Re: [CLOSED][VOTE][FASTTRACK] Struts 2.5.12

[Lukasz Lenart <lu...@apache.org>]

Vote passed with result:

GA +1 x4 (binding)
GA +1 x2 (non-binding)


Thanks & Regards
-- 
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/

2017-07-11 9:10 GMT+02:00 Lukasz Lenart <lu...@apache.org>:
> The Apache Struts 2.5.12 test build is now available. With this
> release the following security vulnerabilities were addressed:
>
> - Possible DoS attack when using URLValidator, see
> https://cwiki.apache.org/confluence/display/WW/S2-047
> - A DoS attack is available for Spring secured actions, see
> https://cwiki.apache.org/confluence/display/WW/S2-049
>
> Except that, the following issues were also addressed:
>
> Bug
> [WW-3171] - "double" and "Double" are not validated with the same
> decimal séparator
> [WW-3357] - ognl.MethodFailedException when you do not enter a value
> for a field mapped to an int.
> [WW-3650] - Double Value Conversion with requestLocale=de
> [WW-3659] - strange behavior of s:a tag with s:include tag inside
> [WW-3905] - The TextProvider injection in ActionSupport isn't quite
> integrated into the framework's core DI
> [WW-4105] - Struts2 raise java.lang.ClassCastException when Result type is chain
> [WW-4472] - @InputConfig annotation is not working when integrating
> with spring aop
> [WW-4528] - ChainingInterceptor does not handle lists correctly for
> excludes and includes
> [WW-4578] - Validators do not work for multiple values
> [WW-4581] - BigDecimal are not converted according context locale
> [WW-4663] - NullPointerException when displaying a form without action attribute
> [WW-4665] - Struts2 JSR286 Portlet fileupload not working
> [WW-4694] - AnnotationWorkflowInterceptor doesn't work with spring
> proxied action
> [WW-4736] - Upgrade to Log4j2 version 2.8
> [WW-4737] - Array-of-null parameters are converted to arrays containing "null"
> [WW-4739] - <s:reset> tag does not properly interpret the attribute tabindex
> [WW-4740] - NullPointer in com.opensymphony.xwork2.ActionSupport.getLocale
> [WW-4741] - Http Sessions forcefully created for all requests using
> I18nInterceptor with default Storage value.
> [WW-4746] - cssErrorClass attribute has no effect on label tag
> [WW-4747] - s:file generates input tag with "value" attribute
> [WW-4750] - Why JSONValidationInterceptor return Status Code 400
> BAD_REQUEST instead of 200 SUCCESS
> [WW-4758] - @autowired does not work since Struts 2.3.28.1
> [WW-4772] - Convention Plugin can't use ${message}
> [WW-4773] - Mixed content https to http when upgraded to 2.3.32 or 2.5.10.1
> [WW-4774] - Upgrding Struts 2.3.1 to 2.5.10.1 - Redirect issues HTTPS to HTTP
> [WW-4775] - Action class Attributes(value stack) is not getting
> populated through Ajax url request parms
> [WW-4784] - <s:url tag is not working after Struts 2.5.10.1 migration
> [WW-4786] - Upgrade from struts2-tiles3-plugin to struts2-tiles-plugin
> gives a NoSuchDefinitionException
> [WW-4788] - Parameters which are added via ServletDispatcherResult
> aren't availabe in #parameters
> [WW-4790] - struts 2.5.10.1 upgrade cause more frequent garbage collection
> [WW-4794] - Subreport call "Caused by: java.lang.ClassCastException:
> org.apache.struts2.views.jasperreports.ValueStackDataSource cannot be
> cast to java.util.Collection"
> [WW-4800] - Aspects are not executed when chaining AOPed actions
> [WW-4801] - Duplicate hidden input field checkboxListHandler
> [WW-4804] - inputtransferselect does not auto-select its elements
> [WW-4810] - Calling empty locale
>
> Improvement
> [WW-1534] - The value of checkbox getted in server-side is "false"
> when no any checkbox been selected.
> [WW-3924] - refactor file upload framework
> [WW-3952] - creditCard validator available in Struts 1 missing in Struts 2
> [WW-4149] - No easy way to have an empty interceptor stack if have default stack
> [WW-4210] - @TypeConversion converter attribut to class
> [WW-4714] - Convert LocalizedTextUtil into a bean with default implementation
> [WW-4743] - NPE in StrutsTilesContainerFactory when resource isn't found
> [WW-4744] - AnnotationWorkflowInterceptor should supports non-public
> annotated methods
> [WW-4748] - Upgrade commons-lang3 to 3.5
> [WW-4749] - Buffer/Flush behaviour in FreemarkerResult
> [WW-4751] - Struts2 should know and consider config time class of user's Actions
> [WW-4752] - getters of exclude-sets in OgnlUtil should return
> immutable collections
> [WW-4753] - Make DelegatingValidatorContext injectable
> [WW-4754] - Mark site-graph plugin as deprecated
> [WW-4756] - Use TextProviderFactory instead of TextProvider as bean's dependency
> [WW-4757] - Create LocaleProviderFactory and uses instead of LocaleProvider
> [WW-4761] - Improve error logging in DefaultDispatcherErrorHandler
> [WW-4762] - DefaultLocalizedTextProvider refactoring
> [WW-4764] - Make jakarta-stream multipart parser more extensbile
> [WW-4767] - Make Multipart parsers more extensible
> [WW-4768] - Add proper validation if request is a multipart request
> [WW-4769] - Make SecurityMethodAccess excluded classes & packages
> definitions immutable
> [WW-4771] - minor typos in confluence page "security.html"
> [WW-4780] - Upgrade to Log4j2 2.8.2
> [WW-4785] - Allow disable file upload support via an configurable option
> [WW-4787] - TestCase XWorkMapPropertyAccessorTest should be moved to
> src/test/java
> [WW-4791] - Stop using DefaultLocalizedTextProvider#localeFromString
> static util method
> [WW-4793] - Don't add JBossFileManager as a possible FileManager when
> not on JBoss
> [WW-4795] - There is no @LongRangeFieldValidator annotation to support
> LongRangeFieldValidator
> [WW-4805] - At least a DoS attack is available for Spring secured actions
> [WW-4809] - Upgrade to commons-lang 3.6
> [WW-4812] - Update commons-fileupload
>
> New Feature
> [WW-3399] - JCR(JSR-170) Struts2 plugin
>
> Release notes:
> * https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.5.12
>
> Distribution:
> * https://dist.apache.org/repos/dist/dev/struts/2.5.12/
>
> Maven 2 staging repository:
> * https://repository.apache.org/content/repositories/staging/
>
> Once you have had a chance to review the test build, please respond
> with a vote on its quality:
>
> [ ] Leave at test build
> [ ] Alpha
> [ ] Beta
> [ ] General Availability (GA)
>
> Everyone who has tested the build is invited to vote. Votes by PMC
> members are considered binding. A vote passes if there are at least
> three binding +1s and more +1s than -1s.
>
> The vote will remain open for at least 24 hours, longer upon request.
> A vote can be amended at any time to upgrade or downgrade the quality
> of the release based on future experience. If an initial vote
> designates the build as "Beta", the release will be submitted for
> mirroring and announced to the user list. Once released as a public
> beta, subsequent quality votes on a build may be held on the user
> list.
>
> As always, the act of voting carries certain obligations. A binding
> vote not only states an opinion, but means that the voter is agreeing
> to help do the work.
>
>
> Kind regards
> --
> Łukasz
> + 48 606 323 122 http://www.lenart.org.pl/

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org