You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@struts.apache.org by lu...@apache.org on 2017/02/03 13:47:42 UTC
svn commit: r1006138 [1/2] - in /websites/production/struts/content: ./ docs/
Author: lukaszlenart
Date: Fri Feb 3 13:47:41 2017
New Revision: 1006138
Log:
Updates production
Added:
websites/production/struts/content/announce-2016.html
websites/production/struts/content/docs/version-notes-2510.html
Modified:
websites/production/struts/content/announce-2015.html
websites/production/struts/content/announce.html
websites/production/struts/content/docs/ajax-validation.html
websites/production/struts/content/docs/i18n-interceptor.html
websites/production/struts/content/docs/interceptors.html
websites/production/struts/content/docs/migration-guide.html
websites/production/struts/content/docs/security.html
websites/production/struts/content/docs/xsl-result.html
websites/production/struts/content/download.html
websites/production/struts/content/downloads.html
websites/production/struts/content/index.html
Modified: websites/production/struts/content/announce-2015.html
==============================================================================
--- websites/production/struts/content/announce-2015.html (original)
+++ websites/production/struts/content/announce-2015.html Fri Feb 3 13:47:41 2017
@@ -7,7 +7,7 @@
<meta http-equiv="Content-Language" content="en"/>
<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
- <title>Announcements</title>
+ <title>Announcements 2015</title>
<link href="//fonts.googleapis.com/css?family=Source+Sans+Pro:300,400,600,700,400italic,600italic,700italic" rel="stylesheet" type="text/css">
<link href="//netdna.bootstrapcdn.com/font-awesome/4.0.3/css/font-awesome.css" rel="stylesheet">
Added: websites/production/struts/content/announce-2016.html
==============================================================================
--- websites/production/struts/content/announce-2016.html (added)
+++ websites/production/struts/content/announce-2016.html Fri Feb 3 13:47:41 2017
@@ -0,0 +1,725 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+ <meta charset="UTF-8"/>
+ <meta name="viewport" content="width=device-width, initial-scale=1.0"/>
+ <meta name="Date-Revision-yyyymmdd" content="20140918"/>
+ <meta http-equiv="Content-Language" content="en"/>
+ <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
+
+ <title>Announcements 2016</title>
+
+ <link href="//fonts.googleapis.com/css?family=Source+Sans+Pro:300,400,600,700,400italic,600italic,700italic" rel="stylesheet" type="text/css">
+ <link href="//netdna.bootstrapcdn.com/font-awesome/4.0.3/css/font-awesome.css" rel="stylesheet">
+ <link href="css/main.css" rel="stylesheet">
+ <link href="css/custom.css" rel="stylesheet">
+
+ <script src="//ajax.googleapis.com/ajax/libs/jquery/1.11.0/jquery.min.js"></script>
+ <script type="text/javascript" src="bootstrap/js/bootstrap.js"></script>
+ <script type="text/javascript" src="js/community.js"></script>
+</head>
+<body>
+
+<a href="http://github.com/apache/struts" class="github-ribbon">
+ <img style="position: absolute; right: 0; border: 0;" src="https://s3.amazonaws.com/github/ribbons/forkme_right_red_aa0000.png" alt="Fork me on GitHub">
+</a>
+
+<header>
+ <nav>
+ <div role="navigation" class="navbar navbar-default navbar-fixed-top">
+ <div class="container">
+ <div class="navbar-header">
+ <button type="button" data-toggle="collapse" data-target="#struts-menu" class="navbar-toggle">
+ Menu
+ <span class="sr-only">Toggle navigation</span>
+ <span class="icon-bar"></span>
+ <span class="icon-bar"></span>
+ <span class="icon-bar"></span>
+ </button>
+ <a href="index.html" class="navbar-brand logo"><img src="img/struts-logo.svg"></a>
+ </div>
+ <div id="struts-menu" class="navbar-collapse collapse">
+ <ul class="nav navbar-nav">
+ <li class="dropdown">
+ <a data-toggle="dropdown" href="#" class="dropdown-toggle">
+ Home<b class="caret"></b>
+ </a>
+ <ul class="dropdown-menu">
+ <li><a href="index.html">Welcome</a></li>
+ <li><a href="downloads.html">Downloads</a></li>
+ <li><a href="announce.html">Announcements</a></li>
+ <li><a href="http://www.apache.org/licenses/">License</a></li>
+ <li><a href="http://apache.org/foundation/thanks.html">Thanks!</a></li>
+ <li><a href="http://apache.org/foundation/sponsorship.html">Sponsorship</a></li>
+ </ul>
+ </li>
+ <li class="dropdown">
+ <a data-toggle="dropdown" href="#" class="dropdown-toggle">
+ Support<b class="caret"></b>
+ </a>
+ <ul class="dropdown-menu">
+ <li><a href="mail.html">User Mailing List</a></li>
+ <li><a href="https://issues.apache.org/jira/browse/WW">Issue Tracker</a></li>
+ <li><a href="security.html">Reporting Security Issues</a></li>
+ <li class="divider"></li>
+ <li><a href="/maven/project-info.html">Project info</a></li>
+ <li><a href="/maven/struts2-core/dependencies.html">Struts Core dependencies</a></li>
+ <li><a href="/maven/struts2-plugins/modules.html">Plugin dependencies</a></li>
+ </ul>
+ </li>
+ <li class="dropdown">
+ <a data-toggle="dropdown" href="#" class="dropdown-toggle">
+ Documentation<b class="caret"></b>
+ </a>
+ <ul class="dropdown-menu">
+ <li><a href="birdseye.html">Birds Eye</a></li>
+ <li><a href="primer.html">Key Technologies</a></li>
+ <li><a href="kickstart.html">Kickstart FAQ</a></li>
+ <li><a href="https://cwiki.apache.org/confluence/display/WW/Home">Wiki</a></li>
+ <li class="divider"></li>
+ <li><a href="/docs/home.html">Getting started</a></li>
+ <li><a href="/docs/tutorials.html">Tutorials</a></li>
+ <li><a href="/docs/faqs.html">FAQs</a></li>
+ <li><a href="/docs/guides.html">Guides</a></li>
+ <li class="divider"></li>
+ <li><a href="/maven/struts2-core/apidocs/index.html">Struts Core API</a></li>
+ <li><a href="/docs/plugins.html">Plugin APIs</a></li>
+ <li><a href="/docs/tag-reference.html">Tag reference</a></li>
+ <li><a href="http://cwiki.apache.org/S2PLUGINS/home.html">Plugin registry</a></li>
+ </ul>
+ </li>
+ <li class="dropdown">
+ <a data-toggle="dropdown" href="#" class="dropdown-toggle">
+ Contributing<b class="caret"></b>
+ </a>
+ <ul class="dropdown-menu">
+ <li><a href="youatstruts.html">You at Struts</a></li>
+ <li><a href="helping.html">How to Help FAQ</a></li>
+ <li><a href="dev-mail.html">Development Lists</a></li>
+ <li class="divider"></li>
+ <li><a href="submitting-patches.html">Submitting patches</a></li>
+ <li><a href="builds.html">Source Code</a></li>
+ <li><a href="coding-standards.html">Coding standards</a></li>
+ <li class="divider"></li>
+ <li><a href="releases.html">Release Guidelines</a></li>
+ <li><a href="bylaws.html">PMC Charter</a></li>
+ <li><a href="volunteers.html">Volunteers</a></li>
+ <li><a href="https://git-wip-us.apache.org/repos/asf?p=struts.git">Source Repository</a></li>
+ </ul>
+ </li>
+ <li class="apache"><a href="http://www.apache.org/"><img src="img/apache.png"></a></li>
+ </ul>
+ </div>
+ </div>
+ </div>
+ </nav>
+</header>
+
+
+<article class="container">
+ <section class="col-md-12">
+ <h1 id="announcements">Announcements</h1>
+
+<p class="pull-right">
+ Skip to: <a href="announce-2015.html">Announcements - 2015</a>
+</p>
+
+<h4 id="a20161219">19 December 2016 - Struts 2.5.8 General Availability</h4>
+
+<p>The Apache Struts group is pleased to announce that Struts 2.5.8 is available as a “General Availability”
+release. The GA designation is our highest quality grade.</p>
+
+<p>Apache Struts 2 is an elegant, extensible framework for creating enterprise-ready Java web applications.
+The framework is designed to streamline the full development cycle, from building, to deploying,
+to maintaining applications over time.</p>
+
+<p>This release addresses one potential security vulnerability:</p>
+
+<ul>
+ <li>Possible DoS attack when using URLValidator - <a href="/docs/s2-044.html">S2-044</a></li>
+</ul>
+
+<p>Also this release contains several breaking changes and improvements just to mention few of them:</p>
+
+<ul>
+ <li>Included XSL files’ URI not being resolved for actions with result <code class="highlighter-rouge">type="xslt"</code>, see WW-2561</li>
+ <li><code class="highlighter-rouge">ConcurrentModificationException</code> using <code class="highlighter-rouge">s:iterator</code> (intermittent), see WW-3019</li>
+ <li><code class="highlighter-rouge">ObjectFactory</code> reporting ERROR’s when you attempt to set parameters on a Redirect result, see WW-3170</li>
+ <li>preselect values in <code class="highlighter-rouge"><s:optgroup></code>, see WW-4367</li>
+ <li>File upload error message always in default language, see WW-4636</li>
+ <li>Can no longer clear parameter on a <code class="highlighter-rouge"><s:url></code> tag, see WW-4701</li>
+ <li>List based parameters no longer work when there is only one value, see WW-4702</li>
+ <li><code class="highlighter-rouge">NullPointerException</code> in <code class="highlighter-rouge">ActionSupport</code> when use <code class="highlighter-rouge">ModelDriven</code>, see WW-4703</li>
+ <li>Multiselect parameter behavior different between struts 2.5.5 and 2.5.1, see WW-4707</li>
+ <li>Invalid field value for field “id”, see WW-4709</li>
+ <li>Scope interceptor always resets because of <code class="highlighter-rouge">org.apache.struts2.dispatcher.HttpParameters</code>, see WW-4715</li>
+ <li><code class="highlighter-rouge">focusElement</code> form attribute not working, see WW-4718</li>
+ <li>Portlet Issue with <code class="highlighter-rouge">I18Interceptor</code>, see WW-4722</li>
+ <li>Allow <code class="highlighter-rouge"><constant/></code> value substitution in XML configuration, see WW-4698</li>
+ <li>Upgrade to latest OGNL version, see WW-4704</li>
+ <li>Add support for long type to <code class="highlighter-rouge"><s:date></code> tag, see WW-4705</li>
+ <li>Disallow access to <code class="highlighter-rouge">HttpParameters.toMap</code>, see WW-4710</li>
+ <li><code class="highlighter-rouge"><s:text/></code> tag should not evaluate <code class="highlighter-rouge">defaultMessage</code> against a <code class="highlighter-rouge">ValueStack</code> by default, see WW-4711</li>
+ <li><code class="highlighter-rouge">TextProviderHelper#getText()</code> should perform cleaning of <code class="highlighter-rouge">defaultMessage</code>, see WW-4712</li>
+ <li>Refactor file upload support to allow create virtual representation of <code class="highlighter-rouge">java.io.File</code>, see WW-4717</li>
+ <li>Move <code class="highlighter-rouge">DefaultClassFinder</code> into <code class="highlighter-rouge">Convention</code> plugin, see WW-4719</li>
+ <li><code class="highlighter-rouge">HttpParameters</code> should behave like a <code class="highlighter-rouge">Map</code>, see WW-4720</li>
+ <li>Add support for <code class="highlighter-rouge">roundingMode</code> in <code class="highlighter-rouge"><s:number/></code> tag, see WW-4721</li>
+</ul>
+
+<p><strong>All developers are strongly advised to perform this action.</strong></p>
+
+<p>The 2.5.x series of the Apache Struts framework has a minimum requirement of the following specification versions:
+Servlet API 2.4, JSP API 2.0, and Java 7.</p>
+
+<p>Should any issues arise with your use of any version of the Struts framework, please post your comments
+to the user list, and, if appropriate, file a tracking ticket.</p>
+
+<p>You can download this version from our <a href="download.cgi#struts-ga">download</a> page.</p>
+
+<h4 id="a20161021">21 October 2016 - Struts 2.5.5 General Availability</h4>
+
+<p>The Apache Struts group is pleased to announce that Struts 2.5.5 is available as a “General Availability”
+release. The GA designation is our highest quality grade.</p>
+
+<p>Apache Struts 2 is an elegant, extensible framework for creating enterprise-ready Java web applications.
