an invalid url when used in conjunction with ExecuteAndWait interceptor</s:url></li>
<li>WW-5247 - Related to: [WW-5117] - %{id} evaluates different for data-* and value attribute</li>
<li>WW-5248 - action attribute on submit tag not working as espected</li>
<li>WW-5255 - <s:script> and <s:link> tags are broken</s:link></s:script></li>
</ul>
<p><strong>New Feature</strong></p>
<ul>
<li>WW-4173 - Add option to disable a given interceptor</li>
</ul>
<p><strong>Improvement</strong></p>
<ul>
<li>WW-2815 - No way to configure XStream engine</li>
<li>WW-3691 - BackgroundProcess should use a java.util.concurrent.Executor alternatively to spawning a new thread</li>
<li>WW-3715 - Allow for dynamic validation xml files, by building validator cache based on action AND context</li>
<li>WW-3725 - Remove unused tag templates from core/src/main/resources/template/archive</li>
<li>WW-4440 - Add basic README.md to all subprojects</li>
<li>WW-4567 - Drop unused dependencies or put a proper scope</li>
<li>WW-4692 - Extract encoding logic from UrlHelper into a dedicated bean</li>
<li>WW-5133 - Remove deprecated labelposition</li>
<li>WW-5137 - Remove class attribute</li>
<li>WW-5184 - Add optional parameter value check to ParametersInterceptor</li>
<li>WW-5219 - Move TestNGXWorkTestCase from the Core into the TestNG plugin</li>
<li>WW-5220 - Move XWorkJUnit4TestCase from the Core into the JUnit plugin</li>
<li>WW-5232 - Use Github Actions instead of Travis to build PRs</li>
<li>WW-5234 - Normalise DTD definitions</li>
<li>WW-5235 - Reduce “OGNL Expression Max Length enabled with 256” log entry to trace</li>
<li>WW-5240 - doubleOnchange attribute of the doubleselect tag is not supported</li>
<li>WW-5242 - Make “struts.mapper.action.prefix.crossNamespaces” deprecated</li>
<li>WW-5252 - Completely disable external entities declarations in XML config</li>
<li>WW-5254 - Document how to use the Async plugin</li>
<li>WW-5257 - <s:checkbox> output is followed by a newline in simple theme (diff to Struts 2)</s:checkbox></li>
<li>WW-5259 - Extract UrlHelper#parseQueryString into a dedicated plugin</li>
<li>WW-5260 - Checkbox tag default value for attribute submitUnchecked</li>
</ul>
<p><strong>Dependency</strong></p>
<ul>
<li>WW-5213 - Bump javax.el from 3.0.1-b11 to 3.0.1-b12</li>
<li>WW-5226 - Upgrade weld-core to version 2.4.8.Final</li>
<li>WW-5227 - Upgrade Apache Log4j to version 2.19.0</li>
<li>WW-5228 - Upgrade dependency-check-maven from 7.1.2 to 7.2.0</li>
<li>WW-5229 - Upgrade Spring to version 5.3.23</li>
<li>WW-5230 - Upgrade OGNL to version 3.3.4</li>
<li>WW-5231 - Upgrade apache-rat-plugin to version 0.15</li>
<li>WW-5244 - Upgrade commons-text to ver. 1.10.0</li>
<li>WW-5245 - Upgrade jackson-databind to version 2.13.4.1</li>
<li>WW-5258 - Upgrade Struts Annotation to version 1.0.8</li>
</ul>
<blockquote>
<p>Please read the <a href="https://cwiki.apache.org/confluence/display/WW/Version+Notes+6.1.1">Version Notes</a> to find more details about performed
bug fixes and improvements. Also, a dedicated <a href="https://cwiki.apache.org/confluence/display/WW/Struts+2.5+to+6.0.0+migration">migration guide</a> has been prepared.</p>
</blockquote>
<p><strong>All developers are strongly advised to perform this upgrade.</strong></p>
<p>The 6.x series of the Apache Struts framework has a minimum requirement of the following specification versions:
Servlet API 3.1, JSP API 2.1, and Java 8.</p>
<p>Should any issues arise with your use of any version of the Struts framework, please post your comments to the user list,
and, if appropriate, file <a href="https://issues.apache.org/jira/projects/WW/">a tracking ticket</a>.</p>
<p>You can download this version from our <a href="download.cgi#struts-ga">download</a> page.</p>
<h4 id="a20220915">15 September 2022 - Apache Struts version 6.0.3 General Availability</h4>
<p>The Apache Struts group is pleased to announce that Apache Struts version 6.0.3 is available as a “General Availability”
release. The GA designation is our highest quality grade.</p>
<p>Apache Struts 2 is an elegant, extensible framework for creating enterprise-ready Java web applications.
