You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@struts.apache.org by lu...@apache.org on 2022/06/07 08:03:29 UTC
[struts-site] branch release-600 updated (4a552b381 -> c9edddb4f)
This is an automated email from the ASF dual-hosted git repository.
lukaszlenart pushed a change to branch release-600
in repository https://gitbox.apache.org/repos/asf/struts-site.git
discard 4a552b381 Adds version notes for Struts 6.0.0
new c9edddb4f Adds version notes for Struts 6.0.0
This update added new revisions after undoing existing revisions.
That is to say, some revisions that were in the old version of the
branch are not in the new version. This situation occurs
when a user --force pushes a change and generates a repository
containing something like this:
* -- * -- B -- O -- O -- O (4a552b381)
\
N -- N -- N refs/heads/release-600 (c9edddb4f)
You should already have received notification emails for all of the O
revisions, and so the following emails describe only the N revisions
from the common base, B.
Any revisions marked "omit" are not gone; other references still
refer to them. Any revisions marked "discard" are gone forever.
The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
_config.yml | 2 +-
source/announce-2022.md | 4 ++--
2 files changed, 3 insertions(+), 3 deletions(-)
[struts-site] 01/01: Adds version notes for Struts 6.0.0
Posted by lu...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
lukaszlenart pushed a commit to branch release-600
in repository https://gitbox.apache.org/repos/asf/struts-site.git
commit c9edddb4f9e7cc0fb6f5f39617c163917c5e6fbf
Author: Lukasz Lenart <lu...@apache.org>
AuthorDate: Tue Jun 7 09:56:43 2022 +0200
Adds version notes for Struts 6.0.0
---
_config.yml | 8 +-
source/announce-2022.md | 297 ++++++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 301 insertions(+), 4 deletions(-)
diff --git a/_config.yml b/_config.yml
index ad446c5c4..b581198e2 100644
--- a/_config.yml
+++ b/_config.yml
@@ -9,15 +9,15 @@ kramdown:
syntax_highlighter: rouge
# Simplifies introducing changes related to the latest release
-current_version: 2.5.30
-current_version_short: 2530
+current_version: 6.0.0
+current_version_short: 600
prev_version: 2.3.37
prev_version_short: 2337
archetype_version: 2.5.22
current_beta_version: 2.5-BETA3
current_beta_version_short: 25B3
-release_date: 04 April 2022
-release_date_short: 20220404
+release_date: 06 June 2022
+release_date_short: 20220606
prev_release_date: 30 December 2018
prev_release_date_short: 20181230
beta_release_date_short: 20160126
diff --git a/source/announce-2022.md b/source/announce-2022.md
index c6d5084cc..5ef6fe973 100644
--- a/source/announce-2022.md
+++ b/source/announce-2022.md
@@ -13,6 +13,303 @@ title: Announcements 2022
Skip to: <a href="announce-2021">Announcements - 2021</a>
</p>
+#### 06 June 2022 - Struts 2 ver. 6.0.0 General Availability {#a20220606}
+
+The Apache Struts group is pleased to announce that Apache Struts 2 ver. 6.0.0 is available as a "General Availability"
+release. The GA designation is our highest quality grade.
+
+**Version change**
+
+You can be surprised by the version change, previously we have been using Struts 2.5.x versioning schema, but this was
+a bit misleading. Struts 2 is a different framework than Struts 1 and its versioning is supposed to start with 1.0.0,
+yet that never happened. With each breaking changes release (like Struts 2.5), we had been only upgrading the MINOR
+part of the versioning schema. To fix that problem as from Struts 2 ver. 6.0.0 (aka Struts 2.6) we adopt a proper SemVer
+to avoid such confusion.
+
+**Internal Changes**
+
+The framework requires Java 8 at runtime. Also Servlet API 3.1 capable container is required.
+
+OGNL expressions are limited to 256 characters by default. See [WW-5179](https://issues.apache.org/jira/browse/WW-5179)
+and [docs](https://struts.apache.org/security/#apply-a-maximum-allowed-length-on-ognl-expressions) for more details.
+
+Yasser's PR has been merged which contains a fix to double evaluation security vulnerability - it should solve any future
+attack vectors, yet it can impact your application if you have been depending on double evaluation.
+
+_How to test_
+
+- Run all your app tests, you shouldn't see any WARN log like below:
+ > Expression [so-and-so] isn't allowed by pattern [so-and-so]! See Accepted / Excluded patterns at https://struts.apache.org/security/
+- See if following components are still functioning correctly regarding java-scripts:
+ - forms with client side validations
+ - doubleselect
+ - combobox
+- Check also `StreamResult`s, `AliasInterceptor` and `JasperReportResult`s if they are still working as expected.
