You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@struts.apache.org by lu...@apache.org on 2017/07/13 06:49:08 UTC
svn commit: r1015383 [1/2] - in /websites/production/struts/content: ./ docs/
Author: lukaszlenart
Date: Thu Jul 13 06:49:07 2017
New Revision: 1015383
Log:
Updates production
Added:
websites/production/struts/content/docs/s2-047.html
websites/production/struts/content/docs/s2-049.html
Modified:
websites/production/struts/content/announce.html
websites/production/struts/content/docs/actionmapper.html
websites/production/struts/content/docs/file-upload.html
websites/production/struts/content/docs/freemarker.html
websites/production/struts/content/docs/interceptors.html
websites/production/struts/content/docs/localization.html
websites/production/struts/content/docs/security-bulletins.html
websites/production/struts/content/docs/tiles-plugin.html
websites/production/struts/content/docs/type-conversion.html
websites/production/struts/content/docs/validation.html
websites/production/struts/content/docs/version-notes-2333.html
websites/production/struts/content/docs/version-notes-2512.html
websites/production/struts/content/download.html
websites/production/struts/content/downloads.html
websites/production/struts/content/index.html
Modified: websites/production/struts/content/announce.html
==============================================================================
--- websites/production/struts/content/announce.html (original)
+++ websites/production/struts/content/announce.html Thu Jul 13 06:49:07 2017
@@ -125,6 +125,7 @@
<h1 class="no_toc" id="announcements">Announcements</h1>
<ul id="markdown-toc">
+ <li><a href="#a20170717" id="markdown-toc-a20170717">17 July 2017 - Struts 2.5.12 General Availability</a></li>
<li><a href="#a20170707" id="markdown-toc-a20170707">9 July 2017 - Possible RCE in the Struts Showcase app in the Struts 1 plugin example in the Struts 2.3.x series</a></li>
<li><a href="#a20170323" id="markdown-toc-a20170323">23 march 2017 - Struts Extras secure Multipart plugins General Availability - versions 1.1</a></li>
<li><a href="#a20170320" id="markdown-toc-a20170320">20 march 2017 - Struts Extras secure Multipart plugins General Availability</a></li>
@@ -137,6 +138,85 @@
Skip to: <a href="announce-2016.html">Announcements - 2016</a>
</p>
+<h4 id="a20170717">17 July 2017 - Struts 2.5.12 General Availability</h4>
+
+<p>The Apache Struts group is pleased to announce that Struts 2.5.12 is available as a âGeneral Availabilityâ
+release. The GA designation is our highest quality grade.</p>
+
+<p>Apache Struts 2 is an elegant, extensible framework for creating enterprise-ready Java web applications.
+The framework is designed to streamline the full development cycle, from building, to deploying,
+to maintaining applications over time.</p>
+
+<p>This release contains fixes for the following potential security vulnerabilities:</p>
+
+<ul>
+ <li><a href="/docs/s2-047.html">S2-047</a>
+Possible DoS attack when using URLValidator</li>
+ <li><a href="/docs/s2-049.html">S2-049</a>
+A DoS attack is available for Spring secured actions,</li>
+</ul>
+
+<p>Except the above this release also contains several improvements just to mention few of them:</p>
+
+<ul>
+ <li><code class="highlighter-rouge">double</code> and <code class="highlighter-rouge">Double</code> are not validated with the same decimal separator</li>
+ <li><code class="highlighter-rouge">ognl.MethodFailedException</code> when you do not enter a value for a field mapped to an int</li>
+ <li><code class="highlighter-rouge">Double</code> Value Conversion with requestLocale=de</li>
+ <li>The <code class="highlighter-rouge">TextProvider</code> injection in <code class="highlighter-rouge">ActionSupport</code> isnât quite integrated into the frameworkâs core DI</li>
+ <li>Struts2 raise <code class="highlighter-rouge">java.lang.ClassCastException</code> when Result type is <code class="highlighter-rouge">chain</code></li>
+ <li><code class="highlighter-rouge">@InputConfig</code> annotation is not working when integrating with spring aop</li>
+ <li>Validators do not work for multiple values</li>
+ <li><code class="highlighter-rouge">BigDecimal</code> are not converted according context locale</li>
+ <li><code class="highlighter-rouge">NullPointerException</code> when displaying a form without action attribute</li>
+ <li>Http Sessions forcefully created for all requests using I18nInterceptor with default Storage value.</li>
+ <li><code class="highlighter-rouge">cssErrorClass</code> attribute has no effect on <code class="highlighter-rouge">label</code> tag</li>
+ <li>Why <code class="highlighter-rouge">JSONValidationInterceptor</code> return Status Code <code class="highlighter-rouge">400 BAD_REQUEST</code> instead of <code class="highlighter-rouge">200 SUCCESS</code></li>
+ <li>@autowired does not work since Struts 2.3.28.1</li>
+ <li>Mixed content https to http when upgraded to 2.3.32 or 2.5.10.1</li>
+ <li>Upgrade from struts2-tiles3-plugin to struts2-tiles-plugin gives a NoSuchDefinitionException</li>
+ <li>Aspects are not executed when chaining AOPed actions</li>
+ <li>Duplicate hidden input field checkboxListHandler</li>
+ <li>The value of checkbox getted in server-side is âfalseâ when no any checkbox been selected.</li>
+ <li>refactor file upload framework</li>
+ <li><code class="highlighter-rouge">creditCard</code> validator available in Struts 1 missing in Struts 2</li>
+ <li>No easy way to have an empty interceptor stack if have default stack</li>
+ <li><code class="highlighter-rouge">@TypeConversion</code> converter attribute to class</li>
+ <li>Convert <code class="highlighter-rouge">LocalizedTextUtil</code> into a bean with default implementation</li>
+ <li>NPE in <code class="highlighter-rouge">StrutsTilesContainerFactory</code> when resource isnât found</li>
+ <li>Buffer/Flush behaviour in <code class="highlighter-rouge">FreemarkerResult</code></li>
+ <li>Struts2 should know and consider config time class of userâs Actions</li>
+ <li>getters of exclude-sets in OgnlUtil should return immutable collections</li>
+ <li>Mark <code class="highlighter-rouge">site-graph</code> plugin as deprecated</li>
+ <li>Use <code class="highlighter-rouge">TextProviderFactory</code> instead of <code class="highlighter-rouge">TextProvider</code> as beanâs dependency</li>
+ <li>Create <code class="highlighter-rouge">LocaleProviderFactory</code> and uses instead of <code class="highlighter-rouge">LocaleProvider</code></li>
+ <li>Improve error logging in <code class="highlighter-rouge">DefaultDispatcherErrorHandler</code></li>
+ <li>Make <code class="highlighter-rouge">jakarta-stream</code> multipart parser more extensible</li>
+ <li>Make Multipart parsers more extensible</li>
+ <li>Add proper validation if request is a multipart request</li>
+ <li>Make <code class="highlighter-rouge">SecurityMethodAccess</code> excluded classes & packages definitions immutable</li>
+ <li>Upgrade to Log4j2 2.8.2</li>
+ <li>Allow disable file upload support via an configurable option</li>
+ <li>Stop using <code class="highlighter-rouge">DefaultLocalizedTextProvider#localeFromString</code> static util method</li>
+ <li>Donât add <code class="highlighter-rouge">JBossFileManager</code> as a possible FileManager when not on JBoss</li>
+ <li>There is no <code class="highlighter-rouge">@LongRangeFieldValidator</code> annotation to support <code class="highlighter-rouge">LongRangeFieldValidator</code></li>
+ <li>Upgrade to commons-lang 3.6</li>
+ <li>Update commons-fileupload</li>
+</ul>
+
+<blockquote>
+ <p>Please read the <a href="/docs/version-notes-2512.html">Version Notes</a> to find more details about performed bug fixes and improvements.</p>
+</blockquote>
+
+<p><strong>All developers are strongly advised to perform this action.</strong></p>
+
+<p>The 2.5.x series of the Apache Struts framework has a minimum requirement of the following specification versions:
+Servlet API 2.4, JSP API 2.0, and Java 7.</p>
+
+<p>Should any issues arise with your use of any version of the Struts framework, please post your comments
+to the user list, and, if appropriate, file a tracking ticket.</p>
+
+<p>You can download this version from our <a href="download.cgi#struts-ga">download</a> page.</p>
+
<h4 id="a20170707">9 July 2017 - Possible RCE in the Struts Showcase app in the Struts 1 plugin example in the Struts 2.3.x series</h4>
<p>A potential security vulnerability was reported in the Struts 1 plugin used in the Struts 2.3.x series.
Modified: websites/production/struts/content/docs/actionmapper.html
==============================================================================
--- websites/production/struts/content/docs/actionmapper.html (original)
+++ websites/production/struts/content/docs/actionmapper.html Thu Jul 13 06:49:07 2017
@@ -140,11 +140,11 @@ under the License.
<div class="pagecontent">
<div class="wiki-content">
<div id="ConfluenceContent"><p><style type="text/css">/*<![CDATA[*/
-div.rbtoc1499445292825 {padding: 0px;}
-div.rbtoc1499445292825 ul {list-style: disc;margin-left: 0px;}
-div.rbtoc1499445292825 li {margin-left: 0px;padding-left: 0px;}
+div.rbtoc1499928310561 {padding: 0px;}
+div.rbtoc1499928310561 ul {list-style: disc;margin-left: 0px;}
+div.rbtoc1499928310561 li {margin-left: 0px;padding-left: 0px;}
-/*]]>*/</style></p><div class="toc-macro rbtoc1499445292825">
+/*]]>*/</style></p><div class="toc-macro rbtoc1499928310561">
<ul class="toc-indentation"><li><a shape="rect" href="#ActionMapper-Description">Description</a></li><li><a shape="rect" href="#ActionMapper-DefaultActionMapper">DefaultActionMapper</a>
<ul class="toc-indentation"><li><a shape="rect" href="#ActionMapper-Methodprefix">Method prefix</a></li><li><a shape="rect" href="#ActionMapper-Actionprefix">Action prefix</a></li><li><a shape="rect" href="#ActionMapper-AllowedactionnameRegEx">Allowed action name RegEx</a></li><li><a shape="rect" href="#ActionMapper-AllowedmethodnameRegEx">Allowed method name RegEx</a></li></ul>
</li><li><a shape="rect" href="#ActionMapper-CustomActionMapper">Custom ActionMapper</a></li><li><a shape="rect" href="#ActionMapper-CompositeActionMapper">CompositeActionMapper</a></li><li><a shape="rect" href="#ActionMapper-PrefixBasedActionMapper">PrefixBasedActionMapper</a></li><li><a shape="rect" href="#ActionMapper-ActionMapperandActionMappingobjects">ActionMapper and ActionMapping objects</a>
Modified: websites/production/struts/content/docs/file-upload.html
==============================================================================
--- websites/production/struts/content/docs/file-upload.html (original)
+++ websites/production/struts/content/docs/file-upload.html Thu Jul 13 06:49:07 2017
@@ -140,11 +140,11 @@ under the License.
