You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@struts.apache.org by "Konstantinos (JIRA)" <ji...@apache.org> on 2018/09/04 14:08:04 UTC
[jira] [Created] (WW-4957) Update struts version from 2.5.10 to
2.5.17. LocalizedTextUtil class is removed and
GlobalLocalizedTextProvider&StrutsLocalizedTextProvider cannot be used
intead.
Konstantinos created WW-4957:
--------------------------------
Summary: Update struts version from 2.5.10 to 2.5.17. LocalizedTextUtil class is removed and GlobalLocalizedTextProvider&StrutsLocalizedTextProvider cannot be used intead.
Key: WW-4957
URL: https://issues.apache.org/jira/browse/WW-4957
Project: Struts 2
Issue Type: Bug
Components: Core
Affects Versions: 2.5.17
Reporter: Konstantinos
Fix For: 2.5.10.1
I have an application that uses struts version 2.5.10.1. i want to update it to version 2.5.17 after the announcement of the Apache Software Foundation that Struts 2.5 to 2.5.16 versions are vulnerable to remote attackers. In my current version i use a struts-core library class called LocalizedTextUtil to load messages from the global message bundle. My code below:
{code:java}
private void initialiseMessageBundle() throws InitializationError{
LOG.info("Loading global messages from " + DEFAULT_RESOURCE);
URL[] urls;
try {
String resourceFolder = PropertiesManager.get(Constants.PROP_RESOURCES_FOLDER);
File file = new File(resourceFolder);
if (!file.exists() || !file.isDirectory()){
LOG.error("file not found: path(" + Constants.PROP_RESOURCES_FOLDER + ") = " + resourceFolder);
throw new InitializationError("External resource not found file not found");
} else {
LOG.debug("resources file: " + file.toURI().toURL());
}
URL url = file.toURI().toURL();
urls = new URL[]{url};
ClassLoader cl = new URLClassLoader(urls);
LocalizedTextUtil.setDelegatedClassLoader(cl);
LocalizedTextUtil.addDefaultResourceBundle(DEFAULT_RESOURCE);
} catch (MalformedURLException e) {
throw new InitializationError("MalformedURLException occured during the messageBundle initialisation", e);
}
LOG.info("Global messages loaded.");
}
{code}
After updating the struts version to 2.5.17 the *LocalizedTextUtil* class is removed. Although i create a new instance of class *GlobalLocalizedTextProvider* and *StrutsLocalizedTextProvider* and used the same methods (*setDelegatedClassLoader*,*addDefaultResourceBundle*) my messages are not been loaded. Also i create a bean of these classes on struts.xml and tried to inject it but again without success. Do you have any thought how can i replace the LocalizedTextUtil in my code above?
Thank you.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)