[ANN] Apache Struts 2.5.22

[Lukasz Lenart <lu...@apache.org>]

The Apache Struts group is pleased to announce that Struts 2.5.22 is
available as a “General Availability” release. The GA designation is
our highest quality grade.
https://struts.apache.org/announce.html#a20191129

Apache Struts 2 is an elegant, extensible framework for creating
enterprise-ready Java web applications. The framework is designed to
streamline the full development cycle, from building, to deploying, to
maintaining applications over time.

Please be aware of new security enhancements added to the version of
Struts, they are disabled by default but please consider enabling them
to increase safety of you application. You will find more details in
our Security Guide.
https://struts.apache.org/security

Below is a full list of all changes:

- File upload fails from certain clients
- Not existing property in listValueKey throws exception
- Can't get OgnlValueStack log even if enable logMissingProperties
- No more calling of a static variable in Struts 2.8.20 available
- NullPointerException in ProxyUtil class when accessing static member
- EmptyStackException in JSON plugin due to concurrency
- Tiles bug when parsing file:// URLs including # as part of the URL
- Accessing static variable via OGNL returns nothing
- HttpParameters.Builder can wrap objects in two layers of Parameters
- Binding Integer Array upon form submission
- Double-submit of TokenSessionStoreInterceptor broken since 2.5.16
- xerces tries to load resources from the internet
- Dispatcher prints stacktraces directly to the console
- The content allowed-methods tag of the XML configuration is
sometimes truncated
- OGNL: An illegal reflective access operation has occurred
- java.lang.reflect.InvocationTargetException - Class:
com.opensymphony.xwork2.inject.ContainerImpl$ConstructorInjector
- Struts2 convention plugin lacks Java 11 support
- Upgrade SLF4J to latest 1.7.x version
- Minor enhancement/fix to AbstractLocalizedTextProvider
- Provide mechanism to clear OgnlUtil caches
- Struts 2 unit testing using StrutTestCase class
- Upgrade Jackson library to the latest version
- Upgrade to OGNL version 3.1.22
- Update a few Struts 2.5.x libraries to more recent versions
- Upgrade commons-beanutils to version 1.9.4
- Upgrade jackson-databind to version 2.9.9.3
- Upgrade to OGNL 3.1.26 and adapt to its new features

Apache Struts 2 is an elegant, extensible framework for creating
enterprise-ready Java web applications. The framework is designed to
streamline the full development cycle, from building, to deploying, to
maintaining applications over time.

All developers are strongly advised to perform this action.

The 2.5.x series of the Apache Struts framework has a minimum
requirement of the following specification versions: Servlet API 2.4,
JSP API 2.0, and Java 7.

Should any issues arise with your use of any version of the Struts
framework, please post your comments to the user list, and, if
appropriate, file a tracking ticket.

You can download this version from our download page
https://struts.apache.org/download.cgi#struts-ga


Kind regards
-- 
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/

Re: Struts 2.5.22 and memory?

[Zahid Rahman <za...@gmail.com>]

There are some causes and solutions
Found here.

https://javarevisited.blogspot.com/2011/09/javalangoutofmemoryerror-permgen-space.html?m=1


On Sun, 8 Dec 2019, 21:30 Heikki Hyyrö (TAU), <he...@tuni.fi> wrote:

> I am wondering if this is just a coincidence... But a site I am running
> with Struts 2 started to output errors of form
>
>  > Exception in thread "ajp-bio-8009-exec-164" Exception in thread
> "ajp-bio-8009-exec-183" Exception in thread "ajp-bio-8009-exec-151"
> java.lang.OutOfMemoryError: Java heap space
>
> within a couple of hours after having updated from Struts 2.5.20 to 2.5.22.
>
> As I have not encountered this type of errors on that site before, I am
> wondering if something in Struts 2.5.22 could increase memory usage? It
> could of course be just a coincidence, but the timing is a bit suspicious.
>
> Best regards,
>
> Heikki
>
>
>

Re: Struts 2.5.22 and memory?

[Lukasz Lenart <lu...@apache.org>]

niedz., 8 gru 2019 o 22:30 Heikki Hyyrö (TAU) <he...@tuni.fi> napisał(a):
>
> I am wondering if this is just a coincidence... But a site I am running
> with Struts 2 started to output errors of form
>
>  > Exception in thread "ajp-bio-8009-exec-164" Exception in thread
> "ajp-bio-8009-exec-183" Exception in thread "ajp-bio-8009-exec-151"
> java.lang.OutOfMemoryError: Java heap space
>
> within a couple of hours after having updated from Struts 2.5.20 to 2.5.22.
>
> As I have not encountered this type of errors on that site before, I am
> wondering if something in Struts 2.5.22 could increase memory usage? It
> could of course be just a coincidence, but the timing is a bit suspicious.

Any more details? Did that happen again in few hours? Did you change
configuration or use the new security options?
https://struts.apache.org/security/#proactively-protect-from-ognl-expression-injections-attacks-if-easily-applicable


Regards
-- 
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org

Struts 2.5.22 and memory?

["Heikki Hyyrö (TAU)" <he...@tuni.fi>]

I am wondering if this is just a coincidence... But a site I am running 
with Struts 2 started to output errors of form

 > Exception in thread "ajp-bio-8009-exec-164" Exception in thread 
"ajp-bio-8009-exec-183" Exception in thread "ajp-bio-8009-exec-151" 
java.lang.OutOfMemoryError: Java heap space

within a couple of hours after having updated from Struts 2.5.20 to 2.5.22.

As I have not encountered this type of errors on that site before, I am 
wondering if something in Struts 2.5.22 could increase memory usage? It 
could of course be just a coincidence, but the timing is a bit suspicious.

Best regards,

Heikki