+
+Support to access static methods via OGNL expressions has been removed, use action instance methods instead.
+
+**Bug**
+
+- WW-3534 - PrepareOperations.createActionContext does not detect existing context correctly
+- WW-3730 - action tag accepts only String arrays as parameters
+- WW-4723 - s:url incompatible with JDK 1.5
+- WW-4742 - Problem with escape when the key from getText has no value
+- WW-4865 - Struts s:checkbox conversion fails to List<Integer>
+- WW-4866 - ASM 5.2 and Java 9 leads to IllegalArgumentException
+- WW-4897 - KEYS, sigs and hashes should use https (SSL)
+- WW-4902 - Struts 2 fails to init Dispatcher - Tomcat Embedded
+- WW-4928 - Setting struts.devMode from system property not working as described
+- WW-4930 - SMI cannot be diasabled for action-packages found via the convention-plugin
+- WW-4941 - [jar_cache] Some jar_cache******.tmp files are generated into a temporary directory(/tmp) during web service start
+- WW-4943 - opensymphony.xwork2.util.LocalizedTextUtil can't get i18n resources
+- WW-4944 - Struts 2 REST Tiles integration issue
+- WW-4945 - TagUtils#buildNamespace should throw an exception when invocation is null
+- WW-4946 - Strtus 2 spring integrations is failing - fails to init Dispatcher - Tomcat Embedded
+- WW-4948 - Struts 2.5.16 is creating jar_cache files in temp folder
+- WW-4951 - MD5 and SHA1 should no longer be provided on download pages
+- WW-4954 - xml-validation fails since struts 2.5.17
+- WW-4957 - Update struts version from 2.5.10 to 2.5.17. LocalizedTextUtil class is removed and GlobalLocalizedTextProvider&StrutsLocalizedTextProvider cannot be used instead.
+- WW-4958 - File upload fails from certain clients
+- WW-4964 - Missing javascript in form-validate.ftl
+- WW-4968 - combining s:set and s:property where the property retrieved is null has unexpected results
+- WW-4971 - s:include tag fails with truncated content in certain circumstances
+- WW-4974 - NullPointerException in DefaultStaticContentLoader#findStaticResource
+- WW-4977 - Fixing flaky test in Jsr168DispatcherTest and Jsr286DispatcherTest
+- WW-4984 - Static files like css and js files in struts-core not properly served
+- WW-4986 - Race condition reloading config results in actions not found
+- WW-4987 - Setting Struts2 <s:select> options Css Class
+- WW-4991 - Not existing property in listValueKey throws exception
+- WW-4997 - <s:debug> can't be resolved
+- WW-4999 - Can't get OgnlValueStack log even if enable logMissingProperties
+- WW-5002 - Package Level Properties in Global Results
+- WW-5004 - No more calling of a static variable in Struts 2.8.20 available
+- WW-5006 - NullPointerException in ProxyUtil class when accessing static member
+- WW-5009 - EmptyStackException in JSON plugin due to concurrency
+- WW-5011 - Tiles bug when parsing file:// URLs including # as part of the URL
+- WW-5013 - Accessing static variable via OGNL returns nothing
+- WW-5022 - Struts 2.6 escaping behaviour change for s:a (anchor) tag
+- WW-5024 - HttpParameters.Builder can wrap objects in two layers of Parameters
+- WW-5025 - Binding Integer Array upon form submission
+- WW-5026 - Double-submit of TokenSessionStoreInterceptor broken since 2.5.16
+- WW-5027 - xerces tries to load resources from the internet
+- WW-5028 - Dispatcher prints stacktraces directly to the console
+- WW-5029 - The content allowed-methods tag of the XML configuration is sometimes truncated
+- WW-5030 - ClassNotFoundException - MockPortletResponse
+- WW-5031 - OGNL: An illegal reflective access operation has occurred
+- WW-5043 - trouble with Enum subclassing
+- WW-5054 - Debugging Interceptor debug=browser not working
+- WW-5058 - Invalid link in primer.html
+- WW-5059 - primer.html link to spring-security is broken
+- WW-5065 - AbstractMatcher adds values to the map passed into replaceParameters
+- WW-5072 - Minor bug in single file upload example of the Showcase application
+- WW-5074 - Multiple ASM jar conflict in 2.6 build
+- WW-5076 - struts2 redirecting to https to http
+- WW-5077 - Unable to set long pathname variables
+- WW-5079 - Could not find StrutsPrepareAndExecuteFilter sometime in WAS server
+- WW-5081 - Struts default textarea template fails w3c validation
+- WW-5082 - struts2 update from 2.1.6 to 2.3.37
+- WW-5086 - s:set with empty body
+- WW-5087 - AliasInterceptor doesn't properly handle Parameter.Empty
+- WW-5088 - Empty file upload gives wrong error message
+- WW-5091 - Switched hash and PGP links
+- WW-5093 - inconsistent scope for variables created with s:set and s:url
+- WW-5095 - Junit plugin does not push ACTION_MAPPING into the context resulting in NPE
+- WW-5096 - Struts2 StaticParametersInterceptor's addParametersToContext method is not working as expected.
