You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@struts.apache.org by lu...@apache.org on 2016/12/06 10:03:13 UTC
svn commit: r1002261 - in /websites/production/struts/content/docs:
s2-023.html s2-044.html version-notes-258.html
Author: lukaszlenart
Date: Tue Dec 6 10:03:13 2016
New Revision: 1002261
Log:
Updates production
Added:
websites/production/struts/content/docs/version-notes-258.html
Modified:
websites/production/struts/content/docs/s2-023.html
websites/production/struts/content/docs/s2-044.html
Modified: websites/production/struts/content/docs/s2-023.html
==============================================================================
--- websites/production/struts/content/docs/s2-023.html (original)
+++ websites/production/struts/content/docs/s2-023.html Tue Dec 6 10:03:13 2016
@@ -125,7 +125,7 @@ under the License.
<div class="pagecontent">
<div class="wiki-content">
- <div id="ConfluenceContent"><h2 id="S2-023-Summary">Summary</h2>Generated value of token can be predictable<div class="table-wrap"><table class="confluenceTable"><tbody><tr><th colspan="1" rowspan="1" class="confluenceTh"><p>Who should read this</p></th><td colspan="1" rowspan="1" class="confluenceTd"><p>All Struts 2 developers and users</p></td></tr><tr><th colspan="1" rowspan="1" class="confluenceTh"><p>Impact of vulnerability</p></th><td colspan="1" rowspan="1" class="confluenceTd"><p>The attacker make a specially craft form using the predicted token that force an action to a logged-in user (CSRF).</p></td></tr><tr><th colspan="1" rowspan="1" class="confluenceTh"><p>Maximum security rating</p></th><td colspan="1" rowspan="1" class="confluenceTd"><p>Medium</p></td></tr><tr><th colspan="1" rowspan="1" class="confluenceTh"><p>Recommendation</p></th><td colspan="1" rowspan="1" class="confluenceTd"><p>Developers should immediately upgrade to <a shape="rect" class="external
-link" href="http://struts.apache.org/download.cgi#struts2320">Struts 2.3.20</a> if they use <code><s:token/></code> support</p></td></tr><tr><th colspan="1" rowspan="1" class="confluenceTh"><p>Affected Software</p></th><td colspan="1" rowspan="1" class="confluenceTd"><p>Struts 2.0.0 - Struts 2.3.16.3</p></td></tr><tr><th colspan="1" rowspan="1" class="confluenceTh"><p>Reporter</p></th><td colspan="1" rowspan="1" class="confluenceTd"><p><span style="color: rgb(34,34,34);">Philippe Arteau of Groupe Technologies Desjardins</span></p></td></tr><tr><th colspan="1" rowspan="1" class="confluenceTh"><p>CVE Identifier</p></th><td colspan="1" rowspan="1" class="confluenceTd"><p><span style="color: rgb(34,34,34);">CVE-2014-7809</span></p></td></tr></tbody></table></div><h2 id="S2-023-Problem">Problem</h2><p><span style="color: rgb(34,34,34);">The attacker fetch any given form where a token is present and can predict the next value of the token used to secure form submission.</span></p><
h2 id="S2-023-Solution">Solution</h2><p>In Struts 2.3.20 a better random generator was used to generate unpredictable values.</p><h2 id="S2-023-Backwardcompatibility">Backward compatibility</h2><p>No backward compatibility problems are expected.</p><h2 id="S2-023-Workaround">Workaround</h2><h2 id="S2-023-Notpossiblewhenusing<s:token/>tag-youmustupgradetothelatestversion."><span style="font-size: 14.0px;line-height: 20.0px;">Not possible when using <code><s:token/></code> tag - you must upgrade to the latest version.</span></h2><p><span style="font-size: 14.0px;line-height: 1.4285715;"><br clear="none"></span></p></div>
+ <div id="ConfluenceContent"><h2 id="S2-023-Summary">Summary</h2>Generated value of token can be predictable<div class="table-wrap"><table class="confluenceTable"><tbody><tr><th colspan="1" rowspan="1" class="confluenceTh"><p>Who should read this</p></th><td colspan="1" rowspan="1" class="confluenceTd"><p>All Struts 2 developers and users</p></td></tr><tr><th colspan="1" rowspan="1" class="confluenceTh"><p>Impact of vulnerability</p></th><td colspan="1" rowspan="1" class="confluenceTd"><p>The attacker make a specially craft form using the predicted token that force an action to a logged-in user (CSRF).</p></td></tr><tr><th colspan="1" rowspan="1" class="confluenceTh"><p>Maximum security rating</p></th><td colspan="1" rowspan="1" class="confluenceTd"><p>Medium</p></td></tr><tr><th colspan="1" rowspan="1" class="confluenceTh"><p>Recommendation</p></th><td colspan="1" rowspan="1" class="confluenceTd"><p>Developers should immediately upgrade to <a shape="rect" class="external