+The framework is designed to streamline the full development cycle, from building, to deploying,
+to maintaining applications over time.</p>
+
+<p>This release contains several breaking changes and improvements just to mention few of them:</p>
+
+<ul>
+ <li>webconsole can always be accessed, see WW-4601</li>
+ <li>Space character and includeParams, see WW-4628</li>
+ <li>Empty <s:param name="p1" value=""></s:param> is being supressed, see WW-4631</li>
+ <li>remove ASM 3 from struts2, see WW-4646</li>
+ <li>SMI do not work with JSON plugin, see WW-4649</li>
+ <li>Concurrency issue in addDefaultResourceBundle, see WW-4652</li>
+ <li>Action parameters should be included when building the URL to action, see WW-4654</li>
+ <li>StreamResult closes outputstream early, see WW-4662</li>
+ <li>NullPointerException when displaying a form without action attribute, see WW-4663</li>
+ <li>ParametersInterceptor excludeParams only applies to first instance of params interceptor in paramsPrepareParamsStack, see WW-4667</li>
+ <li>URL validator is case sensitive, see WW-4671</li>
+ <li>Select box does not pre-select chosen values, see WW-4675</li>
+ <li>Tiles-Plugin unable to load tiles definition XML, see WW-4679</li>
+ <li>Missing brackets in checkbox.ftl of css_xhtml template, see WW-4681</li>
+ <li>Move Struts Archetypes to dedicated project, see WW-4316</li>
+ <li>Add dedicated class to represent Http Parameters, see WW-4572</li>
+ <li>ParametersInterceptor should check collection index to against DOS, see WW-4620</li>
+ <li>Move example portlet-app into struts-examples, see WW-4660</li>
+ <li>Upgrade JFreeChart plugin to the latest version of JFreeChart, see WW-4670</li>
+ <li>StrutsPrepareAndExecuteFilter should check for response commited status, see WW-4674</li>
+ <li>ConversionErrorInterceptor to extend MethodFilterInterceptor, see WW-4676</li>
+ <li>I18N Interceptor automatically validates Locale, see WW-4677</li>
+ <li>Upgrade Tiles to 3.0.7 GA version, see WW-4680</li>
+ <li>Allow directly accessing I18N keys from Tiles defintions, see WW-4685</li>
+ <li>Merge two existing I18NInterceptors into one, see WW-4686</li>
+ <li>Exclude “java.ext.dirs” when scanning for actions, see WW-4688</li>
+ <li>CycleDetector - use enum instead of String constants, see WW-4689</li>
+ <li>Upgrade Commons Collections to 4.1, see WW-4695</li>
+ <li>Upgrade to Log4j 2.7, see WW-4696</li>
+ <li>Warn about excluded action/method only when DMI is disabled, see WW-4697</li>
+</ul>
+
+<p><strong>All developers are strongly advised to perform this action.</strong></p>
+
+<p>The 2.5.x series of the Apache Struts framework has a minimum requirement of the following specification versions:
+Servlet API 2.4, JSP API 2.0, and Java 7.</p>
+
+<p>Should any issues arise with your use of any version of the Struts framework, please post your comments
+to the user list, and, if appropriate, file a tracking ticket.</p>
+
+<p>You can download this version from our <a href="download.cgi#struts-ga">download</a> page.</p>
+
+<h4 id="a20161018">18 October 2016 - Struts 2.3.31 General Availability</h4>
+
+<p>The Apache Struts group is pleased to announce that Struts 2.3.31 is available as a “General Availability”
+release. The GA designation is our highest quality grade.</p>
+
+<p>Apache Struts 2 is an elegant, extensible framework for creating enterprise-ready Java web applications.
+The framework is designed to streamline the full development cycle, from building, to deploying,
+to maintaining applications over time.</p>
+
+<p>This release addresses two potential security vulnerabilities:</p>
+
+<ul>
+ <li>Possible path traversal in the Convention plugin <a href="/docs/s2-042.html">S2-042</a></li>
+ <li>Using the Config Browser plugin in production <a href="/docs/s2-043.html">S2-043</a></li>
+</ul>
+
+<p>Also this release contains several breaking changes and improvements just to mention few of them:</p>
+
+<ul>
+ <li>webconsole can always be accessed, see WW-4601</li>
+ <li>Space character and includeParams,see WW-4628</li>
+ <li>ParametersInterceptor excludeParams only applies to first instance of params interceptor in paramsPrepareParamsStack,see WW-4667</li>
+ <li>Select box does not pre-select chosen values,see WW-4675</li>
+ <li>StrutsPrepareAndExecuteFilter should check for response committed status,see WW-4674</li>
+ <li>Allow directly accessing I18N keys from Tiles definitions,see WW-4685</li>
+</ul>
+
+<p><strong>All developers are strongly advised to perform this action.</strong></p>
+
+<p>The 2.3.x series of the Apache Struts framework has a minimum requirement of the following specification versions:
+Servlet API 2.4, JSP API 2.0, and Java 6.</p>
+
+<p>Should any issues arise with your use of any version of the Struts framework, please post your comments
+to the user list, and, if appropriate, file a tracking ticket.</p>
+
+<p>You can download this version from our <a href="download.cgi#struts-2331">download</a> page.</p>
+
+<h4 id="a20160707">7 July 2016 - Struts 2.5.2 General Availability</h4>
+
+<p>The Apache Struts group is pleased to announce that Struts 2.5.2 is available as a “General Availability”
+release. The GA designation is our highest quality grade.</p>
+
+<p>Apache Struts 2 is an elegant, extensible framework for creating enterprise-ready Java web applications.
+The framework is designed to streamline the full development cycle, from building, to deploying,
+to maintaining applications over time.</p>
+
+<p>Struts 2.5.2 release contains several improvements just to mention few of them:</p>
+
+<ul>
+ <li>SecurityMemberAccess exclude class design issue, see WW-4645</li>
+ <li>Json deserialization does not work in 2.5.1, see WW-4650</li>
+ <li>Negative number is considered an arithmetic expression, see WW-4651</li>
+ <li>Wildcard redirect and path <code class="highlighter-rouge">/static/</code>, see WW-4656</li>
+ <li>Upgrade commons-fileupload to the latest version, see WW-4648</li>
+ <li>Cleans up logic in <code class="highlighter-rouge">StreamResult</code> and update docs, see WW-4655</li>
+</ul>
+
+<p><strong>All developers are strongly advised to perform this action.</strong></p>
+
+<p>The 2.5.x series of the Apache Struts framework has a minimum requirement of the following specification versions:
+Servlet API 2.4, JSP API 2.0, and Java 7.</p>
+
+<p>Should any issues arise with your use of any version of the Struts framework, please post your comments
+to the user list, and, if appropriate, file a tracking ticket.</p>
+
+<p>You can download this version from our <a href="download.cgi#struts-ga">download</a> page.</p>
+
+<h4 id="a20160707-2">7 July 2016 - Struts 2.3.30 General Availability</h4>
+
+<p>The Apache Struts group is pleased to announce that Struts 2.3.30 is available as a “General Availability”
+release. The GA designation is our highest quality grade.</p>
+
+<p>Apache Struts 2 is an elegant, extensible framework for creating enterprise-ready Java web applications.
+The framework is designed to streamline the full development cycle, from building, to deploying,
+to maintaining applications over time.</p>
+
+<p>This release contains several breaking changes and improvements just to mention few of them:</p>
+
+<ul>
+ <li>Pre-evaluation of “name” attribute stopped working, see WW-4641</li>
+ <li>Unable to retrieve <code class="highlighter-rouge">s:hidden</code> field values, see WW-4642</li>
+ <li>SecurityMemberAccess exclude class design issue, see WW-4645</li>
+ <li>Negative number is considered an arithmetic expression, see WW-4651</li>
+ <li>Upgrade commons-fileupload to the latest version, see WW-4648</li>
+</ul>
+
+<p><strong>All developers are strongly advised to perform this action.</strong></p>
+
+<p>The 2.3.x series of the Apache Struts framework has a minimum requirement of the following specification versions:
+Servlet API 2.4, JSP API 2.0, and Java 6.</p>
+
+<p>Should any issues arise with your use of any version of the Struts framework, please post your comments
+to the user list, and, if appropriate, file a tracking ticket.</p>
+
+<p>You can download this version from our <a href="download.cgi#struts-2330">download</a> page.</p>
+
+<h4 id="a20160618">18 June 2016 - Struts 2.5.1 General Availability</h4>
+
+<p>The Apache Struts group is pleased to announce that Struts 2.5.1 is available as a “General Availability”
+release. The GA designation is our highest quality grade.</p>
+
+<p>Apache Struts 2 is an elegant, extensible framework for creating enterprise-ready Java web applications.