+- WW-5100 - incorrect content-type behavior after upgrading to struts 2.5.*
+- WW-5102 - Download page issues
+- WW-5104 - Please delete old releases
+- WW-5106 - The call chains of ActionContext.getContext() in ServletActionContext are dangerious
+- WW-5107 - JQuery plugin does not handle dynamic component ids correctly
+- WW-5108 - No errors are reported locally. On linux environment, tomcat runs alone and reports java.lang.annotation.AnnotationTypeMismatchException
+- WW-5109 - Ognl issue after migrating from strut 2.3 to 2.5
+- WW-5116 - PostbackResult uses wrong regex range
+- WW-5117 - %{id} evaluates different for data-* and value attribute
+- WW-5119 - Blocking Threads in retrieving text from resource bundle
+- WW-5121 - Contention when injecting Scope.SINGLETON instances
+- WW-5123 - CheckboxTag value missing for labelposition
+- WW-5124 - Tag attribute values cached
+- WW-5125 - forbidden name attribute values (size, clone...?) in <s:textfield> using the default theme
+- WW-5129 - Dynamic Attributes are not working for doubleselect, optiontransferselect, inputtransferselect tags
+- WW-5130 - ID param not being set
+- WW-5140 - Cannot download struts from the main page
+- WW-5146 - Empty file upload ends in error
+- WW-5147 - OGNL valid expression is not cached and is parsed over again in some situations
+- WW-5160 - Template not found for name "Empty{name='templateDir'}/simple/hidden.ftl"
+- WW-5163 - Error executing FreeMarker template
+- WW-5169 - Key Technologies Primer: Broken link to ResourceBundles
+
+**New Feature**
+
+- WW-4598 - async Actions
+- WW-4760 - Switch to Servlet API 2.5
+- WW-4874 - Asynchronous action method
+- WW-5005 - Struts2 convention plugin lacks Java 11 support
+- WW-5049 - Move Velocity support into a dedicated plugin
+- WW-5083 - Fetch Metadata support
+- WW-5084 - Content Security Policy support
+- WW-5085 - Add Cross-Origin Opener Policy and Cross-Origin Embedder Policy Support
+- WW-5101 - AbstractLocalizedTextProvider illegal reflective access operation has occurred
+
+**Improvement**
+
+- WW-685 - Generic error message - Type Conversion Error Handling
+- WW-2040 - Struts 1 vs. Struts 2 benchmarking application
+- WW-2411 - Add a maxlength attribute to the textarea tag
+- WW-2537 - Fix generics in all codebase
+- WW-3788 - Convert ServletActionContext to be more as ActionContext
+- WW-3877 - Remove altSyntax option
+- WW-4043 - Duplicated class TestUtils
+- WW-4069 - Upgrade DWR plugin to use the latest available version
+- WW-4348 - Remove access to static methods
+- WW-4713 - Drop "searchValueStack" attribute from tag <s:text/>
+- WW-4763 - Drop deprecated logging layer
+- WW-4779 - Remove profiling layer
+- WW-4789 - ActionContext should be immutable
+- WW-4792 - Removes deprecated XWork constants
+- WW-4796 - Rename Spring related flags to use the same pattern
+- WW-4799 - make DateConverter configurable
+- WW-4875 - Java configuration
+- WW-4889 - Implement REST content handlers using Apache Juneau
+- WW-4910 - Align OptGroup with Select
+- WW-4915 - Replace deprecated commons-lang3 classes
+- WW-4927 - Use immutable version of OGNL without access to #context
+- WW-4929 - Fallback i18n Locale
+- WW-4932 - Conversion fails when generic type is an interface
+- WW-4937 - Add SortedSet field support to JSON plugin
+- WW-4938 - ObjectFactory should use Container to instantiate actions and inject dependencies
+- WW-4952 - Upgrade to apache-master version 21
+- WW-4963 - Implement new Aware interfaces that are using withXxxx pattern instead of setters
+- WW-4972 - Switch to latest freemarker version when defining incompatible_improvements
+- WW-4995 - Enhancement for s:set tag to improve tag body whitespace control.