<div class="pagecontent">
<div class="wiki-content">
<div id="ConfluenceContent"><p>The Struts 2 framework provides built-in support for processing file uploads that conform to <a shape="rect" class="external-link" href="http://www.ietf.org/rfc/rfc1867.txt" rel="nofollow">RFC 1867</a>, "Form-based File Upload in HTML". When correctly configured the framework will pass uploaded file(s) into your Action class. Support for individual and multiple file uploads are provided. When a file is uploaded it will typically be stored in a temporary directory. Uploaded files should be processed or moved by your Action class to ensure the data is not lost. Be aware that servers may have a security policy in place that prohibits you from writing to directories other than the temporary directory and the directories that belong to your web application.</p><p><style type="text/css">/*<![CDATA[*/
-div.rbtoc1499445531876 {padding: 0px;}
-div.rbtoc1499445531876 ul {list-style: disc;margin-left: 0px;}
-div.rbtoc1499445531876 li {margin-left: 0px;padding-left: 0px;}
+div.rbtoc1499928483092 {padding: 0px;}
+div.rbtoc1499928483092 ul {list-style: disc;margin-left: 0px;}
+div.rbtoc1499928483092 li {margin-left: 0px;padding-left: 0px;}
-/*]]>*/</style></p><div class="toc-macro rbtoc1499445531876">
+/*]]>*/</style></p><div class="toc-macro rbtoc1499928483092">
<ul class="toc-indentation"><li><a shape="rect" href="#FileUpload-Dependencies">Dependencies</a></li><li><a shape="rect" href="#FileUpload-BasicUsage">Basic Usage</a></li><li><a shape="rect" href="#FileUpload-UploadingMultipleFiles">Uploading Multiple Files</a>
<ul class="toc-indentation"><li><a shape="rect" href="#FileUpload-UploadingMultipleFilesusingArrays">Uploading Multiple Files using Arrays</a></li><li><a shape="rect" href="#FileUpload-UploadingMultipleFilesusingLists">Uploading Multiple Files using Lists</a></li></ul>
</li><li><a shape="rect" href="#FileUpload-AdvancedConfiguration">Advanced Configuration</a>
Modified: websites/production/struts/content/docs/freemarker.html
==============================================================================
--- websites/production/struts/content/docs/freemarker.html (original)
+++ websites/production/struts/content/docs/freemarker.html Thu Jul 13 06:49:07 2017
@@ -140,11 +140,11 @@ under the License.
<div class="pagecontent">
<div class="wiki-content">
<div id="ConfluenceContent"><p><style type="text/css">/*<![CDATA[*/
-div.rbtoc1499445252403 {padding: 0px;}
-div.rbtoc1499445252403 ul {list-style: disc;margin-left: 0px;}
-div.rbtoc1499445252403 li {margin-left: 0px;padding-left: 0px;}
+div.rbtoc1499928275070 {padding: 0px;}
+div.rbtoc1499928275070 ul {list-style: disc;margin-left: 0px;}
+div.rbtoc1499928275070 li {margin-left: 0px;padding-left: 0px;}
-/*]]>*/</style></p><div class="toc-macro rbtoc1499445252403">
+/*]]>*/</style></p><div class="toc-macro rbtoc1499928275070">
<ul class="toc-indentation"><li><a shape="rect" href="#FreeMarker-GettingStarted">Getting Started</a></li><li><a shape="rect" href="#FreeMarker-Servlet/JSPScopedObjects">Servlet / JSP Scoped Objects</a>
<ul class="toc-indentation"><li><a shape="rect" href="#FreeMarker-ApplicationScopeAttribute">Application Scope Attribute</a></li><li><a shape="rect" href="#FreeMarker-SessionScopeAttribute">Session Scope Attribute</a></li><li><a shape="rect" href="#FreeMarker-RequestScopeAttribute">Request Scope Attribute</a></li><li><a shape="rect" href="#FreeMarker-RequestParameter">Request Parameter</a></li><li><a shape="rect" href="#FreeMarker-Contextparameter">Context parameter</a></li></ul>
</li><li><a shape="rect" href="#FreeMarker-TemplateLoading">Template Loading</a></li><li><a shape="rect" href="#FreeMarker-VariableResolution">Variable Resolution</a></li><li><a shape="rect" href="#FreeMarker-TagSupport">Tag Support</a></li><li><a shape="rect" href="#FreeMarker-TipsandTricks">Tips and Tricks</a>
Modified: websites/production/struts/content/docs/interceptors.html
==============================================================================
--- websites/production/struts/content/docs/interceptors.html (original)
+++ websites/production/struts/content/docs/interceptors.html Thu Jul 13 06:49:07 2017
@@ -140,11 +140,11 @@ under the License.
<div class="pagecontent">
<div class="wiki-content">
<div id="ConfluenceContent"><div class="confluence-information-macro confluence-information-macro-tip"><span class="aui-icon aui-icon-small aui-iconfont-approve confluence-information-macro-icon"></span><div class="confluence-information-macro-body"><p>The default Interceptor stack is designed to serve the needs of most applications. Most applications will <strong>not</strong> need to add Interceptors or change the Interceptor stack.</p></div></div><p>Many Actions share common concerns. Some Actions need input validated. Other Actions may need a file upload to be pre-processed. Another Action might need protection from a double submit. Many Actions need drop-down lists and other controls pre-populated before the page displays.</p><p>The framework makes it easy to share solutions to these concerns using an "Interceptor" strategy. When you request a resource that maps to an "action", the framework invokes the Action object. But, before the Action is executed, the invocatio
n can be intercepted by another object. After the Action executes, the invocation could be intercepted again. Unsurprisingly, we call these objects "Interceptors."</p><p><style type="text/css">/*<![CDATA[*/
-div.rbtoc1499445161108 {padding: 0px;}
-div.rbtoc1499445161108 ul {list-style: disc;margin-left: 0px;}
-div.rbtoc1499445161108 li {margin-left: 0px;padding-left: 0px;}
+div.rbtoc1499928204372 {padding: 0px;}
+div.rbtoc1499928204372 ul {list-style: disc;margin-left: 0px;}
+div.rbtoc1499928204372 li {margin-left: 0px;padding-left: 0px;}
-/*]]>*/</style></p><div class="toc-macro rbtoc1499445161108">
+/*]]>*/</style></p><div class="toc-macro rbtoc1499928204372">
<ul class="toc-indentation"><li><a shape="rect" href="#Interceptors-UnderstandingInterceptors">Understanding Interceptors</a></li><li><a shape="rect" href="#Interceptors-ConfiguringInterceptors">Configuring Interceptors</a></li><li><a shape="rect" href="#Interceptors-StackingInterceptors">Stacking Interceptors</a>
<ul class="toc-indentation"><li><a shape="rect" href="#Interceptors-TheDefaultConfiguration">The Default Configuration</a></li></ul>
</li><li><a shape="rect" href="#Interceptors-FrameworkInterceptors">Framework Interceptors</a>
Modified: websites/production/struts/content/docs/localization.html
==============================================================================
--- websites/production/struts/content/docs/localization.html (original)
+++ websites/production/struts/content/docs/localization.html Thu Jul 13 06:49:07 2017
@@ -140,11 +140,11 @@ under the License.