The framework has been designed to streamline the full development cycle, from building, to deploying,
to maintaining applications over time.</p>
<p>Below is a full list of all changes:</p>
<p><strong>Bug</strong></p>
<ul>
<li>WW-5185 - TilesDefinition is not found and the request for a Struts action fails after an upgrade from Struts 2.5.30 to Struts 6.0.</li>
<li>WW-5189 - Add missing struts-6.0.dtd</li>
<li>WW-5190 - StackOverflowError when dispatching to JSP</li>
<li>WW-5191 - template/simple/textarea.ftl not rendering parameters correctly</li>
<li>WW-5192 - radiomap.ftl not setting enum key values</li>
<li>WW-5194 - UIBean.evaluateParams() throws an IllegalStateException when getting the nonce out of a session that has been invalidated.</li>
<li>WW-5195 - Dispatcher: Infinite loop with dispatcher FORWARD</li>
<li>WW-5197 - java.lang.UnsupportedOperationException in the date component</li>
<li>WW-5198 - textarea’s maxlength attribute displays in tag’s body</li>
<li>WW-5203 - lazyPolicyBuilder in DefaultCspSettings is not lazy</li>
<li>WW-5205 - REST plugin cannot start due to injection error</li>
<li>WW-5207 - Convention Plugin - support for ASM 9</li>
<li>WW-5215 - CspInterceptor assumes Session was already created</li>
<li>WW-5216 - Freemarker Checkbox error after migrating from Struts 2.5.29 to 2.5.30</li>
</ul>
<p><strong>New Feature</strong></p>
<ul>
<li>WW-5187 - java.lang.NoClassDefFoundError: org/apache/struts2/views/velocity/VelocityManager Improvement</li>
<li>WW-5173 - Implement additional OGNL cache configuration controls</li>
<li>WW-5188 - Use 6.0 marker instead of 2.6</li>
<li>WW-5218 - Allow to disable CSP related interceptors</li>
</ul>
<p><strong>Dependency</strong></p>
<ul>
<li>WW-5193 - Use proper hibernate-validator groupId and upgrade to version 6.1.3.Final</li>
<li>WW-5201 - Bump Log4j2 to 2.18.0</li>
<li>WW-5202 - Update jasperreports to 6.19.1 and exclude optional itext from jasperreports</li>
<li>WW-5204 - Upgrade to OGNL 3.3.3</li>
<li>WW-5208 - Update hibernate-validator to 6.2.4</li>
<li>WW-5212 - Upgrade Spring to version 5.3.22</li>
</ul>
<blockquote>
<p>Please read the <a href="https://cwiki.apache.org/confluence/display/WW/Version+Notes+6.0.3">Version Notes</a> to find more details about performed
bug fixes and improvements. Also, a dedicated <a href="https://cwiki.apache.org/confluence/display/WW/Struts+2.5+to+6.0.0+migration">migration guide</a> has been prepared.</p>
</blockquote>
<p>Apache Struts 2 is an elegant, extensible framework for creating enterprise-ready Java web applications.
The framework has been designed to streamline the full development cycle, from building, to deploying,
to maintaining applications over time.</p>
<p><strong>All developers are strongly advised to perform this upgrade.</strong></p>
<p>The 6.x series of the Apache Struts framework has a minimum requirement of the following specification versions:
Servlet API 3.1, JSP API 2.1, and Java 8.</p>
<p>Should any issues arise with your use of any version of the Struts framework, please post your comments to the user list,
and, if appropriate, file <a href="https://issues.apache.org/jira/projects/WW/">a tracking ticket</a>.</p>
<p>You can download this version from our <a href="download.cgi#struts-ga">download</a> page.</p>
<h4 id="a20220606">06 June 2022 - Struts 2 ver. 6.0.0 General Availability</h4>
<p>The Apache Struts group is pleased to announce that Apache Struts 2 ver. 6.0.0 is available as a “General Availability”
release. The GA designation is our highest quality grade.</p>
<p><strong>Version change</strong></p>
<p>You can be surprised by the version change, previously we have been using Struts 2.5.x versioning schema, but this was
a bit misleading. Struts 2 is a different framework than Struts 1 and its versioning is supposed to start with 1.0.0,
yet that never happened. With each breaking changes release (like Struts 2.5), we had been only upgrading the MINOR
part of the versioning schema. To fix that problem as from Struts 2 ver. 6.0.0 (aka Struts 2.6) we adopt a proper SemVer
to avoid such confusion.</p>
<p><strong>Internal Changes</strong></p>
