You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@struts.apache.org by gi...@apache.org on 2022/06/07 08:00:25 UTC
[struts-site] branch asf-staging updated: Updates stage by Jenkins
This is an automated email from the ASF dual-hosted git repository.
git-site-role pushed a commit to branch asf-staging
in repository https://gitbox.apache.org/repos/asf/struts-site.git
The following commit(s) were added to refs/heads/asf-staging by this push:
new bb7b29e97 Updates stage by Jenkins
bb7b29e97 is described below
commit bb7b29e97da80142f8387c42e977ffb784ed0cfa
Author: jenkins <bu...@apache.org>
AuthorDate: Tue Jun 7 08:00:22 2022 +0000
Updates stage by Jenkins
---
content/announce-2022.html | 318 ++++++++++++++++++++++++
content/core-developers/default-properties.html | 44 +++-
content/core-developers/interceptors.html | 3 +
content/core-developers/struts-default-xml.html | 3 +
content/download.html | 44 ++--
content/index.html | 10 +-
content/releases.html | 2 +-
7 files changed, 389 insertions(+), 35 deletions(-)
diff --git a/content/announce-2022.html b/content/announce-2022.html
index 6b0dd9ff9..e6501f87f 100644
--- a/content/announce-2022.html
+++ b/content/announce-2022.html
@@ -132,6 +132,7 @@
<h1 class="no_toc" id="announcements-2022">Announcements 2022</h1>
<ul id="markdown-toc">
+ <li><a href="#a20220606" id="markdown-toc-a20220606">06 June 2022 - Struts 2 ver. 6.0.0 General Availability</a></li>
<li><a href="#a20220404" id="markdown-toc-a20220404">04 April 2022 - Struts 2.5.30 General Availability</a></li>
<li><a href="#a20220122" id="markdown-toc-a20220122">22 January 2022 - Struts 2.5.29 General Availability</a></li>
<li><a href="#a20220102" id="markdown-toc-a20220102">02 January 2022 - Struts 2.5.28.3 General Availability</a></li>
@@ -141,6 +142,323 @@
Skip to: <a href="announce-2021">Announcements - 2021</a>
</p>
+<h4 id="a20220606">06 June 2022 - Struts 2 ver. 6.0.0 General Availability</h4>
+
+<p>The Apache Struts group is pleased to announce that Apache Struts 2 ver. 6.0.0 is available as a “General Availability”
+release. The GA designation is our highest quality grade.</p>
+
+<p><strong>Version change</strong></p>
+
+<p>You can be surprised by the version change, previously we have been using Struts 2.5.x versioning schema, but this was
+a bit misleading. Struts 2 is a different framework than Struts 1 and its versioning is supposed to start with 1.0.0,
+yet that never happened. With each breaking changes release (like Struts 2.5), we had been only upgrading the MINOR
+part of the versioning schema. To fix that problem as from Struts 2 ver. 6.0.0 (aka Struts 2.6) we adopt a proper SemVer
+to avoid such confusion.</p>
+
+<p><strong>Internal Changes</strong></p>
+
+<p>The framework requires Java 8 at runtime. Also Servlet API 3.1 capable container is required.</p>
+
+<p>OGNL expressions are limited to 256 characters by default. See <a href="https://issues.apache.org/jira/browse/WW-5179">WW-5179</a>
+and <a href="https://struts.apache.org/security/#apply-a-maximum-allowed-length-on-ognl-expressions">docs</a> for more details.</p>
+
+<p>Yasser’s PR has been merged which contains a fix to double evaluation security vulnerability - it should solve any future
+attack vectors, yet it can impact your application if you have been depending on double evaluation.</p>
+
+<p><strong>How to test</strong></p>
+
+<ul>
+ <li>Run all your app tests, you shouldn’t see any WARN log like below:
+ <blockquote>
+ <p>Expression [so-and-so] isn’t allowed by pattern [so-and-so]! See Accepted / Excluded patterns at https://struts.apache.org/security/</p>
+ </blockquote>
+ </li>
+ <li>See if following components are still functioning correctly regarding java-scripts:
+ <ul>
+ <li>forms with client side validations</li>
+ <li>doubleselect</li>
+ <li>combobox</li>
+ </ul>
+ </li>
+ <li>Check also <code class="highlighter-rouge">StreamResult</code>s, <code class="highlighter-rouge">AliasInterceptor</code> and <code class="highlighter-rouge">JasperReportResult</code>s if they are still working as expected.</li>
+</ul>
+
+<p>Support to access static methods via OGNL expressions has been removed, use action instance methods instead.</p>
+
+<p><strong>Bug</strong></p>
+
+<ul>
+ <li>WW-3534 - PrepareOperations.createActionContext does not detect existing context correctly</li>
+ <li>WW-3730 - action tag accepts only String arrays as parameters</li>
+ <li>WW-4723 - s:url incompatible with JDK 1.5</li>
+ <li>WW-4742 - Problem with escape when the key from getText has no value</li>
+ <li>WW-4865 - Struts s:checkbox conversion fails to List<Integer></Integer></li>