-link" href="http://struts.apache.org/download.cgi#struts2320">Struts 2.3.20</a> if they use <code><s:token/></code> support</p></td></tr><tr><th colspan="1" rowspan="1" class="confluenceTh"><p>Affected Software</p></th><td colspan="1" rowspan="1" class="confluenceTd"><p>Struts 2.0.0 - Struts 2.3.16.3</p></td></tr><tr><th colspan="1" rowspan="1" class="confluenceTh"><p>Reporter</p></th><td colspan="1" rowspan="1" class="confluenceTd"><p><span style="color: rgb(34,34,34);">Philippe Arteau of Groupe Technologies Desjardins</span></p></td></tr><tr><th colspan="1" rowspan="1" class="confluenceTh"><p>CVE Identifier</p></th><td colspan="1" rowspan="1" class="confluenceTd"><p><span style="color: rgb(34,34,34);">CVE-2014-7809</span></p></td></tr></tbody></table></div><h2 id="S2-023-Problem">Problem</h2><p><span style="color: rgb(34,34,34);">The attacker fetch any given form where a token is present and can predict the next value of the token used to secure form submission.</span></p><
h2 id="S2-023-Solution">Solution</h2><p>In Struts 2.3.20 a better random generator was used to generate unpredictable values.</p><h2 id="S2-023-Backwardcompatibility">Backward compatibility</h2><p>No backward compatibility problems are expected.</p><h2 id="S2-023-Workaround">Workaround</h2><p><span style="font-size: 14.0px;line-height: 20.0px;">Not possible when using <code><s:token/></code> tag - you must upgrade to the latest version.</span></p><p><span style="font-size: 14.0px;line-height: 1.4285715;"><br clear="none"></span></p></div>
</div>
Modified: websites/production/struts/content/docs/s2-044.html
==============================================================================
--- websites/production/struts/content/docs/s2-044.html (original)
+++ websites/production/struts/content/docs/s2-044.html Tue Dec 6 10:03:13 2016
@@ -138,7 +138,7 @@ under the License.
<div class="pagecontent">
<div class="wiki-content">
- <div id="ConfluenceContent"><h2 id="S2-044-Summary">Summary</h2>Possible DoS attack when using <code>URLValidator</code><div class="table-wrap"><table class="confluenceTable"><tbody><tr><th colspan="1" rowspan="1" class="confluenceTh"><p>Who should read this</p></th><td colspan="1" rowspan="1" class="confluenceTd"><p>All Struts 2 developers and users</p></td></tr><tr><th colspan="1" rowspan="1" class="confluenceTh"><p>Impact of vulnerability</p></th><td colspan="1" rowspan="1" class="confluenceTd"><p>Possible DoS attack when using URLValidator</p></td></tr><tr><th colspan="1" rowspan="1" class="confluenceTh"><p>Maximum security rating</p></th><td colspan="1" rowspan="1" class="confluenceTd"><p>Low</p></td></tr><tr><th colspan="1" rowspan="1" class="confluenceTh"><p>Recommendation</p></th><td colspan="1" rowspan="1" class="confluenceTd"><p>Upgrade to <a shape="rect" href="version-notes-257.html">Struts 2.5.7</a></p></td></tr><tr><th colspan="1" rowspan="1" class="confluen
ceTh"><p>Affected Software</p></th><td colspan="1" rowspan="1" class="confluenceTd"><p>Struts 2.5 -<span style="color: rgb(23,35,59);"> Struts 2.5.5</span></p></td></tr><tr><th colspan="1" rowspan="1" class="confluenceTh"><p>Reporter</p></th><td colspan="1" rowspan="1" class="confluenceTd"><p><span class="Apple-tab-span"> </span>Jonathan Bullock <jonbullock at gmail dot com></p></td></tr><tr><th colspan="1" rowspan="1" class="confluenceTh"><p>CVE Identifier</p></th><td colspan="1" rowspan="1" class="confluenceTd"><p>CVE-2016-8738</p></td></tr></tbody></table></div><h2 id="S2-044-Problem">Problem</h2><p>If an application allows enter an URL in a form field and built-in <code>URLValidator</code> is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL.</p><h2 id="S2-044-Solution">Solution</h2><p>Upgrade to Apache Struts version 2.5.7.</p><h2 id="S2-044-Backwardcompatibility">Backward compatibil
ity</h2><p>No backward incompatibility issues are expected.</p><h2 id="S2-044-Workaround">Workaround</h2><p>Trim passed value before assigning it to a field, e.g.</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