<p>The framework requires Java 8 at runtime. Also Servlet API 3.1 capable container is required.</p>
<p>OGNL expressions are limited to 256 characters by default. See <a href="https://issues.apache.org/jira/browse/WW-5179">WW-5179</a>
and <a href="https://struts.apache.org/security/#apply-a-maximum-allowed-length-on-ognl-expressions">docs</a> for more details.</p>
<p>Yasser’s PR has been merged which contains a fix to double evaluation security vulnerability - it should solve any future
attack vectors, yet it can impact your application if you have been depending on double evaluation.</p>
<p><em>How to test</em></p>
<ul>
<li>Run all your app tests, you shouldn’t see any WARN log like below:
<blockquote>
<p>Expression [so-and-so] isn’t allowed by pattern [so-and-so]! See Accepted / Excluded patterns at https://struts.apache.org/security/</p>
</blockquote>
</li>
<li>See if following components are still functioning correctly regarding java-scripts:
<ul>
<li>forms with client side validations</li>
<li>doubleselect</li>
<li>combobox</li>
</ul>
</li>
<li>Check also <code class="language-plaintext highlighter-rouge">StreamResult</code>s, <code class="language-plaintext highlighter-rouge">AliasInterceptor</code> and <code class="language-plaintext highlighter-rouge">JasperReportResult</code>s if they are still working as expected.</li>
</ul>
<p>Support to access static methods via OGNL expressions has been removed, use action instance methods instead.</p>
<p><strong>Bug</strong></p>
<ul>
<li>WW-3534 - PrepareOperations.createActionContext does not detect existing context correctly</li>
<li>WW-3730 - action tag accepts only String arrays as parameters</li>
<li>WW-4723 - s:url incompatible with JDK 1.5</li>
<li>WW-4742 - Problem with escape when the key from getText has no value</li>
<li>WW-4865 - Struts s:checkbox conversion fails to List<Integer></Integer></li>
<li>WW-4866 - ASM 5.2 and Java 9 leads to IllegalArgumentException</li>
<li>WW-4897 - KEYS, sigs and hashes should use https (SSL)</li>
<li>WW-4902 - Struts 2 fails to init Dispatcher - Tomcat Embedded</li>
<li>WW-4928 - Setting struts.devMode from system property not working as described</li>
<li>WW-4930 - SMI cannot be diasabled for action-packages found via the convention-plugin</li>
<li>WW-4941 - [jar_cache] Some jar_cache<strong>**</strong>.tmp files are generated into a temporary directory(/tmp) during web service start</li>
<li>WW-4943 - opensymphony.xwork2.util.LocalizedTextUtil can’t get i18n resources</li>
<li>WW-4944 - Struts 2 REST Tiles integration issue</li>
<li>WW-4945 - TagUtils#buildNamespace should throw an exception when invocation is null</li>
<li>WW-4946 - Strtus 2 spring integrations is failing - fails to init Dispatcher - Tomcat Embedded</li>
<li>WW-4948 - Struts 2.5.16 is creating jar_cache files in temp folder</li>
<li>WW-4951 - MD5 and SHA1 should no longer be provided on download pages</li>
<li>WW-4954 - xml-validation fails since struts 2.5.17</li>
<li>WW-4957 - Update struts version from 2.5.10 to 2.5.17. LocalizedTextUtil class is removed and GlobalLocalizedTextProvider&amp;StrutsLocalizedTextProvider cannot be used instead.</li>
<li>WW-4958 - File upload fails from certain clients</li>
<li>WW-4964 - Missing javascript in form-validate.ftl</li>
<li>WW-4968 - combining s:set and s:property where the property retrieved is null has unexpected results</li>
<li>WW-4971 - s:include tag fails with truncated content in certain circumstances</li>
<li>WW-4974 - NullPointerException in DefaultStaticContentLoader#findStaticResource</li>
<li>WW-4977 - Fixing flaky test in Jsr168DispatcherTest and Jsr286DispatcherTest</li>
<li>WW-4984 - Static files like css and js files in struts-core not properly served</li>
<li>WW-4986 - Race condition reloading config results in actions not found</li>
<li>WW-4987 - Setting Struts2 <s:select> options Css Class</s:select></li>
<li>WW-4991 - Not existing property in listValueKey throws exception</li>
<li>WW-4997 - <s:debug> can't be resolved</s:debug></li>
<li>WW-4999 - Can’t get OgnlValueStack log even if enable logMissingProperties</li>
<li>WW-5002 - Package Level Properties in Global Results</li>