+The framework is designed to streamline the full development cycle, from building, to deploying,
+to maintaining applications over time.</p>
+
+<p>This release addresses one potential security vulnerability:</p>
+
+<ul>
+ <li><a href="/docs/s2-041.html">S2-041</a>
+Possible DoS attack when using URLValidator</li>
+</ul>
+
+<p>Also all security patches applied to version Struts 2.3.29 were also applied to this version (just in case).</p>
+
+<p>This release contains several improvements just to mention few of them:</p>
+
+<ul>
+ <li>contentType override ignored for JSONInterceptor - see WW-4558</li>
+ <li>MessageStorePreResultListener does not store messages for 3rd-party RedirectResult subclasses - see WW-4618</li>
+ <li>EmailValidator flags .cat emails as invalid - see WW-4626</li>
+ <li>SMI cannot be disabled - see WW-4632</li>
+ <li>Centre alignment does not seem to work in Velocity tags - see WW-4634</li>
+ <li>Unable to process Jar entry (javassist-3.20.0-GA.jar) - see WW-4637</li>
+ <li>Strict Method Invocation breaks Action-Less Results - see WW-4643</li>
+ <li>When method is not allowed throw exception with meaningful message - see WW-4640</li>
+ <li>update struts2 bom - see WW-4644</li>
+</ul>
+
+<p><strong>All developers are strongly advised to perform this action.</strong></p>
+
+<p>The 2.5.x series of the Apache Struts framework has a minimum requirement of the following specification versions:
+Servlet API 2.4, JSP API 2.0, and Java 7.</p>
+
+<p>Should any issues arise with your use of any version of the Struts framework, please post your comments
+to the user list, and, if appropriate, file a tracking ticket.</p>
+
+<p>You can download this version from our <a href="download.cgi#struts-ga">download</a> page.</p>
+
+<h4 id="a20160617">17 June 2016 - Struts 2.3.29 General Availability with Security Fixes Release</h4>
+
+<p>The Apache Struts group is pleased to announce that Struts 2.3.29 is available as a “General Availability”
+release. The GA designation is our highest quality grade.</p>
+
+<p>Apache Struts 2 is an elegant, extensible framework for creating enterprise-ready Java web applications.
+The framework is designed to streamline the full development cycle, from building, to deploying,
+to maintaining applications over time.</p>
+
+<p>This release addresses these potential security vulnerabilities:</p>
+
+<ul>
+ <li>
+ <p><a href="/docs/s2-035.html">S2-035</a>
+Action name clean up is error prone</p>
+ </li>
+ <li>
+ <p><a href="/docs/s2-036.html">S2-036</a>
+Forced double OGNL evaluation, when evaluated on raw user input in tag attributes,
+may lead to remote code execution (similar to S2-029)</p>
+ </li>
+ <li>
+ <p><a href="/docs/s2-037.html">S2-037</a>
+Remote Code Execution can be performed when using REST Plugin.</p>
+ </li>
+ <li>
+ <p><a href="/docs/s2-038.html">S2-038</a>
+It is possible to bypass token validation and perform a CSRF attack</p>
+ </li>
+ <li>
+ <p><a href="/docs/s2-039.html">S2-039</a>
+Getter as action method leads to security bypass</p>
+ </li>
+ <li>
+ <p><a href="/docs/s2-040.html">S2-040</a>
+Input validation bypass using existing default action method.</p>
+ </li>
+ <li>
+ <p><a href="/docs/s2-041.html">S2-041</a>
+Possible DoS attack when using URLValidator</p>
+ </li>
+</ul>
+
+<p>This release contains several breaking changes and improvements just to mention few of them:</p>
+
+<ul>
+ <li>Json result type breaks</li>
+ <li>MessageStorePreResultListener doesn’t store messages for 3rd-party RedirectResult subclasses</li>
+ <li>Multiple tiles.xml in web.xml</li>
+ <li>New Tiles version can not find tiles*.xml files in sub-directories</li>
+ <li>EmailValidator flags .cat emails as invalid</li>
+ <li>Struts2 JSON Plugin: messages in fieldsErrors are serialized twice since jdk1.7_80</li>
+ <li>Tile definition Inheritance/overriding is broken in Struts2 tiles plugin 2.3.28+</li>
+ <li><code class="highlighter-rouge"><s:submit></code> generates a value attribute for type=image which violates W3C</li>
+ <li>ClassCastException while generating report using Struts 2.3.28 and jasperreports 4.5.1</li>
+</ul>
+
+<p><strong>All developers are strongly advised to perform this action.</strong></p>
+
+<p>The 2.3.x series of the Apache Struts framework has a minimum requirement of the following specification versions:
+Servlet API 2.4, JSP API 2.0, and Java 6.</p>
+
+<p>Should any issues arise with your use of any version of the Struts framework, please post your comments
+to the user list, and, if appropriate, file a tracking ticket.</p>
+
+<p>You can download this version from our <a href="download.cgi#struts-ga">download</a> page.</p>
+
+<h4 id="a20160601">1 June 2016 - Two security vulnerabilities reported</h4>
+
+<p>Two potential security vulnerabilities were reported which were already addressed in the latest Apache Struts 2 versions.
+Those reports just added other vectors of attack.</p>
+
+<ul>
+ <li>
+ <p><a href="/docs/s2-033.html">S2-033</a>
+Remote Code Execution can be performed when using REST Plugin with ! operator when Dynamic Method Invocation is enabled</p>
+ </li>
+ <li>
+ <p><a href="/docs/s2-034.html">S2-034</a>
+OGNL cache poisoning can lead to DoS vulnerability</p>
+ </li>
+</ul>
+
+<p>Please read carefully the Security Bulletins and take suggested actions. The simplest way to avoid those vulnerabilities
+in your application is to upgrade the Apache Struts to latest available version in 2.3.x series or to the Apache Struts 2.5.</p>
+
+<p>You can download those versions from our <a href="download.cgi#struts-ga">download</a> page.</p>
+
+<h4 id="a20160509">9 May 2016 - Struts 2.5 General Availability</h4>
+
+<p>The Apache Struts group is pleased to announce that Struts 2.5 is available as a “General Availability”
+release. The GA designation is our highest quality grade.</p>
+
+<p>Apache Struts 2 is an elegant, extensible framework for creating enterprise-ready Java web applications.
+The framework is designed to streamline the full development cycle, from building, to deploying,
+to maintaining applications over time.</p>
+
+<p>This release contains several breaking changes and improvements just to mention few of them:</p>
+
+<ul>
+ <li>XWork source was merged into Struts Core source, it means that there be no more xwork artifact nor dedicated jar</li>
+ <li>Spring dependency for tests and spring plugin was upgraded to version 4.1.6, see WW-4510.</li>
+ <li>Struts2 internal logging api was marked as deprecated and was replaced with new Log4j2 api as logging layer, see WW-4504.</li>
+ <li>Struts2 is now build with JDK7, see WW-4503.</li>
+ <li>New plugin to support bean validation is now part of the distribution, see WW-4505.</li>
+ <li>Deprecated plugins are now removed from the distribution and are not longer supported anymore.
+ <ul>
+ <li>Dojo Plugin</li>
+ <li>Codebehind Plugin</li>
+ <li>JSF Plugin</li>
+ <li>Struts1 Plugin</li>
+ </ul>
+ </li>
+ <li>New security option was added - Strict Method Invocation (also known as Strict DMI), see WW-4540</li>
+ <li>Added support for latest stable AngularJS in Maven archetype, see WW-4522</li>
+ <li>Dropped support for id and name - replaced with var, see WW-2069</li>
+ <li>Dedicated archive with a minimal set of dependencies was introduced, see WW-4570</li>
+ <li>It is possible to use multiple names when defining a result, see WW-4590</li>
+ <li>Rest plugin honors Accept header, see WW-4588</li>
+ <li>New result ‘JSONActionRedirectResult’ in json-plugin was defined, see WW-4591</li>
+ <li>Tiles plugin was upgrade to the latest Tiles 3 and tiles3-plugin was dropped, see WW-4584</li>
+ <li>JasperReports plugins was upgraded to JasperReport 6.0, see WW-4381</li>
+ <li>OGNL was upgraded to version 3.1.4 and it breaks access to properties as it follows Java Bean Specification, see WW-4207 and WW-3909</li>
+ <li>Annotations to configure Tiles, see WW-4594 and Tiles Plugin</li>
+</ul>
+
+<p><strong>All developers are strongly advised to perform this action.</strong></p>
+
+<p>The 2.5.x series of the Apache Struts framework has a minimum requirement of the following specification versions:
+Servlet API 2.4, JSP API 2.0, and Java 7.</p>
+
+<p>Should any issues arise with your use of any version of the Struts framework, please post your comments
+to the user list, and, if appropriate, file a tracking ticket.</p>
+
+<p>You can download this version from our <a href="download.cgi#struts-ga">download</a> page.</p>
+
+<h4 id="a20160419">19 April 2016 - Struts 2.3.28.1 General Availability with Security Fixes Release</h4>
+
+<p>The Apache Struts group is pleased to announce that Struts 2.3.28.1 is available as a “General Availability”
+release. The GA designation is our highest quality grade.</p>
+
+<p>Apache Struts 2 is an elegant, extensible framework for creating enterprise-ready Java web applications.
+The framework is designed to streamline the full development cycle, from building, to deploying,
+to maintaining applications over time.</p>
+
+<p>This release addresses two potential security vulnerabilities:</p>
+
+<ul>
+ <li>
+ <p><a href="/docs/s2-031.html">S2-031</a>
+Possible RCE vulnerability in <code class="highlighter-rouge">XSLTResult</code> was fixed.</p>
+ </li>
+ <li>
+ <p><a href="/docs/s2-032.html">S2-032</a>
+Prevents execution of chained expressions based on new <code class="highlighter-rouge">isSequence</code> flag introduce in appropriated OGNL versions.</p>
+ </li>
+</ul>
+
+<p><strong>All developers are strongly advised to perform this action.</strong></p>
+
+<p>The 2.3.x series of the Apache Struts framework has a minimum requirement of the following specification versions:
+Servlet API 2.4, JSP API 2.0, and Java 6.</p>
+
+<p>Should any issues arise with your use of any version of the Struts framework, please post your comments
+to the user list, and, if appropriate, file a tracking ticket.</p>
+
+<p>You can download this version from our <a href="download.cgi#struts-ga">download</a> page.</p>
+
+<h4 id="a20160419-1">19 April 2016 - Struts 2.3.20.3 & 2.3.24.3 General Availability with Security Fixes Release</h4>
+
+<p>The Apache Struts group is pleased to announce that Struts 2.3.20.3 & Struts 2.3.24.3 are available as a “General Availability”
+releases. The GA designation is our highest quality grade.</p>
+
+<p>Apache Struts 2 is an elegant, extensible framework for creating enterprise-ready Java web applications.
