Author: lukaszlenart
Date: Fri Feb 3 13:47:41 2017
New Revision: 1006138
Log:
Updates production
Added:
websites/production/struts/content/announce-2016.html
websites/production/struts/content/docs/version-notes-2510.html
Modified:
websites/production/struts/content/announce-2015.html
websites/production/struts/content/announce.html
websites/production/struts/content/docs/ajax-validation.html
websites/production/struts/content/docs/i18n-interceptor.html
websites/production/struts/content/docs/interceptors.html
websites/production/struts/content/docs/migration-guide.html
websites/production/struts/content/docs/security.html
websites/production/struts/content/docs/xsl-result.html
websites/production/struts/content/download.html
websites/production/struts/content/downloads.html
websites/production/struts/content/index.html
Modified: websites/production/struts/content/announce-2015.html
==============================================================================
--- websites/production/struts/content/announce-2015.html (original)
+++ websites/production/struts/content/announce-2015.html Fri Feb 3 13:47:41
2017
@@ -7,7 +7,7 @@
<meta http-equiv="Content-Language" content="en"/>
<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
- <title>Announcements</title>
+ <title>Announcements 2015</title>
<link
href="//fonts.googleapis.com/css?family=Source+Sans+Pro:300,400,600,700,400italic,600italic,700italic"
rel="stylesheet" type="text/css">
<link
href="//netdna.bootstrapcdn.com/font-awesome/4.0.3/css/font-awesome.css"
rel="stylesheet">
Added: websites/production/struts/content/announce-2016.html
==============================================================================
--- websites/production/struts/content/announce-2016.html (added)
+++ websites/production/struts/content/announce-2016.html Fri Feb 3 13:47:41
2017
@@ -0,0 +1,725 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+ <meta charset="UTF-8"/>
+ <meta name="viewport" content="width=device-width, initial-scale=1.0"/>
+ <meta name="Date-Revision-yyyymmdd" content="20140918"/>
+ <meta http-equiv="Content-Language" content="en"/>
+ <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
+
+ <title>Announcements 2016</title>
+
+ <link
href="//fonts.googleapis.com/css?family=Source+Sans+Pro:300,400,600,700,400italic,600italic,700italic"
rel="stylesheet" type="text/css">
+ <link
href="//netdna.bootstrapcdn.com/font-awesome/4.0.3/css/font-awesome.css"
rel="stylesheet">
+ <link href="css/main.css" rel="stylesheet">
+ <link href="css/custom.css" rel="stylesheet">
+
+ <script
src="//ajax.googleapis.com/ajax/libs/jquery/1.11.0/jquery.min.js"></script>
+ <script type="text/javascript" src="bootstrap/js/bootstrap.js"></script>
+ <script type="text/javascript" src="js/community.js"></script>
+</head>
+<body>
+
+<a href="http://github.com/apache/struts"; class="github-ribbon">
+ <img style="position: absolute; right: 0; border: 0;"
src="https://s3.amazonaws.com/github/ribbons/forkme_right_red_aa0000.png";
alt="Fork me on GitHub">
+</a>
+
+<header>
+ <nav>
+ <div role="navigation" class="navbar navbar-default navbar-fixed-top">
+ <div class="container">
+ <div class="navbar-header">
+ <button type="button" data-toggle="collapse"
data-target="#struts-menu" class="navbar-toggle">
+ Menu
+ <span class="sr-only">Toggle navigation</span>
+ <span class="icon-bar"></span>
+ <span class="icon-bar"></span>
+ <span class="icon-bar"></span>
+ </button>
+ <a href="index.html" class="navbar-brand logo"><img
src="img/struts-logo.svg"></a>
+ </div>
+ <div id="struts-menu" class="navbar-collapse collapse">
+ <ul class="nav navbar-nav">
+ <li class="dropdown">