<div class="pagecontent">
<div class="wiki-content">
<div id="ConfluenceContent"><p><style type="text/css">/*<![CDATA[*/
-div.rbtoc1499445229520 {padding: 0px;}
-div.rbtoc1499445229520 ul {list-style: disc;margin-left: 0px;}
-div.rbtoc1499445229520 li {margin-left: 0px;padding-left: 0px;}
+div.rbtoc1499928261944 {padding: 0px;}
+div.rbtoc1499928261944 ul {list-style: disc;margin-left: 0px;}
+div.rbtoc1499928261944 li {margin-left: 0px;padding-left: 0px;}
-/*]]>*/</style></p><div class="toc-macro rbtoc1499445229520">
+/*]]>*/</style></p><div class="toc-macro rbtoc1499928261944">
<ul class="toc-indentation"><li><a shape="rect" href="#Localization-Overview">Overview</a></li><li><a shape="rect" href="#Localization-ResourceBundleSearchOrder">Resource Bundle Search Order</a>
<ul class="toc-indentation"><li><a shape="rect" href="#Localization-Defaultaction'sclass">Default action's class</a></li><li><a shape="rect" href="#Localization-UsinggetTextfromaTag">Using getText from a Tag</a></li><li><a shape="rect" href="#Localization-Usingthetexttag">Using the text tag</a></li><li><a shape="rect" href="#Localization-UsingtheI18ntag">Using the I18n tag</a></li><li><a shape="rect" href="#Localization-UsingtheKeyattributeofUITags">Using the Key attribute of UI Tags</a></li></ul>
</li><li><a shape="rect" href="#Localization-I18nInterceptor">I18n Interceptor</a></li><li><a shape="rect" href="#Localization-GlobalResources(struts.custom.i18n.resources)instruts.properties">Global Resources (struts.custom.i18n.resources) in struts.properties</a></li><li><a shape="rect" href="#Localization-FormattingDatesandNumbers">Formatting Dates and Numbers</a></li><li><a shape="rect" href="#Localization-ComparisonwithStruts1">Comparison with Struts 1</a></li><li><a shape="rect" href="#Localization-Usingonlyglobalbundles">Using only global bundles</a></li><li><a shape="rect" href="#Localization-CustomTextProviderandTextProviderFactory">Custom TextProvider and TextProviderFactory</a></li><li><a shape="rect" href="#Localization-Next:">Next: Type Conversion</a></li></ul>
Added: websites/production/struts/content/docs/s2-047.html
==============================================================================
--- websites/production/struts/content/docs/s2-047.html (added)
+++ websites/production/struts/content/docs/s2-047.html Thu Jul 13 06:49:07 2017
@@ -0,0 +1,167 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<html>
+<head>
+ <link type="text/css" rel="stylesheet" href="https://struts.apache.org/css/default.css">
+ <style type="text/css">
+ .dp-highlighter {
+ width:95% !important;
+ }
+ </style>
+ <style type="text/css">
+ .footer {
+ background-image: url('https://cwiki.apache.org/confluence/images/border/border_bottom.gif');
+ background-repeat: repeat-x;
+ background-position: left top;
+ padding-top: 4px;
+ color: #666;
+ }
+ </style>
+ <link href='https://struts.apache.org/highlighter/style/shCoreStruts.css' rel='stylesheet' type='text/css' />
+ <link href='https://struts.apache.org/highlighter/style/shThemeStruts.css' rel='stylesheet' type='text/css' />
+ <script src='https://struts.apache.org/highlighter/js/shCore.js' type='text/javascript'></script>
+ <script src='https://struts.apache.org/highlighter/js/shBrushPlain.js' type='text/javascript'></script>
+ <script src='https://struts.apache.org/highlighter/js/shBrushXml.js' type='text/javascript'></script>
+ <script src='https://struts.apache.org/highlighter/js/shBrushJava.js' type='text/javascript'></script>
+ <script src='https://struts.apache.org/highlighter/js/shBrushJScript.js' type='text/javascript'></script>
+ <script src='https://struts.apache.org/highlighter/js/shBrushGroovy.js' type='text/javascript'></script>
+ <script src='https://struts.apache.org/highlighter/js/shBrushBash.js' type='text/javascript'></script>
+ <script src='https://struts.apache.org/highlighter/js/shBrushCss.js' type='text/javascript'></script>
+ <script type="text/javascript">
+ SyntaxHighlighter.defaults['toolbar'] = false;
+ SyntaxHighlighter.all();
+ </script>
+ <script type="text/javascript" language="javascript">
+ var hide = null;
+ var show = null;
+ var children = null;
+
+ function init() {
+ /* Search form initialization */
+ var form = document.forms['search'];
+ if (form != null) {
+ form.elements['domains'].value = location.hostname;
+ form.elements['sitesearch'].value = location.hostname;
+ }
+
+ /* Children initialization */
+ hide = document.getElementById('hide');
+ show = document.getElementById('show');
+ children = document.all != null ?
+ document.all['children'] :
+ document.getElementById('children');
+ if (children != null) {
+ children.style.display = 'none';
+ show.style.display = 'inline';
+ hide.style.display = 'none';
+ }
+ }
+
+ function showChildren() {
+ children.style.display = 'block';
+ show.style.display = 'none';
+ hide.style.display = 'inline';
+ }
+
+ function hideChildren() {
+ children.style.display = 'none';
+ show.style.display = 'inline';
+ hide.style.display = 'none';
+ }
+ </script>
+ <title>S2-047</title>
+</head>
+<body onload="init()">
+<table border="0" cellpadding="2" cellspacing="0" width="100%">
+ <tr class="topBar">
+ <td align="left" valign="middle" class="topBarDiv" align="left" nowrap>
+ <a href="home.html">Home</a> > <a href="security-bulletins.html">Security Bulletins</a> > <a href="s2-047.html">S2-047</a>
+ </td>
+ <td align="right" valign="middle" nowrap>
+ <form name="search" action="https://www.google.com/search" method="get">
+ <input type="hidden" name="ie" value="UTF-8" />
+ <input type="hidden" name="oe" value="UTF-8" />
+ <input type="hidden" name="domains" value="" />
+ <input type="hidden" name="sitesearch" value="" />
+ <input type="text" name="q" maxlength="255" value="" />
+ <input type="submit" name="btnG" value="Google Search" />
+ </form>
+ </td>
+ </tr>
+</table>
+
+<div id="PageContent">
+ <div class="pageheader" style="padding: 6px 0px 0px 0px;">
+ <!-- We'll enable this once we figure out how to access (and save) the logo resource -->
+ <!--img src="/wiki/images/confluence_logo.gif" style="float: left; margin: 4px 4px 4px 10px;" border="0"-->
+ <div style="margin: 0px 10px 0px 10px" class="smalltext">Apache Struts 2 Documentation</div>
+ <div style="margin: 0px 10px 8px 10px" class="pagetitle">S2-047</div>
+
+ <div class="greynavbar" align="right" style="padding: 2px 10px; margin: 0px;">
+ <a href="https://cwiki.apache.org/confluence/pages/editpage.action?pageId=71012430">
+ <img src="https://cwiki.apache.org/confluence/images/icons/notep_16.gif"
+ height="16" width="16" border="0" align="absmiddle" title="Edit Page"></a>
+ <a href="https://cwiki.apache.org/confluence/pages/editpage.action?pageId=71012430">Edit Page</a>
+
+ <a href="https://cwiki.apache.org/confluence/pages/listpages.action?key=WW">
+ <img src="https://cwiki.apache.org/confluence/images/icons/browse_space.gif"
+ height="16" width="16" border="0" align="absmiddle" title="Browse Space"></a>
+ <a href="https://cwiki.apache.org/confluence/pages/listpages.action?key=WW">Browse Space</a>
+
+ <a href="https://cwiki.apache.org/confluence/pages/createpage.action?spaceKey=WW&fromPageId=71012430">
+ <img src="https://cwiki.apache.org/confluence/images/icons/add_page_16.gif"
+ height="16" width="16" border="0" align="absmiddle" title="Add Page"></a>
+ <a href="https://cwiki.apache.org/confluence/pages/createpage.action?spaceKey=WW&fromPageId=71012430">Add Page</a>
+
+ <a href="https://cwiki.apache.org/confluence/pages/createblogpost.action?spaceKey=WW&fromPageId=71012430">
+ <img src="https://cwiki.apache.org/confluence/images/icons/add_blogentry_16.gif"
+ height="16" width="16" border="0" align="absmiddle" title="Add News"></a>
+ <a href="https://cwiki.apache.org/confluence/pages/createblogpost.action?spaceKey=WW&fromPageId=71012430">Add News</a>
+ </div>
+ </div>
+
+ <div class="pagecontent">
+ <div class="wiki-content">
+ <div id="ConfluenceContent"><h2 id="S2-047-Summary">Summary</h2>Possible DoS attack when using URLValidator (similar to <a shape="rect" href="s2-044.html">S2-044</a>)<div class="table-wrap"><table class="confluenceTable"><tbody><tr><th colspan="1" rowspan="1" class="confluenceTh"><p>Who should read this</p></th><td colspan="1" rowspan="1" class="confluenceTd"><p>All Struts 2 developers and users</p></td></tr><tr><th colspan="1" rowspan="1" class="confluenceTh"><p>Impact of vulnerability</p></th><td colspan="1" rowspan="1" class="confluenceTd"><p>Possible DoS attack when using URLValidator</p></td></tr><tr><th colspan="1" rowspan="1" class="confluenceTh"><p>Maximum security rating</p></th><td colspan="1" rowspan="1" class="confluenceTd"><p>Low</p></td></tr><tr><th colspan="1" rowspan="1" class="confluenceTh"><p>Recommendation</p></th><td colspan="1" rowspan="1" class="confluenceTd"><p>Upgrade to <a shape="rect" href="version-notes-2512.html">Struts 2.5.12</a></p></td></tr
><tr><th colspan="1" rowspan="1" class="confluenceTh"><p>Affected Software</p></th><td colspan="1" rowspan="1" class="confluenceTd"><p>Struts 2.5 -<span style="color: rgb(23,35,59);"> Struts 2.5.10.1</span></p></td></tr><tr><th colspan="1" rowspan="1" class="confluenceTh"><p>Reporter</p></th><td colspan="1" rowspan="1" class="confluenceTd"><p>Jonathan Bullock <jonbullock at gmail dot com></p></td></tr><tr><th colspan="1" rowspan="1" class="confluenceTh"><p>CVE Identifier</p></th><td colspan="1" rowspan="1" class="confluenceTd"><p>CVE-2017-7672</p></td></tr></tbody></table></div><h2 id="S2-047-Problem">Problem</h2><p>If an application allows enter an URL in a form field and built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL.</p><p><span style="font-size: 20.0px;">Solution</span></p><p>Upgrade to Apache Struts version 2.5.12.</p><h2 id="S2-047-Backwardcompatibility">Backward c