+ <li>WW-4866 - ASM 5.2 and Java 9 leads to IllegalArgumentException</li>
+ <li>WW-4897 - KEYS, sigs and hashes should use https (SSL)</li>
+ <li>WW-4902 - Struts 2 fails to init Dispatcher - Tomcat Embedded</li>
+ <li>WW-4928 - Setting struts.devMode from system property not working as described</li>
+ <li>WW-4930 - SMI cannot be diasabled for action-packages found via the convention-plugin</li>
+ <li>WW-4941 - [jar_cache] Some jar_cache<strong>**</strong>.tmp files are generated into a temporary directory(/tmp) during web service start</li>
+ <li>WW-4943 - opensymphony.xwork2.util.LocalizedTextUtil can’t get i18n resources</li>
+ <li>WW-4944 - Struts 2 REST Tiles integration issue</li>
+ <li>WW-4945 - TagUtils#buildNamespace should throw an exception when invocation is null</li>
+ <li>WW-4946 - Strtus 2 spring integrations is failing - fails to init Dispatcher - Tomcat Embedded</li>
+ <li>WW-4948 - Struts 2.5.16 is creating jar_cache files in temp folder</li>
+ <li>WW-4951 - MD5 and SHA1 should no longer be provided on download pages</li>
+ <li>WW-4954 - xml-validation fails since struts 2.5.17</li>
+ <li>WW-4957 - Update struts version from 2.5.10 to 2.5.17. LocalizedTextUtil class is removed and GlobalLocalizedTextProvider&StrutsLocalizedTextProvider cannot be used instead.</li>
+ <li>WW-4958 - File upload fails from certain clients</li>
+ <li>WW-4964 - Missing javascript in form-validate.ftl</li>
+ <li>WW-4968 - combining s:set and s:property where the property retrieved is null has unexpected results</li>
+ <li>WW-4971 - s:include tag fails with truncated content in certain circumstances</li>
+ <li>WW-4974 - NullPointerException in DefaultStaticContentLoader#findStaticResource</li>
+ <li>WW-4977 - Fixing flaky test in Jsr168DispatcherTest and Jsr286DispatcherTest</li>
+ <li>WW-4984 - Static files like css and js files in struts-core not properly served</li>
+ <li>WW-4986 - Race condition reloading config results in actions not found</li>
+ <li>WW-4987 - Setting Struts2 <s:select> options Css Class</s:select></li>
+ <li>WW-4991 - Not existing property in listValueKey throws exception</li>
+ <li>WW-4997 - <s:debug> can't be resolved</s:debug></li>
+ <li>WW-4999 - Can’t get OgnlValueStack log even if enable logMissingProperties</li>
+ <li>WW-5002 - Package Level Properties in Global Results</li>
+ <li>WW-5004 - No more calling of a static variable in Struts 2.8.20 available</li>
+ <li>WW-5006 - NullPointerException in ProxyUtil class when accessing static member</li>
+ <li>WW-5009 - EmptyStackException in JSON plugin due to concurrency</li>
+ <li>WW-5011 - Tiles bug when parsing file:// URLs including # as part of the URL</li>
+ <li>WW-5013 - Accessing static variable via OGNL returns nothing</li>
+ <li>WW-5022 - Struts 2.6 escaping behaviour change for s:a (anchor) tag</li>
+ <li>WW-5024 - HttpParameters.Builder can wrap objects in two layers of Parameters</li>
+ <li>WW-5025 - Binding Integer Array upon form submission</li>
+ <li>WW-5026 - Double-submit of TokenSessionStoreInterceptor broken since 2.5.16</li>
+ <li>WW-5027 - xerces tries to load resources from the internet</li>
+ <li>WW-5028 - Dispatcher prints stacktraces directly to the console</li>
+ <li>WW-5029 - The content allowed-methods tag of the XML configuration is sometimes truncated</li>
+ <li>WW-5030 - ClassNotFoundException - MockPortletResponse</li>
+ <li>WW-5031 - OGNL: An illegal reflective access operation has occurred</li>
+ <li>WW-5043 - trouble with Enum subclassing</li>
+ <li>WW-5054 - Debugging Interceptor debug=browser not working</li>
+ <li>WW-5058 - Invalid link in primer.html</li>
+ <li>WW-5059 - primer.html link to spring-security is broken</li>
+ <li>WW-5065 - AbstractMatcher adds values to the map passed into replaceParameters</li>
+ <li>WW-5072 - Minor bug in single file upload example of the Showcase application</li>
+ <li>WW-5074 - Multiple ASM jar conflict in 2.6 build</li>
+ <li>WW-5076 - struts2 redirecting to https to http</li>
+ <li>WW-5077 - Unable to set long pathname variables</li>
+ <li>WW-5079 - Could not find StrutsPrepareAndExecuteFilter sometime in WAS server</li>
+ <li>WW-5081 - Struts default textarea template fails w3c validation</li>
+ <li>WW-5082 - struts2 update from 2.1.6 to 2.3.37</li>
+ <li>WW-5086 - s:set with empty body</li>
+ <li>WW-5087 - AliasInterceptor doesn’t properly handle Parameter.Empty</li>
+ <li>WW-5088 - Empty file upload gives wrong error message</li>
+ <li>WW-5091 - Switched hash and PGP links</li>
+ <li>WW-5093 - inconsistent scope for variables created with s:set and s:url</li>
