Author: lukaszlenart
Date: Tue Dec 6 10:03:13 2016
New Revision: 1002261
Log:
Updates production
Added:
websites/production/struts/content/docs/version-notes-258.html
Modified:
websites/production/struts/content/docs/s2-023.html
websites/production/struts/content/docs/s2-044.html
Modified: websites/production/struts/content/docs/s2-023.html
==============================================================================
--- websites/production/struts/content/docs/s2-023.html (original)
+++ websites/production/struts/content/docs/s2-023.html Tue Dec 6 10:03:13 2016
@@ -125,7 +125,7 @@ under the License.
<div class="pagecontent">
<div class="wiki-content">
- <div id="ConfluenceContent"><h2
id="S2-023-Summary">Summary</h2>Generated value of token can be predictable<div
class="table-wrap"><table class="confluenceTable"><tbody><tr><th colspan="1"
rowspan="1" class="confluenceTh"><p>Who should read this</p></th><td
colspan="1" rowspan="1" class="confluenceTd"><p>All Struts 2 developers and
users</p></td></tr><tr><th colspan="1" rowspan="1"
class="confluenceTh"><p>Impact of vulnerability</p></th><td colspan="1"
rowspan="1" class="confluenceTd"><p>The attacker make a specially craft form
using the predicted token that force an action to a logged-in user
(CSRF).</p></td></tr><tr><th colspan="1" rowspan="1"
class="confluenceTh"><p>Maximum security rating</p></th><td colspan="1"
rowspan="1" class="confluenceTd"><p>Medium</p></td></tr><tr><th colspan="1"
rowspan="1" class="confluenceTh"><p>Recommendation</p></th><td colspan="1"
rowspan="1" class="confluenceTd"><p>Developers should immediately upgrade to <a
shape="rect" class="external
-link" href="http://struts.apache.org/download.cgi#struts2320";>Struts
2.3.20</a> if they use <code><s:token/></code>
support</p></td></tr><tr><th colspan="1" rowspan="1"
class="confluenceTh"><p>Affected Software</p></th><td colspan="1" rowspan="1"
class="confluenceTd"><p>Struts 2.0.0 - Struts 2.3.16.3</p></td></tr><tr><th
colspan="1" rowspan="1" class="confluenceTh"><p>Reporter</p></th><td
colspan="1" rowspan="1" class="confluenceTd"><p><span style="color:
rgb(34,34,34);">Philippe Arteau of Groupe Technologies
Desjardins</span></p></td></tr><tr><th colspan="1" rowspan="1"
class="confluenceTh"><p>CVE Identifier</p></th><td colspan="1" rowspan="1"
class="confluenceTd"><p><span style="color:
rgb(34,34,34);">CVE-2014-7809</span></p></td></tr></tbody></table></div><h2
id="S2-023-Problem">Problem</h2><p><span style="color: rgb(34,34,34);">The
attacker fetch any given form where a token is present and can predict the next
value of the token used to secure form submission.</span></p><
h2 id="S2-023-Solution">Solution</h2><p>In Struts 2.3.20 a better random
generator was used to generate unpredictable values.</p><h2
id="S2-023-Backwardcompatibility">Backward compatibility</h2><p>No backward
compatibility problems are expected.</p><h2
id="S2-023-Workaround">Workaround</h2><h2
id="S2-023-Notpossiblewhenusing<s:token/>tag-youmustupgradetothelatestversion."><span
style="font-size: 14.0px;line-height: 20.0px;">Not possible when