ompatibility</h2><p>No backward incompatibility issues are expected.</p><h2 id="S2-047-Workaround">Workaround</h2><p>Instead of using the default RegEx provided by the <code>UrlValidator</code> you can use the below one:</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
+<pre class="brush: text; gutter: false; theme: Default" style="font-size:12px;">"^(https?|ftp):\\/\\/" +
+"(([a-z0-9$_\\.\\+!\\*\\'\\(\\),;\\?&=-]|%[0-9a-f]{2})+" +
+"(:([a-z0-9$_\\.\\+!\\*\\'\\(\\),;\\?&=-]|%[0-9a-f]{2})+)?" +
+"@)?(#?" +
+")((([a-z0-9]\\.|[a-z0-9][a-z0-9-]*[a-z0-9]\\.)*" +
+"[a-z][a-z0-9-]*[a-z0-9]" +
+"|((\\d|[1-9]\\d|1\\d{2}|2[0-4][0-9]|25[0-5])\\.){3}" +
+"(\\d|[1-9]\\d|1\\d{2}|2[0-4][0-9]|25[0-5])" +
+")(:\\d+)?" +
+")(((\\/{0,1}([a-z0-9$_\\.\\+!\\*\\'\\(\\),;:@&=-]|%[0-9a-f]{2})*)*" +
+"(\\?([a-z0-9$_\\.\\+!\\*\\'\\(\\),;:@&=-]|%[0-9a-f]{2})*)" +
+"?)?)?" +
+"(#([a-z0-9$_\\.\\+!\\*\\'\\(\\),;:@&=-]|%[0-9a-f]{2})*)?" +
+"$";</pre>
+</div></div></div>
+ </div>
+
+
+ </div>
+</div>
+<div class="footer">
+ Generated by CXF SiteExporter
+</div>
+</body>
+</html>
Added: websites/production/struts/content/docs/s2-049.html
==============================================================================
--- websites/production/struts/content/docs/s2-049.html (added)
+++ websites/production/struts/content/docs/s2-049.html Thu Jul 13 06:49:07 2017
@@ -0,0 +1,154 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<html>
+<head>
+ <link type="text/css" rel="stylesheet" href="https://struts.apache.org/css/default.css">
+ <style type="text/css">
+ .dp-highlighter {
+ width:95% !important;
+ }
+ </style>
+ <style type="text/css">
+ .footer {
+ background-image: url('https://cwiki.apache.org/confluence/images/border/border_bottom.gif');
+ background-repeat: repeat-x;
+ background-position: left top;
+ padding-top: 4px;
+ color: #666;
+ }
+ </style>
+ <link href='https://struts.apache.org/highlighter/style/shCoreStruts.css' rel='stylesheet' type='text/css' />
+ <link href='https://struts.apache.org/highlighter/style/shThemeStruts.css' rel='stylesheet' type='text/css' />
+ <script src='https://struts.apache.org/highlighter/js/shCore.js' type='text/javascript'></script>
+ <script src='https://struts.apache.org/highlighter/js/shBrushPlain.js' type='text/javascript'></script>
+ <script src='https://struts.apache.org/highlighter/js/shBrushXml.js' type='text/javascript'></script>
+ <script src='https://struts.apache.org/highlighter/js/shBrushJava.js' type='text/javascript'></script>
+ <script src='https://struts.apache.org/highlighter/js/shBrushJScript.js' type='text/javascript'></script>
+ <script src='https://struts.apache.org/highlighter/js/shBrushGroovy.js' type='text/javascript'></script>
+ <script src='https://struts.apache.org/highlighter/js/shBrushBash.js' type='text/javascript'></script>
+ <script src='https://struts.apache.org/highlighter/js/shBrushCss.js' type='text/javascript'></script>
+ <script type="text/javascript">
+ SyntaxHighlighter.defaults['toolbar'] = false;
+ SyntaxHighlighter.all();
+ </script>
+ <script type="text/javascript" language="javascript">
+ var hide = null;
+ var show = null;
+ var children = null;
+
+ function init() {
+ /* Search form initialization */
+ var form = document.forms['search'];
+ if (form != null) {
+ form.elements['domains'].value = location.hostname;
+ form.elements['sitesearch'].value = location.hostname;
+ }
+
+ /* Children initialization */
+ hide = document.getElementById('hide');
+ show = document.getElementById('show');
+ children = document.all != null ?
+ document.all['children'] :
+ document.getElementById('children');
+ if (children != null) {
+ children.style.display = 'none';
+ show.style.display = 'inline';
+ hide.style.display = 'none';
+ }
+ }
+
+ function showChildren() {
+ children.style.display = 'block';
+ show.style.display = 'none';
+ hide.style.display = 'inline';
+ }
+
+ function hideChildren() {
+ children.style.display = 'none';
+ show.style.display = 'inline';
+ hide.style.display = 'none';
+ }
+ </script>
+ <title>S2-049</title>
+</head>
+<body onload="init()">
+<table border="0" cellpadding="2" cellspacing="0" width="100%">
+ <tr class="topBar">
+ <td align="left" valign="middle" class="topBarDiv" align="left" nowrap>
+ <a href="home.html">Home</a> > <a href="security-bulletins.html">Security Bulletins</a> > <a href="s2-049.html">S2-049</a>
+ </td>
+ <td align="right" valign="middle" nowrap>
+ <form name="search" action="https://www.google.com/search" method="get">
+ <input type="hidden" name="ie" value="UTF-8" />
+ <input type="hidden" name="oe" value="UTF-8" />
+ <input type="hidden" name="domains" value="" />
+ <input type="hidden" name="sitesearch" value="" />
+ <input type="text" name="q" maxlength="255" value="" />
+ <input type="submit" name="btnG" value="Google Search" />
+ </form>
+ </td>
+ </tr>
+</table>
+
+<div id="PageContent">
+ <div class="pageheader" style="padding: 6px 0px 0px 0px;">
+ <!-- We'll enable this once we figure out how to access (and save) the logo resource -->
+ <!--img src="/wiki/images/confluence_logo.gif" style="float: left; margin: 4px 4px 4px 10px;" border="0"-->
+ <div style="margin: 0px 10px 0px 10px" class="smalltext">Apache Struts 2 Documentation</div>
+ <div style="margin: 0px 10px 8px 10px" class="pagetitle">S2-049</div>
+
+ <div class="greynavbar" align="right" style="padding: 2px 10px; margin: 0px;">
+ <a href="https://cwiki.apache.org/confluence/pages/editpage.action?pageId=71012432">
+ <img src="https://cwiki.apache.org/confluence/images/icons/notep_16.gif"
+ height="16" width="16" border="0" align="absmiddle" title="Edit Page"></a>
+ <a href="https://cwiki.apache.org/confluence/pages/editpage.action?pageId=71012432">Edit Page</a>
+
+ <a href="https://cwiki.apache.org/confluence/pages/listpages.action?key=WW">
+ <img src="https://cwiki.apache.org/confluence/images/icons/browse_space.gif"
+ height="16" width="16" border="0" align="absmiddle" title="Browse Space"></a>
+ <a href="https://cwiki.apache.org/confluence/pages/listpages.action?key=WW">Browse Space</a>
+
+ <a href="https://cwiki.apache.org/confluence/pages/createpage.action?spaceKey=WW&fromPageId=71012432">
+ <img src="https://cwiki.apache.org/confluence/images/icons/add_page_16.gif"
+ height="16" width="16" border="0" align="absmiddle" title="Add Page"></a>
+ <a href="https://cwiki.apache.org/confluence/pages/createpage.action?spaceKey=WW&fromPageId=71012432">Add Page</a>
+
+ <a href="https://cwiki.apache.org/confluence/pages/createblogpost.action?spaceKey=WW&fromPageId=71012432">
+ <img src="https://cwiki.apache.org/confluence/images/icons/add_blogentry_16.gif"
+ height="16" width="16" border="0" align="absmiddle" title="Add News"></a>
+ <a href="https://cwiki.apache.org/confluence/pages/createblogpost.action?spaceKey=WW&fromPageId=71012432">Add News</a>
+ </div>
+ </div>
+
+ <div class="pagecontent">
+ <div class="wiki-content">
+ <div id="ConfluenceContent"><h2 id="S2-049-Summary">Summary</h2>A DoS attack is available for Spring secured actions<div class="table-wrap"><table class="confluenceTable"><tbody><tr><th colspan="1" rowspan="1" class="confluenceTh"><p>Who should read this</p></th><td colspan="1" rowspan="1" class="confluenceTd"><p>All Struts 2 developers and users</p></td></tr><tr><th colspan="1" rowspan="1" class="confluenceTh"><p>Impact of vulnerability</p></th><td colspan="1" rowspan="1" class="confluenceTd"><p>A DoS attack is available for Spring secured actions</p></td></tr><tr><th colspan="1" rowspan="1" class="confluenceTh"><p>Maximum security rating</p></th><td colspan="1" rowspan="1" class="confluenceTd"><p>Medium</p></td></tr><tr><th colspan="1" rowspan="1" class="confluenceTh"><p>Recommendation</p></th><td colspan="1" rowspan="1" class="confluenceTd"><p>Upgrade to <a shape="rect" href="version-notes-2512.html">Struts 2.5.12</a></p></td></tr><tr><th colspan="1" rowspan="1" class
="confluenceTh"><p>Affected Software</p></th><td colspan="1" rowspan="1" class="confluenceTd"><p>Struts 2.5 -<span style="color: rgb(23,35,59);"> Struts 2.5.10.1</span></p></td></tr><tr><th colspan="1" rowspan="1" class="confluenceTh"><p>Reporter</p></th><td colspan="1" rowspan="1" class="confluenceTd"><p><span class="Apple-tab-span"> </span>Yasser Zamani <yasser dot zamani at live dot com></p></td></tr><tr><th colspan="1" rowspan="1" class="confluenceTh"><p>CVE Identifier</p></th><td colspan="1" rowspan="1" class="confluenceTd"><p> </p></td></tr></tbody></table></div><h2 id="S2-049-Problem">Problem</h2><p>When using a Spring AOP functionality to secure Struts actions it is possible to perform a DoS attack when user was properly authenticated</p><p><span style="font-size: 20.0px;">Solution</span></p><p>Upgrade to Apache Struts version 2.5.12.</p><h2 id="S2-049-Backwardcompatibility">Backward compatibility</h2><p>No backward incompatibility issues are expected.</p><h2
id="S2-049-Workaround">Workaround</h2><p>Please define the below constant in a <code>struts.xml</code> file:</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
+<pre class="brush: java; gutter: false; theme: Default" style="font-size:12px;"><constant name="struts.additional.excludedPatterns" value=".\.accessDecisionManager\.." /></pre>
+</div></div><p> </p><p> </p></div>
+ </div>
+
+
+ </div>
+</div>
+<div class="footer">
+ Generated by CXF SiteExporter
+</div>
+</body>
+</html>
Modified: websites/production/struts/content/docs/security-bulletins.html
==============================================================================
--- websites/production/struts/content/docs/security-bulletins.html (original)
+++ websites/production/struts/content/docs/security-bulletins.html Thu Jul 13 06:49:07 2017
@@ -18,21 +18,20 @@ specific language governing permissions
under the License.