<li>WW-5004 - No more calling of a static variable in Struts 2.8.20 available</li>
<li>WW-5006 - NullPointerException in ProxyUtil class when accessing static member</li>
<li>WW-5009 - EmptyStackException in JSON plugin due to concurrency</li>
<li>WW-5011 - Tiles bug when parsing file:// URLs including # as part of the URL</li>
<li>WW-5013 - Accessing static variable via OGNL returns nothing</li>
<li>WW-5022 - Struts 2.6 escaping behaviour change for s:a (anchor) tag</li>
<li>WW-5024 - HttpParameters.Builder can wrap objects in two layers of Parameters</li>
<li>WW-5025 - Binding Integer Array upon form submission</li>
<li>WW-5026 - Double-submit of TokenSessionStoreInterceptor broken since 2.5.16</li>
<li>WW-5027 - xerces tries to load resources from the internet</li>
<li>WW-5028 - Dispatcher prints stacktraces directly to the console</li>
<li>WW-5029 - The content allowed-methods tag of the XML configuration is sometimes truncated</li>
<li>WW-5030 - ClassNotFoundException - MockPortletResponse</li>
<li>WW-5031 - OGNL: An illegal reflective access operation has occurred</li>
<li>WW-5043 - trouble with Enum subclassing</li>
<li>WW-5054 - Debugging Interceptor debug=browser not working</li>
<li>WW-5058 - Invalid link in primer.html</li>
<li>WW-5059 - primer.html link to spring-security is broken</li>
<li>WW-5065 - AbstractMatcher adds values to the map passed into replaceParameters</li>
<li>WW-5072 - Minor bug in single file upload example of the Showcase application</li>
<li>WW-5074 - Multiple ASM jar conflict in 2.6 build</li>
<li>WW-5076 - struts2 redirecting to https to http</li>
<li>WW-5077 - Unable to set long pathname variables</li>
<li>WW-5079 - Could not find StrutsPrepareAndExecuteFilter sometime in WAS server</li>
<li>WW-5081 - Struts default textarea template fails w3c validation</li>
<li>WW-5082 - struts2 update from 2.1.6 to 2.3.37</li>
<li>WW-5086 - s:set with empty body</li>
<li>WW-5087 - AliasInterceptor doesn’t properly handle Parameter.Empty</li>
<li>WW-5088 - Empty file upload gives wrong error message</li>
<li>WW-5091 - Switched hash and PGP links</li>
<li>WW-5093 - inconsistent scope for variables created with s:set and s:url</li>
<li>WW-5095 - Junit plugin does not push ACTION_MAPPING into the context resulting in NPE</li>
<li>WW-5096 - Struts2 StaticParametersInterceptor’s addParametersToContext method is not working as expected.</li>
<li>WW-5100 - incorrect content-type behavior after upgrading to struts 2.5.*</li>
<li>WW-5102 - Download page issues</li>
<li>WW-5104 - Please delete old releases</li>
<li>WW-5106 - The call chains of ActionContext.getContext() in ServletActionContext are dangerious</li>
<li>WW-5107 - JQuery plugin does not handle dynamic component ids correctly</li>
<li>WW-5108 - No errors are reported locally. On linux environment, tomcat runs alone and reports java.lang.annotation.AnnotationTypeMismatchException</li>
<li>WW-5109 - Ognl issue after migrating from strut 2.3 to 2.5</li>
<li>WW-5116 - PostbackResult uses wrong regex range</li>
<li>WW-5117 - %{id} evaluates different for data-* and value attribute</li>
<li>WW-5119 - Blocking Threads in retrieving text from resource bundle</li>
<li>WW-5121 - Contention when injecting Scope.SINGLETON instances</li>
<li>WW-5123 - CheckboxTag value missing for labelposition</li>
<li>WW-5124 - Tag attribute values cached</li>
<li>WW-5125 - forbidden name attribute values (size, clone…?) in <s:textfield> using the default theme</s:textfield></li>
<li>WW-5129 - Dynamic Attributes are not working for doubleselect, optiontransferselect, inputtransferselect tags</li>
<li>WW-5130 - ID param not being set</li>
<li>WW-5140 - Cannot download struts from the main page</li>
<li>WW-5146 - Empty file upload ends in error</li>
<li>WW-5147 - OGNL valid expression is not cached and is parsed over again in some situations</li>
<li>WW-5160 - Template not found for name “Empty{name=’templateDir’}/simple/hidden.ftl”</li>
<li>WW-5163 - Error executing FreeMarker template</li>
<li>WW-5169 - Key Technologies Primer: Broken link to ResourceBundles</li>
</ul>
<p><strong>New Feature</strong></p>
<ul>
<li>WW-4598 - async Actions</li>