+ <a data-toggle="dropdown" href="#" class="dropdown-toggle">
+ Home<b class="caret"></b>
+ </a>
+ <ul class="dropdown-menu">
+ <li><a href="index.html">Welcome</a></li>
+ <li><a href="downloads.html">Downloads</a></li>
+ <li><a href="announce.html">Announcements</a></li>
+ <li><a href="http://www.apache.org/licenses/";>License</a></li>
+ <li><a
href="http://apache.org/foundation/thanks.html";>Thanks!</a></li>
+ <li><a
href="http://apache.org/foundation/sponsorship.html";>Sponsorship</a></li>
+ </ul>
+ </li>
+ <li class="dropdown">
+ <a data-toggle="dropdown" href="#" class="dropdown-toggle">
+ Support<b class="caret"></b>
+ </a>
+ <ul class="dropdown-menu">
+ <li><a href="mail.html">User Mailing List</a></li>
+ <li><a href="https://issues.apache.org/jira/browse/WW";>Issue
Tracker</a></li>
+ <li><a href="security.html">Reporting Security Issues</a></li>
+ <li class="divider"></li>
+ <li><a href="/maven/project-info.html">Project info</a></li>
+ <li><a href="/maven/struts2-core/dependencies.html">Struts
Core dependencies</a></li>
+ <li><a href="/maven/struts2-plugins/modules.html">Plugin
dependencies</a></li>
+ </ul>
+ </li>
+ <li class="dropdown">
+ <a data-toggle="dropdown" href="#" class="dropdown-toggle">
+ Documentation<b class="caret"></b>
+ </a>
+ <ul class="dropdown-menu">
+ <li><a href="birdseye.html">Birds Eye</a></li>
+ <li><a href="primer.html">Key Technologies</a></li>
+ <li><a href="kickstart.html">Kickstart FAQ</a></li>
+ <li><a
href="https://cwiki.apache.org/confluence/display/WW/Home";>Wiki</a></li>
+ <li class="divider"></li>
+ <li><a href="/docs/home.html">Getting started</a></li>
+ <li><a href="/docs/tutorials.html">Tutorials</a></li>
+ <li><a href="/docs/faqs.html">FAQs</a></li>
+ <li><a href="/docs/guides.html">Guides</a></li>
+ <li class="divider"></li>
+ <li><a href="/maven/struts2-core/apidocs/index.html">Struts
Core API</a></li>
+ <li><a href="/docs/plugins.html">Plugin APIs</a></li>
+ <li><a href="/docs/tag-reference.html">Tag reference</a></li>
+ <li><a
href="http://cwiki.apache.org/S2PLUGINS/home.html";>Plugin registry</a></li>
+ </ul>
+ </li>
+ <li class="dropdown">
+ <a data-toggle="dropdown" href="#" class="dropdown-toggle">
+ Contributing<b class="caret"></b>
+ </a>
+ <ul class="dropdown-menu">
+ <li><a href="youatstruts.html">You at Struts</a></li>
+ <li><a href="helping.html">How to Help FAQ</a></li>
+ <li><a href="dev-mail.html">Development Lists</a></li>
+ <li class="divider"></li>
+ <li><a href="submitting-patches.html">Submitting
patches</a></li>
+ <li><a href="builds.html">Source Code</a></li>
+ <li><a href="coding-standards.html">Coding standards</a></li>
+ <li class="divider"></li>
+ <li><a href="releases.html">Release Guidelines</a></li>
+ <li><a href="bylaws.html">PMC Charter</a></li>
+ <li><a href="volunteers.html">Volunteers</a></li>
+ <li><a
href="https://git-wip-us.apache.org/repos/asf?p=struts.git";>Source
Repository</a></li>
+ </ul>
+ </li>
+ <li class="apache"><a href="http://www.apache.org/";><img
src="img/apache.png"></a></li>
+ </ul>
+ </div>
+ </div>
+ </div>
+ </nav>
+</header>
+
+
+<article class="container">
+ <section class="col-md-12">
+ <h1 id="announcements">Announcements</h1>
+
+<p class="pull-right">
+ Skip to: <a href="announce-2015.html">Announcements - 2015</a>
+</p>
+
+<h4 id="a20161219">19 December 2016 - Struts 2.5.8 General Availability</h4>
+
+<p>The Apache Struts group is pleased to announce that Struts 2.5.8 is
available as a âGeneral Availabilityâ
+release. The GA designation is our highest quality grade.</p>
+
+<p>Apache Struts 2 is an elegant, extensible framework for creating
enterprise-ready Java web applications.