+ <li>WW-5095 - Junit plugin does not push ACTION_MAPPING into the context resulting in NPE</li>
+ <li>WW-5096 - Struts2 StaticParametersInterceptor’s addParametersToContext method is not working as expected.</li>
+ <li>WW-5100 - incorrect content-type behavior after upgrading to struts 2.5.*</li>
+ <li>WW-5102 - Download page issues</li>
+ <li>WW-5104 - Please delete old releases</li>
+ <li>WW-5106 - The call chains of ActionContext.getContext() in ServletActionContext are dangerious</li>
+ <li>WW-5107 - JQuery plugin does not handle dynamic component ids correctly</li>
+ <li>WW-5108 - No errors are reported locally. On linux environment, tomcat runs alone and reports java.lang.annotation.AnnotationTypeMismatchException</li>
+ <li>WW-5109 - Ognl issue after migrating from strut 2.3 to 2.5</li>
+ <li>WW-5116 - PostbackResult uses wrong regex range</li>
+ <li>WW-5117 - %{id} evaluates different for data-* and value attribute</li>
+ <li>WW-5119 - Blocking Threads in retrieving text from resource bundle</li>
+ <li>WW-5121 - Contention when injecting Scope.SINGLETON instances</li>
+ <li>WW-5123 - CheckboxTag value missing for labelposition</li>
+ <li>WW-5124 - Tag attribute values cached</li>
+ <li>WW-5125 - forbidden name attribute values (size, clone…?) in <s:textfield> using the default theme</s:textfield></li>
+ <li>WW-5129 - Dynamic Attributes are not working for doubleselect, optiontransferselect, inputtransferselect tags</li>
+ <li>WW-5130 - ID param not being set</li>
+ <li>WW-5140 - Cannot download struts from the main page</li>
+ <li>WW-5146 - Empty file upload ends in error</li>
+ <li>WW-5147 - OGNL valid expression is not cached and is parsed over again in some situations</li>
+ <li>WW-5160 - Template not found for name “Empty{name=’templateDir’}/simple/hidden.ftl”</li>
+ <li>WW-5163 - Error executing FreeMarker template</li>
+ <li>WW-5169 - Key Technologies Primer: Broken link to ResourceBundles</li>
+</ul>
+
+<p><strong>New Feature</strong></p>
+
+<ul>
+ <li>WW-4598 - async Actions</li>
+ <li>WW-4760 - Switch to Servlet API 2.5</li>
+ <li>WW-4874 - Asynchronous action method</li>
+ <li>WW-5005 - Struts2 convention plugin lacks Java 11 support</li>
+ <li>WW-5049 - Move Velocity support into a dedicated plugin</li>
+ <li>WW-5083 - Fetch Metadata support</li>
+ <li>WW-5084 - Content Security Policy support</li>
+ <li>WW-5085 - Add Cross-Origin Opener Policy and Cross-Origin Embedder Policy Support</li>
+ <li>WW-5101 - AbstractLocalizedTextProvider illegal reflective access operation has occurred</li>
+</ul>
+
+<p><strong>Improvement</strong></p>
+
+<ul>
+ <li>WW-685 - Generic error message - Type Conversion Error Handling</li>
+ <li>WW-2040 - Struts 1 vs. Struts 2 benchmarking application</li>
+ <li>WW-2411 - Add a maxlength attribute to the textarea tag</li>
+ <li>WW-2537 - Fix generics in all codebase</li>
+ <li>WW-3788 - Convert ServletActionContext to be more as ActionContext</li>
+ <li>WW-3877 - Remove altSyntax option</li>
+ <li>WW-4043 - Duplicated class TestUtils</li>
+ <li>WW-4069 - Upgrade DWR plugin to use the latest available version</li>
+ <li>WW-4348 - Remove access to static methods</li>
+ <li>WW-4713 - Drop “searchValueStack” attribute from tag <s:text></s:text></li>
+ <li>WW-4763 - Drop deprecated logging layer</li>
+ <li>WW-4779 - Remove profiling layer</li>
+ <li>WW-4789 - ActionContext should be immutable</li>
+ <li>WW-4792 - Removes deprecated XWork constants</li>
+ <li>WW-4796 - Rename Spring related flags to use the same pattern</li>
+ <li>WW-4799 - make DateConverter configurable</li>
+ <li>WW-4875 - Java configuration</li>
+ <li>WW-4889 - Implement REST content handlers using Apache Juneau</li>
+ <li>WW-4910 - Align OptGroup with Select</li>
+ <li>WW-4915 - Replace deprecated commons-lang3 classes</li>
+ <li>WW-4927 - Use immutable version of OGNL without access to #context</li>
+ <li>WW-4929 - Fallback i18n Locale</li>
+ <li>WW-4932 - Conversion fails when generic type is an interface</li>
+ <li>WW-4937 - Add SortedSet field support to JSON plugin</li>
+ <li>WW-4938 - ObjectFactory should use Container to instantiate actions and inject dependencies</li>
+ <li>WW-4952 - Upgrade to apache-master version 21</li>
+ <li>WW-4963 - Implement new Aware interfaces that are using withXxxx pattern instead of setters</li>
+ <li>WW-4972 - Switch to latest freemarker version when defining incompatible_improvements</li>
+ <li>WW-4995 - Enhancement for s:set tag to improve tag body whitespace control.</li>
+ <li>WW-4996 - Refactor DefaultTypeConverterCreator to use ObjectFactory#buildConverter</li>
