Author: lukaszlenart
Date: Tue Jun 4 14:47:50 2013
New Revision: 864360
Log:
Updates draft docs
Modified:
websites/production/struts/content/development/2.x/docs/building-struts-2-fast-track-release.html
websites/production/struts/content/development/2.x/docs/guides.html
websites/production/struts/content/development/2.x/docs/hello-world-using-struts-2.html
websites/production/struts/content/development/2.x/docs/migration-guide.html
websites/production/struts/content/development/2.x/docs/security-bulletins.html
websites/production/struts/content/development/2.x/docs/struts-next.html
websites/production/struts/content/development/2.x/docs/using-struts-2-tags.html
Modified:
websites/production/struts/content/development/2.x/docs/building-struts-2-fast-track-release.html
==============================================================================
---
websites/production/struts/content/development/2.x/docs/building-struts-2-fast-track-release.html
(original)
+++
websites/production/struts/content/development/2.x/docs/building-struts-2-fast-track-release.html
Tue Jun 4 14:47:50 2013
@@ -125,35 +125,33 @@ under the License.
<DIV class="wiki-content">
<H1><A
name="BuildingStruts2-Fasttrackrelease-Content"></A>Content</H1>
<STYLE type="text/css">/*<![CDATA[*/
-div.rbtoc1366362432289 {margin-left: 0px;padding: 0px;}
-div.rbtoc1366362432289 ul {list-style: none;margin-left: 0px;}
-div.rbtoc1366362432289 li {margin-left: 0px;padding-left: 0px;}
+div.rbtoc1370246252845 {margin-left: 0px;padding: 0px;}
+div.rbtoc1370246252845 ul {list-style: none;margin-left: 0px;}
+div.rbtoc1370246252845 li {margin-left: 0px;padding-left: 0px;}
-/*]]>*/</STYLE><DIV class="rbtoc1366362432289">
+/*]]>*/</STYLE><DIV class="rbtoc1370246252845">
<UL>
<LI><SPAN class="TOCOutline">1</SPAN> <A
href="#BuildingStruts2-Fasttrackrelease-BuildingSteps%2528Struts%2529">Building
Steps (Struts)</A></LI>
<UL>
<LI><SPAN class="TOCOutline">1.1</SPAN> <A
href="#BuildingStruts2-Fasttrackrelease-Gettingready">Getting ready</A></LI>
- <LI><SPAN class="TOCOutline">1.2</SPAN> <A
href="#BuildingStruts2-Fasttrackrelease-Obtainafreshcheckout.">Obtain a fresh
checkout.</A></LI>
- <LI><SPAN class="TOCOutline">1.3</SPAN> <A
href="#BuildingStruts2-Fasttrackrelease-Changesitetarget">Change site
target</A></LI>
- <LI><SPAN class="TOCOutline">1.4</SPAN> <A
href="#BuildingStruts2-Fasttrackrelease-Changescminfo">Change scm info</A></LI>
- <LI><SPAN class="TOCOutline">1.5</SPAN> <A
href="#BuildingStruts2-Fasttrackrelease-ReverttoSNAPSHOT">Revert to
-SNAPSHOT</A></LI>
- <LI><SPAN class="TOCOutline">1.6</SPAN> <A
href="#BuildingStruts2-Fasttrackrelease-Updateversionofarchetypes">Update
version of archetypes</A></LI>
- <LI><SPAN class="TOCOutline">1.7</SPAN> <A
href="#BuildingStruts2-Fasttrackrelease-Preparerelease">Prepare release</A></LI>
- <LI><SPAN class="TOCOutline">1.8</SPAN> <A
href="#BuildingStruts2-Fasttrackrelease-Performtherelease">Perform the
release</A></LI>
- <LI><SPAN class="TOCOutline">1.9</SPAN> <A
href="#BuildingStruts2-Fasttrackrelease-Movetheassembliestothe%252Fwww%252Fpeople.apache.org%252Fbuilds%252Fstruts%252F%2524VERSIONdir">Move
the assemblies to the /www/people.apache.org/builds/struts/$VERSION
dir</A></LI>