using <code><s:token/></code> tag - you must upgrade to the latest
version.</span></h2><p><span style="font-size: 14.0px;line-height:
1.4285715;"><br clear="none"></span></p></div>
+ <div id="ConfluenceContent"><h2
id="S2-023-Summary">Summary</h2>Generated value of token can be predictable<div
class="table-wrap"><table class="confluenceTable"><tbody><tr><th colspan="1"
rowspan="1" class="confluenceTh"><p>Who should read this</p></th><td
colspan="1" rowspan="1" class="confluenceTd"><p>All Struts 2 developers and
users</p></td></tr><tr><th colspan="1" rowspan="1"
class="confluenceTh"><p>Impact of vulnerability</p></th><td colspan="1"
rowspan="1" class="confluenceTd"><p>The attacker make a specially craft form
using the predicted token that force an action to a logged-in user
(CSRF).</p></td></tr><tr><th colspan="1" rowspan="1"
class="confluenceTh"><p>Maximum security rating</p></th><td colspan="1"
rowspan="1" class="confluenceTd"><p>Medium</p></td></tr><tr><th colspan="1"
rowspan="1" class="confluenceTh"><p>Recommendation</p></th><td colspan="1"
rowspan="1" class="confluenceTd"><p>Developers should immediately upgrade to <a
shape="rect" class="external
-link" href="http://struts.apache.org/download.cgi#struts2320";>Struts
2.3.20</a> if they use <code><s:token/></code>
support</p></td></tr><tr><th colspan="1" rowspan="1"
class="confluenceTh"><p>Affected Software</p></th><td colspan="1" rowspan="1"
class="confluenceTd"><p>Struts 2.0.0 - Struts 2.3.16.3</p></td></tr><tr><th
colspan="1" rowspan="1" class="confluenceTh"><p>Reporter</p></th><td
colspan="1" rowspan="1" class="confluenceTd"><p><span style="color:
rgb(34,34,34);">Philippe Arteau of Groupe Technologies
Desjardins</span></p></td></tr><tr><th colspan="1" rowspan="1"
class="confluenceTh"><p>CVE Identifier</p></th><td colspan="1" rowspan="1"
class="confluenceTd"><p><span style="color:
rgb(34,34,34);">CVE-2014-7809</span></p></td></tr></tbody></table></div><h2
id="S2-023-Problem">Problem</h2><p><span style="color: rgb(34,34,34);">The
attacker fetch any given form where a token is present and can predict the next
value of the token used to secure form submission.</span></p><
h2 id="S2-023-Solution">Solution</h2><p>In Struts 2.3.20 a better random
generator was used to generate unpredictable values.</p><h2
id="S2-023-Backwardcompatibility">Backward compatibility</h2><p>No backward
compatibility problems are expected.</p><h2
id="S2-023-Workaround">Workaround</h2><p><span style="font-size:
14.0px;line-height: 20.0px;">Not possible when
using <code><s:token/></code> tag - you must upgrade to the latest
version.</span></p><p><span style="font-size: 14.0px;line-height:
1.4285715;"><br clear="none"></span></p></div>
</div>
Modified: websites/production/struts/content/docs/s2-044.html
==============================================================================
--- websites/production/struts/content/docs/s2-044.html (original)
+++ websites/production/struts/content/docs/s2-044.html Tue Dec 6 10:03:13 2016
@@ -138,7 +138,7 @@ under the License.