+The framework is designed to streamline the full development cycle, from
building, to deploying,
+to maintaining applications over time.</p>
+
+<p>This release addresses one potential security vulnerability:</p>
+
+<ul>
+ <li>Possible DoS attack when using URLValidator - <a
href="/docs/s2-044.html">S2-044</a></li>
+</ul>
+
+<p>Also this release contains several breaking changes and improvements just
to mention few of them:</p>
+
+<ul>
+ <li>Included XSL filesâ URI not being resolved for actions with result
<code class="highlighter-rouge">type="xslt"</code>, see WW-2561</li>
+ <li><code class="highlighter-rouge">ConcurrentModificationException</code>
using <code class="highlighter-rouge">s:iterator</code> (intermittent), see
WW-3019</li>
+ <li><code class="highlighter-rouge">ObjectFactory</code> reporting ERRORâs
when you attempt to set parameters on a Redirect result, see WW-3170</li>
+ <li>preselect values in <code
class="highlighter-rouge"><s:optgroup></code>, see WW-4367</li>
+ <li>File upload error message always in default language, see WW-4636</li>
+ <li>Can no longer clear parameter on a <code
class="highlighter-rouge"><s:url></code> tag, see WW-4701</li>
+ <li>List based parameters no longer work when there is only one value, see
WW-4702</li>
+ <li><code class="highlighter-rouge">NullPointerException</code> in <code
class="highlighter-rouge">ActionSupport</code> when use <code
class="highlighter-rouge">ModelDriven</code>, see WW-4703</li>
+ <li>Multiselect parameter behavior different between struts 2.5.5 and 2.5.1,
see WW-4707</li>
+ <li>Invalid field value for field âidâ, see WW-4709</li>
+ <li>Scope interceptor always resets because of <code
class="highlighter-rouge">org.apache.struts2.dispatcher.HttpParameters</code>,
see WW-4715</li>
+ <li><code class="highlighter-rouge">focusElement</code> form attribute not
working, see WW-4718</li>
+ <li>Portlet Issue with <code
class="highlighter-rouge">I18Interceptor</code>, see WW-4722</li>
+ <li>Allow <code class="highlighter-rouge"><constant/></code> value
substitution in XML configuration, see WW-4698</li>
+ <li>Upgrade to latest OGNL version, see WW-4704</li>
+ <li>Add support for long type to <code
class="highlighter-rouge"><s:date></code> tag, see WW-4705</li>
+ <li>Disallow access to <code
class="highlighter-rouge">HttpParameters.toMap</code>, see WW-4710</li>
+ <li><code class="highlighter-rouge"><s:text/></code> tag should not
evaluate <code class="highlighter-rouge">defaultMessage</code> against a <code
class="highlighter-rouge">ValueStack</code> by default, see WW-4711</li>
+ <li><code class="highlighter-rouge">TextProviderHelper#getText()</code>
should perform cleaning of <code
class="highlighter-rouge">defaultMessage</code>, see WW-4712</li>
+ <li>Refactor file upload support to allow create virtual representation of
<code class="highlighter-rouge">java.io.File</code>, see WW-4717</li>
+ <li>Move <code class="highlighter-rouge">DefaultClassFinder</code> into
<code class="highlighter-rouge">Convention</code> plugin, see WW-4719</li>
+ <li><code class="highlighter-rouge">HttpParameters</code> should behave like
a <code class="highlighter-rouge">Map</code>, see WW-4720</li>
+ <li>Add support for <code class="highlighter-rouge">roundingMode</code> in
<code class="highlighter-rouge"><s:number/></code> tag, see WW-4721</li>
+</ul>
+
+<p><strong>All developers are strongly advised to perform this
action.</strong></p>
+
+<p>The 2.5.x series of the Apache Struts framework has a minimum requirement
of the following specification versions:
+Servlet API 2.4, JSP API 2.0, and Java 7.</p>
+
+<p>Should any issues arise with your use of any version of the Struts
framework, please post your comments
+to the user list, and, if appropriate, file a tracking ticket.</p>
+
+<p>You can download this version from our <a
href="download.cgi#struts-ga">download</a> page.</p>
+
+<h4 id="a20161021">21 October 2016 - Struts 2.5.5 General Availability</h4>
+
+<p>The Apache Struts group is pleased to announce that Struts 2.5.5 is
available as a âGeneral Availabilityâ
+release. The GA designation is our highest quality grade.</p>
+
+<p>Apache Struts 2 is an elegant, extensible framework for creating
enterprise-ready Java web applications.