- <LI><SPAN class="TOCOutline">1.10</SPAN> <A
href="#BuildingStruts2-Fasttrackrelease-Jirastuff">Jira stuff</A></LI>
- <LI><SPAN class="TOCOutline">1.11</SPAN> <A
href="#BuildingStruts2-Fasttrackrelease-Voteonit">Vote on it</A></LI>
- <LI><SPAN class="TOCOutline">1.12</SPAN> <A
href="#BuildingStruts2-Fasttrackrelease-Copyfiles">Copy files</A></LI>
- <LI><SPAN class="TOCOutline">1.13</SPAN> <A
href="#BuildingStruts2-Fasttrackrelease-Promoterelease">Promote release</A></LI>
- <LI><SPAN class="TOCOutline">1.14</SPAN> <A
href="#BuildingStruts2-Fasttrackrelease-Cleanupoldreleases">Clean up old
releases</A></LI>
- <LI><SPAN class="TOCOutline">1.15</SPAN> <A
href="#BuildingStruts2-Fasttrackrelease-Waitforrsync">Wait for rsync</A></LI>
- <LI><SPAN class="TOCOutline">1.16</SPAN> <A
href="#BuildingStruts2-Fasttrackrelease-%2528Optional%2529UpdateSecurityBulletins">(Optional)
- Update Security Bulletins</A></LI>
- <LI><SPAN class="TOCOutline">1.17</SPAN> <A
href="#BuildingStruts2-Fasttrackrelease-Updatesite%2528Struts2site%2529">Update
site (Struts 2 site)</A></LI>
- <LI><SPAN class="TOCOutline">1.18</SPAN> <A
href="#BuildingStruts2-Fasttrackrelease-Updatesite%2528Strutstoplevelsite%2529">Update
site (Struts top level site)</A></LI>
- <LI><SPAN class="TOCOutline">1.19</SPAN> <A
href="#BuildingStruts2-Fasttrackrelease-Redeploythedraftdocs">Redeploy the
draft docs</A></LI>
- <LI><SPAN class="TOCOutline">1.20</SPAN> <A
href="#BuildingStruts2-Fasttrackrelease-Permissions">Permissions</A></LI>
- <LI><SPAN class="TOCOutline">1.21</SPAN> <A
href="#BuildingStruts2-Fasttrackrelease-Postannouncements">Post
announcements</A></LI>
+ <LI><SPAN class="TOCOutline">1.2</SPAN> <A
href="#BuildingStruts2-Fasttrackrelease-Obtainafreshcheckoutofcreatedbranch.">Obtain
a fresh checkout of created branch.</A></LI>
+ <LI><SPAN class="TOCOutline">1.3</SPAN> <A
href="#BuildingStruts2-Fasttrackrelease-Updateversionofarchetypes">Update
version of archetypes</A></LI>
+ <LI><SPAN class="TOCOutline">1.4</SPAN> <A
href="#BuildingStruts2-Fasttrackrelease-Applysecuritypatch">Apply security
patch</A></LI>
+ <LI><SPAN class="TOCOutline">1.5</SPAN> <A
href="#BuildingStruts2-Fasttrackrelease-Preparerelease">Prepare release</A></LI>
+ <LI><SPAN class="TOCOutline">1.6</SPAN> <A
href="#BuildingStruts2-Fasttrackrelease-Performtherelease">Perform the
release</A></LI>
+ <LI><SPAN class="TOCOutline">1.7</SPAN> <A
href="#BuildingStruts2-Fasttrackrelease-Movetheassembliestothe%252Fwww%252Fpeople.apache.org%252Fbuilds%252Fstruts%252F%2524VERSIONdir">Move
the assemblies to the /www/people.apache.org/builds/struts/$VERSION
dir</A></LI>
+ <LI><SPAN class="TOCOutline">1.8</SPAN> <A
href="#BuildingStruts2-Fasttrackrelease-Jirastuff">Jira stuff</A></LI>
+ <LI><SPAN class="TOCOutline">1.9</SPAN> <A
href="#BuildingStruts2-Fasttrackrelease-Voteonit">Vote on it</A></LI>
+ <LI><SPAN class="TOCOutline">1.10</SPAN> <A
href="#BuildingStruts2-Fasttrackrelease-Copyfiles">Copy files</A></LI>
+ <LI><SPAN class="TOCOutline">1.11</SPAN> <A
href="#BuildingStruts2-Fasttrackrelease-Promoterelease">Promote release</A></LI>
+ <LI><SPAN class="TOCOutline">1.12</SPAN> <A
href="#BuildingStruts2-Fasttrackrelease-Cleanupoldreleases">Clean up old