+ <li>WW-5000 - Replace string literals with proper constants in @Inject</li>
+ <li>WW-5001 - Allow to define converters in “struts-conversion.properties” file</li>
+ <li>WW-5003 - Use StrutsException instead of XWorkException</li>
+ <li>WW-5012 - Make a public state check the first acceptance check in SecurityMemberAccess</li>
+ <li>WW-5017 - Drop @Validation annotation as not needed</li>
+ <li>WW-5018 - Add maven enforce plugin to control certain environmental constraints</li>
+ <li>WW-5023 - Upgrade SLF4J to latest 1.7.x version</li>
+ <li>WW-5034 - Minor enhancement/fix to AbstractLocalizedTextProvider</li>
+ <li>WW-5035 - Provide mechanism to clear OgnlUtil caches</li>
+ <li>WW-5036 - update JFreeChart plugin for compatibility with JFreeChart 1.5</li>
+ <li>WW-5052 - Use TypeConversionException instead of StrutsException</li>
+ <li>WW-5056 - Standard Accepted Patterns in DefaultAcceptedPatternsChecker</li>
+ <li>WW-5057 - Cleanup and/or improvements to Showcase Applications</li>
+ <li>WW-5062 - Use downloads.a.o instead of archive</li>
+ <li>WW-5063 - Use null check of passed in invocation in all the results</li>
+ <li>WW-5064 - Move XWork Spring support into struts2-spring-plugin</li>
+ <li>WW-5069 - Improve build behaviour on JDK9+</li>
+ <li>WW-5070 - JSONResult default root object should be set explicitly, rather than from result of ValueStack.peek()</li>
+ <li>WW-5073 - Use TextParser in AbstractMatcher</li>
+ <li>WW-5078 - Remove support for <xwork> DTD</xwork></li>
+ <li>WW-5080 - Allow write directly to a response - define a new result</li>
+ <li>WW-5099 - Upgrade JFreeChart plugin to use version 1.5.1 of JFreeChart</li>
+ <li>WW-5112 - Add ability (control flag) for TextProviders to prioritize reads from the default resource bundlest.</li>
+ <li>WW-5113 - Drop deprecated constant “struts.xworkTextProvider”</li>
+ <li>WW-5114 - Drop deprecated constant “struts.localeProvider”</li>
+ <li>WW-5115 - Reduce logging for DMI excluded parameters</li>
+ <li>WW-5126 - inconsistancy between Model Driven and Model Driven Interceptor documentations</li>
+ <li>WW-5136 - Make class attribute deprecated</li>
+ <li>WW-5152 - Make OVal plugin deprecated</li>
+ <li>WW-5153 - Make Portlet, Portlet Mocks and Portlet Tiles plugins deprecated</li>
+ <li>WW-5154 - Make GXP plugin deprecated</li>
+ <li>WW-5155 - Make OSGi plugin deprecated</li>
+ <li>WW-5156 - Make Plexus plugin deprecated</li>
+ <li>WW-5157 - Make Sitemesh plugin deprecated</li>
+ <li>WW-5164 - Remove deprecated ConversionDescription class</li>
+ <li>WW-5168 - Fix missing submitUnchecked and broken disabled attributes in Javatemplates checkbox tag</li>
+ <li>WW-5175 - Add basic LocalDateTime support</li>
+ <li>WW-5179 - Set ‘struts.ognl.expressionMaxLength’ to 256 by default</li>
+ <li>WW-5181 - Stop supporting accessing static methods via OGNL expressions</li>
+ <li>WW-5182 - Upgrade to Servlet API 3.1</li>
+</ul>
+
+<p><strong>Task</strong></p>
+<ul>
+ <li>WW-4845 - run, test, and validate Struts2 with Java9</li>
+ <li>WW-4981 - Add support for Java 11</li>
+ <li>WW-4982 - Remove the deprecated JsonLibHandler and outdated json-lib dependency</li>
+ <li>WW-4983 - Set private access modifier for HttpParameters.toMap</li>
+ <li>WW-4998 - I18nInterceptor’s default storage should store locale</li>
+ <li>WW-5010 - Switch to Java 8</li>
+ <li>WW-5016 - Support Java 8 date time in the date tag</li>
+ <li>WW-5020 - delete deprecated sitegraph plugin</li>
+ <li>WW-5021 - Serve static resources from different path</li>
+ <li>WW-5118 - OGNL long conversion</li>
+</ul>
+
+<p><strong>Dependency</strong></p>
+<ul>
+ <li>WW-4887 - Upgrade to Tiles 3.0.8</li>
+ <li>WW-4926 - Upgrade commons-beanutils to version 1.9.3</li>
+ <li>WW-4931 - Upgrade to Apache FreeMarker 2.3.28 version</li>
+ <li>WW-4947 - server errors generated by secure-jakarta-multipart-parser-plugin</li>
+ <li>WW-4955 - Upgrade to OGNL 3.2.6</li>
+ <li>WW-4956 - Upgrade to Log4j2 2.11.1</li>
+ <li>WW-4965 - Upgrade to OGNL 3.2.7</li>
+ <li>WW-4967 - Upgrade to Jackson 2.9.6</li>
+ <li>WW-4973 - Upgrade to OGNL 3.2.8</li>
+ <li>WW-4975 - Upgraded commons-fileupload to version 1.4</li>
+ <li>WW-4976 - Upgrade ASM to version 7.0</li>
+ <li>WW-4979 - Update multiple Struts 2.6.x libraries to more recent versions</li>
+ <li>WW-4980 - Update maven-wrapper to 3.5.4 and add maven-wrapper.jar to .gitignore</li>
+ <li>WW-4985 - Update persistence-api from 1.0 to 1.0.2 for CDI Plugin</li>
+ <li>WW-4988 - Upgrade DWR from 1.x to 2.x (for DWR plugin)</li>