<div class="pagecontent">
<div class="wiki-content">
- <div id="ConfluenceContent"><h2
id="S2-044-Summary">Summary</h2>Possible DoS attack when using
<code>URLValidator</code><div class="table-wrap"><table
class="confluenceTable"><tbody><tr><th colspan="1" rowspan="1"
class="confluenceTh"><p>Who should read this</p></th><td colspan="1"
rowspan="1" class="confluenceTd"><p>All Struts 2 developers and
users</p></td></tr><tr><th colspan="1" rowspan="1"
class="confluenceTh"><p>Impact of vulnerability</p></th><td colspan="1"
rowspan="1" class="confluenceTd"><p>Possible DoS attack when using
URLValidator</p></td></tr><tr><th colspan="1" rowspan="1"
class="confluenceTh"><p>Maximum security rating</p></th><td colspan="1"
rowspan="1" class="confluenceTd"><p>Low</p></td></tr><tr><th colspan="1"
rowspan="1" class="confluenceTh"><p>Recommendation</p></th><td colspan="1"
rowspan="1" class="confluenceTd"><p>Upgrade to <a shape="rect"
href="version-notes-257.html">Struts 2.5.7</a></p></td></tr><tr><th colspan="1"
rowspan="1" class="confluen
ceTh"><p>Affected Software</p></th><td colspan="1" rowspan="1"
class="confluenceTd"><p>Struts 2.5 -<span style="color: rgb(23,35,59);"> Struts
2.5.5</span></p></td></tr><tr><th colspan="1" rowspan="1"
class="confluenceTh"><p>Reporter</p></th><td colspan="1" rowspan="1"
class="confluenceTd"><p><span class="Apple-tab-span"> </span>Jonathan
Bullock <jonbullock at gmail dot com></p></td></tr><tr><th colspan="1"
rowspan="1" class="confluenceTh"><p>CVE Identifier</p></th><td colspan="1"
rowspan="1"
class="confluenceTd"><p>CVE-2016-8738</p></td></tr></tbody></table></div><h2
id="S2-044-Problem">Problem</h2><p>If an application allows enter an URL in a
form field and built-in <code>URLValidator</code> is used, it is possible
to prepare a special URL which will be used to overload server process when
performing validation of the URL.</p><h2
id="S2-044-Solution">Solution</h2><p>Upgrade to Apache Struts version
2.5.7.</p><h2 id="S2-044-Backwardcompatibility">Backward compatibil
ity</h2><p>No backward incompatibility issues are expected.</p><h2
id="S2-044-Workaround">Workaround</h2><p>Trim passed value before assigning it
to a field, e.g.</p><div class="code panel pdl" style="border-width: 1px;"><div
class="codeContent panelContent pdl">
+ <div id="ConfluenceContent"><h2
id="S2-044-Summary">Summary</h2>Possible DoS attack when using
<code>URLValidator</code><div class="table-wrap"><table
class="confluenceTable"><tbody><tr><th colspan="1" rowspan="1"
class="confluenceTh"><p>Who should read this</p></th><td colspan="1"
rowspan="1" class="confluenceTd"><p>All Struts 2 developers and
users</p></td></tr><tr><th colspan="1" rowspan="1"
class="confluenceTh"><p>Impact of vulnerability</p></th><td colspan="1"
rowspan="1" class="confluenceTd"><p>Possible DoS attack when using
URLValidator</p></td></tr><tr><th colspan="1" rowspan="1"
class="confluenceTh"><p>Maximum security rating</p></th><td colspan="1"
rowspan="1" class="confluenceTd"><p>Low</p></td></tr><tr><th colspan="1"
rowspan="1" class="confluenceTh"><p>Recommendation</p></th><td colspan="1"
rowspan="1" class="confluenceTd"><p>Upgrade to <a shape="rect"
href="version-notes-258.html">Struts 2.5.8</a></p></td></tr><tr><th colspan="1"
rowspan="1" class="confluen
ceTh"><p>Affected Software</p></th><td colspan="1" rowspan="1"
class="confluenceTd"><p>Struts 2.5 -<span style="color: rgb(23,35,59);"> Struts
2.5.5</span></p></td></tr><tr><th colspan="1" rowspan="1"
class="confluenceTh"><p>Reporter</p></th><td colspan="1" rowspan="1"