+The framework is designed to streamline the full development cycle, from
building, to deploying,
+to maintaining applications over time.</p>
+
+<p>This release contains several breaking changes and improvements just to
mention few of them:</p>
+
+<ul>
+ <li>webconsole can always be accessed, see WW-4601</li>
+ <li>Space character and includeParams, see WW-4628</li>
+ <li>Empty <s:param name="p1" value=""></s:param> is being supressed, see
WW-4631</li>
+ <li>remove ASM 3 from struts2, see WW-4646</li>
+ <li>SMI do not work with JSON plugin, see WW-4649</li>
+ <li>Concurrency issue in addDefaultResourceBundle, see WW-4652</li>
+ <li>Action parameters should be included when building the URL to action,
see WW-4654</li>
+ <li>StreamResult closes outputstream early, see WW-4662</li>
+ <li>NullPointerException when displaying a form without action attribute,
see WW-4663</li>
+ <li>ParametersInterceptor excludeParams only applies to first instance of
params interceptor in paramsPrepareParamsStack, see WW-4667</li>
+ <li>URL validator is case sensitive, see WW-4671</li>
+ <li>Select box does not pre-select chosen values, see WW-4675</li>
+ <li>Tiles-Plugin unable to load tiles definition XML, see WW-4679</li>
+ <li>Missing brackets in checkbox.ftl of css_xhtml template, see WW-4681</li>
+ <li>Move Struts Archetypes to dedicated project, see WW-4316</li>
+ <li>Add dedicated class to represent Http Parameters, see WW-4572</li>
+ <li>ParametersInterceptor should check collection index to against DOS, see
WW-4620</li>
+ <li>Move example portlet-app into struts-examples, see WW-4660</li>
+ <li>Upgrade JFreeChart plugin to the latest version of JFreeChart, see
WW-4670</li>
+ <li>StrutsPrepareAndExecuteFilter should check for response commited status,
see WW-4674</li>
+ <li>ConversionErrorInterceptor to extend MethodFilterInterceptor, see
WW-4676</li>
+ <li>I18N Interceptor automatically validates Locale, see WW-4677</li>
+ <li>Upgrade Tiles to 3.0.7 GA version, see WW-4680</li>
+ <li>Allow directly accessing I18N keys from Tiles defintions, see
WW-4685</li>
+ <li>Merge two existing I18NInterceptors into one, see WW-4686</li>
+ <li>Exclude âjava.ext.dirsâ when scanning for actions, see WW-4688</li>
+ <li>CycleDetector - use enum instead of String constants, see WW-4689</li>
+ <li>Upgrade Commons Collections to 4.1, see WW-4695</li>
+ <li>Upgrade to Log4j 2.7, see WW-4696</li>
+ <li>Warn about excluded action/method only when DMI is disabled, see
WW-4697</li>
+</ul>
+
+<p><strong>All developers are strongly advised to perform this
action.</strong></p>
+
+<p>The 2.5.x series of the Apache Struts framework has a minimum requirement
of the following specification versions:
+Servlet API 2.4, JSP API 2.0, and Java 7.</p>
+
+<p>Should any issues arise with your use of any version of the Struts
framework, please post your comments
+to the user list, and, if appropriate, file a tracking ticket.</p>
+
+<p>You can download this version from our <a
href="download.cgi#struts-ga">download</a> page.</p>
+
+<h4 id="a20161018">18 October 2016 - Struts 2.3.31 General Availability</h4>
+
+<p>The Apache Struts group is pleased to announce that Struts 2.3.31 is
available as a âGeneral Availabilityâ
+release. The GA designation is our highest quality grade.</p>
+
+<p>Apache Struts 2 is an elegant, extensible framework for creating
enterprise-ready Java web applications.
+The framework is designed to streamline the full development cycle, from
building, to deploying,
+to maintaining applications over time.</p>
+
+<p>This release addresses two potential security vulnerabilities:</p>
+
+<ul>
+ <li>Possible path traversal in the Convention plugin <a
href="/docs/s2-042.html">S2-042</a></li>
+ <li>Using the Config Browser plugin in production <a
href="/docs/s2-043.html">S2-043</a></li>
+</ul>
+
+<p>Also this release contains several breaking changes and improvements just
to mention few of them:</p>
+
+<ul>
+ <li>webconsole can always be accessed, see WW-4601</li>
+ <li>Space character and includeParams,see WW-4628</li>
+ <li>ParametersInterceptor excludeParams only applies to first instance of
params interceptor in paramsPrepareParamsStack,see WW-4667</li>
+ <li>Select box does not pre-select chosen values,see WW-4675</li>
+ <li>StrutsPrepareAndExecuteFilter should check for response committed
status,see WW-4674</li>
+ <li>Allow directly accessing I18N keys from Tiles definitions,see
WW-4685</li>
+</ul>
+
+<p><strong>All developers are strongly advised to perform this
action.</strong></p>
+
+<p>The 2.3.x series of the Apache Struts framework has a minimum requirement
of the following specification versions:
+Servlet API 2.4, JSP API 2.0, and Java 6.</p>
+
+<p>Should any issues arise with your use of any version of the Struts
framework, please post your comments
+to the user list, and, if appropriate, file a tracking ticket.</p>
+
+<p>You can download this version from our <a
href="download.cgi#struts-2331">download</a> page.</p>
+
+<h4 id="a20160707">7 July 2016 - Struts 2.5.2 General Availability</h4>
+
+<p>The Apache Struts group is pleased to announce that Struts 2.5.2 is
available as a âGeneral Availabilityâ
+release. The GA designation is our highest quality grade.</p>
+
+<p>Apache Struts 2 is an elegant, extensible framework for creating
enterprise-ready Java web applications.