<li>WW-4760 - Switch to Servlet API 2.5</li>
<li>WW-4874 - Asynchronous action method</li>
<li>WW-5005 - Struts2 convention plugin lacks Java 11 support</li>
<li>WW-5049 - Move Velocity support into a dedicated plugin</li>
<li>WW-5083 - Fetch Metadata support</li>
<li>WW-5084 - Content Security Policy support</li>
<li>WW-5085 - Add Cross-Origin Opener Policy and Cross-Origin Embedder Policy Support</li>
<li>WW-5101 - AbstractLocalizedTextProvider illegal reflective access operation has occurred</li>
</ul>
<p><strong>Improvement</strong></p>
<ul>
<li>WW-685 - Generic error message - Type Conversion Error Handling</li>
<li>WW-2040 - Struts 1 vs. Struts 2 benchmarking application</li>
<li>WW-2411 - Add a maxlength attribute to the textarea tag</li>
<li>WW-2537 - Fix generics in all codebase</li>
<li>WW-3788 - Convert ServletActionContext to be more as ActionContext</li>
<li>WW-3877 - Remove altSyntax option</li>
<li>WW-4043 - Duplicated class TestUtils</li>
<li>WW-4069 - Upgrade DWR plugin to use the latest available version</li>
<li>WW-4348 - Remove access to static methods</li>
<li>WW-4713 - Drop “searchValueStack” attribute from tag <s:text></s:text></li>
<li>WW-4763 - Drop deprecated logging layer</li>
<li>WW-4779 - Remove profiling layer</li>
<li>WW-4789 - ActionContext should be immutable</li>
<li>WW-4792 - Removes deprecated XWork constants</li>
<li>WW-4796 - Rename Spring related flags to use the same pattern</li>
<li>WW-4799 - make DateConverter configurable</li>
<li>WW-4875 - Java configuration</li>
<li>WW-4889 - Implement REST content handlers using Apache Juneau</li>
<li>WW-4910 - Align OptGroup with Select</li>
<li>WW-4915 - Replace deprecated commons-lang3 classes</li>
<li>WW-4927 - Use immutable version of OGNL without access to #context</li>
<li>WW-4929 - Fallback i18n Locale</li>
<li>WW-4932 - Conversion fails when generic type is an interface</li>
<li>WW-4937 - Add SortedSet field support to JSON plugin</li>
<li>WW-4938 - ObjectFactory should use Container to instantiate actions and inject dependencies</li>
<li>WW-4952 - Upgrade to apache-master version 21</li>
<li>WW-4963 - Implement new Aware interfaces that are using withXxxx pattern instead of setters</li>
<li>WW-4972 - Switch to latest freemarker version when defining incompatible_improvements</li>
<li>WW-4995 - Enhancement for s:set tag to improve tag body whitespace control.</li>
<li>WW-4996 - Refactor DefaultTypeConverterCreator to use ObjectFactory#buildConverter</li>
<li>WW-5000 - Replace string literals with proper constants in @Inject</li>
<li>WW-5001 - Allow to define converters in “struts-conversion.properties” file</li>
<li>WW-5003 - Use StrutsException instead of XWorkException</li>
<li>WW-5012 - Make a public state check the first acceptance check in SecurityMemberAccess</li>
<li>WW-5017 - Drop @Validation annotation as not needed</li>
<li>WW-5018 - Add maven enforce plugin to control certain environmental constraints</li>
<li>WW-5023 - Upgrade SLF4J to latest 1.7.x version</li>
<li>WW-5034 - Minor enhancement/fix to AbstractLocalizedTextProvider</li>
<li>WW-5035 - Provide mechanism to clear OgnlUtil caches</li>
<li>WW-5036 - update JFreeChart plugin for compatibility with JFreeChart 1.5</li>
<li>WW-5052 - Use TypeConversionException instead of StrutsException</li>
<li>WW-5056 - Standard Accepted Patterns in DefaultAcceptedPatternsChecker</li>
<li>WW-5057 - Cleanup and/or improvements to Showcase Applications</li>
<li>WW-5062 - Use downloads.a.o instead of archive</li>
<li>WW-5063 - Use null check of passed in invocation in all the results</li>
<li>WW-5064 - Move XWork Spring support into struts2-spring-plugin</li>
<li>WW-5069 - Improve build behaviour on JDK9+</li>
<li>WW-5070 - JSONResult default root object should be set explicitly, rather than from result of ValueStack.peek()</li>
<li>WW-5073 - Use TextParser in AbstractMatcher</li>
<li>WW-5078 - Remove support for <xwork> DTD</xwork></li>
<li>WW-5080 - Allow write directly to a response - define a new result</li>
<li>WW-5099 - Upgrade JFreeChart plugin to use version 1.5.1 of JFreeChart</li>
<li>WW-5112 - Add ability (control flag) for TextProviders to prioritize reads from the default resource bundlest.</li>