+- WW-4996 - Refactor DefaultTypeConverterCreator to use ObjectFactory#buildConverter
+- WW-5000 - Replace string literals with proper constants in @Inject
+- WW-5001 - Allow to define converters in "struts-conversion.properties" file
+- WW-5003 - Use StrutsException instead of XWorkException
+- WW-5012 - Make a public state check the first acceptance check in SecurityMemberAccess
+- WW-5017 - Drop @Validation annotation as not needed
+- WW-5018 - Add maven enforce plugin to control certain environmental constraints
+- WW-5023 - Upgrade SLF4J to latest 1.7.x version
+- WW-5034 - Minor enhancement/fix to AbstractLocalizedTextProvider
+- WW-5035 - Provide mechanism to clear OgnlUtil caches
+- WW-5036 - update JFreeChart plugin for compatibility with JFreeChart 1.5
+- WW-5052 - Use TypeConversionException instead of StrutsException
+- WW-5056 - Standard Accepted Patterns in DefaultAcceptedPatternsChecker
+- WW-5057 - Cleanup and/or improvements to Showcase Applications
+- WW-5062 - Use downloads.a.o instead of archive
+- WW-5063 - Use null check of passed in invocation in all the results
+- WW-5064 - Move XWork Spring support into struts2-spring-plugin
+- WW-5069 - Improve build behaviour on JDK9+
+- WW-5070 - JSONResult default root object should be set explicitly, rather than from result of ValueStack.peek()
+- WW-5073 - Use TextParser in AbstractMatcher
+- WW-5078 - Remove support for <xwork> DTD
+- WW-5080 - Allow write directly to a response - define a new result
+- WW-5099 - Upgrade JFreeChart plugin to use version 1.5.1 of JFreeChart
+- WW-5112 - Add ability (control flag) for TextProviders to prioritize reads from the default resource bundlest.
+- WW-5113 - Drop deprecated constant "struts.xworkTextProvider"
+- WW-5114 - Drop deprecated constant "struts.localeProvider"
+- WW-5115 - Reduce logging for DMI excluded parameters
+- WW-5126 - inconsistancy between Model Driven and Model Driven Interceptor documentations
+- WW-5136 - Make class attribute deprecated
+- WW-5152 - Make OVal plugin deprecated
+- WW-5153 - Make Portlet, Portlet Mocks and Portlet Tiles plugins deprecated
+- WW-5154 - Make GXP plugin deprecated
+- WW-5155 - Make OSGi plugin deprecated
+- WW-5156 - Make Plexus plugin deprecated
+- WW-5157 - Make Sitemesh plugin deprecated
+- WW-5164 - Remove deprecated ConversionDescription class
+- WW-5168 - Fix missing submitUnchecked and broken disabled attributes in Javatemplates checkbox tag
+- WW-5175 - Add basic LocalDateTime support
+- WW-5179 - Set 'struts.ognl.expressionMaxLength' to 256 by default
+- WW-5181 - Stop supporting accessing static methods via OGNL expressions
+- WW-5182 - Upgrade to Servlet API 3.1
+
+**Task**
+- WW-4845 - run, test, and validate Struts2 with Java9
+- WW-4981 - Add support for Java 11
+- WW-4982 - Remove the deprecated JsonLibHandler and outdated json-lib dependency
+- WW-4983 - Set private access modifier for HttpParameters.toMap
+- WW-4998 - I18nInterceptor's default storage should store locale
+- WW-5010 - Switch to Java 8
+- WW-5016 - Support Java 8 date time in the date tag
+- WW-5020 - delete deprecated sitegraph plugin
+- WW-5021 - Serve static resources from different path
+- WW-5118 - OGNL long conversion
+
+**Dependency**
+- WW-4887 - Upgrade to Tiles 3.0.8
+- WW-4926 - Upgrade commons-beanutils to version 1.9.3
+- WW-4931 - Upgrade to Apache FreeMarker 2.3.28 version
+- WW-4947 - server errors generated by secure-jakarta-multipart-parser-plugin
+- WW-4955 - Upgrade to OGNL 3.2.6
+- WW-4956 - Upgrade to Log4j2 2.11.1
+- WW-4965 - Upgrade to OGNL 3.2.7
+- WW-4967 - Upgrade to Jackson 2.9.6
+- WW-4973 - Upgrade to OGNL 3.2.8
+- WW-4975 - Upgraded commons-fileupload to version 1.4
+- WW-4976 - Upgrade ASM to version 7.0