+The framework is designed to streamline the full development cycle, from
building, to deploying,
+to maintaining applications over time.</p>
+
+<p>Struts 2.5.2 release contains several improvements just to mention few of
them:</p>
+
+<ul>
+ <li>SecurityMemberAccess exclude class design issue, see WW-4645</li>
+ <li>Json deserialization does not work in 2.5.1, see WW-4650</li>
+ <li>Negative number is considered an arithmetic expression, see WW-4651</li>
+ <li>Wildcard redirect and path <code
class="highlighter-rouge">/static/</code>, see WW-4656</li>
+ <li>Upgrade commons-fileupload to the latest version, see WW-4648</li>
+ <li>Cleans up logic in <code class="highlighter-rouge">StreamResult</code>
and update docs, see WW-4655</li>
+</ul>
+
+<p><strong>All developers are strongly advised to perform this
action.</strong></p>
+
+<p>The 2.5.x series of the Apache Struts framework has a minimum requirement
of the following specification versions:
+Servlet API 2.4, JSP API 2.0, and Java 7.</p>
+
+<p>Should any issues arise with your use of any version of the Struts
framework, please post your comments
+to the user list, and, if appropriate, file a tracking ticket.</p>
+
+<p>You can download this version from our <a
href="download.cgi#struts-ga">download</a> page.</p>
+
+<h4 id="a20160707-2">7 July 2016 - Struts 2.3.30 General Availability</h4>
+
+<p>The Apache Struts group is pleased to announce that Struts 2.3.30 is
available as a âGeneral Availabilityâ
+release. The GA designation is our highest quality grade.</p>
+
+<p>Apache Struts 2 is an elegant, extensible framework for creating
enterprise-ready Java web applications.
+The framework is designed to streamline the full development cycle, from
building, to deploying,
+to maintaining applications over time.</p>
+
+<p>This release contains several breaking changes and improvements just to
mention few of them:</p>
+
+<ul>
+ <li>Pre-evaluation of ânameâ attribute stopped working, see WW-4641</li>
+ <li>Unable to retrieve <code class="highlighter-rouge">s:hidden</code> field
values, see WW-4642</li>
+ <li>SecurityMemberAccess exclude class design issue, see WW-4645</li>
+ <li>Negative number is considered an arithmetic expression, see WW-4651</li>
+ <li>Upgrade commons-fileupload to the latest version, see WW-4648</li>
+</ul>
+
+<p><strong>All developers are strongly advised to perform this
action.</strong></p>
+
+<p>The 2.3.x series of the Apache Struts framework has a minimum requirement
of the following specification versions:
+Servlet API 2.4, JSP API 2.0, and Java 6.</p>
+
+<p>Should any issues arise with your use of any version of the Struts
framework, please post your comments
+to the user list, and, if appropriate, file a tracking ticket.</p>
+
+<p>You can download this version from our <a
href="download.cgi#struts-2330">download</a> page.</p>
+
+<h4 id="a20160618">18 June 2016 - Struts 2.5.1 General Availability</h4>
+
+<p>The Apache Struts group is pleased to announce that Struts 2.5.1 is
available as a âGeneral Availabilityâ
+release. The GA designation is our highest quality grade.</p>
+
+<p>Apache Struts 2 is an elegant, extensible framework for creating
enterprise-ready Java web applications.