<li>WW-5113 - Drop deprecated constant “struts.xworkTextProvider”</li>
<li>WW-5114 - Drop deprecated constant “struts.localeProvider”</li>
<li>WW-5115 - Reduce logging for DMI excluded parameters</li>
<li>WW-5126 - inconsistancy between Model Driven and Model Driven Interceptor documentations</li>
<li>WW-5136 - Make class attribute deprecated</li>
<li>WW-5152 - Make OVal plugin deprecated</li>
<li>WW-5153 - Make Portlet, Portlet Mocks and Portlet Tiles plugins deprecated</li>
<li>WW-5154 - Make GXP plugin deprecated</li>
<li>WW-5155 - Make OSGi plugin deprecated</li>
<li>WW-5156 - Make Plexus plugin deprecated</li>
<li>WW-5157 - Make Sitemesh plugin deprecated</li>
<li>WW-5164 - Remove deprecated ConversionDescription class</li>
<li>WW-5168 - Fix missing submitUnchecked and broken disabled attributes in Javatemplates checkbox tag</li>
<li>WW-5175 - Add basic LocalDateTime support</li>
<li>WW-5179 - Set ‘struts.ognl.expressionMaxLength’ to 256 by default</li>
<li>WW-5181 - Stop supporting accessing static methods via OGNL expressions</li>
<li>WW-5182 - Upgrade to Servlet API 3.1</li>
</ul>
<p><strong>Task</strong></p>
<ul>
<li>WW-4845 - run, test, and validate Struts2 with Java9</li>
<li>WW-4981 - Add support for Java 11</li>
<li>WW-4982 - Remove the deprecated JsonLibHandler and outdated json-lib dependency</li>
<li>WW-4983 - Set private access modifier for HttpParameters.toMap</li>
<li>WW-4998 - I18nInterceptor’s default storage should store locale</li>
<li>WW-5010 - Switch to Java 8</li>
<li>WW-5016 - Support Java 8 date time in the date tag</li>
<li>WW-5020 - delete deprecated sitegraph plugin</li>
<li>WW-5021 - Serve static resources from different path</li>
<li>WW-5118 - OGNL long conversion</li>
</ul>
<p><strong>Dependency</strong></p>
<ul>
<li>WW-4887 - Upgrade to Tiles 3.0.8</li>
<li>WW-4926 - Upgrade commons-beanutils to version 1.9.3</li>
<li>WW-4931 - Upgrade to Apache FreeMarker 2.3.28 version</li>
<li>WW-4947 - server errors generated by secure-jakarta-multipart-parser-plugin</li>
<li>WW-4955 - Upgrade to OGNL 3.2.6</li>
<li>WW-4956 - Upgrade to Log4j2 2.11.1</li>
<li>WW-4965 - Upgrade to OGNL 3.2.7</li>
<li>WW-4967 - Upgrade to Jackson 2.9.6</li>
<li>WW-4973 - Upgrade to OGNL 3.2.8</li>
<li>WW-4975 - Upgraded commons-fileupload to version 1.4</li>
<li>WW-4976 - Upgrade ASM to version 7.0</li>
<li>WW-4979 - Update multiple Struts 2.6.x libraries to more recent versions</li>
<li>WW-4980 - Update maven-wrapper to 3.5.4 and add maven-wrapper.jar to .gitignore</li>
<li>WW-4985 - Update persistence-api from 1.0 to 1.0.2 for CDI Plugin</li>
<li>WW-4988 - Upgrade DWR from 1.x to 2.x (for DWR plugin)</li>
<li>WW-4989 - Use JacksonXML handler instead of XStream as a default handler for XML in the REST plugin</li>
<li>WW-4992 - Mark the Embedded JSP plugin as depracted</li>
<li>WW-4993 - Update OGNL versions for 2.6 and 2.5.x builds</li>
<li>WW-5007 - Upgrade Jackson library to the latest version</li>
<li>WW-5019 - Upgrade Log4j to version 2.13.3</li>
<li>WW-5032 - Struts 2 Junit Plugin is not working with Zulu JDK11</li>
<li>WW-5033 - Update a few Struts 2.5.x libraries to more recent versions</li>
<li>WW-5037 - Upgrade commons-beanutils to version 1.9.4</li>
<li>WW-5038 - Upgrade jackson-databind to version 2.9.9.3</li>
<li>WW-5042 - Upgrade jackson-databind to version 2.10.0</li>
<li>WW-5045 - Update jasperreports to 6.10.0</li>
<li>WW-5047 - Upgrade Velocity to 2.1 and Velocity Tools to 3.0</li>
<li>WW-5048 - Update various dependencies to newest version</li>
<li>WW-5050 - Upgrade to OGNL 3.2.12</li>
<li>WW-5061 - CVEs in the library dependencies</li>
<li>WW-5068 - Update multiple Struts 2.6.x libraries / Maven build plugin versions</li>
<li>WW-5075 - Upgrade OSGi to the latest version</li>
<li>WW-5092 - ASM dependency update to 8.*</li>
<li>WW-5094 - Upgrade Spring Framework to version 4.3.29.RELEASE</li>
<li>WW-5097 - Upgrade to OGNL 3.2.16</li>
<li>WW-5098 - Upgrade ASM to version 9.0</li>
<li>WW-5103 - Upgrade XStream to version 1.4.14</li>
<li>WW-5120 - Upgrade Velocity Engine &amp; Velocity Tools</li>