+ <li>WW-4989 - Use JacksonXML handler instead of XStream as a default handler for XML in the REST plugin</li>
+ <li>WW-4992 - Mark the Embedded JSP plugin as depracted</li>
+ <li>WW-4993 - Update OGNL versions for 2.6 and 2.5.x builds</li>
+ <li>WW-5007 - Upgrade Jackson library to the latest version</li>
+ <li>WW-5019 - Upgrade Log4j to version 2.13.3</li>
+ <li>WW-5032 - Struts 2 Junit Plugin is not working with Zulu JDK11</li>
+ <li>WW-5033 - Update a few Struts 2.5.x libraries to more recent versions</li>
+ <li>WW-5037 - Upgrade commons-beanutils to version 1.9.4</li>
+ <li>WW-5038 - Upgrade jackson-databind to version 2.9.9.3</li>
+ <li>WW-5042 - Upgrade jackson-databind to version 2.10.0</li>
+ <li>WW-5045 - Update jasperreports to 6.10.0</li>
+ <li>WW-5047 - Upgrade Velocity to 2.1 and Velocity Tools to 3.0</li>
+ <li>WW-5048 - Update various dependencies to newest version</li>
+ <li>WW-5050 - Upgrade to OGNL 3.2.12</li>
+ <li>WW-5061 - CVEs in the library dependencies</li>
+ <li>WW-5068 - Update multiple Struts 2.6.x libraries / Maven build plugin versions</li>
+ <li>WW-5075 - Upgrade OSGi to the latest version</li>
+ <li>WW-5092 - ASM dependency update to 8.*</li>
+ <li>WW-5094 - Upgrade Spring Framework to version 4.3.29.RELEASE</li>
+ <li>WW-5097 - Upgrade to OGNL 3.2.16</li>
+ <li>WW-5098 - Upgrade ASM to version 9.0</li>
+ <li>WW-5103 - Upgrade XStream to version 1.4.14</li>
+ <li>WW-5120 - Upgrade Velocity Engine & Velocity Tools</li>
+ <li>WW-5122 - Upgrade XStream to version 1.4.16</li>
+ <li>WW-5131 - Upgrade commons-io to version 2.9</li>
+ <li>WW-5134 - Upgrade JasperReports to version 6.17.0</li>
+ <li>WW-5135 - Upgrade XStream to version 1.4.17</li>
+ <li>WW-5142 - Upgrade XStream to version 1.4.18</li>
+ <li>WW-5143 - Upgrade Oval library to ver. 3.2.1</li>
+ <li>WW-5144 - Mark OVal plugin as deprecated</li>
+ <li>WW-5148 - Upgrade ASM to version 9.2</li>
+ <li>WW-5151 - Bump to 2.15.0 to fix log4j vulnerability</li>
+ <li>WW-5158 - Upgrade Log4j to version 2.16.0 to address security vulnerability</li>
+ <li>WW-5161 - Update spring to 4.3.30</li>
+ <li>WW-5162 - Upgrade Log4j to version 2.17.1 to address security vulnerability</li>
+ <li>WW-5165 - Update spring to 5.3.x b/c 4.3.x is EOL</li>
+ <li>WW-5166 - Update OGNL to 3.3.2</li>
+ <li>WW-5167 - Upgrade XStream to version 1.4.19</li>
+ <li>WW-5171 - Upgrade Apache Log4j 2.17.2</li>
+ <li>WW-5172 - Upgrade freemarker to 2.3.31</li>
+ <li>WW-5174 - Upgrade Jackson-Core to version 2.13.2 and Jackson-Databind to 2.13.2.1</li>
+</ul>
+
+<blockquote>
+ <p>Please read the <a href="https://cwiki.apache.org/confluence/display/WW/Version+Notes+6.0.0">Version Notes</a> to find more details about performed
+bug fixes and improvements.</p>
+</blockquote>
+
+<p>Apache Struts 2 is an elegant, extensible framework for creating enterprise-ready Java web applications.
+The framework has been designed to streamline the full development cycle, from building, to deploying,
+to maintaining applications over time.</p>
+
+<p><strong>All developers are strongly advised to perform this upgrade.</strong></p>
+
+<p>The 6.x series of the Apache Struts framework has a minimum requirement of the following specification versions:
+Servlet API 3.1, JSP API 2.1, and Java 8.</p>
+
+<p>Should any issues arise with your use of any version of the Struts framework, please post your comments to the user list,
+and, if appropriate, file <a href="https://issues.apache.org/jira/projects/WW/">a tracking ticket</a>.</p>
+
+<p>You can download this version from our <a href="download.cgi#struts-ga">download</a> page.</p>
+
<h4 id="a20220404">04 April 2022 - Struts 2.5.30 General Availability</h4>
<p>The Apache Struts group is pleased to announce that Struts 2.5.30 is available as a “General Availability”
diff --git a/content/core-developers/default-properties.html b/content/core-developers/default-properties.html
index fe23e4433..6149a2365 100644
--- a/content/core-developers/default-properties.html
+++ b/content/core-developers/default-properties.html
@@ -374,19 +374,49 @@ struts.ognl.logMissingProperties=false
### if the application generates a lot of different expressions
struts.ognl.enableExpressionCache=true
+### Specify the OGNL expression cache factory and BeanInfo cache factory to use.
+### Currently, the default implementations are used, but can be replaced with custom ones if desired.
+struts.ognl.expressionCacheFactory=defaultOgnlExpressionCacheFactory
+struts.ognl.beanInfoCacheFactory=defaultOgnlBeanInfoCacheFactory
+
+### Specify a limit to the number of entries in the OGNL expressionCache.