releases</A></LI>
+ <LI><SPAN class="TOCOutline">1.13</SPAN> <A
href="#BuildingStruts2-Fasttrackrelease-Waitforrsync">Wait for rsync</A></LI>
+ <LI><SPAN class="TOCOutline">1.14</SPAN> <A
href="#BuildingStruts2-Fasttrackrelease-%2528Optional%2529UpdateSecurityBulletins">(Optional)
- Update Security Bulletins</A></LI>
+ <LI><SPAN class="TOCOutline">1.15</SPAN> <A
href="#BuildingStruts2-Fasttrackrelease-Updatesite%2528Struts2site%2529">Update
site (Struts 2 site)</A></LI>
+ <LI><SPAN class="TOCOutline">1.16</SPAN> <A
href="#BuildingStruts2-Fasttrackrelease-Updatesite%2528Strutstoplevelsite%2529">Update
site (Struts top level site)</A></LI>
+ <LI><SPAN class="TOCOutline">1.17</SPAN> <A
href="#BuildingStruts2-Fasttrackrelease-Redeploythedraftdocs">Redeploy the
draft docs</A></LI>
+ <LI><SPAN class="TOCOutline">1.18</SPAN> <A
href="#BuildingStruts2-Fasttrackrelease-Permissions">Permissions</A></LI>
+ <LI><SPAN class="TOCOutline">1.19</SPAN> <A
href="#BuildingStruts2-Fasttrackrelease-Postannouncements">Post
announcements</A></LI>
</UL>
</UL></DIV>
@@ -161,17 +159,12 @@ div.rbtoc1366362432289 li {margin-left:
<H3><A name="BuildingStruts2-Fasttrackrelease-Gettingready"></A>Getting
ready</H3>
<OL>
- <LI>When a serious security issue arises, we should try to create a
<TT>STRUTS_#_#_#_X</TT> branch from the last GA release
(from tag).
+ <LI>When a serious security issue arises, we should try to create a
<TT>STRUTS_#_#_#_X</TT> branch from the last GA release
(from tag - check it out and use <TT>mvn release:branch</TT> as below).
<DIV class="preformatted panel" style="border-width: 1px;"><DIV
class="preformattedContent panelContent">
-<PRE>mvn release:branch -DbranchName=STRUTS_#_#_#_X
+<PRE>mvn release:branch -DbranchName=STRUTS_#_#_#_X
-DupdateBranchVersions=true -DupdateWorkingCopyVersions=false
-DautoVersionSubmodules=true
</PRE>
</DIV></DIV>
-<P>Read the <A
href="http://maven.apache.org/maven-release/maven-release-plugin/examples/branch.html";
class="external-link" rel="nofollow">maven release:branch</A> docs for further
details or alternatively </P>
-<DIV class="preformatted panel" style="border-width: 1px;"><DIV
class="preformattedContent panelContent">
-<PRE>svn copy
https://svn.apache.org/repos/asf/struts/struts2/tags/STRUTS_#_#_#
https://svn.apache.org/repos/asf/struts/struts2/branches/STRUTS_#_#_#_X -m
"Creating new branch"
-</PRE>
-</DIV></DIV>
-<DIV class="panelMacro"><TABLE class="noteMacro"><COLGROUP><COL
width="24"><COL></COLGROUP><TR><TD valign="top"><IMG
src="https://cwiki.apache.org/confluence/images/icons/emoticons/warning.gif";
width="16" height="16" align="absmiddle" alt="" border="0"></TD><TD>The svn
copy command just copies the struts branch from the struts tags, no info about
the version will be changed, you have to update in the next steps <A
href="#BuildingStruts2-Fasttrackrelease-Changescminfo">Change scm
info</A>.</TD></TR></TABLE></DIV></LI>
+<P>Read the <A
href="http://maven.apache.org/maven-release/maven-release-plugin/examples/branch.html";
class="external-link" rel="nofollow">maven release:branch</A> docs for further
details or alternatively </P></LI>
<LI>Apply to that branch only the security patch</LI>