+ <div id="ConfluenceContent"><h2 id="S2-044-Summary">Summary</h2>Possible DoS attack when using <code>URLValidator</code><div class="table-wrap"><table class="confluenceTable"><tbody><tr><th colspan="1" rowspan="1" class="confluenceTh"><p>Who should read this</p></th><td colspan="1" rowspan="1" class="confluenceTd"><p>All Struts 2 developers and users</p></td></tr><tr><th colspan="1" rowspan="1" class="confluenceTh"><p>Impact of vulnerability</p></th><td colspan="1" rowspan="1" class="confluenceTd"><p>Possible DoS attack when using URLValidator</p></td></tr><tr><th colspan="1" rowspan="1" class="confluenceTh"><p>Maximum security rating</p></th><td colspan="1" rowspan="1" class="confluenceTd"><p>Low</p></td></tr><tr><th colspan="1" rowspan="1" class="confluenceTh"><p>Recommendation</p></th><td colspan="1" rowspan="1" class="confluenceTd"><p>Upgrade to <a shape="rect" href="version-notes-258.html">Struts 2.5.8</a></p></td></tr><tr><th colspan="1" rowspan="1" class="confluen
ceTh"><p>Affected Software</p></th><td colspan="1" rowspan="1" class="confluenceTd"><p>Struts 2.5 -<span style="color: rgb(23,35,59);"> Struts 2.5.5</span></p></td></tr><tr><th colspan="1" rowspan="1" class="confluenceTh"><p>Reporter</p></th><td colspan="1" rowspan="1" class="confluenceTd"><p><span class="Apple-tab-span"> </span>Jonathan Bullock <jonbullock at gmail dot com></p></td></tr><tr><th colspan="1" rowspan="1" class="confluenceTh"><p>CVE Identifier</p></th><td colspan="1" rowspan="1" class="confluenceTd"><p>CVE-2016-8738</p></td></tr></tbody></table></div><h2 id="S2-044-Problem">Problem</h2><p>If an application allows enter an URL in a form field and built-in <code>URLValidator</code> is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL.</p><h2 id="S2-044-Solution">Solution</h2><p>Upgrade to Apache Struts version 2.5.8.</p><h2 id="S2-044-Backwardcompatibility">Backward compatibil
ity</h2><p>No backward incompatibility issues are expected.</p><h2 id="S2-044-Workaround">Workaround</h2><p>Trim passed value before assigning it to a field, e.g.</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
<pre class="brush: java; gutter: false; theme: Default" style="font-size:12px;">public String setUserUrl(String userUrl) {
this.userUrl = userUrl.trim();
}</pre>
Added: websites/production/struts/content/docs/version-notes-258.html
==============================================================================
--- websites/production/struts/content/docs/version-notes-258.html (added)
+++ websites/production/struts/content/docs/version-notes-258.html Tue Dec 6 10:03:13 2016
@@ -0,0 +1,168 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<html>
+<head>
+ <link type="text/css" rel="stylesheet" href="https://struts.apache.org/css/default.css">
+ <style type="text/css">
+ .dp-highlighter {
+ width:95% !important;
+ }
+ </style>
+ <style type="text/css">
+ .footer {
+ background-image: url('https://cwiki.apache.org/confluence/images/border/border_bottom.gif');
+ background-repeat: repeat-x;
+ background-position: left top;
+ padding-top: 4px;
+ color: #666;
+ }
+ </style>
+ <link href='https://struts.apache.org/highlighter/style/shCoreStruts.css' rel='stylesheet' type='text/css' />
+ <link href='https://struts.apache.org/highlighter/style/shThemeStruts.css' rel='stylesheet' type='text/css' />
+ <script src='https://struts.apache.org/highlighter/js/shCore.js' type='text/javascript'></script>
+ <script src='https://struts.apache.org/highlighter/js/shBrushPlain.js' type='text/javascript'></script>
+ <script src='https://struts.apache.org/highlighter/js/shBrushXml.js' type='text/javascript'></script>
+ <script src='https://struts.apache.org/highlighter/js/shBrushJava.js' type='text/javascript'></script>
+ <script src='https://struts.apache.org/highlighter/js/shBrushJScript.js' type='text/javascript'></script>
+ <script src='https://struts.apache.org/highlighter/js/shBrushGroovy.js' type='text/javascript'></script>
+ <script src='https://struts.apache.org/highlighter/js/shBrushBash.js' type='text/javascript'></script>
+ <script type="text/javascript">
+ SyntaxHighlighter.defaults['toolbar'] = false;
+ SyntaxHighlighter.all();
+ </script>
+ <script type="text/javascript" language="javascript">
+ var hide = null;
+ var show = null;
+ var children = null;
+
+ function init() {
+ /* Search form initialization */
+ var form = document.forms['search'];
+ if (form != null) {
+ form.elements['domains'].value = location.hostname;
+ form.elements['sitesearch'].value = location.hostname;
+ }
+
+ /* Children initialization */
+ hide = document.getElementById('hide');
+ show = document.getElementById('show');
+ children = document.all != null ?