+### For the standard expressionCache mode, when the limit is exceeded the entire cache's
+### content will be cleared (can help prevent memory leaks).
+### For expressionCacheLRUMode true, the limit will ensure the cache does not exceed
+### that size, dropping the oldest (least-recently-used) expressions to add new ones.
+### NOTE: If not set, the default is 25000, which may be excessive.
+# struts.ognl.expressionCacheMaxSize=1000
+
+### Indicates if the OGNL expressionCache should use LRU mode.
+### NOTE: When true, make sure to set the expressionCacheMaxSize to a reasonable value
+### for your application. Otherwise the default limit will never (practically) be reached.
+# struts.ognl.expressionCacheLRUMode=false
+
+### Specify a limit to the number of entries in the OGNL beanInfoCache.
+### For the standard beanInfoCache mode, when the limit is exceeded the entire cache's
+### content will be cleared (can help prevent memory leaks).
+### For beanInfoCacheLRUMode true, the limit will ensure the cache does not exceed
+### that size, dropping the oldest (least-recently-used) expressions to add new ones.
+### NOTE: If not set, the default is 25000, which may be excessive.
+# struts.ognl.beanInfoCacheMaxSize=1000
+
+### Indicates if the OGNL beanInfoCache should use LRU mode.
+### NOTE: When true, make sure to set the beanInfoCacheMaxSize to a reasonable value
+### for your application. Otherwise the default limit will never (practically) be reached.
+# struts.ognl.beanInfoCacheLRUMode=false
+
### Indicates if Dispatcher should handle unexpected exceptions by calling sendError()
### or simply rethrow it as a ServletException to allow future processing by other frameworks like Spring Security
struts.handle.exception=true
### Applies maximum length allowed on OGNL expressions for security enhancement (optional)
###
-### **WARNING**: If developers enable this option (by configuration) they should make sure that they understand the implications of setting
-### struts.ognl.expressionMaxLength. They must choose a value large enough to permit ALL valid OGNL expressions used within the application.
-### Values larger than the 200-400 range have diminishing security value (at which point it is really only a "style guard" for long OGNL
-### expressions in an application. Setting a value of null or "" will also disable the feature.
-###
-### NOTE: The sample line below is *INTENTIONALLY* commented out, as this feature is disabled by default.
-# struts.ognl.expressionMaxLength=256
+### **WARNING**: If developers change this option (by configuration) they should make sure that they understand
+### the implications of setting 'struts.ognl.expressionMaxLength'. They must choose a value large enough to permit
+### ALL valid OGNL expressions used within the application. Values larger than the 200-400 range have diminishing
+### security value (at which point it is really only a "style guard" for long OGNL expressions in an application.
+### Setting a value of null or "" will also disable the feature.
+struts.ognl.expressionMaxLength=256
### Defines which named instance of DateFormatter to use, there are two instances:
### - simpleDateFormatter (based on SimpleDateFormat)
diff --git a/content/core-developers/interceptors.html b/content/core-developers/interceptors.html
index b317dedf0..4f5f8c96a 100644
--- a/content/core-developers/interceptors.html
+++ b/content/core-developers/interceptors.html
@@ -458,6 +458,9 @@ than reiterate the same list of Interceptors, we can bundle these Interceptors t
<span class="nt"><bean</span> <span class="na">type=</span><span class="s">"org.apache.struts2.components.date.DateFormatter"</span> <span class="na">name=</span><span class="s">"simpleDateFormatter"</span> <span class="na">class=</span><span class="s">"org.apache.struts2.components.date.SimpleDateFormatAdapter"</span> <span class="na">scope=</span><span class="s">"singleton"</span><span class="nt">/></span>
<span class="nt"><bean</span> <span class="na">type=</span><span class="s">"org.apache.struts2.components.date.DateFormatter"</span> <span class="na">name=</span><span class="s">"dateTimeFormatter"</span> <span class="na">class=</span><span class="s">"org.apache.struts2.components.date.DateTimeFormatterAdapter"</span> <span class="na">scope=</span><span class="s">"singleton"</span><span class="nt">/></span>
+ <span class="nt"><bean</span> <span class="na">type=</span><span class="s">"com.opensymphony.xwork2.ognl.OgnlCacheFactory"</span> <span class="na">name=</span><span class="s">"ognlExpressionCacheFactory"</span> <span class="na">class=</span><span class="s">"com.opensymphony.xwork2.ognl.DefaultOgnlExpressionCacheFactory"</span> <span class="na">scope=</span><span class="s">"singleton"</span><span class="nt">/></span>