+The framework is designed to streamline the full development cycle, from
building, to deploying,
+to maintaining applications over time.</p>
+
+<p>This release addresses one potential security vulnerability:</p>
+
+<ul>
+ <li><a href="/docs/s2-041.html">S2-041</a>
+Possible DoS attack when using URLValidator</li>
+</ul>
+
+<p>Also all security patches applied to version Struts 2.3.29 were also
applied to this version (just in case).</p>
+
+<p>This release contains several improvements just to mention few of them:</p>
+
+<ul>
+ <li>contentType override ignored for JSONInterceptor - see WW-4558</li>
+ <li>MessageStorePreResultListener does not store messages for 3rd-party
RedirectResult subclasses - see WW-4618</li>
+ <li>EmailValidator flags .cat emails as invalid - see WW-4626</li>
+ <li>SMI cannot be disabled - see WW-4632</li>
+ <li>Centre alignment does not seem to work in Velocity tags - see
WW-4634</li>
+ <li>Unable to process Jar entry (javassist-3.20.0-GA.jar) - see WW-4637</li>
+ <li>Strict Method Invocation breaks Action-Less Results - see WW-4643</li>
+ <li>When method is not allowed throw exception with meaningful message - see
WW-4640</li>
+ <li>update struts2 bom - see WW-4644</li>
+</ul>
+
+<p><strong>All developers are strongly advised to perform this
action.</strong></p>
+
+<p>The 2.5.x series of the Apache Struts framework has a minimum requirement
of the following specification versions:
+Servlet API 2.4, JSP API 2.0, and Java 7.</p>
+
+<p>Should any issues arise with your use of any version of the Struts
framework, please post your comments
+to the user list, and, if appropriate, file a tracking ticket.</p>
+
+<p>You can download this version from our <a
href="download.cgi#struts-ga">download</a> page.</p>
+
+<h4 id="a20160617">17 June 2016 - Struts 2.3.29 General Availability with
Security Fixes Release</h4>
+
+<p>The Apache Struts group is pleased to announce that Struts 2.3.29 is
available as a âGeneral Availabilityâ
+release. The GA designation is our highest quality grade.</p>
+
+<p>Apache Struts 2 is an elegant, extensible framework for creating
enterprise-ready Java web applications.
+The framework is designed to streamline the full development cycle, from
building, to deploying,
+to maintaining applications over time.</p>
+
+<p>This release addresses these potential security vulnerabilities:</p>
+
+<ul>
+ <li>
+ <p><a href="/docs/s2-035.html">S2-035</a>
+Action name clean up is error prone</p>
+ </li>
+ <li>
+ <p><a href="/docs/s2-036.html">S2-036</a>
+Forced double OGNL evaluation, when evaluated on raw user input in tag
attributes,
+may lead to remote code execution (similar to S2-029)</p>
+ </li>
+ <li>
+ <p><a href="/docs/s2-037.html">S2-037</a>
+Remote Code Execution can be performed when using REST Plugin.</p>
+ </li>
+ <li>
+ <p><a href="/docs/s2-038.html">S2-038</a>
+It is possible to bypass token validation and perform a CSRF attack</p>
+ </li>
+ <li>
+ <p><a href="/docs/s2-039.html">S2-039</a>
+Getter as action method leads to security bypass</p>
+ </li>
+ <li>
+ <p><a href="/docs/s2-040.html">S2-040</a>
+Input validation bypass using existing default action method.</p>
+ </li>
+ <li>
+ <p><a href="/docs/s2-041.html">S2-041</a>
+Possible DoS attack when using URLValidator</p>
+ </li>
+</ul>
+
+<p>This release contains several breaking changes and improvements just to
mention few of them:</p>
+
+<ul>
+ <li>Json result type breaks</li>
+ <li>MessageStorePreResultListener doesnât store messages for 3rd-party
RedirectResult subclasses</li>
+ <li>Multiple tiles.xml in web.xml</li>
+ <li>New Tiles version can not find tiles*.xml files in sub-directories</li>
+ <li>EmailValidator flags .cat emails as invalid</li>
+ <li>Struts2 JSON Plugin: messages in fieldsErrors are serialized twice since
jdk1.7_80</li>
+ <li>Tile definition Inheritance/overriding is broken in Struts2 tiles plugin
2.3.28+</li>
+ <li><code class="highlighter-rouge"><s:submit></code> generates a
value attribute for type=image which violates W3C</li>
+ <li>ClassCastException while generating report using Struts 2.3.28 and
jasperreports 4.5.1</li>
+</ul>
+
+<p><strong>All developers are strongly advised to perform this
action.</strong></p>
+
+<p>The 2.3.x series of the Apache Struts framework has a minimum requirement
of the following specification versions:
+Servlet API 2.4, JSP API 2.0, and Java 6.</p>
+
+<p>Should any issues arise with your use of any version of the Struts
framework, please post your comments
+to the user list, and, if appropriate, file a tracking ticket.</p>
+
+<p>You can download this version from our <a
href="download.cgi#struts-ga">download</a> page.</p>
+
+<h4 id="a20160601">1 June 2016 - Two security vulnerabilities reported</h4>
+
+<p>Two potential security vulnerabilities were reported which were already
addressed in the latest Apache Struts 2 versions.