class="confluenceTd"><p><span class="Apple-tab-span"> </span>Jonathan
Bullock <jonbullock at gmail dot com></p></td></tr><tr><th colspan="1"
rowspan="1" class="confluenceTh"><p>CVE Identifier</p></th><td colspan="1"
rowspan="1"
class="confluenceTd"><p>CVE-2016-8738</p></td></tr></tbody></table></div><h2
id="S2-044-Problem">Problem</h2><p>If an application allows enter an URL in a
form field and built-in <code>URLValidator</code> is used, it is possible
to prepare a special URL which will be used to overload server process when
performing validation of the URL.</p><h2
id="S2-044-Solution">Solution</h2><p>Upgrade to Apache Struts version
2.5.8.</p><h2 id="S2-044-Backwardcompatibility">Backward compatibil
ity</h2><p>No backward incompatibility issues are expected.</p><h2
id="S2-044-Workaround">Workaround</h2><p>Trim passed value before assigning it
to a field, e.g.</p><div class="code panel pdl" style="border-width: 1px;"><div
class="codeContent panelContent pdl">
<pre class="brush: java; gutter: false; theme: Default"
style="font-size:12px;">public String setUserUrl(String userUrl) {
this.userUrl = userUrl.trim();
}</pre>
Added: websites/production/struts/content/docs/version-notes-258.html
==============================================================================
--- websites/production/struts/content/docs/version-notes-258.html (added)
+++ websites/production/struts/content/docs/version-notes-258.html Tue Dec 6
10:03:13 2016
@@ -0,0 +1,168 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd";>
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<html>
+<head>
+ <link type="text/css" rel="stylesheet"
href="https://struts.apache.org/css/default.css";>
+ <style type="text/css">
+ .dp-highlighter {
+ width:95% !important;
+ }
+ </style>
+ <style type="text/css">
+ .footer {
+ background-image:
url('https://cwiki.apache.org/confluence/images/border/border_bottom.gif');
+ background-repeat: repeat-x;
+ background-position: left top;
+ padding-top: 4px;
+ color: #666;
+ }
+ </style>
+ <link href='https://struts.apache.org/highlighter/style/shCoreStruts.css'
rel='stylesheet' type='text/css' />
+ <link href='https://struts.apache.org/highlighter/style/shThemeStruts.css'
rel='stylesheet' type='text/css' />
+ <script src='https://struts.apache.org/highlighter/js/shCore.js'
type='text/javascript'></script>
+ <script src='https://struts.apache.org/highlighter/js/shBrushPlain.js'
type='text/javascript'></script>
+ <script src='https://struts.apache.org/highlighter/js/shBrushXml.js'
type='text/javascript'></script>
+ <script src='https://struts.apache.org/highlighter/js/shBrushJava.js'
type='text/javascript'></script>
+ <script src='https://struts.apache.org/highlighter/js/shBrushJScript.js'
type='text/javascript'></script>
+ <script src='https://struts.apache.org/highlighter/js/shBrushGroovy.js'
type='text/javascript'></script>
+ <script src='https://struts.apache.org/highlighter/js/shBrushBash.js'
type='text/javascript'></script>
+ <script type="text/javascript">
+ SyntaxHighlighter.defaults['toolbar'] = false;
+ SyntaxHighlighter.all();
+ </script>
+ <script type="text/javascript" language="javascript">
+ var hide = null;
+ var show = null;
+ var children = null;
+
+ function init() {
+ /* Search form initialization */
+ var form = document.forms['search'];
+ if (form != null) {
+ form.elements['domains'].value = location.hostname;
+ form.elements['sitesearch'].value = location.hostname;
+ }
+
+ /* Children initialization */
+ hide = document.getElementById('hide');
+ show = document.getElementById('show');
+ children = document.all != null ?