-->
<html>
-
<head>
<link type="text/css" rel="stylesheet" href="https://struts.apache.org/css/default.css">
<style type="text/css">
.dp-highlighter {
- width: 95% !important;
+ width:95% !important;
}
</style>
<style type="text/css">
.footer {
- background-image: url('https://cwiki.apache.org/confluence/images/border/border_bottom.gif');
- background-repeat: repeat-x;
- background-position: left top;
- padding-top: 4px;
- color: #666;
+ background-image: url('https://cwiki.apache.org/confluence/images/border/border_bottom.gif');
+ background-repeat: repeat-x;
+ background-position: left top;
+ padding-top: 4px;
+ color: #666;
}
</style>
<script type="text/javascript" language="javascript">
@@ -52,8 +51,8 @@ under the License.
hide = document.getElementById('hide');
show = document.getElementById('show');
children = document.all != null ?
- document.all['children'] :
- document.getElementById('children');
+ document.all['children'] :
+ document.getElementById('children');
if (children != null) {
children.style.display = 'none';
show.style.display = 'inline';
@@ -75,223 +74,222 @@ under the License.
</script>
<title>Security Bulletins</title>
</head>
-
<body onload="init()">
- <table border="0" cellpadding="2" cellspacing="0" width="100%">
- <tr class="topBar">
- <td align="left" valign="middle" class="topBarDiv" align="left" nowrap>
- <a href="home.html">Home</a> > <a href="security-bulletins.html">Security Bulletins</a>
- </td>
- <td align="right" valign="middle" nowrap>
- <form name="search" action="https://www.google.com/search" method="get">
- <input type="hidden" name="ie" value="UTF-8" />
- <input type="hidden" name="oe" value="UTF-8" />
- <input type="hidden" name="domains" value="" />
- <input type="hidden" name="sitesearch" value="" />
- <input type="text" name="q" maxlength="255" value="" />
- <input type="submit" name="btnG" value="Google Search" />
- </form>
- </td>
- </tr>
- </table>
-
- <div id="PageContent">
- <div class="pageheader" style="padding: 6px 0px 0px 0px;">
- <!-- We'll enable this once we figure out how to access (and save) the logo resource -->
- <!--img src="/wiki/images/confluence_logo.gif" style="float: left; margin: 4px 4px 4px 10px;" border="0"-->
- <div style="margin: 0px 10px 0px 10px" class="smalltext">Apache Struts 2 Documentation</div>
- <div style="margin: 0px 10px 8px 10px" class="pagetitle">Security Bulletins</div>
+<table border="0" cellpadding="2" cellspacing="0" width="100%">
+ <tr class="topBar">
+ <td align="left" valign="middle" class="topBarDiv" align="left" nowrap>
+ <a href="home.html">Home</a> > <a href="security-bulletins.html">Security Bulletins</a>
+ </td>
+ <td align="right" valign="middle" nowrap>
+ <form name="search" action="https://www.google.com/search" method="get">
+ <input type="hidden" name="ie" value="UTF-8" />
+ <input type="hidden" name="oe" value="UTF-8" />
+ <input type="hidden" name="domains" value="" />
+ <input type="hidden" name="sitesearch" value="" />
+ <input type="text" name="q" maxlength="255" value="" />
+ <input type="submit" name="btnG" value="Google Search" />
+ </form>
+ </td>
+ </tr>
+</table>
+
+<div id="PageContent">
+ <div class="pageheader" style="padding: 6px 0px 0px 0px;">
+ <!-- We'll enable this once we figure out how to access (and save) the logo resource -->
+ <!--img src="/wiki/images/confluence_logo.gif" style="float: left; margin: 4px 4px 4px 10px;" border="0"-->
+ <div style="margin: 0px 10px 0px 10px" class="smalltext">Apache Struts 2 Documentation</div>
+ <div style="margin: 0px 10px 8px 10px" class="pagetitle">Security Bulletins</div>
- <div class="greynavbar" align="right" style="padding: 2px 10px; margin: 0px;">
- <a href="https://cwiki.apache.org/confluence/pages/editpage.action?pageId=61758">
+ <div class="greynavbar" align="right" style="padding: 2px 10px; margin: 0px;">
+ <a href="https://cwiki.apache.org/confluence/pages/editpage.action?pageId=61758">
<img src="https://cwiki.apache.org/confluence/images/icons/notep_16.gif"
height="16" width="16" border="0" align="absmiddle" title="Edit Page"></a>
- <a href="https://cwiki.apache.org/confluence/pages/editpage.action?pageId=61758">Edit Page</a>
- <a href="https://cwiki.apache.org/confluence/pages/listpages.action?key=WW">
+ <a href="https://cwiki.apache.org/confluence/pages/editpage.action?pageId=61758">Edit Page</a>
+
+ <a href="https://cwiki.apache.org/confluence/pages/listpages.action?key=WW">
<img src="https://cwiki.apache.org/confluence/images/icons/browse_space.gif"
height="16" width="16" border="0" align="absmiddle" title="Browse Space"></a>
- <a href="https://cwiki.apache.org/confluence/pages/listpages.action?key=WW">Browse Space</a>
- <a href="https://cwiki.apache.org/confluence/pages/createpage.action?spaceKey=WW&fromPageId=61758">
+ <a href="https://cwiki.apache.org/confluence/pages/listpages.action?key=WW">Browse Space</a>
+
+ <a href="https://cwiki.apache.org/confluence/pages/createpage.action?spaceKey=WW&fromPageId=61758">
<img src="https://cwiki.apache.org/confluence/images/icons/add_page_16.gif"
height="16" width="16" border="0" align="absmiddle" title="Add Page"></a>
- <a href="https://cwiki.apache.org/confluence/pages/createpage.action?spaceKey=WW&fromPageId=61758">Add Page</a>
- <a href="https://cwiki.apache.org/confluence/pages/createblogpost.action?spaceKey=WW&fromPageId=61758">
+ <a href="https://cwiki.apache.org/confluence/pages/createpage.action?spaceKey=WW&fromPageId=61758">Add Page</a>
+
+ <a href="https://cwiki.apache.org/confluence/pages/createblogpost.action?spaceKey=WW&fromPageId=61758">
<img src="https://cwiki.apache.org/confluence/images/icons/add_blogentry_16.gif"
height="16" width="16" border="0" align="absmiddle" title="Add News"></a>
- <a href="https://cwiki.apache.org/confluence/pages/createblogpost.action?spaceKey=WW&fromPageId=61758">Add News</a>
- </div>
+ <a href="https://cwiki.apache.org/confluence/pages/createblogpost.action?spaceKey=WW&fromPageId=61758">Add News</a>
</div>
+ </div>
- <div class="pagecontent">
- <div class="wiki-content">
- <div id="ConfluenceContent">
- <p>The following security bulletins are available:</p>
- <ul class="childpages-macro">
- <li><a shape="rect" href="s2-001.html">S2-001</a> — <span class="smalltext">Remote code exploit on form validation error</span></li>
- <li><a shape="rect" href="s2-002.html">S2-002</a> — <span class="smalltext">Cross site scripting (XSS) vulnerability on <s:url> and <s:a> tags</span></li>
- <li><a shape="rect" href="s2-003.html">S2-003</a> — <span class="smalltext">XWork ParameterInterceptors bypass allows OGNL statement execution</span></li>
- <li><a shape="rect" href="s2-004.html">S2-004</a> — <span class="smalltext">Directory traversal vulnerability while serving static content</span></li>
- <li><a shape="rect" href="s2-005.html">S2-005</a> — <span class="smalltext">XWork ParameterInterceptors bypass allows remote command execution</span></li>
- <li><a shape="rect" href="s2-006.html">S2-006</a> — <span class="smalltext">Multiple Cross-Site Scripting (XSS) in XWork generated error pages</span></li>
- <li><a shape="rect" href="s2-007.html">S2-007</a> — <span class="smalltext">User input is evaluated as an OGNL expression when there's a conversion error</span></li>
- <li><a shape="rect" href="s2-008.html">S2-008</a> — <span class="smalltext">Multiple critical vulnerabilities in Struts2</span></li>
- <li><a shape="rect" href="s2-009.html">S2-009</a> — <span class="smalltext">ParameterInterceptor vulnerability allows remote command execution</span></li>
- <li><a shape="rect" href="s2-010.html">S2-010</a> — <span class="smalltext">When using Struts 2 token mechanism for CSRF protection, token check may be bypassed by misusing known session attributes</span></li>
- <li><a shape="rect" href="s2-011.html">S2-011</a> — <span class="smalltext">Long request parameter names might significantly promote the effectiveness of DOS attacks</span></li>
- <li><a shape="rect" href="s2-012.html">S2-012</a> — <span class="smalltext">Showcase app vulnerability allows remote command execution</span></li>
- <li><a shape="rect" href="s2-013.html">S2-013</a> — <span class="smalltext">A vulnerability, present in the includeParams attribute of the URL and Anchor Tag, allows remote command execution</span></li>
- <li><a shape="rect" href="s2-014.html">S2-014</a> — <span class="smalltext">A vulnerability introduced by forcing parameter inclusion in the URL and Anchor Tag allows remote command execution, session access and manipulation and XSS attacks</span></li>
- <li><a shape="rect" href="s2-015.html">S2-015</a> — <span class="smalltext">A vulnerability introduced by wildcard matching mechanism or double evaluation of OGNL Expression allows remote command execution.</span></li>
- <li><a shape="rect" href="s2-016.html">S2-016</a> — <span class="smalltext">A vulnerability introduced by manipulating parameters prefixed with "action:"/"redirect:"/"redirectAction:" allows remote command execution</span></li>
- <li><a shape="rect" href="s2-017.html">S2-017</a> — <span class="smalltext">A vulnerability introduced by manipulating parameters prefixed with "redirect:"/"redirectAction:" allows for open redirects</span></li>