+ document.all['children'] :
+ document.getElementById('children');
+ if (children != null) {
+ children.style.display = 'none';
+ show.style.display = 'inline';
+ hide.style.display = 'none';
+ }
+ }
+
+ function showChildren() {
+ children.style.display = 'block';
+ show.style.display = 'none';
+ hide.style.display = 'inline';
+ }
+
+ function hideChildren() {
+ children.style.display = 'none';
+ show.style.display = 'inline';
+ hide.style.display = 'none';
+ }
+ </script>
+ <title>Version Notes 2.5.8</title>
+</head>
+<body onload="init()">
+<table border="0" cellpadding="2" cellspacing="0" width="100%">
+ <tr class="topBar">
+ <td align="left" valign="middle" class="topBarDiv" align="left" nowrap>
+ <a href="home.html">Home</a> > <a href="guides.html">Guides</a> > <a href="migration-guide.html">Migration Guide</a> > <a href="version-notes-258.html">Version Notes 2.5.8</a>
+ </td>
+ <td align="right" valign="middle" nowrap>
+ <form name="search" action="https://www.google.com/search" method="get">
+ <input type="hidden" name="ie" value="UTF-8" />
+ <input type="hidden" name="oe" value="UTF-8" />
+ <input type="hidden" name="domains" value="" />
+ <input type="hidden" name="sitesearch" value="" />
+ <input type="text" name="q" maxlength="255" value="" />
+ <input type="submit" name="btnG" value="Google Search" />
+ </form>
+ </td>
+ </tr>
+</table>
+
+<div id="PageContent">
+ <div class="pageheader" style="padding: 6px 0px 0px 0px;">
+ <!-- We'll enable this once we figure out how to access (and save) the logo resource -->
+ <!--img src="/wiki/images/confluence_logo.gif" style="float: left; margin: 4px 4px 4px 10px;" border="0"-->
+ <div style="margin: 0px 10px 0px 10px" class="smalltext">Apache Struts 2 Documentation</div>
+ <div style="margin: 0px 10px 8px 10px" class="pagetitle">Version Notes 2.5.8</div>
+
+ <div class="greynavbar" align="right" style="padding: 2px 10px; margin: 0px;">
+ <a href="https://cwiki.apache.org/confluence/pages/editpage.action?pageId=66853802">
+ <img src="https://cwiki.apache.org/confluence/images/icons/notep_16.gif"
+ height="16" width="16" border="0" align="absmiddle" title="Edit Page"></a>
+ <a href="https://cwiki.apache.org/confluence/pages/editpage.action?pageId=66853802">Edit Page</a>
+
+ <a href="https://cwiki.apache.org/confluence/pages/listpages.action?key=WW">
+ <img src="https://cwiki.apache.org/confluence/images/icons/browse_space.gif"
+ height="16" width="16" border="0" align="absmiddle" title="Browse Space"></a>
+ <a href="https://cwiki.apache.org/confluence/pages/listpages.action?key=WW">Browse Space</a>
+
+ <a href="https://cwiki.apache.org/confluence/pages/createpage.action?spaceKey=WW&fromPageId=66853802">
+ <img src="https://cwiki.apache.org/confluence/images/icons/add_page_16.gif"
+ height="16" width="16" border="0" align="absmiddle" title="Add Page"></a>
+ <a href="https://cwiki.apache.org/confluence/pages/createpage.action?spaceKey=WW&fromPageId=66853802">Add Page</a>
+
+ <a href="https://cwiki.apache.org/confluence/pages/createblogpost.action?spaceKey=WW&fromPageId=66853802">
+ <img src="https://cwiki.apache.org/confluence/images/icons/add_blogentry_16.gif"
+ height="16" width="16" border="0" align="absmiddle" title="Add News"></a>
+ <a href="https://cwiki.apache.org/confluence/pages/createblogpost.action?spaceKey=WW&fromPageId=66853802">Add News</a>
+ </div>
+ </div>
+
+ <div class="pagecontent">
+ <div class="wiki-content">
+ <div id="ConfluenceContent"><p><img class="emoticon emoticon-tick" src="https://cwiki.apache.org/confluence/s/en_GB/5982/f2b47fb3d636c8bc9fd0b11c0ec6d0ae18646be7.1/_/images/icons/emoticons/check.png" data-emoticon-name="tick" alt="(tick)"> These are the notes for the Struts 2.5.8 distribution.</p><p><img class="emoticon emoticon-tick" src="https://cwiki.apache.org/confluence/s/en_GB/5982/f2b47fb3d636c8bc9fd0b11c0ec6d0ae18646be7.1/_/images/icons/emoticons/check.png" data-emoticon-name="tick" alt="(tick)"> For prior notes in this release series, see <a shape="rect" href="version-notes-255.html">Version Notes 2.5.5</a></p><ul><li>If you are a Maven user, you might want to get started using the <a shape="rect" href="struts-2-maven-archetypes.html">Maven Archetype</a>.</li></ul><div class="code panel pdl" style="border-width: 1px;"><div class="codeHeader panelHeader pdl" style="border-bottom-width: 1px;"><b>Maven Dependency</b></div><div class="codeContent panelContent pdl">