+ document.all['children'] :
+ document.getElementById('children');
+ if (children != null) {
+ children.style.display = 'none';
+ show.style.display = 'inline';
+ hide.style.display = 'none';
+ }
+ }
+
+ function showChildren() {
+ children.style.display = 'block';
+ show.style.display = 'none';
+ hide.style.display = 'inline';
+ }
+
+ function hideChildren() {
+ children.style.display = 'none';
+ show.style.display = 'inline';
+ hide.style.display = 'none';
+ }
+ </script>
+ <title>Version Notes 2.5.8</title>
+</head>
+<body onload="init()">
+<table border="0" cellpadding="2" cellspacing="0" width="100%">
+ <tr class="topBar">
+ <td align="left" valign="middle" class="topBarDiv" align="left" nowrap>
+ <a href="home.html">Home</a> > <a
href="guides.html">Guides</a> > <a
href="migration-guide.html">Migration Guide</a> > <a
href="version-notes-258.html">Version Notes 2.5.8</a>
+ </td>
+ <td align="right" valign="middle" nowrap>
+ <form name="search" action="https://www.google.com/search";
method="get">
+ <input type="hidden" name="ie" value="UTF-8" />
+ <input type="hidden" name="oe" value="UTF-8" />
+ <input type="hidden" name="domains" value="" />
+ <input type="hidden" name="sitesearch" value="" />
+ <input type="text" name="q" maxlength="255" value="" />
+ <input type="submit" name="btnG" value="Google Search" />
+ </form>
+ </td>
+ </tr>
+</table>
+
+<div id="PageContent">
+ <div class="pageheader" style="padding: 6px 0px 0px 0px;">
+ <!-- We'll enable this once we figure out how to access (and save) the
logo resource -->
+ <!--img src="/wiki/images/confluence_logo.gif" style="float: left;
margin: 4px 4px 4px 10px;" border="0"-->
+ <div style="margin: 0px 10px 0px 10px" class="smalltext">Apache Struts
2 Documentation</div>
+ <div style="margin: 0px 10px 8px 10px" class="pagetitle">Version
Notes 2.5.8</div>
+
+ <div class="greynavbar" align="right" style="padding: 2px 10px;
margin: 0px;">
+ <a
href="https://cwiki.apache.org/confluence/pages/editpage.action?pageId=66853802";>
+ <img
src="https://cwiki.apache.org/confluence/images/icons/notep_16.gif";
+ height="16" width="16" border="0" align="absmiddle"
title="Edit Page"></a>
+ <a
href="https://cwiki.apache.org/confluence/pages/editpage.action?pageId=66853802";>Edit
Page</a>
+
+ <a
href="https://cwiki.apache.org/confluence/pages/listpages.action?key=WW";>
+ <img
src="https://cwiki.apache.org/confluence/images/icons/browse_space.gif";
+ height="16" width="16" border="0" align="absmiddle"
title="Browse Space"></a>
+ <a
href="https://cwiki.apache.org/confluence/pages/listpages.action?key=WW";>Browse
Space</a>
+
+ <a
href="https://cwiki.apache.org/confluence/pages/createpage.action?spaceKey=WW&fromPageId=66853802";>
+ <img
src="https://cwiki.apache.org/confluence/images/icons/add_page_16.gif";
+ height="16" width="16" border="0" align="absmiddle"
title="Add Page"></a>
+ <a
href="https://cwiki.apache.org/confluence/pages/createpage.action?spaceKey=WW&fromPageId=66853802";>Add
Page</a>
+
+ <a
href="https://cwiki.apache.org/confluence/pages/createblogpost.action?spaceKey=WW&fromPageId=66853802";>
+ <img
src="https://cwiki.apache.org/confluence/images/icons/add_blogentry_16.gif";
+ height="16" width="16" border="0" align="absmiddle"
title="Add News"></a>
+ <a
href="https://cwiki.apache.org/confluence/pages/createblogpost.action?spaceKey=WW&fromPageId=66853802";>Add
News</a>
+ </div>
+ </div>
+
+ <div class="pagecontent">
+ <div class="wiki-content">
+ <div id="ConfluenceContent"><p><img class="emoticon emoticon-tick"
src="https://cwiki.apache.org/confluence/s/en_GB/5982/f2b47fb3d636c8bc9fd0b11c0ec6d0ae18646be7.1/_/images/icons/emoticons/check.png";