+- WW-4979 - Update multiple Struts 2.6.x libraries to more recent versions
+- WW-4980 - Update maven-wrapper to 3.5.4 and add maven-wrapper.jar to .gitignore
+- WW-4985 - Update persistence-api from 1.0 to 1.0.2 for CDI Plugin
+- WW-4988 - Upgrade DWR from 1.x to 2.x (for DWR plugin)
+- WW-4989 - Use JacksonXML handler instead of XStream as a default handler for XML in the REST plugin
+- WW-4992 - Mark the Embedded JSP plugin as depracted
+- WW-4993 - Update OGNL versions for 2.6 and 2.5.x builds
+- WW-5007 - Upgrade Jackson library to the latest version
+- WW-5019 - Upgrade Log4j to version 2.13.3
+- WW-5032 - Struts 2 Junit Plugin is not working with Zulu JDK11
+- WW-5033 - Update a few Struts 2.5.x libraries to more recent versions
+- WW-5037 - Upgrade commons-beanutils to version 1.9.4
+- WW-5038 - Upgrade jackson-databind to version 2.9.9.3
+- WW-5042 - Upgrade jackson-databind to version 2.10.0
+- WW-5045 - Update jasperreports to 6.10.0
+- WW-5047 - Upgrade Velocity to 2.1 and Velocity Tools to 3.0
+- WW-5048 - Update various dependencies to newest version
+- WW-5050 - Upgrade to OGNL 3.2.12
+- WW-5061 - CVEs in the library dependencies
+- WW-5068 - Update multiple Struts 2.6.x libraries / Maven build plugin versions
+- WW-5075 - Upgrade OSGi to the latest version
+- WW-5092 - ASM dependency update to 8.*
+- WW-5094 - Upgrade Spring Framework to version 4.3.29.RELEASE
+- WW-5097 - Upgrade to OGNL 3.2.16
+- WW-5098 - Upgrade ASM to version 9.0
+- WW-5103 - Upgrade XStream to version 1.4.14
+- WW-5120 - Upgrade Velocity Engine & Velocity Tools
+- WW-5122 - Upgrade XStream to version 1.4.16
+- WW-5131 - Upgrade commons-io to version 2.9
+- WW-5134 - Upgrade JasperReports to version 6.17.0
+- WW-5135 - Upgrade XStream to version 1.4.17
+- WW-5142 - Upgrade XStream to version 1.4.18
+- WW-5143 - Upgrade Oval library to ver. 3.2.1
+- WW-5144 - Mark OVal plugin as deprecated
+- WW-5148 - Upgrade ASM to version 9.2
+- WW-5151 - Bump to 2.15.0 to fix log4j vulnerability
+- WW-5158 - Upgrade Log4j to version 2.16.0 to address security vulnerability
+- WW-5161 - Update spring to 4.3.30
+- WW-5162 - Upgrade Log4j to version 2.17.1 to address security vulnerability
+- WW-5165 - Update spring to 5.3.x b/c 4.3.x is EOL
+- WW-5166 - Update OGNL to 3.3.2
+- WW-5167 - Upgrade XStream to version 1.4.19
+- WW-5171 - Upgrade Apache Log4j 2.17.2
+- WW-5172 - Upgrade freemarker to 2.3.31
+- WW-5174 - Upgrade Jackson-Core to version 2.13.2 and Jackson-Databind to 2.13.2.1
+
+> Please read the [Version Notes]({{ site.wiki_url }}/Version+Notes+6.0.0) to find more details about performed
+> bug fixes and improvements. Also, a dedicated [migration guide](https://cwiki.apache.org/confluence/display/WW/Struts+2.5+to+6.0.0+migration) has been prepared.
+
+Apache Struts 2 is an elegant, extensible framework for creating enterprise-ready Java web applications.
+The framework has been designed to streamline the full development cycle, from building, to deploying,
+to maintaining applications over time.
+
+**All developers are strongly advised to perform this upgrade.**
+
+The 6.x series of the Apache Struts framework has a minimum requirement of the following specification versions:
+Servlet API 3.1, JSP API 2.1, and Java 8.
+
+Should any issues arise with your use of any version of the Struts framework, please post your comments to the user list,
+and, if appropriate, file [a tracking ticket]({{ site.jira_url }}).
+
+You can download this version from our [download](download.cgi#struts-ga) page.
+
#### 04 April 2022 - Struts 2.5.30 General Availability {#a20220404}
The Apache Struts group is pleased to announce that Struts 2.5.30 is available as a "General Availability"