<LI>Commit the fix. No reference should be make to the commit being
related to a security vulnerability.</LI>
<LI>If the patch first applies to some other dependency, implore the
other group to do the same, to avoid side-effects from other changes.</LI>
@@ -181,57 +174,19 @@ div.rbtoc1366362432289 li {margin-left:
</OL>
-<H3><A
name="BuildingStruts2-Fasttrackrelease-Obtainafreshcheckout."></A>Obtain a
fresh checkout.</H3>
+<H3><A
name="BuildingStruts2-Fasttrackrelease-Obtainafreshcheckoutofcreatedbranch."></A>Obtain
a fresh checkout of created branch.</H3>
<DIV class="code panel" style="border-width: 1px;"><DIV class="codeContent
panelContent">
<PRE class="code-java">
svn co https:<SPAN
class="code-comment">//svn.apache.org/repos/asf/struts/struts2/branches/STRUTS_#_#_#_X
STRUTS_#_#_#_X</SPAN>
</PRE>
</DIV></DIV>
-<H3><A name="BuildingStruts2-Fasttrackrelease-Changesitetarget"></A>Change
site target</H3>
-
-<P>Edit the top pom.xml file and replace 2.x the url below with version number
that's going to be released</P>
-
-<DIV class="code panel" style="border-width: 1px;"><DIV class="codeContent
panelContent">
-<PRE class="code-xml">
- <SPAN class="code-tag"><distributionManagement></SPAN>
- <SPAN class="code-tag"><site></SPAN>
- <SPAN class="code-tag"><id></SPAN>apache-site<SPAN
class="code-tag"></id></SPAN>
- <SPAN
class="code-tag"><url></SPAN>scp://people.apache.org/www/struts.apache.org/2.x/<SPAN
class="code-tag"></url></SPAN>
- <SPAN class="code-tag"></site></SPAN>
- <SPAN class="code-tag"></distributionManagement></SPAN>
-</PRE>
-</DIV></DIV>
-
-<H3><A name="BuildingStruts2-Fasttrackrelease-Changescminfo"></A>Change scm
info</H3>
-
-<P>If you created the branch through the mvn release:branch command your scm
info should be already fine.</P>
-
-<P>Edit every pom.xml files and replace the url inside the scm info such that
points to the branch version previously created:</P>
-
-<DIV class="code panel" style="border-width: 1px;"><DIV class="codeContent
panelContent">
-<PRE class="code-xml">
-<SPAN class="code-tag"><scm></SPAN>
- <SPAN
class="code-tag"><connection></SPAN>scm:svn:http://svn.apache.org/repos/asf/struts/struts2/branches/STRUTS_#_#_#_X<SPAN
class="code-tag"></connection></SPAN>
- <SPAN
class="code-tag"><developerConnection></SPAN>scm:svn:https://svn.apache.org/repos/asf/struts/struts2/branches/STRUTS_#_#_#_X<SPAN
class="code-tag"></developerConnection></SPAN>
- <SPAN
class="code-tag"><url></SPAN>http://svn.apache.org/viewcvs.cgi/struts/struts2/branches/STRUTS_#_#_#_X<SPAN
class="code-tag"></url></SPAN>
-<SPAN class="code-tag"></scm></SPAN>
-</PRE>
-</DIV></DIV>
-
-<P>commit the change</P>
-
-<H3><A name="BuildingStruts2-Fasttrackrelease-ReverttoSNAPSHOT"></A>Revert to
-SNAPSHOT</H3>
-
-<P>Maven the release plugin can create a release only from -SNAPSHOT version,
replace the current version in all poms with the planned release version plus
-SNASPHOT suffix, eg.</P>
-
-<P>2.3.1 -> 2.3.1.1-SNAPSHOT</P>
-
-<P>build locally and commit</P>
-
<H3><A
name="BuildingStruts2-Fasttrackrelease-Updateversionofarchetypes"></A>Update
version of archetypes</H3>
<P>Edit <TT>src/site/resources/archetype-catalog.xml</TT> and change version
of archetypes to current $VERSION, save and commit.</P>