<li>WW-5122 - Upgrade XStream to version 1.4.16</li>
<li>WW-5131 - Upgrade commons-io to version 2.9</li>
<li>WW-5134 - Upgrade JasperReports to version 6.17.0</li>
<li>WW-5135 - Upgrade XStream to version 1.4.17</li>
<li>WW-5142 - Upgrade XStream to version 1.4.18</li>
<li>WW-5143 - Upgrade Oval library to ver. 3.2.1</li>
<li>WW-5144 - Mark OVal plugin as deprecated</li>
<li>WW-5148 - Upgrade ASM to version 9.2</li>
<li>WW-5151 - Bump to 2.15.0 to fix log4j vulnerability</li>
<li>WW-5158 - Upgrade Log4j to version 2.16.0 to address security vulnerability</li>
<li>WW-5161 - Update spring to 4.3.30</li>
<li>WW-5162 - Upgrade Log4j to version 2.17.1 to address security vulnerability</li>
<li>WW-5165 - Update spring to 5.3.x b/c 4.3.x is EOL</li>
<li>WW-5166 - Update OGNL to 3.3.2</li>
<li>WW-5167 - Upgrade XStream to version 1.4.19</li>
<li>WW-5171 - Upgrade Apache Log4j 2.17.2</li>
<li>WW-5172 - Upgrade freemarker to 2.3.31</li>
<li>WW-5174 - Upgrade Jackson-Core to version 2.13.2 and Jackson-Databind to 2.13.2.1</li>
</ul>
<blockquote>
<p>Please read the <a href="https://cwiki.apache.org/confluence/display/WW/Version+Notes+6.0.0">Version Notes</a> to find more details about performed
bug fixes and improvements. Also, a dedicated <a href="https://cwiki.apache.org/confluence/display/WW/Struts+2.5+to+6.0.0+migration">migration guide</a> has been prepared.</p>
</blockquote>
<p>Apache Struts 2 is an elegant, extensible framework for creating enterprise-ready Java web applications.
The framework has been designed to streamline the full development cycle, from building, to deploying,
to maintaining applications over time.</p>
<p><strong>All developers are strongly advised to perform this upgrade.</strong></p>
<p>The 6.x series of the Apache Struts framework has a minimum requirement of the following specification versions:
Servlet API 3.1, JSP API 2.1, and Java 8.</p>
<p>Should any issues arise with your use of any version of the Struts framework, please post your comments to the user list,
and, if appropriate, file <a href="https://issues.apache.org/jira/projects/WW/">a tracking ticket</a>.</p>
<p>You can download this version from our <a href="download.cgi#struts-ga">download</a> page.</p>
<h4 id="a20220404">04 April 2022 - Struts 2.5.30 General Availability</h4>
<p>The Apache Struts group is pleased to announce that Struts 2.5.30 is available as a “General Availability”
release. The GA designation is our highest quality grade.</p>
<p>Internal Changes:</p>
<p>Yasser’s PR has been merged which contains a fix to double evaluation security vulnerability - it should solve any future
attack vectors, yet it can impact your application if you have been depending on double evaluation.</p>
<p><strong>How to test</strong></p>
<p>Run all your app tests, you shouldn’t see any <code class="language-plaintext highlighter-rouge">WARN</code> log like below:</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>Expression [so-and-so] isn't allowed by pattern [so-and-so]! See Accepted / Excluded patterns at
https://struts.apache.org/security/
</code></pre></div></div>
<p>See if following components are still functioning correctly regarding java-scripts:</p>
<ul>
<li>forms with client side validations</li>
<li><code class="language-plaintext highlighter-rouge">doubleselect</code> tag</li>
<li><code class="language-plaintext highlighter-rouge">combobox</code> tag</li>
</ul>
<p>Check also <code class="language-plaintext highlighter-rouge">StreamResult</code>, <code class="language-plaintext highlighter-rouge">AliasInterceptor</code> and <code class="language-plaintext highlighter-rouge">JasperReportResult</code> if they are still working as expected.</p>
<p>Dependency:</p>
<ul>
<li>[WW-5170] - Upgrade Jackson-Core to version 2.10.5 and Jackson-Databind to 2.10.5.1</li>
<li>[WW-5172] - Upgrade freemarker to 2.3.31</li>
</ul>
<blockquote>
<p>Please read the <a href="https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.5.30">Version Notes</a> to find more details about performed
bug fixes and improvements.</p>
</blockquote>
<p>Apache Struts 2 is an elegant, extensible framework for creating enterprise-ready Java web applications.