- <li><a shape="rect" href="s2-018.html">S2-018</a> — <span class="smalltext">Broken Access Control Vulnerability in Apache Struts2</span></li>
- <li><a shape="rect" href="s2-019.html">S2-019</a> — <span class="smalltext">Dynamic Method Invocation disabled by default</span></li>
- <li><a shape="rect" href="s2-020.html">S2-020</a> — <span class="smalltext">Upgrade Commons FileUpload to version 1.3.1 (avoids DoS attacks) and adds 'class' to exclude params in ParametersInterceptor (avoid ClassLoader manipulation)</span></li>
- <li><a shape="rect" href="s2-021.html">S2-021</a> — <span class="smalltext">Improves excluded params in ParametersInterceptor and CookieInterceptor to avoid ClassLoader manipulation</span></li>
- <li><a shape="rect" href="s2-022.html">S2-022</a> — <span class="smalltext">Extends excluded params in CookieInterceptor to avoid manipulation of Struts' internals</span></li>
- <li><a shape="rect" href="s2-023.html">S2-023</a> — <span class="smalltext">Generated value of token can be predictable</span></li>
- <li><a shape="rect" href="s2-024.html">S2-024</a> — <span class="smalltext">Wrong excludeParams overrides those defined in DefaultExcludedPatternsChecker</span></li>
- <li><a shape="rect" href="s2-025.html">S2-025</a> — <span class="smalltext">Cross-Site Scripting Vulnerability in Debug Mode and in exposed JSP files</span></li>
- <li><a shape="rect" href="s2-026.html">S2-026</a> — <span class="smalltext">Special top object can be used to access Struts' internals</span></li>
- <li><a shape="rect" href="s2-027.html">S2-027</a> — <span class="smalltext">TextParseUtil.translateVariables does not filter malicious OGNL expressions</span></li>
- <li><a shape="rect" href="s2-028.html">S2-028</a> — <span class="smalltext">Use of a JRE with broken URLDecoder implementation may lead to XSS vulnerability in Struts 2 based web applications.</span></li>
- <li><a shape="rect" href="s2-029.html">S2-029</a> — <span class="smalltext">Forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution.</span></li>
- <li><a shape="rect" href="s2-030.html">S2-030</a> — <span class="smalltext">Possible XSS vulnerability in I18NInterceptor</span></li>
- <li><a shape="rect" href="s2-031.html">S2-031</a> — <span class="smalltext">XSLTResult can be used to parse arbitrary stylesheet</span></li>
- <li><a shape="rect" href="s2-032.html">S2-032</a> — <span class="smalltext">Remote Code Execution can be performed via method: prefix when Dynamic Method Invocation is enabled.</span></li>
- <li><a shape="rect" href="s2-033.html">S2-033</a> — <span class="smalltext">Remote Code Execution can be performed when using REST Plugin with ! operator when Dynamic Method Invocation is enabled.</span></li>
- <li><a shape="rect" href="s2-034.html">S2-034</a> — <span class="smalltext">OGNL cache poisoning can lead to DoS vulnerability</span></li>
- <li><a shape="rect" href="s2-035.html">S2-035</a> — <span class="smalltext">Action name clean up is error prone</span></li>
- <li><a shape="rect" href="s2-036.html">S2-036</a> — <span class="smalltext">Forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution (similar to S2-029)</span></li>
- <li><a shape="rect" href="s2-037.html">S2-037</a> — <span class="smalltext">Remote Code Execution can be performed when using REST Plugin.</span></li>
- <li><a shape="rect" href="s2-038.html">S2-038</a> — <span class="smalltext">It is possible to bypass token validation and perform a CSRF attack</span></li>
- <li><a shape="rect" href="s2-039.html">S2-039</a> — <span class="smalltext">Getter as action method leads to security bypass</span></li>
- <li><a shape="rect" href="s2-040.html">S2-040</a> — <span class="smalltext">Input validation bypass using existing default action method.</span></li>
- <li><a shape="rect" href="s2-041.html">S2-041</a> — <span class="smalltext">Possible DoS attack when using URLValidator</span></li>
- <li><a shape="rect" href="s2-042.html">S2-042</a> — <span class="smalltext">Possible path traversal in the Convention plugin</span></li>
- <li><a shape="rect" href="s2-043.html">S2-043</a> — <span class="smalltext">Using the Config Browser plugin in production</span></li>
- <li><a shape="rect" href="s2-044.html">S2-044</a> — <span class="smalltext">Possible DoS attack when using URLValidator</span></li>
- <li><a shape="rect" href="s2-045.html">S2-045</a> — <span class="smalltext">Possible Remote Code Execution when performing file upload based on Jakarta Multipart parser.</span></li>
- <li><a shape="rect" href="s2-046.html">S2-046</a> — <span class="smalltext">Possible RCE when performing file upload based on Jakarta Multipart parser (similar to S2-045)</span></li>
- <li><a shape="rect" href="s2-048.html">S2-048</a> — <span class="smalltext">Possible RCE in the Struts Showcase app in the Struts 1 plugin example in Struts 2.3.x series</span></li>
- </ul>
- </div>
- </div>
+ <div class="pagecontent">
+ <div class="wiki-content">
+ <div id="ConfluenceContent"><p>The following security bulletins are available:</p>
+<ul class="childpages-macro"><li><a shape="rect" href="s2-001.html">S2-001</a> — <span class="smalltext">Remote code exploit on form validation error</span></li><li><a shape="rect" href="s2-002.html">S2-002</a> — <span class="smalltext">Cross site scripting (XSS) vulnerability on <s:url> and <s:a> tags</span></li><li><a shape="rect" href="s2-003.html">S2-003</a> — <span class="smalltext">XWork ParameterInterceptors bypass allows OGNL statement execution</span></li><li><a shape="rect" href="s2-004.html">S2-004</a> — <span class="smalltext">Directory traversal vulnerability while serving static content</span></li><li><a shape="rect" href="s2-005.html">S2-005</a> — <span class="smalltext">XWork ParameterInterceptors bypass allows remote command execution</span></li><li><a shape="rect" href="s2-006.html">S2-006</a> — <span class="smalltext">Multiple Cross-Site Scripting (XSS) in XWork generated error pages</span></li><li><a shape="rect" hr
ef="s2-007.html">S2-007</a> — <span class="smalltext">User input is evaluated as an OGNL expression when there's a conversion error</span></li><li><a shape="rect" href="s2-008.html">S2-008</a> — <span class="smalltext">Multiple critical vulnerabilities in Struts2</span></li><li><a shape="rect" href="s2-009.html">S2-009</a> — <span class="smalltext">ParameterInterceptor vulnerability allows remote command execution</span></li><li><a shape="rect" href="s2-010.html">S2-010</a> — <span class="smalltext">When using Struts 2 token mechanism for CSRF protection, token check may be bypassed by misusing known session attributes</span></li><li><a shape="rect" href="s2-011.html">S2-011</a> — <span class="smalltext">Long request parameter names might significantly promote the effectiveness of DOS attacks</span></li><li><a shape="rect" href="s2-012.html">S2-012</a> — <span class="smalltext">Showcase app vulnerability allows remote command execution</span></li>
<li><a shape="rect" href="s2-013.html">S2-013</a> — <span class="smalltext">A vulnerability, present in the includeParams attribute of the URL and Anchor Tag, allows remote command execution</span></li><li><a shape="rect" href="s2-014.html">S2-014</a> — <span class="smalltext">A vulnerability introduced by forcing parameter inclusion in the URL and Anchor Tag allows remote command execution, session access and manipulation and XSS attacks</span></li><li><a shape="rect" href="s2-015.html">S2-015</a> — <span class="smalltext">A vulnerability introduced by wildcard matching mechanism or double evaluation of OGNL Expression allows remote command execution.</span></li><li><a shape="rect" href="s2-016.html">S2-016</a> — <span class="smalltext">A vulnerability introduced by manipulating parameters prefixed with "action:"/"redirect:"/"redirectAction:" allows remote command execution</span></li><li><a shape="rect" href="s2-017.html">S2-017</a> — <span class="sma
lltext">A vulnerability introduced by manipulating parameters prefixed with "redirect:"/"redirectAction:" allows for open redirects</span></li><li><a shape="rect" href="s2-018.html">S2-018</a> — <span class="smalltext">Broken Access Control Vulnerability in Apache Struts2</span></li><li><a shape="rect" href="s2-019.html">S2-019</a> — <span class="smalltext">Dynamic Method Invocation disabled by default</span></li><li><a shape="rect" href="s2-020.html">S2-020</a> — <span class="smalltext">Upgrade Commons FileUpload to version 1.3.1 (avoids DoS attacks) and adds 'class' to exclude params in ParametersInterceptor (avoid ClassLoader manipulation)</span></li><li><a shape="rect" href="s2-021.html">S2-021</a> — <span class="smalltext">Improves excluded params in ParametersInterceptor and CookieInterceptor to avoid ClassLoader manipulation</span></li><li><a shape="rect" href="s2-022.html">S2-022</a> — <span class="smalltext">Extends excluded params in CookieInt