+<H3><A name="BuildingStruts2-Fasttrackrelease-Applysecuritypatch"></A>Apply
security patch</H3>
+<P>Apply and commit security patch.</P>
+
<H3><A name="BuildingStruts2-Fasttrackrelease-Preparerelease"></A>Prepare
release</H3>
<P>Tag the release by using the "release:prepare" goal of Maven: </P>
<DIV class="code panel" style="border-width: 1px;"><DIV class="codeContent
panelContent">
Modified: websites/production/struts/content/development/2.x/docs/guides.html
==============================================================================
--- websites/production/struts/content/development/2.x/docs/guides.html
(original)
+++ websites/production/struts/content/development/2.x/docs/guides.html Tue Jun
4 14:47:50 2013
@@ -352,7 +352,8 @@ under the License.
<H3><A name="Guides-VersionNotes2.3.x"></A>Version Notes 2.3.x</H3>
<UL>
- <LI><A href="version-notes-2315.html" title="Version Notes
2.3.15">Version Notes 2.3.15</A></LI>
+ <LI><A href="version-notes-2315.html" title="Version Notes
2.3.15">Version Notes 2.3.15</A> - TBR</LI>
+ <LI><A
href="https://cwiki.apache.org/confluence/display/WW/Version%20Notes%202.3.14.3";
title="Version Notes 2.3.14.3">Version Notes 2.3.14.3</A></LI>
<LI><A href="version-notes-23142.html" title="Version Notes
2.3.14.2">Version Notes 2.3.14.2</A></LI>
<LI><A href="version-notes-23141.html" title="Version Notes
2.3.14.1">Version Notes 2.3.14.1</A></LI>
<LI><A href="version-notes-2314.html" title="Version Notes
2.3.14">Version Notes 2.3.14</A></LI>
Modified:
websites/production/struts/content/development/2.x/docs/hello-world-using-struts-2.html
==============================================================================
---
websites/production/struts/content/development/2.x/docs/hello-world-using-struts-2.html
(original)
+++
websites/production/struts/content/development/2.x/docs/hello-world-using-struts-2.html
Tue Jun 4 14:47:50 2013
@@ -148,7 +148,7 @@ under the License.
<DIV class="panelMacro"><TABLE class="infoMacro"><COLGROUP><COL
width="24"><COL></COLGROUP><TR><TD valign="top"><IMG
src="https://cwiki.apache.org/confluence/images/icons/emoticons/information.gif";
width="16" height="16" align="absmiddle" alt="" border="0"></TD><TD>Note that
in the code shown below the JavaDoc comments are omitted. In the download
example, JavaDoc comments are included.</TD></TR></TABLE></DIV>
-<DIV class="code panel" style="border-width: 1px;"><DIV class="codeHeader
panelHeader" style="border-bottom-width: 1px;"><B>Message.java</B></DIV><DIV
class="codeContent panelContent">
+<DIV class="code panel" style="border-width: 1px;"><DIV class="codeHeader
panelHeader" style="border-bottom-width:
1px;"><B>MessageStore.java</B></DIV><DIV class="codeContent panelContent">
<PRE class="code-java">
<SPAN class="code-keyword">package</SPAN> org.apache.struts.helloworld.model;
Modified:
websites/production/struts/content/development/2.x/docs/migration-guide.html
==============================================================================
---
websites/production/struts/content/development/2.x/docs/migration-guide.html
(original)
+++
websites/production/struts/content/development/2.x/docs/migration-guide.html
Tue Jun 4 14:47:50 2013
@@ -129,7 +129,8 @@ under the License.