+The framework is designed to streamline the full development cycle, from building, to deploying,
+to maintaining applications over time.</p>
+
+<p>These releases address three potential security vulnerabilities:</p>
+
+<ul>
+ <li>
+ <p><a href="/docs/s2-029.html">S2-029</a>
+Forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution.</p>
+ </li>
+ <li>
+ <p><a href="/docs/s2-031.html">S2-031</a>
+Possible RCE vulnerability in <code class="highlighter-rouge">XSLTResult</code> was fixed.</p>
+ </li>
+ <li>
+ <p><a href="/docs/s2-032.html">S2-032</a>
+Prevents execution of chained expressions based on new <code class="highlighter-rouge">isSequence</code> flag introduce in appropriated OGNL versions.</p>
+ </li>
+</ul>
+
+<p><strong>All developers are strongly advised to perform this action.</strong></p>
+
+<p>The 2.3.x series of the Apache Struts framework has a minimum requirement of the following specification versions:
+Servlet API 2.4, JSP API 2.0, and Java 6.</p>
+
+<p>Should any issues arise with your use of any version of the Struts framework, please post your comments
+to the user list, and, if appropriate, file a tracking ticket.</p>
+
+<p>You can download these versions from our <a href="download.cgi#prior-releases">download</a> page.</p>
+
+<h4 id="a20160318">18 March 2016 - Struts 2.3.28 General Availability with Security Fix Release</h4>
+
+<p>The Apache Struts group is pleased to announce that Struts 2.3.28 is available as a “General Availability”
+release. The GA designation is our highest quality grade.</p>
+
+<p>Apache Struts 2 is an elegant, extensible framework for creating enterprise-ready Java web applications.
+The framework is designed to streamline the full development cycle, from building, to deploying,
+to maintaining applications over time.</p>
+
+<p>This release addresses three potential security vulnerabilities:</p>
+
+<ul>
+ <li>
+ <p><a href="/docs/s2-028.html">S2-028</a>
+Possible XSS vulnerability in pages not using UTF-8 was fixed.</p>
+ </li>
+ <li>
+ <p><a href="/docs/s2-029.html">S2-029</a>
+Forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution.</p>
+ </li>
+ <li>
+ <p><a href="/docs/s2-030.html">S2-030</a>
+I18NInterceptor narrows selected locale to those available in JVM to reduce possibility of another XSS vulnerability.</p>
+ </li>
+</ul>
+
+<p><strong>All developers are strongly advised to perform this action.</strong></p>
+
+<p>This release contains several breaking changes and improvements just to mention few of them:</p>
+
+<ul>
+ <li>New Configurationprovider type was introduced - ServletContextAwareConfigurationProvider, see WW-4410</li>
+ <li>Setting status code in HttpHeaders isn’t ignored anymore, see WW-4545</li>
+ <li>Spring BeanPostProcessor(s) are called only once to constructed objects., see WW-4554</li>
+ <li>OGNL was upgraded to version 3.0.13, see WW-4562</li>
+ <li>Tiles 2 Plugin was upgraded to latest available Tiles 2 version, see WW-4568</li>
+ <li>A dedicated assembly with minimal set of jars was defined, see WW-4570</li>
+ <li>Struts2 Rest plugin properly handles JSESSIONID with DMI, see WW-4585</li>
+ <li>Improved the Struts2 Rest plugin to honor Accept header, see WW-4588</li>
+ <li>MessageStoreInterceptor was refactored to use PreResultListener to store messages, see WW-4605</li>
+ <li>A new annotation was added to support configuring Tiles - @TilesDefinition, see WW-4606</li>
+</ul>
+
+<p>and many other improvements, please check the version notes</p>
+
+<p>The 2.3.x series of the Apache Struts framework has a minimum requirement of the following specification versions:
+Servlet API 2.4, JSP API 2.0, and Java 6.</p>
+
+<p>Should any issues arise with your use of any version of the Struts framework, please post your comments
+to the user list, and, if appropriate, file a tracking ticket.</p>
+
+<h4 id="a20160126">26 January 2016 - Struts 2.5-BETA3 (BETA)</h4>
+
+<p>The Apache Struts group is pleased to announce that Struts 2.5-BETA3 is available as a “BETA” release.</p>
+
+<p>Apache Struts 2 is an elegant, extensible framework for creating enterprise-ready Java web applications.
+The framework is designed to streamline the full development cycle, from building, to deploying,
+to maintaining applications over time.</p>
+
+<p>This release contains several breaking changes and improvements just to mention few of them:</p>
+
+<ul>
+ <li>Dropped support for id and name - replaced with var, see WW-2069</li>
+ <li>Dedicated archive with a minimal set of dependencies was introduced, see WW-4570</li>
+ <li>It is possible to use multiple names when defining a result, see WW-4590</li>
+ <li>Rest plugin honors Accept header, see WW-4588</li>
+ <li>New result ‘JSONActionRedirectResult’ in json-plugin was defined, see WW-4591</li>
+ <li>Tiles plugin was upgrade to the latest Tiles 3 and tiles3-plugin was dropped, see WW-4584</li>
+ <li>JasperReports plugins was upgraded to JasperReport 6.0, see WW-4381</li>
+ <li>OGNL was upgraded to version 3.0.11 and it breaks access to properties as it follows Java Bean Specification,
+see WW-4207 and WW-3909
+ <ul>
+ <li>and then OGNL was upgraded to version 3.1.1, see WW-4561</li>
+ <li>and then OGNL was upgraded to version 3.2.1, see WW-4577</li>
+ </ul>
+ </li>
+</ul>
+
+<p>and many other improvements, please check the version notes</p>
+
+<p>The 2.5.x series of the Apache Struts framework has a minimum requirement of the following specification versions:
+Servlet API 2.4, JSP API 2.0, and Java 7.</p>
+
+<p>Should any issues arise with your use of any version of the Struts framework, please post your comments
+to the user list, and, if appropriate, file a tracking ticket.</p>
+
+<p class="pull-right">
+ Skip to: <a href="announce-2015.html">Announcements - 2015</a>
+</p>
+
+<p class="pull-left">
+ <strong>Next:</strong>
+ <a href="kickstart.html">Kickstart FAQ</a>
+</p>
+
+ </section>
+</article>
+
+
+<footer class="container">
+ <div class="col-md-12">
+ Copyright © 2000-2016 <a href="http://www.apache.org/">The Apache Software Foundation </a>.
+ All Rights Reserved.
+ </div>
+ <div class="col-md-12">
+ Apache Struts, Struts, Apache, the Apache feather logo, and the Apache Struts project logos are
+ trademarks of The Apache Software Foundation.
+ </div>
+ <div class="col-md-12">Logo and website design donated by <a href="https://softwaremill.com/">SoftwareMill</a>.</div>
+</footer>
+
+<script>!function (d, s, id) {
+ var js, fjs = d.getElementsByTagName(s)[0];
+ if (!d.getElementById(id)) {
+ js = d.createElement(s);
+ js.id = id;
+ js.src = "//platform.twitter.com/widgets.js";
+ fjs.parentNode.insertBefore(js, fjs);
+ }
+}(document, "script", "twitter-wjs");</script>
+<script src="https://apis.google.com/js/platform.js" async="async" defer="defer"></script>
+
+<div id="fb-root"></div>
+
+<script>(function (d, s, id) {
+ var js, fjs = d.getElementsByTagName(s)[0];
+ if (d.getElementById(id)) return;
+ js = d.createElement(s);
+ js.id = id;
+ js.src = "//connect.facebook.net/en_GB/all.js#xfbml=1";
+ fjs.parentNode.insertBefore(js, fjs);
+}(document, 'script', 'facebook-jssdk'));</script>
+
+
+<script>
+$(function() {
+ return $("h2, h3, h4, h5, h6").each(function(i, el) {
+ var $el, icon, id;
+ $el = $(el);
+ id = $el.attr('id');
+ icon = '<i class="fa fa-link"></i>';
+ if (id) {
+ return $el.prepend($("<a />").addClass("header-link").attr("href", "#" + id).html(icon));
+ }
+ });
+});
+</script>
+
+</body>
+</html>
Modified: websites/production/struts/content/announce.html
==============================================================================
--- websites/production/struts/content/announce.html (original)
+++ websites/production/struts/content/announce.html Fri Feb 3 13:47:41 2017
@@ -121,378 +121,40 @@
<h1 id="announcements">Announcements</h1>
<p class="pull-right">
- Skip to: <a href="announce-2015.html">Announcements - 2015</a>
+ Skip to: <a href="announce-2016.html">Announcements - 2016</a>
</p>
-<h4 id="a20161219">19 Decemeber 2016 - Struts 2.5.8 General Availability</h4>
+<h4 id="a20170203">3 February 2016 - Struts 2.5.10 General Availability</h4>
-<p>The Apache Struts group is pleased to announce that Struts 2.5.8 is available as a “General Availability”
+<p>The Apache Struts group is pleased to announce that Struts 2.5.10 is available as a “General Availability”
release. The GA designation is our highest quality grade.</p>
<p>Apache Struts 2 is an elegant, extensible framework for creating enterprise-ready Java web applications.