erceptor to avoid manipulation of Struts' internals</span></li><li><a shape="rect" href="s2-023.html">S2-023</a> — <span class="smalltext">Generated value of token can be predictable</span></li><li><a shape="rect" href="s2-024.html">S2-024</a> — <span class="smalltext">Wrong excludeParams overrides those defined in DefaultExcludedPatternsChecker</span></li><li><a shape="rect" href="s2-025.html">S2-025</a> — <span class="smalltext">Cross-Site Scripting Vulnerability in Debug Mode and in exposed JSP files</span></li><li><a shape="rect" href="s2-026.html">S2-026</a> — <span class="smalltext">Special top object can be used to access Struts' internals</span></li><li><a shape="rect" href="s2-027.html">S2-027</a> — <span class="smalltext">TextParseUtil.translateVariables does not filter malicious OGNL expressions</span></li><li><a shape="rect" href="s2-028.html">S2-028</a> — <span class="smalltext">Use of a JRE with broken URLDecoder implementation may l
ead to XSS vulnerability in Struts 2 based web applications.</span></li><li><a shape="rect" href="s2-029.html">S2-029</a> — <span class="smalltext">Forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution.</span></li><li><a shape="rect" href="s2-030.html">S2-030</a> — <span class="smalltext">Possible XSS vulnerability in I18NInterceptor</span></li><li><a shape="rect" href="s2-031.html">S2-031</a> — <span class="smalltext">XSLTResult can be used to parse arbitrary stylesheet</span></li><li><a shape="rect" href="s2-032.html">S2-032</a> — <span class="smalltext">Remote Code Execution can be performed via method: prefix when Dynamic Method Invocation is enabled.</span></li><li><a shape="rect" href="s2-033.html">S2-033</a> — <span class="smalltext">Remote Code Execution can be performed when using REST Plugin with ! operator when Dynamic Method Invocation is enabled.</span></li><li><a shape="rect" h
ref="s2-034.html">S2-034</a> — <span class="smalltext">OGNL cache poisoning can lead to DoS vulnerability</span></li><li><a shape="rect" href="s2-035.html">S2-035</a> — <span class="smalltext">Action name clean up is error prone</span></li><li><a shape="rect" href="s2-036.html">S2-036</a> — <span class="smalltext">Forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution (similar to S2-029)</span></li><li><a shape="rect" href="s2-037.html">S2-037</a> — <span class="smalltext">Remote Code Execution can be performed when using REST Plugin.</span></li><li><a shape="rect" href="s2-038.html">S2-038</a> — <span class="smalltext">It is possible to bypass token validation and perform a CSRF attack</span></li><li><a shape="rect" href="s2-039.html">S2-039</a> — <span class="smalltext">Getter as action method leads to security bypass</span></li><li><a shape="rect" href="s2-040.html">S2-040</a> —
; <span class="smalltext">Input validation bypass using existing default action method.</span></li><li><a shape="rect" href="s2-041.html">S2-041</a> — <span class="smalltext">Possible DoS attack when using URLValidator</span></li><li><a shape="rect" href="s2-042.html">S2-042</a> — <span class="smalltext">Possible path traversal in the Convention plugin</span></li><li><a shape="rect" href="s2-043.html">S2-043</a> — <span class="smalltext">Using the Config Browser plugin in production</span></li><li><a shape="rect" href="s2-044.html">S2-044</a> — <span class="smalltext">Possible DoS attack when using URLValidator</span></li><li><a shape="rect" href="s2-045.html">S2-045</a> — <span class="smalltext">Possible Remote Code Execution when performing file upload based on Jakarta Multipart parser.</span></li><li><a shape="rect" href="s2-046.html">S2-046</a> — <span class="smalltext">Possible RCE when performing file upload based on Jakarta Multipart parser
(similar to S2-045)</span></li><li><a shape="rect" href="s2-047.html">S2-047</a> — <span class="smalltext">Possible DoS attack when using URLValidator (similar to S2-044)</span></li><li><a shape="rect" href="s2-048.html">S2-048</a> — <span class="smalltext">Possible RCE in the Struts Showcase app in the Struts 1 plugin example in Struts 2.3.x series</span></li><li><a shape="rect" href="s2-049.html">S2-049</a> — <span class="smalltext">A DoS attack is available for Spring secured actions</span></li></ul></div>
+ </div>
- <div class="tabletitle">
+ <div class="tabletitle">
Children
- <span class="smalltext" id="show" style="display: inline;">
+ <span class="smalltext" id="show" style="display: inline;">
<a href="javascript:showChildren()">Show Children</a></span>
- <span class="smalltext" id="hide" style="display: none;">
+ <span class="smalltext" id="hide" style="display: none;">
<a href="javascript:hideChildren()">Hide Children</a></span>
</div>
<div class="greybox" id="children" style="display: none;">
- $page.link($child)
- <span class="smalltext">(Apache Struts 2 Documentation)</span>
- <br> $page.link($child)
- <span class="smalltext">(Apache Struts 2 Documentation)</span>
- <br> $page.link($child)
- <span class="smalltext">(Apache Struts 2 Documentation)</span>
- <br> $page.link($child)
- <span class="smalltext">(Apache Struts 2 Documentation)</span>
- <br> $page.link($child)
- <span class="smalltext">(Apache Struts 2 Documentation)</span>
- <br> $page.link($child)
- <span class="smalltext">(Apache Struts 2 Documentation)</span>
- <br> $page.link($child)
- <span class="smalltext">(Apache Struts 2 Documentation)</span>
- <br> $page.link($child)
- <span class="smalltext">(Apache Struts 2 Documentation)</span>
- <br> $page.link($child)
- <span class="smalltext">(Apache Struts 2 Documentation)</span>
- <br> $page.link($child)
- <span class="smalltext">(Apache Struts 2 Documentation)</span>
- <br> $page.link($child)
- <span class="smalltext">(Apache Struts 2 Documentation)</span>
- <br> $page.link($child)
- <span class="smalltext">(Apache Struts 2 Documentation)</span>
- <br> $page.link($child)
- <span class="smalltext">(Apache Struts 2 Documentation)</span>
- <br> $page.link($child)
- <span class="smalltext">(Apache Struts 2 Documentation)</span>
- <br> $page.link($child)
- <span class="smalltext">(Apache Struts 2 Documentation)</span>
- <br> $page.link($child)
- <span class="smalltext">(Apache Struts 2 Documentation)</span>
- <br> $page.link($child)
- <span class="smalltext">(Apache Struts 2 Documentation)</span>
- <br> $page.link($child)
- <span class="smalltext">(Apache Struts 2 Documentation)</span>
- <br> $page.link($child)
- <span class="smalltext">(Apache Struts 2 Documentation)</span>
- <br> $page.link($child)
- <span class="smalltext">(Apache Struts 2 Documentation)</span>
- <br> $page.link($child)
- <span class="smalltext">(Apache Struts 2 Documentation)</span>
- <br> $page.link($child)
- <span class="smalltext">(Apache Struts 2 Documentation)</span>
- <br> $page.link($child)
- <span class="smalltext">(Apache Struts 2 Documentation)</span>
- <br> $page.link($child)
- <span class="smalltext">(Apache Struts 2 Documentation)</span>
- <br> $page.link($child)
- <span class="smalltext">(Apache Struts 2 Documentation)</span>
- <br> $page.link($child)
- <span class="smalltext">(Apache Struts 2 Documentation)</span>
- <br> $page.link($child)
- <span class="smalltext">(Apache Struts 2 Documentation)</span>
- <br> $page.link($child)
- <span class="smalltext">(Apache Struts 2 Documentation)</span>
- <br> $page.link($child)
- <span class="smalltext">(Apache Struts 2 Documentation)</span>
- <br> $page.link($child)
- <span class="smalltext">(Apache Struts 2 Documentation)</span>
- <br> $page.link($child)
- <span class="smalltext">(Apache Struts 2 Documentation)</span>
- <br> $page.link($child)
- <span class="smalltext">(Apache Struts 2 Documentation)</span>
- <br> $page.link($child)
- <span class="smalltext">(Apache Struts 2 Documentation)</span>
- <br> $page.link($child)
- <span class="smalltext">(Apache Struts 2 Documentation)</span>
- <br> $page.link($child)
- <span class="smalltext">(Apache Struts 2 Documentation)</span>
- <br> $page.link($child)
- <span class="smalltext">(Apache Struts 2 Documentation)</span>
- <br> $page.link($child)
- <span class="smalltext">(Apache Struts 2 Documentation)</span>
- <br> $page.link($child)
- <span class="smalltext">(Apache Struts 2 Documentation)</span>
- <br> $page.link($child)
- <span class="smalltext">(Apache Struts 2 Documentation)</span>
- <br> $page.link($child)
- <span class="smalltext">(Apache Struts 2 Documentation)</span>
- <br> $page.link($child)
- <span class="smalltext">(Apache Struts 2 Documentation)</span>
- <br> $page.link($child)
- <span class="smalltext">(Apache Struts 2 Documentation)</span>
- <br> $page.link($child)
- <span class="smalltext">(Apache Struts 2 Documentation)</span>
- <br> $page.link($child)
- <span class="smalltext">(Apache Struts 2 Documentation)</span>
- <br> $page.link($child)
- <span class="smalltext">(Apache Struts 2 Documentation)</span>
- <br> $page.link($child)
- <span class="smalltext">(Apache Struts 2 Documentation)</span>
- <br> $page.link($child)
- <span class="smalltext">(Apache Struts 2 Documentation)</span>
- <br> $page.link($child)
- <span class="smalltext">(Apache Struts 2 Documentation)</span>
- <br> $page.link($child)
- <span class="smalltext">(Apache Struts 2 Documentation)</span>
- <br>
- </div>
-
- </div>
- </div>