<H3><A name="MigrationGuide-VersionNotes2.3.x"></A>Version Notes 2.3.x</H3>
<UL>
- <LI><A href="version-notes-2315.html" title="Version Notes
2.3.15">Version Notes 2.3.15</A></LI>
+ <LI><A href="version-notes-2315.html" title="Version Notes
2.3.15">Version Notes 2.3.15</A> - TBR</LI>
+ <LI><A
href="https://cwiki.apache.org/confluence/display/WW/Version%20Notes%202.3.14.3";
title="Version Notes 2.3.14.3">Version Notes 2.3.14.3</A></LI>
<LI><A href="version-notes-23142.html" title="Version Notes
2.3.14.2">Version Notes 2.3.14.2</A></LI>
<LI><A href="version-notes-23141.html" title="Version Notes
2.3.14.1">Version Notes 2.3.14.1</A></LI>
<LI><A href="version-notes-2314.html" title="Version Notes
2.3.14">Version Notes 2.3.14</A></LI>
@@ -440,6 +441,12 @@ under the License.
<A href="version-notes-2315.html" title="Version
Notes 2.3.15">Version Notes 2.3.15</A>
<SPAN class="smalltext">(Apache Struts 2 Documentation)</SPAN>
<BR>
+ <A href="version-notes-23142.html" title="Version
Notes 2.3.14.2">Version Notes 2.3.14.2</A>
+ <SPAN class="smalltext">(Apache Struts 2 Documentation)</SPAN>
+ <BR>
+ <A
href="https://cwiki.apache.org/confluence/display/WW/Version%20Notes%202.3.14.3";
title="Version Notes 2.3.14.3">Version Notes 2.3.14.3</A>
+ <SPAN class="smalltext">(Apache Struts 2 Documentation)</SPAN>
+ <BR>
</DIV>
</DIV>
Modified:
websites/production/struts/content/development/2.x/docs/security-bulletins.html
==============================================================================
---
websites/production/struts/content/development/2.x/docs/security-bulletins.html
(original)
+++
websites/production/struts/content/development/2.x/docs/security-bulletins.html
Tue Jun 4 14:47:50 2013
@@ -125,7 +125,7 @@ under the License.
<DIV class="wiki-content">
<P>The following security bulletins are available:</P>
-<UL><LI><A href="s2-001.html" title="S2-001">S2-001</A> — <SPAN
class="smalltext">Remote code exploit on form validation
error</SPAN></LI><LI><A href="s2-002.html" title="S2-002">S2-002</A> —
<SPAN class="smalltext">Cross site scripting (XSS) vulnerability on
<s:url> and <s:a> tags</SPAN></LI><LI><A href="s2-003.html"
title="S2-003">S2-003</A> — <SPAN class="smalltext">XWork
ParameterInterceptors bypass allows OGNL statement execution</SPAN></LI><LI><A
href="s2-004.html" title="S2-004">S2-004</A> — <SPAN
class="smalltext">Directory traversal vulnerability while serving static
content</SPAN></LI><LI><A href="s2-005.html" title="S2-005">S2-005</A> —
<SPAN class="smalltext">XWork ParameterInterceptors bypass allows remote
command execution</SPAN></LI><LI><A href="s2-006.html"
title="S2-006">S2-006</A> — <SPAN class="smalltext">Multiple Cross-Site
Scripting (XSS) in XWork generated error pages</SPAN></LI><LI><A
href="s2-007.html" t
itle="S2-007">S2-007</A> — <SPAN class="smalltext">User input is
evaluated as an OGNL expression when there's a conversion
error</SPAN></LI><LI><A href="s2-008.html" title="S2-008">S2-008</A> —
<SPAN class="smalltext">Multiple critical vulnerabilities in
Struts2</SPAN></LI><LI><A href="s2-009.html" title="S2-009">S2-009</A> —
<SPAN class="smalltext">ParameterInterceptor vulnerability allows remote
command execution</SPAN></LI><LI><A href="s2-010.html"
title="S2-010">S2-010</A> — <SPAN class="smalltext">When using Struts 2
token mechanism for CSRF protection, token check may be bypassed by misusing
known session attributes</SPAN></LI><LI><A href="s2-011.html"
title="S2-011">S2-011</A> — <SPAN class="smalltext">Long request