+ <span class="nt"><bean</span> <span class="na">type=</span><span class="s">"com.opensymphony.xwork2.ognl.OgnlCacheFactory"</span> <span class="na">name=</span><span class="s">"ognlBeanInfoCacheFactory"</span> <span class="na">class=</span><span class="s">"com.opensymphony.xwork2.ognl.DefaultOgnlBeanInfoCacheFactory"</span> <span class="na">scope=</span><span class="s">"singleton"</span><span class="nt">/></span>
+
<span class="nt"><package</span> <span class="na">name=</span><span class="s">"struts-default"</span> <span class="na">abstract=</span><span class="s">"true"</span><span class="nt">></span>
<span class="nt"><result-types></span>
<span class="nt"><result-type</span> <span class="na">name=</span><span class="s">"chain"</span> <span class="na">class=</span><span class="s">"com.opensymphony.xwork2.ActionChainResult"</span><span class="nt">/></span>
diff --git a/content/core-developers/struts-default-xml.html b/content/core-developers/struts-default-xml.html
index a211a46d4..1a54d6be4 100644
--- a/content/core-developers/struts-default-xml.html
+++ b/content/core-developers/struts-default-xml.html
@@ -375,6 +375,9 @@ setting in <a href="default-properties">default.properties</a>.</p>
<span class="nt"><bean</span> <span class="na">type=</span><span class="s">"org.apache.struts2.components.date.DateFormatter"</span> <span class="na">name=</span><span class="s">"simpleDateFormatter"</span> <span class="na">class=</span><span class="s">"org.apache.struts2.components.date.SimpleDateFormatAdapter"</span> <span class="na">scope=</span><span class="s">"singleton"</span><span class="nt">/></span>
<span class="nt"><bean</span> <span class="na">type=</span><span class="s">"org.apache.struts2.components.date.DateFormatter"</span> <span class="na">name=</span><span class="s">"dateTimeFormatter"</span> <span class="na">class=</span><span class="s">"org.apache.struts2.components.date.DateTimeFormatterAdapter"</span> <span class="na">scope=</span><span class="s">"singleton"</span><span class="nt">/></span>
+ <span class="nt"><bean</span> <span class="na">type=</span><span class="s">"com.opensymphony.xwork2.ognl.OgnlCacheFactory"</span> <span class="na">name=</span><span class="s">"ognlExpressionCacheFactory"</span> <span class="na">class=</span><span class="s">"com.opensymphony.xwork2.ognl.DefaultOgnlExpressionCacheFactory"</span> <span class="na">scope=</span><span class="s">"singleton"</span><span class="nt">/></span>
+ <span class="nt"><bean</span> <span class="na">type=</span><span class="s">"com.opensymphony.xwork2.ognl.OgnlCacheFactory"</span> <span class="na">name=</span><span class="s">"ognlBeanInfoCacheFactory"</span> <span class="na">class=</span><span class="s">"com.opensymphony.xwork2.ognl.DefaultOgnlBeanInfoCacheFactory"</span> <span class="na">scope=</span><span class="s">"singleton"</span><span class="nt">/></span>
+
<span class="nt"><package</span> <span class="na">name=</span><span class="s">"struts-default"</span> <span class="na">abstract=</span><span class="s">"true"</span><span class="nt">></span>
<span class="nt"><result-types></span>
<span class="nt"><result-type</span> <span class="na">name=</span><span class="s">"chain"</span> <span class="na">class=</span><span class="s">"com.opensymphony.xwork2.ActionChainResult"</span><span class="nt">/></span>
diff --git a/content/download.html b/content/download.html
index 640c62c17..749089284 100644
--- a/content/download.html
+++ b/content/download.html
@@ -191,26 +191,26 @@
<h2 id="struts-ga">Full Releases</h2>
-<h3 id="struts2530">Struts 2.5.30</h3>
+<h3 id="struts600">Struts 6.0.</h3>
<p>
- <a href="https://struts.apache.org/">Apache Struts 2.5.30</a> is an elegant, extensible
+ <a href="https://struts.apache.org/">Apache Struts 6.0.</a> is an elegant, extensible
framework for creating enterprise-ready Java web applications. It is available in a full distribution,
or as separate library, source, example and documentation distributions.
- Struts 2.5.30 is the "best available" version of Struts in the 2.5 series.
+ Struts 6.0. is the "best available" version of Struts in the 2.5 series.
</p>
<ul>
<li>
- <a href="https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.5.30">Version Notes</a>
+ <a href="https://cwiki.apache.org/confluence/display/WW/Version+Notes+6.0.">Version Notes</a>
</li>
<li>Full Distribution:
<ul>
<li>
- <a href="[preferred]struts/2.5.30/struts-2.5.30-all.zip">struts-2.5.30-all.zip</a> (65MB)
- [<a href="https://downloads.apache.org/struts/2.5.30/struts-2.5.30-all.zip.asc">PGP</a>]
- [<a href="https://downloads.apache.org/struts/2.5.30/struts-2.5.30-all.zip.sha256">SHA256</a>]
+ <a href="[preferred]struts/6.0./struts-6.0.-all.zip">struts-6.0.-all.zip</a> (65MB)
+ [<a href="https://downloads.apache.org/struts/6.0./struts-6.0.-all.zip.asc">PGP</a>]