data-emoticon-name="tick" alt="(tick)"> These are the notes for the Struts
2.5.8 distribution.</p><p><img class="emoticon emoticon-tick"
src="https://cwiki.apache.org/confluence/s/en_GB/5982/f2b47fb3d636c8bc9fd0b11c0ec6d0ae18646be7.1/_/images/icons/emoticons/check.png";
data-emoticon-name="tick" alt="(tick)"> For prior notes in this release
series, see <a shape="rect" href="version-notes-255.html">Version Notes
2.5.5</a></p><ul><li>If you are a Maven user, you might want to get started
using the <a shape="rect" href="struts-2-maven-archetypes.html">Maven
Archetype</a>.</li></ul><div class="code panel pdl" style="border-width:
1px;"><div class="codeHeader panelHeader pdl" style="border-bottom-width:
1px;"><b>Maven Dependency</b></div><div class="codeContent panelContent pdl">
+<pre class="brush: xml; gutter: false; theme: Default"
style="font-size:12px;"><dependency>
+ <groupId>org.apache.struts</groupId>
+ <artifactId>struts2-core</artifactId>
+ <version>2.5.8</version>
+</dependency>
+</pre>
+</div></div><p>You can also use Struts Archetype Catalog like below</p><div
class="code panel pdl" style="border-width: 1px;"><div class="codeHeader
panelHeader pdl" style="border-bottom-width: 1px;"><b>Struts Archetype
Catalog</b></div><div class="codeContent panelContent pdl">
+<pre class="brush: text; gutter: false; theme: Default"
style="font-size:12px;">mvn archetype:generate
-DarchetypeCatalog=http://struts.apache.org/</pre>
+</div></div><div class="code panel pdl" style="border-width: 1px;"><div
class="codeHeader panelHeader pdl" style="border-bottom-width: 1px;"><b>Staging
Repository</b></div><div class="codeContent panelContent pdl">
+<pre class="brush: xml; gutter: false; theme: Default"
style="font-size:12px;"><repositories>
+ <repository>
+ <id>apache.nexus</id>
+ <name>ASF Nexus Staging</name>
+
<url>https://repository.apache.org/content/groups/staging/</url>
+ </repository>
+</repositories></pre>
+</div></div><h2 id="VersionNotes2.5.8-InternalChanges">Internal
Changes</h2><ul><li><img class="emoticon emoticon-warning"
src="https://cwiki.apache.org/confluence/s/en_GB/5982/f2b47fb3d636c8bc9fd0b11c0ec6d0ae18646be7.1/_/images/icons/emoticons/warning.png";
data-emoticon-name="warning" alt="(warning)"> Possible DoS attack when
using <code>URLValidator</code> - <a shape="rect"
href="s2-044.html">S2-044</a></li></ul><h2
id="VersionNotes2.5.8-Bug">Bug</h2><ul><li>[<a shape="rect"
class="external-link"
href="https://issues.apache.org/jira/browse/WW-2561";>WW-2561</a>] - Included
XSL files' URI not being resolved for actions with result
type="xslt"</li><li>[<a shape="rect" class="external-link"
href="https://issues.apache.org/jira/browse/WW-3019";>WW-3019</a>] -
ConcurrentModificationException using s:iterator (intermittent)</li><li>[<a
shape="rect" class="external-link"
href="https://issues.apache.org/jira/browse/WW-3170";>WW-3170</a>] -
ObjectFactory reporting ERROR's when
you attempt to set parameters on a Redirect result</li><li>[<a shape="rect"
class="external-link"
href="https://issues.apache.org/jira/browse/WW-3654";>WW-3654</a>] - Failed
validation returns Action.NONE instead of Action.INPUT</li><li>[<a shape="rect"
class="external-link"
href="https://issues.apache.org/jira/browse/WW-3957";>WW-3957</a>] - Multiple
concurrent AJAX requests can collide</li><li>[<a shape="rect"
class="external-link"
href="https://issues.apache.org/jira/browse/WW-3995";>WW-3995</a>] - please
change reset.ftl so html id is not lost</li><li>[<a shape="rect"
class="external-link"
href="https://issues.apache.org/jira/browse/WW-4367";>WW-4367</a>] - preselect