The framework has been designed to streamline the full development cycle, from building, to deploying,
to maintaining applications over time.</p>
<p><strong>All developers are strongly advised to perform this upgrade.</strong></p>
<p>The 2.5.x series of the Apache Struts framework has a minimum requirement of the following specification versions:
Servlet API 2.4, JSP API 2.0, and Java 7.</p>
<p>Should any issues arise with your use of any version of the Struts framework, please post your comments to the user list,
and, if appropriate, file <a href="https://issues.apache.org/jira/projects/WW/">a tracking ticket</a>.</p>
<p>You can download this version from our <a href="download.cgi#struts-ga">download</a> page.</p>
<h4 id="a20220122">22 January 2022 - Struts 2.5.29 General Availability</h4>
<p>The Apache Struts group is pleased to announce that Struts 2.5.29 is available as a “General Availability”
release. The GA designation is our highest quality grade.</p>
<p>Bugs:</p>
<ul>
<li>[WW-5117] - %{id} evaluates different for data-* and value attribute</li>
<li>[WW-5160] - Template not found for name “Empty{name=’templateDir’}/simple/hidden.ftl”</li>
<li>[WW-5163] - Error executing FreeMarker template</li>
</ul>
<blockquote>
<p>Please read the <a href="https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.5.29">Version Notes</a> to find more details about performed
bug fixes and improvements.</p>
</blockquote>
<p>Apache Struts 2 is an elegant, extensible framework for creating enterprise-ready Java web applications.
The framework has been designed to streamline the full development cycle, from building, to deploying,
to maintaining applications over time.</p>
<p><strong>All developers are strongly advised to perform this upgrade.</strong></p>
<p>The 2.5.x series of the Apache Struts framework has a minimum requirement of the following specification versions:
Servlet API 2.4, JSP API 2.0, and Java 7.</p>
<p>Should any issues arise with your use of any version of the Struts framework, please post your comments to the user list,
and, if appropriate, file <a href="https://issues.apache.org/jira/projects/WW/">a tracking ticket</a>.</p>
<p>You can download this version from our <a href="download.cgi#struts-ga">download</a> page.</p>
<h4 id="a20220102">02 January 2022 - Struts 2.5.28.3 General Availability</h4>
<p>The Apache Struts group is pleased to announce that Struts 2.5.28.3 is available as a “General Availability”
release. The GA designation is our highest quality grade.</p>
<p>This release addresses Log4j vulnerability <a href="https://logging.apache.org/log4j/2.x/security.html#CVE-2021-44832">CVE-2021-44832</a>
by using the latest Log4j ver. 2.12.4 (Java 1.7 compatible).</p>
<p><strong>Please note, that the Apache Struts itself depends on the <code class="language-plaintext highlighter-rouge">log4j-api</code> package only, it’s users’ responsibility
to use a proper version of the log4j-core package!</strong></p>
<blockquote>
<p>Please read the <a href="https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.5.28.3">Version Notes</a> to find more details about performed
bug fixes and improvements.</p>
</blockquote>
<p>Apache Struts 2 is an elegant, extensible framework for creating enterprise-ready Java web applications.
The framework has been designed to streamline the full development cycle, from building, to deploying,
to maintaining applications over time.</p>
<p><strong>All developers are strongly advised to perform this upgrade.</strong></p>
<p>The 2.5.x series of the Apache Struts framework has a minimum requirement of the following specification versions:
Servlet API 2.4, JSP API 2.0, and Java 7.</p>
<p>Should any issues arise with your use of any version of the Struts framework, please post your comments to the user list,
and, if appropriate, file <a href="https://issues.apache.org/jira/projects/WW/">a tracking ticket</a>.</p>
<p>You can download this version from our <a href="download.cgi#struts-ga">download</a> page.</p>
<p class="pull-right">
Skip to: <a href="announce-2021.html">Announcements - 2021</a>
</p>
<p class="pull-left">
<strong>Next:</strong>
<a href="kickstart.html">Kickstart FAQ</a>
</p>
</section>
</article>
<footer class="container">
<div class="col-md-12">
Copyright &copy; 2000-2022 <a href="https://www.apache.org/">The Apache Software Foundation</a>.
Apache Struts, Struts, Apache, the Apache feather logo, and the Apache Struts project logos are
trademarks of The Apache Software Foundation. All Rights Reserved.
</div>
<div class="col-md-12">Logo and website design donated by <a href="https://softwaremill.com/">SoftwareMill</a>.</div>
</footer>
<script>!function (d, s, id) {
var js, fjs = d.getElementsByTagName(s)[0];
if (!d.getElementById(id)) {
js = d.createElement(s);
js.id = id;
js.src = "//platform.twitter.com/widgets.js";
fjs.parentNode.insertBefore(js, fjs);
}
}(document, "script", "twitter-wjs");</script>
<script src="https://apis.google.com/js/platform.js" async="async" defer="defer"></script>
<div id="fb-root"></div>
<script>(function (d, s, id) {
var js, fjs = d.getElementsByTagName(s)[0];
if (d.getElementById(id)) return;
js = d.createElement(s);
js.id = id;
js.src = "//connect.facebook.net/en_GB/all.js#xfbml=1";
fjs.parentNode.insertBefore(js, fjs);
}(document, 'script', 'facebook-jssdk'));</script>
</body>
</html>