parameter names might significantly promote the effectiveness of DOS
attacks</SPAN></LI><LI><A href="s2-012.html" title="S2-012">S2-012</A> —
<SPAN class="smalltext">Showcase app vulnerability allows remote command execut
ion</SPAN></LI><LI><A href="s2-013.html" title="S2-013">S2-013</A> —
<SPAN class="smalltext">A vulnerability, present in the <EM>includeParams</EM>
attribute of the <EM>URL</EM> and <EM>Anchor</EM> Tag, allows remote command
execution</SPAN></LI><LI><A href="s2-014.html" title="S2-014">S2-014</A>
— <SPAN class="smalltext">A vulnerability introduced by forcing parameter
inclusion in the <EM>URL</EM> and <EM>Anchor</EM> Tag allows remote command
execution, session access and manipulation and XSS attacks</SPAN></LI></UL>
+<UL><LI><A href="s2-001.html" title="S2-001">S2-001</A> — <SPAN
class="smalltext">Remote code exploit on form validation
error</SPAN></LI><LI><A href="s2-002.html" title="S2-002">S2-002</A> —
<SPAN class="smalltext">Cross site scripting (XSS) vulnerability on
<s:url> and <s:a> tags</SPAN></LI><LI><A href="s2-003.html"
title="S2-003">S2-003</A> — <SPAN class="smalltext">XWork
ParameterInterceptors bypass allows OGNL statement execution</SPAN></LI><LI><A
href="s2-004.html" title="S2-004">S2-004</A> — <SPAN
class="smalltext">Directory traversal vulnerability while serving static
content</SPAN></LI><LI><A href="s2-005.html" title="S2-005">S2-005</A> —
<SPAN class="smalltext">XWork ParameterInterceptors bypass allows remote
command execution</SPAN></LI><LI><A href="s2-006.html"
title="S2-006">S2-006</A> — <SPAN class="smalltext">Multiple Cross-Site
Scripting (XSS) in XWork generated error pages</SPAN></LI><LI><A
href="s2-007.html" t
itle="S2-007">S2-007</A> — <SPAN class="smalltext">User input is
evaluated as an OGNL expression when there's a conversion
error</SPAN></LI><LI><A href="s2-008.html" title="S2-008">S2-008</A> —
<SPAN class="smalltext">Multiple critical vulnerabilities in
Struts2</SPAN></LI><LI><A href="s2-009.html" title="S2-009">S2-009</A> —
<SPAN class="smalltext">ParameterInterceptor vulnerability allows remote
command execution</SPAN></LI><LI><A href="s2-010.html"
title="S2-010">S2-010</A> — <SPAN class="smalltext">When using Struts 2
token mechanism for CSRF protection, token check may be bypassed by misusing
known session attributes</SPAN></LI><LI><A href="s2-011.html"
title="S2-011">S2-011</A> — <SPAN class="smalltext">Long request
parameter names might significantly promote the effectiveness of DOS
attacks</SPAN></LI><LI><A href="s2-012.html" title="S2-012">S2-012</A> —
<SPAN class="smalltext">Showcase app vulnerability allows remote command execut
ion</SPAN></LI><LI><A href="s2-013.html" title="S2-013">S2-013</A> —
<SPAN class="smalltext">A vulnerability, present in the <EM>includeParams</EM>
attribute of the <EM>URL</EM> and <EM>Anchor</EM> Tag, allows remote command
execution</SPAN></LI><LI><A href="s2-014.html" title="S2-014">S2-014</A>
— <SPAN class="smalltext">A vulnerability introduced by forcing parameter
inclusion in the <EM>URL</EM> and <EM>Anchor</EM> Tag allows remote command
execution, session access and manipulation and XSS attacks</SPAN></LI><LI><A
href="https://cwiki.apache.org/confluence/display/WW/S2-015";
title="S2-015">S2-015</A> — <SPAN class="smalltext">A vulnerability
introduced by wildcard matching mechanism or double evaluation of OGNL
Expression allows remote command execution</SPAN></LI></UL>
</DIV>
<DIV class="tabletitle">
@@ -178,6 +178,9 @@ under the License.