+ [<a href="https://downloads.apache.org/struts/6.0./struts-6.0.-all.zip.sha256">SHA256</a>]
</li>
</ul>
</li>
@@ -218,9 +218,9 @@
<li>Example Applications:
<ul>
<li>
- <a href="[preferred]struts/2.5.30/struts-2.5.30-apps.zip">struts-2.5.30-apps.zip</a> (35MB)
- [<a href="https://downloads.apache.org/struts/2.5.30/struts-2.5.30-apps.zip.asc">PGP</a>]
- [<a href="https://downloads.apache.org/struts/2.5.30/struts-2.5.30-apps.zip.sha256">SHA256</a>]
+ <a href="[preferred]struts/6.0./struts-6.0.-apps.zip">struts-6.0.-apps.zip</a> (35MB)
+ [<a href="https://downloads.apache.org/struts/6.0./struts-6.0.-apps.zip.asc">PGP</a>]
+ [<a href="https://downloads.apache.org/struts/6.0./struts-6.0.-apps.zip.sha256">SHA256</a>]
</li>
</ul>
</li>
@@ -228,9 +228,9 @@
<li>Essential Dependencies Only:
<ul>
<li>
- <a href="[preferred]struts/2.5.30/struts-2.5.30-min-lib.zip">struts-2.5.30-min-lib.zip</a> (4MB)
- [<a href="https://downloads.apache.org/struts/2.5.30/struts-2.5.30-min-lib.zip.asc">PGP</a>]
- [<a href="https://downloads.apache.org/struts/2.5.30/struts-2.5.30-min-lib.zip.sha256">SHA256</a>]
+ <a href="[preferred]struts/6.0./struts-6.0.-min-lib.zip">struts-6.0.-min-lib.zip</a> (4MB)
+ [<a href="https://downloads.apache.org/struts/6.0./struts-6.0.-min-lib.zip.asc">PGP</a>]
+ [<a href="https://downloads.apache.org/struts/6.0./struts-6.0.-min-lib.zip.sha256">SHA256</a>]
</li>
</ul>
</li>
@@ -238,9 +238,9 @@
<li>All Dependencies:
<ul>
<li>
- <a href="[preferred]struts/2.5.30/struts-2.5.30-lib.zip">struts-2.5.30-lib.zip</a> (19MB)
- [<a href="https://downloads.apache.org/struts/2.5.30/struts-2.5.30-lib.zip.asc">PGP</a>]
- [<a href="https://downloads.apache.org/struts/2.5.30/struts-2.5.30-lib.zip.sha256">SHA256</a>]
+ <a href="[preferred]struts/6.0./struts-6.0.-lib.zip">struts-6.0.-lib.zip</a> (19MB)
+ [<a href="https://downloads.apache.org/struts/6.0./struts-6.0.-lib.zip.asc">PGP</a>]
+ [<a href="https://downloads.apache.org/struts/6.0./struts-6.0.-lib.zip.sha256">SHA256</a>]
</li>
</ul>
</li>
@@ -248,9 +248,9 @@
<li>Documentation:
<ul>
<li>
- <a href="[preferred]struts/2.5.30/struts-2.5.30-docs.zip">struts-2.5.30-docs.zip</a> (13MB)
- [<a href="https://downloads.apache.org/struts/2.5.30/struts-2.5.30-docs.zip.asc">PGP</a>]
- [<a href="https://downloads.apache.org/struts/2.5.30/struts-2.5.30-docs.zip.sha256">SHA256</a>]
+ <a href="[preferred]struts/6.0./struts-6.0.-docs.zip">struts-6.0.-docs.zip</a> (13MB)
+ [<a href="https://downloads.apache.org/struts/6.0./struts-6.0.-docs.zip.asc">PGP</a>]
+ [<a href="https://downloads.apache.org/struts/6.0./struts-6.0.-docs.zip.sha256">SHA256</a>]
</li>
</ul>
</li>
@@ -258,9 +258,9 @@
<li>Source:
<ul>
<li>
- <a href="[preferred]struts/2.5.30/struts-2.5.30-src.zip">struts-2.5.30-src.zip</a> (7MB)
- [<a href="https://downloads.apache.org/struts/2.5.30/struts-2.5.30-src.zip.asc">PGP</a>]
- [<a href="https://downloads.apache.org/struts/2.5.30/struts-2.5.30-src.zip.sha256">SHA256</a>]
+ <a href="[preferred]struts/6.0./struts-6.0.-src.zip">struts-6.0.-src.zip</a> (7MB)
+ [<a href="https://downloads.apache.org/struts/6.0./struts-6.0.-src.zip.asc">PGP</a>]
+ [<a href="https://downloads.apache.org/struts/6.0./struts-6.0.-src.zip.sha256">SHA256</a>]
</li>
</ul>
</li>
diff --git a/content/index.html b/content/index.html
index 63eafed2b..ef4af7446 100644
--- a/content/index.html
+++ b/content/index.html
@@ -135,7 +135,7 @@
extensible using a plugin architecture, and ships with plugins to support
REST, AJAX and JSON.
</p>
- <a href="download.cgi#struts2530" class="btn btn-primary btn-large">
+ <a href="download.cgi#struts600" class="btn btn-primary btn-large">
<img src="img/download-icon.svg" alt="Download"> Download
</a>
<a href="primer.html" class="btn btn-info btn-large">
@@ -147,12 +147,12 @@
<div class="col-md-12">
<div class="row">
<div class="column col-md-4">
- <h2>Apache Struts 2.5.30 GA</h2>
+ <h2>Apache Struts 6.0. GA</h2>
<p>
- Apache Struts 2.5.30 GA has been released<br/>on 04 April 2022.
+ Apache Struts 6.0. GA has been released<br/>on 06 June 2022.
</p>
- Read more in <a href="announce-2022#a20220404">Announcement</a> or in
- <a href="https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.5.30">Version notes</a>
+ Read more in <a href="announce-2022#a20220606">Announcement</a> or in
+ <a href="https://cwiki.apache.org/confluence/display/WW/Version+Notes+6.0.">Version notes</a>
</div>
<div class="column col-md-4">
<h2>Security Advice on Log4j 2.12.4/2.17.1</h2>
diff --git a/content/releases.html b/content/releases.html
index 7fa27abe6..1c90f7533 100644
--- a/content/releases.html
+++ b/content/releases.html
@@ -149,7 +149,7 @@
<ul>
<li>
<a href="/download.cgi#struts-ga">
- Struts 2.5.30
+ Struts 6.0.
</a> ("best available")
</li>
</ul>