+Those reports just added other vectors of attack.</p>
+
+<ul>
+ <li>
+ <p><a href="/docs/s2-033.html">S2-033</a>
+Remote Code Execution can be performed when using REST Plugin with ! operator
when Dynamic Method Invocation is enabled</p>
+ </li>
+ <li>
+ <p><a href="/docs/s2-034.html">S2-034</a>
+OGNL cache poisoning can lead to DoS vulnerability</p>
+ </li>
+</ul>
+
+<p>Please read carefully the Security Bulletins and take suggested actions.
The simplest way to avoid those vulnerabilities
+in your application is to upgrade the Apache Struts to latest available
version in 2.3.x series or to the Apache Struts 2.5.</p>
+
+<p>You can download those versions from our <a
href="download.cgi#struts-ga">download</a> page.</p>
+
+<h4 id="a20160509">9 May 2016 - Struts 2.5 General Availability</h4>
+
+<p>The Apache Struts group is pleased to announce that Struts 2.5 is available
as a âGeneral Availabilityâ
+release. The GA designation is our highest quality grade.</p>
+
+<p>Apache Struts 2 is an elegant, extensible framework for creating
enterprise-ready Java web applications.
+The framework is designed to streamline the full development cycle, from
building, to deploying,
+to maintaining applications over time.</p>
+
+<p>This release contains several breaking changes and improvements just to
mention few of them:</p>
+
+<ul>
+ <li>XWork source was merged into Struts Core source, it means that there be
no more xwork artifact nor dedicated jar</li>
+ <li>Spring dependency for tests and spring plugin was upgraded to version
4.1.6, see WW-4510.</li>
+ <li>Struts2 internal logging api was marked as deprecated and was replaced
with new Log4j2 api as logging layer, see WW-4504.</li>
+ <li>Struts2 is now build with JDK7, see WW-4503.</li>
+ <li>New plugin to support bean validation is now part of the distribution,
see WW-4505.</li>
+ <li>Deprecated plugins are now removed from the distribution and are not
longer supported anymore.
+ <ul>
+ <li>Dojo Plugin</li>
+ <li>Codebehind Plugin</li>
+ <li>JSF Plugin</li>
+ <li>Struts1 Plugin</li>
+ </ul>
+ </li>
+ <li>New security option was added - Strict Method Invocation (also known as
Strict DMI), see WW-4540</li>
+ <li>Added support for latest stable AngularJS in Maven archetype, see
WW-4522</li>
+ <li>Dropped support for id and name - replaced with var, see WW-2069</li>
+ <li>Dedicated archive with a minimal set of dependencies was introduced, see
WW-4570</li>
+ <li>It is possible to use multiple names when defining a result, see
WW-4590</li>
+ <li>Rest plugin honors Accept header, see WW-4588</li>
+ <li>New result âJSONActionRedirectResultâ in json-plugin was defined,
see WW-4591</li>
+ <li>Tiles plugin was upgrade to the latest Tiles 3 and tiles3-plugin was
dropped, see WW-4584</li>
+ <li>JasperReports plugins was upgraded to JasperReport 6.0, see WW-4381</li>
+ <li>OGNL was upgraded to version 3.1.4 and it breaks access to properties as
it follows Java Bean Specification, see WW-4207 and WW-3909</li>
+ <li>Annotations to configure Tiles, see WW-4594 and Tiles Plugin</li>
+</ul>
+
+<p><strong>All developers are strongly advised to perform this
action.</strong></p>
+
+<p>The 2.5.x series of the Apache Struts framework has a minimum requirement
of the following specification versions:
+Servlet API 2.4, JSP API 2.0, and Java 7.</p>
+
+<p>Should any issues arise with your use of any version of the Struts
framework, please post your comments
+to the user list, and, if appropriate, file a tracking ticket.</p>
+
+<p>You can download this version from our <a
href="download.cgi#struts-ga">download</a> page.</p>
+
+<h4 id="a20160419">19 April 2016 - Struts 2.3.28.1 General Availability with
Security Fixes Release</h4>
+
+<p>The Apache Struts group is pleased to announce that Struts 2.3.28.1 is
available as a âGeneral Availabilityâ
+release. The GA designation is our highest quality grade.</p>
+
+<p>Apache Struts 2 is an elegant, extensible framework for creating
enterprise-ready Java web applications.