values in <s:optgroup></li><li>[<a shape="rect" class="external-link"
href="https://issues.apache.org/jira/browse/WW-4636";>WW-4636</a>] - File upload
error message always in default language</li><li>[<a shape="rect"
class="external-link"
href="https://issues.apache.org/jira/browse/WW-4701";>WW-4701</a>] - Can no lo
nger clear parameter on a <s:url> tag.</li><li>[<a shape="rect"
class="external-link"
href="https://issues.apache.org/jira/browse/WW-4702";>WW-4702</a>] - List based
parameters no longer work when there is only one value.</li><li>[<a
shape="rect" class="external-link"
href="https://issues.apache.org/jira/browse/WW-4703";>WW-4703</a>] -
NullPointerException in ActionSupport when use ModelDriven</li><li>[<a
shape="rect" class="external-link"
href="https://issues.apache.org/jira/browse/WW-4707";>WW-4707</a>] - Multiselect
parameter behavior different between struts 2.5.5 and 2.5.1</li><li>[<a
shape="rect" class="external-link"
href="https://issues.apache.org/jira/browse/WW-4708";>WW-4708</a>] -
struts2-archetype-blank not found for struts v2.5.5</li><li>[<a shape="rect"
class="external-link"
href="https://issues.apache.org/jira/browse/WW-4709";>WW-4709</a>] - Invalid
field value for field "id"</li><li>[<a shape="rect" class="external-link"
href="https://issues.apache.org/jira/browse/W
W-4715">WW-4715</a>] - Scope interceptor always resets because of
org.apache.struts2.dispatcher.HttpParameters</li><li>[<a shape="rect"
class="external-link"
href="https://issues.apache.org/jira/browse/WW-4716";>WW-4716</a>] -
HelloWorldTest throws NullPointerException</li><li>[<a shape="rect"
class="external-link"
href="https://issues.apache.org/jira/browse/WW-4718";>WW-4718</a>] -
focusElement form attribute not working</li><li>[<a shape="rect"
class="external-link"
href="https://issues.apache.org/jira/browse/WW-4722";>WW-4722</a>] - Portlet
Issue with I18Interceptor</li></ul><h2
id="VersionNotes2.5.8-Improvement">Improvement</h2><ul><li>[<a shape="rect"
class="external-link"
href="https://issues.apache.org/jira/browse/WW-2454";>WW-2454</a>] - TestNG
dependency update from 5.1 to 5.3 + update to coupled maven plugin</li><li>[<a
shape="rect" class="external-link"
href="https://issues.apache.org/jira/browse/WW-4171";>WW-4171</a>] - getText
methods are not documented as evaluating OGNL</l
i><li>[<a shape="rect" class="external-link"
href="https://issues.apache.org/jira/browse/WW-4214";>WW-4214</a>] - Rename of
struts token attribute name</li><li>[<a shape="rect" class="external-link"
href="https://issues.apache.org/jira/browse/WW-4391";>WW-4391</a>] -
FreemarkerResult should respect response.getCharacterEncoding()</li><li>[<a
shape="rect" class="external-link"
href="https://issues.apache.org/jira/browse/WW-4698";>WW-4698</a>] - Allow
<constant/> value substitution in XML configuration</li><li>[<a
shape="rect" class="external-link"
href="https://issues.apache.org/jira/browse/WW-4704";>WW-4704</a>] - Upgrade to
latest OGNL version</li><li>[<a shape="rect" class="external-link"
href="https://issues.apache.org/jira/browse/WW-4705";>WW-4705</a>] - Add support
for long type to <s:date> tag</li><li>[<a shape="rect"
class="external-link"
href="https://issues.apache.org/jira/browse/WW-4710";>WW-4710</a>] - Disallow
access to HttpParameters.toMap</li><li>[<a shape="rect"
class="external-link"
href="https://issues.apache.org/jira/browse/WW-4711";>WW-4711</a>] -
<s:text/> tag should not evaluate defaultMessage against a ValueStack by
default</li><li>[<a shape="rect" class="external-link"
href="https://issues.apache.org/jira/browse/WW-4712";>WW-4712</a>] -