The framework is designed to streamline the full development cycle, from building, to deploying,
to maintaining applications over time.</p>
-<p>This release addresses one potential security vulnerability:</p>
-
-<ul>
- <li>Possible DoS attack when using URLValidator - <a href="/docs/s2-044.html">S2-044</a></li>
-</ul>
-
-<p>Also this release contains several breaking changes and improvements just to mention few of them:</p>
-
-<ul>
- <li>Included XSL files’ URI not being resolved for actions with result <code class="highlighter-rouge">type="xslt"</code>, see WW-2561</li>
- <li><code class="highlighter-rouge">ConcurrentModificationException</code> using <code class="highlighter-rouge">s:iterator</code> (intermittent), see WW-3019</li>
- <li><code class="highlighter-rouge">ObjectFactory</code> reporting ERROR’s when you attempt to set parameters on a Redirect result, see WW-3170</li>
- <li>preselect values in <code class="highlighter-rouge"><s:optgroup></code>, see WW-4367</li>
- <li>File upload error message always in default language, see WW-4636</li>
- <li>Can no longer clear parameter on a <code class="highlighter-rouge"><s:url></code> tag, see WW-4701</li>
- <li>List based parameters no longer work when there is only one value, see WW-4702</li>
- <li><code class="highlighter-rouge">NullPointerException</code> in <code class="highlighter-rouge">ActionSupport</code> when use <code class="highlighter-rouge">ModelDriven</code>, see WW-4703</li>
- <li>Multiselect parameter behavior different between struts 2.5.5 and 2.5.1, see WW-4707</li>
- <li>Invalid field value for field “id”, see WW-4709</li>
- <li>Scope interceptor always resets because of <code class="highlighter-rouge">org.apache.struts2.dispatcher.HttpParameters</code>, see WW-4715</li>
- <li><code class="highlighter-rouge">focusElement</code> form attribute not working, see WW-4718</li>
- <li>Portlet Issue with <code class="highlighter-rouge">I18Interceptor</code>, see WW-4722</li>
- <li>Allow <code class="highlighter-rouge"><constant/></code> value substitution in XML configuration, see WW-4698</li>
- <li>Upgrade to latest OGNL version, see WW-4704</li>
- <li>Add support for long type to <code class="highlighter-rouge"><s:date></code> tag, see WW-4705</li>
- <li>Disallow access to <code class="highlighter-rouge">HttpParameters.toMap</code>, see WW-4710</li>
- <li><code class="highlighter-rouge"><s:text/></code> tag should not evaluate <code class="highlighter-rouge">defaultMessage</code> against a <code class="highlighter-rouge">ValueStack</code> by default, see WW-4711</li>
- <li><code class="highlighter-rouge">TextProviderHelper#getText()</code> should perform cleaning of <code class="highlighter-rouge">defaultMessage</code>, see WW-4712</li>
- <li>Refactor file upload support to allow create virtual representation of <code class="highlighter-rouge">java.io.File</code>, see WW-4717</li>
- <li>Move <code class="highlighter-rouge">DefaultClassFinder</code> into <code class="highlighter-rouge">Convention</code> plugin, see WW-4719</li>
- <li><code class="highlighter-rouge">HttpParameters</code> should behave like a <code class="highlighter-rouge">Map</code>, see WW-4720</li>
- <li>Add support for <code class="highlighter-rouge">roundingMode</code> in <code class="highlighter-rouge"><s:number/></code> tag, see WW-4721</li>
-</ul>
-
-<p><strong>All developers are strongly advised to perform this action.</strong></p>
-
-<p>The 2.5.x series of the Apache Struts framework has a minimum requirement of the following specification versions:
-Servlet API 2.4, JSP API 2.0, and Java 7.</p>
-
-<p>Should any issues arise with your use of any version of the Struts framework, please post your comments
-to the user list, and, if appropriate, file a tracking ticket.</p>
-
-<p>You can download this version from our <a href="download.cgi#struts-ga">download</a> page.</p>
-
-<h4 id="a20161021">21 October 2016 - Struts 2.5.5 General Availability</h4>
-
-<p>The Apache Struts group is pleased to announce that Struts 2.5.5 is available as a “General Availability”
-release. The GA designation is our highest quality grade.</p>
-
-<p>Apache Struts 2 is an elegant, extensible framework for creating enterprise-ready Java web applications.
-The framework is designed to streamline the full development cycle, from building, to deploying,
-to maintaining applications over time.</p>
-
-<p>This release contains several breaking changes and improvements just to mention few of them:</p>
-
-<ul>
- <li>webconsole can always be accessed, see WW-4601</li>
- <li>Space character and includeParams, see WW-4628</li>
- <li>Empty <s:param name="p1" value=""></s:param> is being supressed, see WW-4631</li>
- <li>remove ASM 3 from struts2, see WW-4646</li>
- <li>SMI do not work with JSON plugin, see WW-4649</li>
- <li>Concurrency issue in addDefaultResourceBundle, see WW-4652</li>
- <li>Action parameters should be included when building the URL to action, see WW-4654</li>
- <li>StreamResult closes outputstream early, see WW-4662</li>
- <li>NullPointerException when displaying a form without action attribute, see WW-4663</li>
- <li>ParametersInterceptor excludeParams only applies to first instance of params interceptor in paramsPrepareParamsStack, see WW-4667</li>
- <li>URL validator is case sensitive, see WW-4671</li>
- <li>Select box does not pre-select chosen values, see WW-4675</li>
- <li>Tiles-Plugin unable to load tiles definition XML, see WW-4679</li>
- <li>Missing brackets in checkbox.ftl of css_xhtml template, see WW-4681</li>
- <li>Move Struts Archetypes to dedicated project, see WW-4316</li>
- <li>Add dedicated class to represent Http Parameters, see WW-4572</li>
- <li>ParametersInterceptor should check collection index to against DOS, see WW-4620</li>
- <li>Move example portlet-app into struts-examples, see WW-4660</li>
- <li>Upgrade JFreeChart plugin to the latest version of JFreeChart, see WW-4670</li>
- <li>StrutsPrepareAndExecuteFilter should check for response commited status, see WW-4674</li>
- <li>ConversionErrorInterceptor to extend MethodFilterInterceptor, see WW-4676</li>
- <li>I18N Interceptor automatically validates Locale, see WW-4677</li>
- <li>Upgrade Tiles to 3.0.7 GA version, see WW-4680</li>
- <li>Allow directly accessing I18N keys from Tiles defintions, see WW-4685</li>
- <li>Merge two existing I18NInterceptors into one, see WW-4686</li>
- <li>Exclude “java.ext.dirs” when scanning for actions, see WW-4688</li>
- <li>CycleDetector - use enum instead of String constants, see WW-4689</li>
- <li>Upgrade Commons Collections to 4.1, see WW-4695</li>
- <li>Upgrade to Log4j 2.7, see WW-4696</li>
- <li>Warn about excluded action/method only when DMI is disabled, see WW-4697</li>
-</ul>
-
-<p><strong>All developers are strongly advised to perform this action.</strong></p>
-
-<p>The 2.5.x series of the Apache Struts framework has a minimum requirement of the following specification versions:
-Servlet API 2.4, JSP API 2.0, and Java 7.</p>
-
-<p>Should any issues arise with your use of any version of the Struts framework, please post your comments
-to the user list, and, if appropriate, file a tracking ticket.</p>
-
-<p>You can download this version from our <a href="download.cgi#struts-ga">download</a> page.</p>
-
-<h4 id="a20161018">18 October 2016 - Struts 2.3.31 General Availability</h4>
-
-<p>The Apache Struts group is pleased to announce that Struts 2.3.31 is available as a “General Availability”
-release. The GA designation is our highest quality grade.</p>
-
-<p>Apache Struts 2 is an elegant, extensible framework for creating enterprise-ready Java web applications.
-The framework is designed to streamline the full development cycle, from building, to deploying,
-to maintaining applications over time.</p>
-
-<p>This release addresses two potential security vulnerabilities:</p>
-
-<ul>
- <li>Possible path traversal in the Convention plugin <a href="/docs/s2-042.html">S2-042</a></li>
- <li>Using the Config Browser plugin in production <a href="/docs/s2-043.html">S2-043</a></li>
-</ul>
-
-<p>Also this release contains several breaking changes and improvements just to mention few of them:</p>
-
-<ul>
- <li>webconsole can always be accessed, see WW-4601</li>
- <li>Space character and includeParams,see WW-4628</li>
- <li>ParametersInterceptor excludeParams only applies to first instance of params interceptor in paramsPrepareParamsStack,see WW-4667</li>
- <li>Select box does not pre-select chosen values,see WW-4675</li>
- <li>StrutsPrepareAndExecuteFilter should check for response committed status,see WW-4674</li>
- <li>Allow directly accessing I18N keys from Tiles definitions,see WW-4685</li>
-</ul>
-
-<p><strong>All developers are strongly advised to perform this action.</strong></p>
-
-<p>The 2.3.x series of the Apache Struts framework has a minimum requirement of the following specification versions:
-Servlet API 2.4, JSP API 2.0, and Java 6.</p>
-
-<p>Should any issues arise with your use of any version of the Struts framework, please post your comments
-to the user list, and, if appropriate, file a tracking ticket.</p>
-
-<p>You can download this version from our <a href="download.cgi#struts-2331">download</a> page.</p>
-
-<h4 id="a20160707">7 July 2016 - Struts 2.5.2 General Availability</h4>
-
-<p>The Apache Struts group is pleased to announce that Struts 2.5.2 is available as a “General Availability”
-release. The GA designation is our highest quality grade.</p>
-
-<p>Apache Struts 2 is an elegant, extensible framework for creating enterprise-ready Java web applications.
-The framework is designed to streamline the full development cycle, from building, to deploying,
-to maintaining applications over time.</p>
-
-<p>Struts 2.5.2 release contains several improvements just to mention few of them:</p>
-
-<ul>
- <li>SecurityMemberAccess exclude class design issue, see WW-4645</li>
- <li>Json deserialization does not work in 2.5.1, see WW-4650</li>
- <li>Negative number is considered an arithmetic expression, see WW-4651</li>
- <li>Wildcard redirect and path <code class="highlighter-rouge">/static/</code>, see WW-4656</li>
- <li>Upgrade commons-fileupload to the latest version, see WW-4648</li>
- <li>Cleans up logic in <code class="highlighter-rouge">StreamResult</code> and update docs, see WW-4655</li>
-</ul>
-
-<p><strong>All developers are strongly advised to perform this action.</strong></p>
-
-<p>The 2.5.x series of the Apache Struts framework has a minimum requirement of the following specification versions:
-Servlet API 2.4, JSP API 2.0, and Java 7.</p>
-
-<p>Should any issues arise with your use of any version of the Struts framework, please post your comments
-to the user list, and, if appropriate, file a tracking ticket.</p>
-
-<p>You can download this version from our <a href="download.cgi#struts-ga">download</a> page.</p>
-
-<h4 id="a20160707-2">7 July 2016 - Struts 2.3.30 General Availability</h4>
-
-<p>The Apache Struts group is pleased to announce that Struts 2.3.30 is available as a “General Availability”
-release. The GA designation is our highest quality grade.</p>
-
-<p>Apache Struts 2 is an elegant, extensible framework for creating enterprise-ready Java web applications.
-The framework is designed to streamline the full development cycle, from building, to deploying,
-to maintaining applications over time.</p>
-
-<p>This release contains several breaking changes and improvements just to mention few of them:</p>
-
-<ul>
- <li>Pre-evaluation of “name” attribute stopped working, see WW-4641</li>
- <li>Unable to retrieve <code class="highlighter-rouge">s:hidden</code> field values, see WW-4642</li>
- <li>SecurityMemberAccess exclude class design issue, see WW-4645</li>
- <li>Negative number is considered an arithmetic expression, see WW-4651</li>
- <li>Upgrade commons-fileupload to the latest version, see WW-4648</li>
-</ul>
-
-<p><strong>All developers are strongly advised to perform this action.</strong></p>
-
-<p>The 2.3.x series of the Apache Struts framework has a minimum requirement of the following specification versions:
-Servlet API 2.4, JSP API 2.0, and Java 6.</p>
-
-<p>Should any issues arise with your use of any version of the Struts framework, please post your comments
-to the user list, and, if appropriate, file a tracking ticket.</p>
-
-<p>You can download this version from our <a href="download.cgi#struts-2330">download</a> page.</p>
-
-<h4 id="a20160618">18 June 2016 - Struts 2.5.1 General Availability</h4>
-
-<p>The Apache Struts group is pleased to announce that Struts 2.5.1 is available as a “General Availability”
-release. The GA designation is our highest quality grade.</p>
-
-<p>Apache Struts 2 is an elegant, extensible framework for creating enterprise-ready Java web applications.