<A href="s2-014.html" title="S2-014">S2-014</A>
<SPAN class="smalltext">(Apache Struts 2 Documentation)</SPAN>
<BR>
+ <A
href="https://cwiki.apache.org/confluence/display/WW/S2-015";
title="S2-015">S2-015</A>
+ <SPAN class="smalltext">(Apache Struts 2 Documentation)</SPAN>
+ <BR>
</DIV>
</DIV>
Modified:
websites/production/struts/content/development/2.x/docs/struts-next.html
==============================================================================
--- websites/production/struts/content/development/2.x/docs/struts-next.html
(original)
+++ websites/production/struts/content/development/2.x/docs/struts-next.html
Tue Jun 4 14:47:50 2013
@@ -185,7 +185,7 @@ under the License.
<H3><A name="StrutsNext-Cleanupwebsite"></A>Cleanup website</H3>
-<P>There should be just one project website - Apache Struts. Right now there
is the main website - Apache Struts project, subsite Apache Struts 1 and
another subsite Apache Struts 2. After announcing EOL of Struts 1, we basically
supporting just one version or rather brunch - Apache Struts 2 which should be
at some point converted just into Apache Struts (version 2.5, version 3.0,
version 3.1, etc.).</P>
+<P>There should be just one project website - Apache Struts. Right now there
is the main website - Apache Struts project, subsite Apache Struts 1 and
another subsite Apache Struts 2. After announcing EOL of Struts 1, we basically
supporting just one version or rather branch - Apache Struts 2 which should be
at some point converted just into Apache Struts (version 2.5, version 3.0,
version 3.1, etc.).</P>
<P>With that in mind we should have just one website to manage the project.</P>
Modified:
websites/production/struts/content/development/2.x/docs/using-struts-2-tags.html
==============================================================================
---
websites/production/struts/content/development/2.x/docs/using-struts-2-tags.html
(original)
+++
websites/production/struts/content/development/2.x/docs/using-struts-2-tags.html
Tue Jun 4 14:47:50 2013
@@ -276,7 +276,7 @@ If you want to actually read the Struts
<P>As discussed in the <A href="hello-world-using-struts-2.html" title="Hello
World Using Struts 2">Hello World</A> tutorial, the value of
"messageStore.message" instructs Struts 2 to first call method
getMessageStore of the Action class. That method call returns a MessageStore
object. The ".message" part instructs Struts 2 to call the
getMessage method of the MessageStore object. The getMessage method returns a
String which will be included in the HTML returned to the browser.</P>
-<P>On very useful feature of the Struts 2 property tag is that it will
automatically convert the most common data types (int, double, boolean) to
their String equivalents. To demonstrate this feature let's add a static int
variable to class HelloWorldAction.</P>
+<P>One very useful feature of the Struts 2 property tag is that it will
automatically convert the most common data types (int, double, boolean) to
their String equivalents. To demonstrate this feature let's add a static int
variable to class HelloWorldAction.</P>
<DIV class="code panel" style="border-width: 1px;"><DIV class="codeHeader
panelHeader" style="border-bottom-width: 1px;"><B>Add Static
Field</B></DIV><DIV class="codeContent panelContent">
<PRE class="code-java">
![https://cwiki.apache.org/confluence/images/icons/emoticons/warning.gif"](https://cwiki.apache.org/confluence/images/icons/emoticons/warning.gif"){kind=link}
![https://cwiki.apache.org/confluence/images/icons/emoticons/information.gif"](https://cwiki.apache.org/confluence/images/icons/emoticons/information.gif"){kind=link}