+<pre class="brush: xml; gutter: false; theme: Default" style="font-size:12px;"><dependency>
+ <groupId>org.apache.struts</groupId>
+ <artifactId>struts2-core</artifactId>
+ <version>2.5.8</version>
+</dependency>
+</pre>
+</div></div><p>You can also use Struts Archetype Catalog like below</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeHeader panelHeader pdl" style="border-bottom-width: 1px;"><b>Struts Archetype Catalog</b></div><div class="codeContent panelContent pdl">
+<pre class="brush: text; gutter: false; theme: Default" style="font-size:12px;">mvn archetype:generate -DarchetypeCatalog=http://struts.apache.org/</pre>
+</div></div><div class="code panel pdl" style="border-width: 1px;"><div class="codeHeader panelHeader pdl" style="border-bottom-width: 1px;"><b>Staging Repository</b></div><div class="codeContent panelContent pdl">
+<pre class="brush: xml; gutter: false; theme: Default" style="font-size:12px;"><repositories>
+ <repository>
+ <id>apache.nexus</id>
+ <name>ASF Nexus Staging</name>
+ <url>https://repository.apache.org/content/groups/staging/</url>
+ </repository>
+</repositories></pre>
+</div></div><h2 id="VersionNotes2.5.8-InternalChanges">Internal Changes</h2><ul><li><img class="emoticon emoticon-warning" src="https://cwiki.apache.org/confluence/s/en_GB/5982/f2b47fb3d636c8bc9fd0b11c0ec6d0ae18646be7.1/_/images/icons/emoticons/warning.png" data-emoticon-name="warning" alt="(warning)"> Possible DoS attack when using <code>URLValidator</code> - <a shape="rect" href="s2-044.html">S2-044</a></li></ul><h2 id="VersionNotes2.5.8-Bug">Bug</h2><ul><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-2561">WW-2561</a>] - Included XSL files' URI not being resolved for actions with result type="xslt"</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-3019">WW-3019</a>] - ConcurrentModificationException using s:iterator (intermittent)</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-3170">WW-3170</a>] - ObjectFactory reporting ERROR's when
you attempt to set parameters on a Redirect result</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-3654">WW-3654</a>] - Failed validation returns Action.NONE instead of Action.INPUT</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-3957">WW-3957</a>] - Multiple concurrent AJAX requests can collide</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-3995">WW-3995</a>] - please change reset.ftl so html id is not lost</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4367">WW-4367</a>] - preselect values in <s:optgroup></li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4636">WW-4636</a>] - File upload error message always in default language</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4701">WW-4701</a>] - Can no lo
nger clear parameter on a <s:url> tag.</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4702">WW-4702</a>] - List based parameters no longer work when there is only one value.</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4703">WW-4703</a>] - NullPointerException in ActionSupport when use ModelDriven</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4707">WW-4707</a>] - Multiselect parameter behavior different between struts 2.5.5 and 2.5.1</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4708">WW-4708</a>] - struts2-archetype-blank not found for struts v2.5.5</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4709">WW-4709</a>] - Invalid field value for field "id"</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/W