-The framework is designed to streamline the full development cycle, from building, to deploying,
-to maintaining applications over time.</p>
-
-<p>This release addresses one potential security vulnerability:</p>
-
-<ul>
- <li><a href="/docs/s2-041.html">S2-041</a>
-Possible DoS attack when using URLValidator</li>
-</ul>
-
-<p>Also all security patches applied to version Struts 2.3.29 were also applied to this version (just in case).</p>
-
-<p>This release contains several improvements just to mention few of them:</p>
-
-<ul>
- <li>contentType override ignored for JSONInterceptor - see WW-4558</li>
- <li>MessageStorePreResultListener does not store messages for 3rd-party RedirectResult subclasses - see WW-4618</li>
- <li>EmailValidator flags .cat emails as invalid - see WW-4626</li>
- <li>SMI cannot be disabled - see WW-4632</li>
- <li>Centre alignment does not seem to work in Velocity tags - see WW-4634</li>
- <li>Unable to process Jar entry (javassist-3.20.0-GA.jar) - see WW-4637</li>
- <li>Strict Method Invocation breaks Action-Less Results - see WW-4643</li>
- <li>When method is not allowed throw exception with meaningful message - see WW-4640</li>
- <li>update struts2 bom - see WW-4644</li>
-</ul>
-
-<p><strong>All developers are strongly advised to perform this action.</strong></p>
-
-<p>The 2.5.x series of the Apache Struts framework has a minimum requirement of the following specification versions:
-Servlet API 2.4, JSP API 2.0, and Java 7.</p>
-
-<p>Should any issues arise with your use of any version of the Struts framework, please post your comments
-to the user list, and, if appropriate, file a tracking ticket.</p>
-
-<p>You can download this version from our <a href="download.cgi#struts-ga">download</a> page.</p>
-
-<h4 id="a20160617">17 June 2016 - Struts 2.3.29 General Availability with Security Fixes Release</h4>
-
-<p>The Apache Struts group is pleased to announce that Struts 2.3.29 is available as a “General Availability”
-release. The GA designation is our highest quality grade.</p>
-
-<p>Apache Struts 2 is an elegant, extensible framework for creating enterprise-ready Java web applications.
-The framework is designed to streamline the full development cycle, from building, to deploying,
-to maintaining applications over time.</p>
-
-<p>This release addresses these potential security vulnerabilities:</p>
-
-<ul>
- <li>
- <p><a href="/docs/s2-035.html">S2-035</a>
-Action name clean up is error prone</p>
- </li>
- <li>
- <p><a href="/docs/s2-036.html">S2-036</a>
-Forced double OGNL evaluation, when evaluated on raw user input in tag attributes,
-may lead to remote code execution (similar to S2-029)</p>
- </li>
- <li>
- <p><a href="/docs/s2-037.html">S2-037</a>
-Remote Code Execution can be performed when using REST Plugin.</p>
- </li>
- <li>
- <p><a href="/docs/s2-038.html">S2-038</a>
-It is possible to bypass token validation and perform a CSRF attack</p>
- </li>
- <li>
- <p><a href="/docs/s2-039.html">S2-039</a>
-Getter as action method leads to security bypass</p>
- </li>
- <li>
- <p><a href="/docs/s2-040.html">S2-040</a>
-Input validation bypass using existing default action method.</p>
- </li>
- <li>
- <p><a href="/docs/s2-041.html">S2-041</a>
-Possible DoS attack when using URLValidator</p>
- </li>
-</ul>
-
<p>This release contains several breaking changes and improvements just to mention few of them:</p>
<ul>
- <li>Json result type breaks</li>
- <li>MessageStorePreResultListener doesn’t store messages for 3rd-party RedirectResult subclasses</li>
- <li>Multiple tiles.xml in web.xml</li>
- <li>New Tiles version can not find tiles*.xml files in sub-directories</li>
- <li>EmailValidator flags .cat emails as invalid</li>
- <li>Struts2 JSON Plugin: messages in fieldsErrors are serialized twice since jdk1.7_80</li>
- <li>Tile definition Inheritance/overriding is broken in Struts2 tiles plugin 2.3.28+</li>
- <li><code class="highlighter-rouge"><s:submit></code> generates a value attribute for type=image which violates W3C</li>
- <li>ClassCastException while generating report using Struts 2.3.28 and jasperreports 4.5.1</li>
-</ul>
-
-<p><strong>All developers are strongly advised to perform this action.</strong></p>
-
-<p>The 2.3.x series of the Apache Struts framework has a minimum requirement of the following specification versions:
-Servlet API 2.4, JSP API 2.0, and Java 6.</p>
-
-<p>Should any issues arise with your use of any version of the Struts framework, please post your comments
-to the user list, and, if appropriate, file a tracking ticket.</p>
-
-<p>You can download this version from our <a href="download.cgi#struts-ga">download</a> page.</p>
-
-<h4 id="a20160601">1 June 2016 - Two security vulnerabilities reported</h4>
-
-<p>Two potential security vulnerabilities were reported which were already addressed in the latest Apache Struts 2 versions.
-Those reports just added other vectors of attack.</p>
-
-<ul>
- <li>
- <p><a href="/docs/s2-033.html">S2-033</a>
-Remote Code Execution can be performed when using REST Plugin with ! operator when Dynamic Method Invocation is enabled</p>
- </li>
- <li>
- <p><a href="/docs/s2-034.html">S2-034</a>
-OGNL cache poisoning can lead to DoS vulnerability</p>
- </li>
-</ul>
-
-<p>Please read carefully the Security Bulletins and take suggested actions. The simplest way to avoid those vulnerabilities
-in your application is to upgrade the Apache Struts to latest available version in 2.3.x series or to the Apache Struts 2.5.</p>
-
-<p>You can download those versions from our <a href="download.cgi#struts-ga">download</a> page.</p>
-
-<h4 id="a20160509">9 May 2016 - Struts 2.5 General Availability</h4>
-
-<p>The Apache Struts group is pleased to announce that Struts 2.5 is available as a “General Availability”
-release. The GA designation is our highest quality grade.</p>
-
-<p>Apache Struts 2 is an elegant, extensible framework for creating enterprise-ready Java web applications.
-The framework is designed to streamline the full development cycle, from building, to deploying,
-to maintaining applications over time.</p>
-
-<p>This release contains several breaking changes and improvements just to mention few of them:</p>
-
-<ul>
- <li>XWork source was merged into Struts Core source, it means that there be no more xwork artifact nor dedicated jar</li>
- <li>Spring dependency for tests and spring plugin was upgraded to version 4.1.6, see WW-4510.</li>
- <li>Struts2 internal logging api was marked as deprecated and was replaced with new Log4j2 api as logging layer, see WW-4504.</li>
- <li>Struts2 is now build with JDK7, see WW-4503.</li>
- <li>New plugin to support bean validation is now part of the distribution, see WW-4505.</li>
- <li>Deprecated plugins are now removed from the distribution and are not longer supported anymore.
- <ul>
- <li>Dojo Plugin</li>
- <li>Codebehind Plugin</li>
- <li>JSF Plugin</li>
- <li>Struts1 Plugin</li>
- </ul>
- </li>
- <li>New security option was added - Strict Method Invocation (also known as Strict DMI), see WW-4540</li>
- <li>Added support for latest stable AngularJS in Maven archetype, see WW-4522</li>
- <li>Dropped support for id and name - replaced with var, see WW-2069</li>
- <li>Dedicated archive with a minimal set of dependencies was introduced, see WW-4570</li>
- <li>It is possible to use multiple names when defining a result, see WW-4590</li>
- <li>Rest plugin honors Accept header, see WW-4588</li>
- <li>New result ‘JSONActionRedirectResult’ in json-plugin was defined, see WW-4591</li>
- <li>Tiles plugin was upgrade to the latest Tiles 3 and tiles3-plugin was dropped, see WW-4584</li>
- <li>JasperReports plugins was upgraded to JasperReport 6.0, see WW-4381</li>
- <li>OGNL was upgraded to version 3.1.4 and it breaks access to properties as it follows Java Bean Specification, see WW-4207 and WW-3909</li>
- <li>Annotations to configure Tiles, see WW-4594 and Tiles Plugin</li>
+ <li>How to handle 404 when using wildcard instead of error 500 when the wildcard method doesn’t exist</li>
+ <li>MessageStoreInterceptor must handle all redirects</li>
+ <li><code class="highlighter-rouge">MaxMultiPartUpload</code> limited to 2GB (Long –> Integer)</li>
+ <li>Struts 2.5.8 no longer supports the <code class="highlighter-rouge"><include></code> directive in the <code class="highlighter-rouge">struts.xml</code></li>
+ <li><code class="highlighter-rouge">JSONValidationInterceptor</code> change static parameters names</li>
+ <li><code class="highlighter-rouge">ServletDispatcherResult</code> can’t handle parameters anymore</li>
+ <li><code class="highlighter-rouge">TokenInterceptor</code> synchronized on <code class="highlighter-rouge">session.getId().intern()</code></li>
+ <li>XSLT error during transformation</li>
+ <li>No default parameter defined for result <code class="highlighter-rouge">json</code> of type <code class="highlighter-rouge">org.apache.struts2.json.JSONResult</code></li>
+ <li><code class="highlighter-rouge">I18Interceptor</code> ignores session or cookie Locale after first lookup failure</li>
+ <li><code class="highlighter-rouge">EmailValidator</code> does not accept new domain suffixes</li>
+ <li><code class="highlighter-rouge">AnnotationValidationInterceptor</code> : <code class="highlighter-rouge">NullPointerException</code> when method is null</li>
+ <li><code class="highlighter-rouge">struts.xml</code> include not loading in dependant jar files</li>
+ <li><code class="highlighter-rouge">AnnotationValidationInterceptor</code> should consult <code class="highlighter-rouge">UnknownHandler</code> before throwing <code class="highlighter-rouge">NoSuchMethodException</code></li>
+ <li><code class="highlighter-rouge">ActionSupport.LOG</code> should be private</li>
+ <li>Remove <code class="highlighter-rouge">StrutsObjectFactory</code> and define <code class="highlighter-rouge">StrutsInterceptorFactory</code> instead</li>
+ <li>Make <code class="highlighter-rouge">OgnlValueStack</code> and <code class="highlighter-rouge">OgnlValueStackFactory</code> More Extensible</li>
+ <li>Make interceptor parameters dynamic</li>
+ <li>allow include other config files from classpath</li>
</ul>
<p><strong>All developers are strongly advised to perform this action.</strong></p>
@@ -505,162 +167,8 @@ to the user list, and, if appropriate, f
<p>You can download this version from our <a href="download.cgi#struts-ga">download</a> page.</p>
-<h4 id="a20160419">19 April 2016 - Struts 2.3.28.1 General Availability with Security Fixes Release</h4>
-
-<p>The Apache Struts group is pleased to announce that Struts 2.3.28.1 is available as a “General Availability”
-release. The GA designation is our highest quality grade.</p>
-
-<p>Apache Struts 2 is an elegant, extensible framework for creating enterprise-ready Java web applications.