- <div class="footer">
- Generated by CXF SiteExporter
+ $page.link($child)
+ <span class="smalltext">(Apache Struts 2 Documentation)</span>
+ <br>
+ $page.link($child)
+ <span class="smalltext">(Apache Struts 2 Documentation)</span>
+ <br>
+ $page.link($child)
+ <span class="smalltext">(Apache Struts 2 Documentation)</span>
+ <br>
+ $page.link($child)
+ <span class="smalltext">(Apache Struts 2 Documentation)</span>
+ <br>
+ $page.link($child)
+ <span class="smalltext">(Apache Struts 2 Documentation)</span>
+ <br>
+ $page.link($child)
+ <span class="smalltext">(Apache Struts 2 Documentation)</span>
+ <br>
+ $page.link($child)
+ <span class="smalltext">(Apache Struts 2 Documentation)</span>
+ <br>
+ $page.link($child)
+ <span class="smalltext">(Apache Struts 2 Documentation)</span>
+ <br>
+ $page.link($child)
+ <span class="smalltext">(Apache Struts 2 Documentation)</span>
+ <br>
+ $page.link($child)
+ <span class="smalltext">(Apache Struts 2 Documentation)</span>
+ <br>
+ $page.link($child)
+ <span class="smalltext">(Apache Struts 2 Documentation)</span>
+ <br>
+ $page.link($child)
+ <span class="smalltext">(Apache Struts 2 Documentation)</span>
+ <br>
+ $page.link($child)
+ <span class="smalltext">(Apache Struts 2 Documentation)</span>
+ <br>
+ $page.link($child)
+ <span class="smalltext">(Apache Struts 2 Documentation)</span>
+ <br>
+ $page.link($child)
+ <span class="smalltext">(Apache Struts 2 Documentation)</span>
+ <br>
+ $page.link($child)
+ <span class="smalltext">(Apache Struts 2 Documentation)</span>
+ <br>
+ $page.link($child)
+ <span class="smalltext">(Apache Struts 2 Documentation)</span>
+ <br>
+ $page.link($child)
+ <span class="smalltext">(Apache Struts 2 Documentation)</span>
+ <br>
+ $page.link($child)
+ <span class="smalltext">(Apache Struts 2 Documentation)</span>
+ <br>
+ $page.link($child)
+ <span class="smalltext">(Apache Struts 2 Documentation)</span>
+ <br>
+ $page.link($child)
+ <span class="smalltext">(Apache Struts 2 Documentation)</span>
+ <br>
+ $page.link($child)
+ <span class="smalltext">(Apache Struts 2 Documentation)</span>
+ <br>
+ $page.link($child)
+ <span class="smalltext">(Apache Struts 2 Documentation)</span>
+ <br>
+ $page.link($child)
+ <span class="smalltext">(Apache Struts 2 Documentation)</span>
+ <br>
+ $page.link($child)
+ <span class="smalltext">(Apache Struts 2 Documentation)</span>
+ <br>
+ $page.link($child)
+ <span class="smalltext">(Apache Struts 2 Documentation)</span>
+ <br>
+ $page.link($child)
+ <span class="smalltext">(Apache Struts 2 Documentation)</span>
+ <br>
+ $page.link($child)
+ <span class="smalltext">(Apache Struts 2 Documentation)</span>
+ <br>
+ $page.link($child)
+ <span class="smalltext">(Apache Struts 2 Documentation)</span>
+ <br>
+ $page.link($child)
+ <span class="smalltext">(Apache Struts 2 Documentation)</span>
+ <br>
+ $page.link($child)
+ <span class="smalltext">(Apache Struts 2 Documentation)</span>
+ <br>
+ $page.link($child)
+ <span class="smalltext">(Apache Struts 2 Documentation)</span>
+ <br>
+ $page.link($child)
+ <span class="smalltext">(Apache Struts 2 Documentation)</span>
+ <br>
+ $page.link($child)
+ <span class="smalltext">(Apache Struts 2 Documentation)</span>
+ <br>
+ $page.link($child)
+ <span class="smalltext">(Apache Struts 2 Documentation)</span>
+ <br>
+ $page.link($child)
+ <span class="smalltext">(Apache Struts 2 Documentation)</span>
+ <br>
+ $page.link($child)
+ <span class="smalltext">(Apache Struts 2 Documentation)</span>
+ <br>
+ $page.link($child)
+ <span class="smalltext">(Apache Struts 2 Documentation)</span>
+ <br>
+ $page.link($child)
+ <span class="smalltext">(Apache Struts 2 Documentation)</span>
+ <br>
+ $page.link($child)
+ <span class="smalltext">(Apache Struts 2 Documentation)</span>
+ <br>
+ $page.link($child)
+ <span class="smalltext">(Apache Struts 2 Documentation)</span>
+ <br>
+ $page.link($child)
+ <span class="smalltext">(Apache Struts 2 Documentation)</span>
+ <br>
+ $page.link($child)
+ <span class="smalltext">(Apache Struts 2 Documentation)</span>
+ <br>
+ $page.link($child)
+ <span class="smalltext">(Apache Struts 2 Documentation)</span>
+ <br>
+ $page.link($child)
+ <span class="smalltext">(Apache Struts 2 Documentation)</span>
+ <br>
+ $page.link($child)
+ <span class="smalltext">(Apache Struts 2 Documentation)</span>
+ <br>
+ $page.link($child)
+ <span class="smalltext">(Apache Struts 2 Documentation)</span>
+ <br>
+ $page.link($child)
+ <span class="smalltext">(Apache Struts 2 Documentation)</span>
+ <br>
+ $page.link($child)
+ <span class="smalltext">(Apache Struts 2 Documentation)</span>
+ <br>
+ </div>
+
</div>
+</div>
+<div class="footer">
+ Generated by CXF SiteExporter
+</div>
</body>
-
-</html>
\ No newline at end of file
+</html>
Modified: websites/production/struts/content/docs/tiles-plugin.html
==============================================================================
--- websites/production/struts/content/docs/tiles-plugin.html (original)
+++ websites/production/struts/content/docs/tiles-plugin.html Thu Jul 13 06:49:07 2017
@@ -140,11 +140,11 @@ under the License.
<div class="pagecontent">
<div class="wiki-content">
<div id="ConfluenceContent"><p><style type="text/css">/*<![CDATA[*/
-div.rbtoc1499445486915 {padding: 0px;}
-div.rbtoc1499445486915 ul {list-style: disc;margin-left: 0px;}
-div.rbtoc1499445486915 li {margin-left: 0px;padding-left: 0px;}
+div.rbtoc1499928440617 {padding: 0px;}
+div.rbtoc1499928440617 ul {list-style: disc;margin-left: 0px;}
+div.rbtoc1499928440617 li {margin-left: 0px;padding-left: 0px;}
-/*]]>*/</style></p><div class="toc-macro rbtoc1499445486915">
+/*]]>*/</style></p><div class="toc-macro rbtoc1499928440617">
<ul class="toc-indentation"><li><a shape="rect" href="#TilesPlugin-Features">Features</a></li><li><a shape="rect" href="#TilesPlugin-Usage">Usage</a>
<ul class="toc-indentation"><li><a shape="rect" href="#TilesPlugin-AccessingStrutsattributes">Accessing Struts attributes</a></li><li><a shape="rect" href="#TilesPlugin-I18N">I18N</a></li></ul>
</li><li><a shape="rect" href="#TilesPlugin-Example">Example</a></li><li><a shape="rect" href="#TilesPlugin-Settings">Settings</a></li><li><a shape="rect" href="#TilesPlugin-Installation">Installation</a></li></ul>
Modified: websites/production/struts/content/docs/type-conversion.html
==============================================================================
--- websites/production/struts/content/docs/type-conversion.html (original)
+++ websites/production/struts/content/docs/type-conversion.html Thu Jul 13 06:49:07 2017
@@ -142,11 +142,11 @@ under the License.
<div id="ConfluenceContent"><p>Routine type conversion in the framework is transparent. Generally, all you need to do is ensure that HTML inputs have names that can be used in <a shape="rect" href="ognl.html">OGNL</a> expressions. (HTML inputs are form elements and other GET/POST parameters.)</p>
<style type="text/css">/*<![CDATA[*/
-div.rbtoc1499445263140 {padding: 0px;}
-div.rbtoc1499445263140 ul {list-style: none;margin-left: 0px;}
-div.rbtoc1499445263140 li {margin-left: 0px;padding-left: 0px;}
+div.rbtoc1499928285503 {padding: 0px;}
+div.rbtoc1499928285503 ul {list-style: none;margin-left: 0px;}
+div.rbtoc1499928285503 li {margin-left: 0px;padding-left: 0px;}
-/*]]>*/</style><div class="toc-macro rbtoc1499445263140">
+/*]]>*/</style><div class="toc-macro rbtoc1499928285503">
<ul class="toc-indentation"><li><span class="TOCOutline">1</span> <a shape="rect" href="#TypeConversion-BuiltinTypeConversionSupport">Built in Type Conversion Support</a></li><li><span class="TOCOutline">2</span> <a shape="rect" href="#TypeConversion-RelationshiptoParameterNames">Relationship to Parameter Names</a></li><li><span class="TOCOutline">3</span> <a shape="rect" href="#TypeConversion-CreatingaTypeConverter">Creating a Type Converter</a></li><li><span class="TOCOutline">4</span> <a shape="rect" href="#TypeConversion-ApplyingaTypeConvertertoanAction">Applying a Type Converter to an Action</a></li><li><span class="TOCOutline">5</span> <a shape="rect" href="#TypeConversion-ApplyingaTypeConvertertoabeanormodel">Applying a Type Converter to a bean or model</a></li><li><span class="TOCOutline">6</span> <a shape="rect" href="#TypeConversion-ApplyingaTypeConverterforanapplication">Applying a Type Converter for an application</a></li><li><span class="TOCOutline">7</span> <a shape="r
ect" href="#TypeConversion-ASimpleExample">A Simple Example</a></li><li><span class="TOCOutline">8</span> <a shape="rect" href="#TypeConversion-AdvancedTypeConversion">Advanced Type Conversion</a>
<ul class="toc-indentation"><li><span class="TOCOutline">8.1</span> <a shape="rect" href="#TypeConversion-NullPropertyHandling">Null Property Handling</a></li><li><span class="TOCOutline">8.2</span> <a shape="rect" href="#TypeConversion-CollectionandMapSupport">Collection and Map Support</a>
<ul class="toc-indentation"><li><span class="TOCOutline">8.2.1</span> <a shape="rect" href="#TypeConversion-Indexingacollectionbyapropertyofthatcollection">Indexing a collection by a property of that collection</a></li></ul>