TextProviderHelper#getText() should perform cleaning of
"defaultMessage"</li><li>[<a shape="rect" class="external-link"
href="https://issues.apache.org/jira/browse/WW-4717";>WW-4717</a>] - Refactor
file upload support to allow create virtual representation of <a shape="rect"
class="external-link" href="http://java.io";
rel="nofollow">java.io</a>.File</li><li>[<a shape="rect" class="external-link"
href="https://issues.apache.org/jira/browse/WW-4719";>WW-4719</a>] - Move
"DefaultClassFinder" into Convnention plugin</li><li>[<a shape="rect"
class="external-link"
href="https://issues.apache.org/jira/browse/WW-4720";>WW-4720</a>] -
HttpParameters should behave like a Map</li><li>[<a shape="rect" class="e
xternal-link"
href="https://issues.apache.org/jira/browse/WW-4721";>WW-4721</a>] - Add support
for "roundingMode" in <s:number/> tag</li></ul><p> </p><div
class="confluence-information-macro confluence-information-macro-note"><span
class="aui-icon aui-icon-small aui-iconfont-warning
confluence-information-macro-icon"></span><div
class="confluence-information-macro-body"><p>This release contains fixes
related to <a shape="rect" href="s2-044.html">S2-044</a> security bulletin,
please read it carefully!</p></div></div><h2
id="VersionNotes2.5.8-IssueDetail">Issue Detail</h2><ul><li><a shape="rect"
class="external-link"
href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?version=12338410&projectId=12311041";>JIRA
Release Notes 2.5.8</a></li></ul><h2 id="VersionNotes2.5.8-IssueList">Issue
List</h2><ul><li><a shape="rect" class="external-link"
href="https://issues.apache.org/jira/issues/?filter=12338933";>Struts 2.5.8
DONE</a></li><li><a shape="rect" class="external-li
nk" href="https://issues.apache.org/jira/issues/?filter=12335667";>Struts 2.5.x
TODO</a></li></ul><h2 id="VersionNotes2.5.8-Otherresources">Other
resources</h2><ul><li><a shape="rect" class="external-link"
href="http://www.mail-archive.com/commits%40struts.apache.org/";
rel="nofollow">Commit Logs</a></li><li><a shape="rect" class="external-link"
href="https://git-wip-us.apache.org/repos/asf?p=struts.git;a=tree;h=refs/heads/develop;hb=develop";>Source
Code Repository</a></li></ul><div><span style="font-size: 24.0px;line-height:
30.0px;"><br clear="none"></span></div><div><span style="font-size:
24.0px;line-height: 30.0px;background-color: rgb(245,245,245);"><br
clear="none"></span></div></div>
+ </div>
+
+
+ </div>
+</div>
+<div class="footer">
+ Generated by CXF SiteExporter
+</div>
+</body>
+</html>
![https://cwiki.apache.org/confluence/images/icons/notep_16.gif"](https://cwiki.apache.org/confluence/images/icons/notep_16.gif"){kind=link}
![https://cwiki.apache.org/confluence/images/icons/browse_space.gif"](https://cwiki.apache.org/confluence/images/icons/browse_space.gif"){kind=link}
![https://cwiki.apache.org/confluence/images/icons/add_page_16.gif"](https://cwiki.apache.org/confluence/images/icons/add_page_16.gif"){kind=link}
![https://cwiki.apache.org/confluence/images/icons/add_blogentry_16.gif"](https://cwiki.apache.org/confluence/images/icons/add_blogentry_16.gif"){kind=link}
![https://cwiki.apache.org/confluence/s/en_GB/5982/f2b47fb3d636c8bc9fd0b11c0ec6d0ae18646be7.1/_/images/icons/emoticons/check.png"](https://cwiki.apache.org/confluence/s/en_GB/5982/f2b47fb3d636c8bc9fd0b11c0ec6d0ae18646be7.1/_/images/icons/emoticons/check.png"){kind=link}
![https://cwiki.apache.org/confluence/s/en_GB/5982/f2b47fb3d636c8bc9fd0b11c0ec6d0ae18646be7.1/_/images/icons/emoticons/warning.png"](https://cwiki.apache.org/confluence/s/en_GB/5982/f2b47fb3d636c8bc9fd0b11c0ec6d0ae18646be7.1/_/images/icons/emoticons/warning.png"){kind=link}