-The framework is designed to streamline the full development cycle, from building, to deploying,
-to maintaining applications over time.</p>
-
-<p>This release addresses two potential security vulnerabilities:</p>
-
-<ul>
- <li>
- <p><a href="/docs/s2-031.html">S2-031</a>
-Possible RCE vulnerability in <code class="highlighter-rouge">XSLTResult</code> was fixed.</p>
- </li>
- <li>
- <p><a href="/docs/s2-032.html">S2-032</a>
-Prevents execution of chained expressions based on new <code class="highlighter-rouge">isSequence</code> flag introduce in appropriated OGNL versions.</p>
- </li>
-</ul>
-
-<p><strong>All developers are strongly advised to perform this action.</strong></p>
-
-<p>The 2.3.x series of the Apache Struts framework has a minimum requirement of the following specification versions:
-Servlet API 2.4, JSP API 2.0, and Java 6.</p>
-
-<p>Should any issues arise with your use of any version of the Struts framework, please post your comments
-to the user list, and, if appropriate, file a tracking ticket.</p>
-
-<p>You can download this version from our <a href="download.cgi#struts-ga">download</a> page.</p>
-
-<h4 id="a20160419-1">19 April 2016 - Struts 2.3.20.3 & 2.3.24.3 General Availability with Security Fixes Release</h4>
-
-<p>The Apache Struts group is pleased to announce that Struts 2.3.20.3 & Struts 2.3.24.3 are available as a “General Availability”
-releases. The GA designation is our highest quality grade.</p>
-
-<p>Apache Struts 2 is an elegant, extensible framework for creating enterprise-ready Java web applications.
-The framework is designed to streamline the full development cycle, from building, to deploying,
-to maintaining applications over time.</p>
-
-<p>These releases address three potential security vulnerabilities:</p>
-
-<ul>
- <li>
- <p><a href="/docs/s2-029.html">S2-029</a>
-Forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution.</p>
- </li>
- <li>
- <p><a href="/docs/s2-031.html">S2-031</a>
-Possible RCE vulnerability in <code class="highlighter-rouge">XSLTResult</code> was fixed.</p>
- </li>
- <li>
- <p><a href="/docs/s2-032.html">S2-032</a>
-Prevents execution of chained expressions based on new <code class="highlighter-rouge">isSequence</code> flag introduce in appropriated OGNL versions.</p>
- </li>
-</ul>
-
-<p><strong>All developers are strongly advised to perform this action.</strong></p>
-
-<p>The 2.3.x series of the Apache Struts framework has a minimum requirement of the following specification versions:
-Servlet API 2.4, JSP API 2.0, and Java 6.</p>
-
-<p>Should any issues arise with your use of any version of the Struts framework, please post your comments
-to the user list, and, if appropriate, file a tracking ticket.</p>
-
-<p>You can download these versions from our <a href="download.cgi#prior-releases">download</a> page.</p>
-
-<h4 id="a20160318">18 March 2016 - Struts 2.3.28 General Availability with Security Fix Release</h4>
-
-<p>The Apache Struts group is pleased to announce that Struts 2.3.28 is available as a “General Availability”
-release. The GA designation is our highest quality grade.</p>
-
-<p>Apache Struts 2 is an elegant, extensible framework for creating enterprise-ready Java web applications.
-The framework is designed to streamline the full development cycle, from building, to deploying,
-to maintaining applications over time.</p>
-
-<p>This release addresses three potential security vulnerabilities:</p>
-
-<ul>
- <li>
- <p><a href="/docs/s2-028.html">S2-028</a>
-Possible XSS vulnerability in pages not using UTF-8 was fixed.</p>
- </li>
- <li>
- <p><a href="/docs/s2-029.html">S2-029</a>
-Forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution.</p>
- </li>
- <li>
- <p><a href="/docs/s2-030.html">S2-030</a>
-I18NInterceptor narrows selected locale to those available in JVM to reduce possibility of another XSS vulnerability.</p>
- </li>
-</ul>
-
-<p><strong>All developers are strongly advised to perform this action.</strong></p>
-
-<p>This release contains several breaking changes and improvements just to mention few of them:</p>
-
-<ul>
- <li>New Configurationprovider type was introduced - ServletContextAwareConfigurationProvider, see WW-4410</li>
- <li>Setting status code in HttpHeaders isn’t ignored anymore, see WW-4545</li>
- <li>Spring BeanPostProcessor(s) are called only once to constructed objects., see WW-4554</li>
- <li>OGNL was upgraded to version 3.0.13, see WW-4562</li>
- <li>Tiles 2 Plugin was upgraded to latest available Tiles 2 version, see WW-4568</li>
- <li>A dedicated assembly with minimal set of jars was defined, see WW-4570</li>
- <li>Struts2 Rest plugin properly handles JSESSIONID with DMI, see WW-4585</li>
- <li>Improved the Struts2 Rest plugin to honor Accept header, see WW-4588</li>
- <li>MessageStoreInterceptor was refactored to use PreResultListener to store messages, see WW-4605</li>
- <li>A new annotation was added to support configuring Tiles - @TilesDefinition, see WW-4606</li>
-</ul>
-
-<p>and many other improvements, please check the version notes</p>
-
-<p>The 2.3.x series of the Apache Struts framework has a minimum requirement of the following specification versions:
-Servlet API 2.4, JSP API 2.0, and Java 6.</p>
-
-<p>Should any issues arise with your use of any version of the Struts framework, please post your comments
-to the user list, and, if appropriate, file a tracking ticket.</p>
-
-<h4 id="a20160126">26 January 2016 - Struts 2.5-BETA3 (BETA)</h4>
-
-<p>The Apache Struts group is pleased to announce that Struts 2.5-BETA3 is available as a “BETA” release.</p>
-
-<p>Apache Struts 2 is an elegant, extensible framework for creating enterprise-ready Java web applications.
-The framework is designed to streamline the full development cycle, from building, to deploying,
-to maintaining applications over time.</p>
-
-<p>This release contains several breaking changes and improvements just to mention few of them:</p>
-
-<ul>
- <li>Dropped support for id and name - replaced with var, see WW-2069</li>
- <li>Dedicated archive with a minimal set of dependencies was introduced, see WW-4570</li>
- <li>It is possible to use multiple names when defining a result, see WW-4590</li>
- <li>Rest plugin honors Accept header, see WW-4588</li>
- <li>New result ‘JSONActionRedirectResult’ in json-plugin was defined, see WW-4591</li>
- <li>Tiles plugin was upgrade to the latest Tiles 3 and tiles3-plugin was dropped, see WW-4584</li>
- <li>JasperReports plugins was upgraded to JasperReport 6.0, see WW-4381</li>
- <li>OGNL was upgraded to version 3.0.11 and it breaks access to properties as it follows Java Bean Specification,
-see WW-4207 and WW-3909
- <ul>
- <li>and then OGNL was upgraded to version 3.1.1, see WW-4561</li>
- <li>and then OGNL was upgraded to version 3.2.1, see WW-4577</li>
- </ul>
- </li>
-</ul>
-
-<p>and many other improvements, please check the version notes</p>
-
-<p>The 2.5.x series of the Apache Struts framework has a minimum requirement of the following specification versions:
-Servlet API 2.4, JSP API 2.0, and Java 7.</p>
-
-<p>Should any issues arise with your use of any version of the Struts framework, please post your comments
-to the user list, and, if appropriate, file a tracking ticket.</p>
-
<p class="pull-right">
- Skip to: <a href="announce-2015.html">Announcements - 2015</a>
+ Skip to: <a href="announce-2016.html">Announcements - 2016</a>
</p>
<p class="pull-left">
Modified: websites/production/struts/content/docs/ajax-validation.html
==============================================================================
--- websites/production/struts/content/docs/ajax-validation.html (original)
+++ websites/production/struts/content/docs/ajax-validation.html Fri Feb 3 13:47:41 2017
@@ -138,7 +138,16 @@ under the License.