W-4715">WW-4715</a>] - Scope interceptor always resets because of org.apache.struts2.dispatcher.HttpParameters</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4716">WW-4716</a>] - HelloWorldTest throws NullPointerException</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4718">WW-4718</a>] - focusElement form attribute not working</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4722">WW-4722</a>] - Portlet Issue with I18Interceptor</li></ul><h2 id="VersionNotes2.5.8-Improvement">Improvement</h2><ul><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-2454">WW-2454</a>] - TestNG dependency update from 5.1 to 5.3 + update to coupled maven plugin</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4171">WW-4171</a>] - getText methods are not documented as evaluating OGNL</l
i><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4214">WW-4214</a>] - Rename of struts token attribute name</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4391">WW-4391</a>] - FreemarkerResult should respect response.getCharacterEncoding()</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4698">WW-4698</a>] - Allow <constant/> value substitution in XML configuration</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4704">WW-4704</a>] - Upgrade to latest OGNL version</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4705">WW-4705</a>] - Add support for long type to <s:date> tag</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4710">WW-4710</a>] - Disallow access to HttpParameters.toMap</li><li>[<a shape="rect"
class="external-link" href="https://issues.apache.org/jira/browse/WW-4711">WW-4711</a>] - <s:text/> tag should not evaluate defaultMessage against a ValueStack by default</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4712">WW-4712</a>] - TextProviderHelper#getText() should perform cleaning of "defaultMessage"</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4717">WW-4717</a>] - Refactor file upload support to allow create virtual representation of <a shape="rect" class="external-link" href="http://java.io" rel="nofollow">java.io</a>.File</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4719">WW-4719</a>] - Move "DefaultClassFinder" into Convnention plugin</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4720">WW-4720</a>] - HttpParameters should behave like a Map</li><li>[<a shape="rect" class="e
xternal-link" href="https://issues.apache.org/jira/browse/WW-4721">WW-4721</a>] - Add support for "roundingMode" in <s:number/> tag</li></ul><p> </p><div class="confluence-information-macro confluence-information-macro-note"><span class="aui-icon aui-icon-small aui-iconfont-warning confluence-information-macro-icon"></span><div class="confluence-information-macro-body"><p>This release contains fixes related to <a shape="rect" href="s2-044.html">S2-044</a> security bulletin, please read it carefully!</p></div></div><h2 id="VersionNotes2.5.8-IssueDetail">Issue Detail</h2><ul><li><a shape="rect" class="external-link" href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?version=12338410&projectId=12311041">JIRA Release Notes 2.5.8</a></li></ul><h2 id="VersionNotes2.5.8-IssueList">Issue List</h2><ul><li><a shape="rect" class="external-link" href="https://issues.apache.org/jira/issues/?filter=12338933">Struts 2.5.8 DONE</a></li><li><a shape="rect" class="external-li
nk" href="https://issues.apache.org/jira/issues/?filter=12335667">Struts 2.5.x TODO</a></li></ul><h2 id="VersionNotes2.5.8-Otherresources">Other resources</h2><ul><li><a shape="rect" class="external-link" href="http://www.mail-archive.com/commits%40struts.apache.org/" rel="nofollow">Commit Logs</a></li><li><a shape="rect" class="external-link" href="https://git-wip-us.apache.org/repos/asf?p=struts.git;a=tree;h=refs/heads/develop;hb=develop">Source Code Repository</a></li></ul><div><span style="font-size: 24.0px;line-height: 30.0px;"><br clear="none"></span></div><div><span style="font-size: 24.0px;line-height: 30.0px;background-color: rgb(245,245,245);"><br clear="none"></span></div></div>
+ </div>
+
+
+ </div>
+</div>
+<div class="footer">
+ Generated by CXF SiteExporter
+</div>
+</body>
+</html>