<div class="pagecontent">
<div class="wiki-content">
- <div id="ConfluenceContent"><h2 id="AJAXValidation-Description">Description</h2><p>Struts provides <a shape="rect" href="client-validation.html">client side validation</a>(using JavaScript) for a few validators. Using AJAX validation, all <a shape="rect" href="validation.html">validators</a> available to the application on the server side can be used without forcing the page to reload, just to show validation errors. AJAX validation has a server side, which is in included in <a shape="rect" href="https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=34268">JSON Plugin</a> (an interceptor and a result). Client side must be handled by applictions themself. One reason for that is there are too many JavaScript frameworks and libraries. Struts has no preference which of them you use. Previous versions of Struts included a client side which was relying on the Dojo JS framework and was located in Struts Dojo plugin. That has been deprecated for a long time and was ev
entually removed.</p><h2 id="AJAXValidation-Example">Example</h2><p>This example is taken from the Struts showcase application.</p><h3 id="AJAXValidation-Createtheactionclass">Create the action class</h3><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
+ <div id="ConfluenceContent"><p><style type="text/css">/*<![CDATA[*/
+div.rbtoc1484828425540 {padding: 0px;}
+div.rbtoc1484828425540 ul {list-style: disc;margin-left: 0px;}
+div.rbtoc1484828425540 li {margin-left: 0px;padding-left: 0px;}
+
+/*]]>*/</style></p><div class="toc-macro rbtoc1484828425540">
+<ul class="toc-indentation"><li><a shape="rect" href="#AJAXValidation-Description">Description</a></li><li><a shape="rect" href="#AJAXValidation-Example">Example</a>
+<ul class="toc-indentation"><li><a shape="rect" href="#AJAXValidation-Createtheactionclass">Create the action class</a></li><li><a shape="rect" href="#AJAXValidation-MaptheAction">Map the Action</a></li><li><a shape="rect" href="#AJAXValidation-CreatetheJSP">Create the JSP</a></li><li><a shape="rect" href="#AJAXValidation-CustomTheme">Custom Theme</a></li><li><a shape="rect" href="#AJAXValidation-CSS">CSS</a></li><li><a shape="rect" href="#AJAXValidation-JavaScript">JavaScript</a></li></ul>
+</li><li><a shape="rect" href="#AJAXValidation-Howitworks">How it works</a></li><li><a shape="rect" href="#AJAXValidation-JSONValidationInterceptorparameters">JSONValidationInterceptor parameters</a></li><li><a shape="rect" href="#AJAXValidation-FlowchartofAJAXvalidation">Flow chart of AJAX validation</a></li></ul>
+</div><h2 id="AJAXValidation-Description">Description</h2><p>Struts provides <a shape="rect" href="client-validation.html">client side validation</a>(using JavaScript) for a few validators. Using AJAX validation, all <a shape="rect" href="validation.html">validators</a> available to the application on the server side can be used without forcing the page to reload, just to show validation errors. AJAX validation has a server side, which is in included in <a shape="rect" href="https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=34268">JSON Plugin</a> (an interceptor and a result). Client side must be handled by applictions themself. One reason for that is there are too many JavaScript frameworks and libraries. Struts has no preference which of them you use. Previous versions of Struts included a client side which was relying on the Dojo JS framework and was located in Struts Dojo plugin. That has been deprecated for a long time and was eventually removed.</p><h2 id="AJAXV
alidation-Example">Example</h2><p>This example is taken from the Struts showcase application.</p><h3 id="AJAXValidation-Createtheactionclass">Create the action class</h3><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
<pre class="brush: java; gutter: false; theme: Default" style="font-size:12px;">public class AjaxFormSubmitAction extends ActionSupport {
private String requiredValidatorField = null;
private String requiredStringValidatorField = null;
@@ -501,7 +510,7 @@ $(window).bind('load', function() {
</div></div><p>If <em>struts.validateOnly</em> is false the action and result are executed. In this case <em>jsonActionRedirect</em> result is very useful. It creates a JSON response in the form:</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
<pre class="brush: javascript; gutter: false; theme: Default" style="font-size:12px;">{"location": "<url to be loaded next>"}
</pre>
-</div></div><div class="confluence-information-macro confluence-information-macro-warning"><span class="aui-icon aui-icon-small aui-iconfont-error confluence-information-macro-icon"></span><div class="confluence-information-macro-body"><p>Remember to set struts.enableJSONValidation=true in the request to enable AJAX validation</p></div></div><p> </p><h2 id="AJAXValidation-FlowchartofAJAXvalidation">Flow chart of AJAX validation</h2><div class="confluence-information-macro confluence-information-macro-note"><span class="aui-icon aui-icon-small aui-iconfont-warning confluence-information-macro-icon"></span><div class="confluence-information-macro-body"><p>Some details are omitted, like results used.</p></div></div><div class="confluence-information-macro confluence-information-macro-note"><span class="aui-icon aui-icon-small aui-iconfont-warning confluence-information-macro-icon"></span><div class="confluence-information-macro-body"><p>As explained above: there is a case where fo
rm is submitted twice, one time as AJAX with validation only and another time as usual submit.</p></div></div><p><a shape="rect" href="ajax-validation.data/struts2-ajax-vali-flow.png?version=2&modificationDate=1454052624000&api=v2" data-linked-resource-id="61338002" data-linked-resource-version="2" data-linked-resource-type="attachment" data-linked-resource-default-alias="struts2-ajax-vali-flow.png" data-nice-type="Image" data-linked-resource-content-type="image/png" data-linked-resource-container-id="13850" data-linked-resource-container-version="41"><span class="confluence-embedded-file-wrapper"><img class="confluence-embedded-image" src="ajax-validation.data/struts2-ajax-vali-flow.png"></span></a></p><p> </p></div>
+</div></div><div class="confluence-information-macro confluence-information-macro-warning"><span class="aui-icon aui-icon-small aui-iconfont-error confluence-information-macro-icon"></span><div class="confluence-information-macro-body"><p>Remember to set struts.enableJSONValidation=true in the request to enable AJAX validation</p></div></div><h2 id="AJAXValidation-JSONValidationInterceptorparameters">JSONValidationInterceptor parameters</h2><p>The following request parameters can be used to enable exposing validation errors:</p><ul style="list-style-type: square;"><li><strong>struts.enableJSONValidation</strong> - a request parameter must be set to <strong>true</strong> to use this interceptor</li><li><strong>struts.validateOnly</strong> - If the request has this parameter, execution will return after validation (action won't be executed). If <strong>struts.validateOnly</strong> is set to false you may want to use <a shape="rect" class="createlink" href="https://cwiki
.apache.org/confluence/pages/createpage.action?spaceKey=WW&title=JSONActionRedirectResult&linkCreation=true&fromPageId=13850">JSONActionRedirectResult</a></li><li><strong>struts.JSONValidation.no.encoding</strong> - If the request has this parameter set to<strong> true,</strong> the character encoding will <strong>NOT</strong> be set on the response - is needed in portlet environment</li></ul><p>You can override names of these parameters by specifying the following parameters when setting up a stack:</p><ul style="list-style-type: square;"><li><strong>validateJsonParam</strong> - to override name of <strong>struts.enableJSONValidation</strong><strong><br clear="none"></strong></li><li><strong>validateOnlyParam</strong> - to override name of <strong>struts.validateOnly</strong></li><li><strong>noEncodingSetParam</strong> - to override name of <strong>struts.JSONValidation.no.encoding</strong></li><li><strong>validationFailedStatus</strong> - status to be se
t on response when there are validation errors, by default <strong>400</strong></li></ul><p><strong><br clear="none"></strong></p><div class="confluence-information-macro confluence-information-macro-note"><span class="aui-icon aui-icon-small aui-iconfont-warning confluence-information-macro-icon"></span><div class="confluence-information-macro-body"> Parameters overriding is available since Struts 2.5.9</div></div><h2 id="AJAXValidation-FlowchartofAJAXvalidation">Flow chart of AJAX validation</h2><div class="confluence-information-macro confluence-information-macro-note"><span class="aui-icon aui-icon-small aui-iconfont-warning confluence-information-macro-icon"></span><div class="confluence-information-macro-body"><p>Some details are omitted, like results used.</p></div></div><div class="confluence-information-macro confluence-information-macro-note"><span class="aui-icon aui-icon-small aui-iconfont-warning confluence-information-macro-icon"></span><div class="confluence-info
rmation-macro-body"><p>As explained above: there is a case where form is submitted twice, one time as AJAX with validation only and another time as usual submit.</p></div></div><p><a shape="rect" href="ajax-validation.data/struts2-ajax-vali-flow.png?version=2&modificationDate=1454052624000&api=v2" data-linked-resource-id="61338002" data-linked-resource-version="2" data-linked-resource-type="attachment" data-linked-resource-default-alias="struts2-ajax-vali-flow.png" data-nice-type="Image" data-linked-resource-content-type="image/png" data-linked-resource-container-id="13850" data-linked-resource-container-version="46"><span class="confluence-embedded-file-wrapper"><img class="confluence-embedded-image" src="ajax-validation.data/struts2-ajax-vali-flow.png"></span></a></p><p> </p></div>
</div>
Modified: websites/production/struts/content/docs/i18n-interceptor.html
==============================================================================
--- websites/production/struts/content/docs/i18n-interceptor.html (original)
+++ websites/production/struts/content/docs/i18n-interceptor.html Fri Feb 3 13:47:41 2017
@@ -138,19 +138,17 @@ under the License.
<div class="pagecontent">
<div class="wiki-content">
- <div id="ConfluenceContent"><div class="error"><span class="error">Error formatting macro: snippet: java.lang.IndexOutOfBoundsException: Index: 20, Size: 20</span> </div>
+ <div id="ConfluenceContent"><h2 id="I18nInterceptor-Description">Description</h2><p>An interceptor that handles setting the locale specified in a session as the locale for the current action request. In addition, this interceptor will look for a specific HTTP request parameter and set the locale to whatever value is provided, it also looks for specific cookie to read locale from. This means that this interceptor can be used to allow for your application to dynamically change the locale for the user's session or, alternatively, only for the current  request. This is very useful for applications that require multi-lingual support and want the user to be able to set his or her language preference at any point. The locale parameter is removed during the execution of this interceptor, ensuring that properties aren't set on an action (such as request_locale) that have no typical corresponding setter in your action.</p><p>For example, using the default parameter name, a re
quest to <strong>foo.action?request_locale=en_US</strong>, then the locale for US English is saved in the user's session and will be used for all future requests. If there is no locale set (for example with the first visit), the interceptor uses the browser locale.</p><h2 id="I18nInterceptor-Parameters">Parameters</h2><ul style="list-style-type: square;"><li><strong>parameterName</strong> (optional) - the name of the HTTP request parameter that dictates the locale to switch to and save in the session. By default this is <strong>request_locale</strong></li><li><strong>requestCookieParameterName</strong> (optional) - the name of the HTTP request parameter that dictates the locale to switch to and save in a cookie. By default this is <strong>request_cookie_locale</strong></li><li><strong>requestOnlyParameterName</strong> (optional) - the name of the HTTP request parameter that dictates the locale to switch to for the current request only, without saving it in the session. By default th
is is <strong>request_only_locale</strong></li><li><strong>attributeName</strong> (optional) - the name of the session key to store the selected locale. By default this is <strong>WW_TRANS_I18N_LOCALE</strong></li><li><strong>localeStorage</strong> (optional) - the name of storage location, it can be <strong>none</strong>, <strong>session</strong> or <strong>cookie</strong>. By default this is <strong>session</strong></li></ul><h2 id="I18nInterceptor-Examples">Examples</h2><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
+<pre class="brush: xml; gutter: false; theme: Default" style="font-size:12px;"><interceptor name="i18nCookie" class="org.apache.struts2.interceptor.I18nInterceptor"/>
-<h2 id="I18nInterceptor-Parameters">Parameters</h2>
-
-<div class="error"><span class="error">Error formatting macro: snippet: java.lang.IndexOutOfBoundsException: Index: 20, Size: 20</span> </div>
-
-<h2 id="I18nInterceptor-ExtendingtheInterceptor">Extending the Interceptor</h2>
-
-<div class="error"><span class="error">Error formatting macro: snippet: java.lang.IndexOutOfBoundsException: Index: 20, Size: 20</span> </div>
-
-<h2 id="I18nInterceptor-Examples">Examples</h2>
-
-<div class="error"><span class="error">Error formatting macro: snippet: java.lang.IndexOutOfBoundsException: Index: 20, Size: 20</span> </div></div>
+<action name="someAction" class="com.examples.SomeAction">
+ <interceptor-ref name="i18nCookie">
+ <param name="localeStorage">cookie</param>
+ </interceptor-ref>
+ <interceptor-ref name="basicStack"/>
+ <result name="success">good_result.ftl</result>
+</action></pre>
+</div></div><p> </p><p> </p></div>
</div>