+The framework is designed to streamline the full development cycle, from
building, to deploying,
+to maintaining applications over time.</p>
+
+<p>This release addresses two potential security vulnerabilities:</p>
+
+<ul>
+ <li>
+ <p><a href="/docs/s2-031.html">S2-031</a>
+Possible RCE vulnerability in <code
class="highlighter-rouge">XSLTResult</code> was fixed.</p>
+ </li>
+ <li>
+ <p><a href="/docs/s2-032.html">S2-032</a>
+Prevents execution of chained expressions based on new <code
class="highlighter-rouge">isSequence</code> flag introduce in appropriated OGNL
versions.</p>
+ </li>
+</ul>
+
+<p><strong>All developers are strongly advised to perform this
action.</strong></p>
+
+<p>The 2.3.x series of the Apache Struts framework has a minimum requirement
of the following specification versions:
+Servlet API 2.4, JSP API 2.0, and Java 6.</p>
+
+<p>Should any issues arise with your use of any version of the Struts
framework, please post your comments
+to the user list, and, if appropriate, file a tracking ticket.</p>
+
+<p>You can download this version from our <a
href="download.cgi#struts-ga">download</a> page.</p>
+
+<h4 id="a20160419-1">19 April 2016 - Struts 2.3.20.3 & 2.3.24.3 General
Availability with Security Fixes Release</h4>
+
+<p>The Apache Struts group is pleased to announce that Struts 2.3.20.3 &
Struts 2.3.24.3 are available as a âGeneral Availabilityâ
+releases. The GA designation is our highest quality grade.</p>
+
+<p>Apache Struts 2 is an elegant, extensible framework for creating
enterprise-ready Java web applications.
+The framework is designed to streamline the full development cycle, from
building, to deploying,
+to maintaining applications over time.</p>
+
+<p>These releases address three potential security vulnerabilities:</p>
+
+<ul>
+ <li>
+ <p><a href="/docs/s2-029.html">S2-029</a>
+Forced double OGNL evaluation, when evaluated on raw user input in tag
attributes, may lead to remote code execution.</p>
+ </li>
+ <li>
+ <p><a href="/docs/s2-031.html">S2-031</a>
+Possible RCE vulnerability in <code
class="highlighter-rouge">XSLTResult</code> was fixed.</p>
+ </li>
+ <li>
+ <p><a href="/docs/s2-032.html">S2-032</a>
+Prevents execution of chained expressions based on new <code
class="highlighter-rouge">isSequence</code> flag introduce in appropriated OGNL
versions.</p>
+ </li>
+</ul>
+
+<p><strong>All developers are strongly advised to perform this
action.</strong></p>
+
+<p>The 2.3.x series of the Apache Struts framework has a minimum requirement
of the following specification versions:
+Servlet API 2.4, JSP API 2.0, and Java 6.</p>
+
+<p>Should any issues arise with your use of any version of the Struts
framework, please post your comments
+to the user list, and, if appropriate, file a tracking ticket.</p>
+
+<p>You can download these versions from our <a
href="download.cgi#prior-releases">download</a> page.</p>
+
+<h4 id="a20160318">18 March 2016 - Struts 2.3.28 General Availability with
Security Fix Release</h4>
+
+<p>The Apache Struts group is pleased to announce that Struts 2.3.28 is
available as a âGeneral Availabilityâ
+release. The GA designation is our highest quality grade.</p>
+
+<p>Apache Struts 2 is an elegant, extensible framework for creating
enterprise-ready Java web applications.
+The framework is designed to streamline the full development cycle, from
building, to deploying,
+to maintaining applications over time.</p>
+
+<p>This release addresses three potential security vulnerabilities:</p>
+
+<ul>
+ <li>
+ <p><a href="/docs/s2-028.html">S2-028</a>
+Possible XSS vulnerability in pages not using UTF-8 was fixed.</p>
+ </li>
+ <li>
+ <p><a href="/docs/s2-029.html">S2-029</a>
+Forced double OGNL evaluation, when evaluated on raw user input in tag
attributes, may lead to remote code execution.</p>
+ </li>
+ <li>
+ <p><a href="/docs/s2-030.html">S2-030</a>
+I18NInterceptor narrows selected locale to those available in JVM to reduce
possibility of another XSS vulnerability.</p>
+ </li>
+</ul>
+
+<p><strong>All developers are strongly advised to perform this
action.</strong></p>
+
+<p>This release contains several breaking changes and improvements just to
mention few of them:</p>
+
+<ul>
+ <li>New Configurationprovider type was introduced -
ServletContextAwareConfigurationProvider, see WW-4410</li>
+ <li>Setting status code in HttpHeaders isnât ignored anymore, see
WW-4545</li>
+ <li>Spring BeanPostProcessor(s) are called only once to constructed
objects., see WW-4554</li>
+ <li>OGNL was upgraded to version 3.0.13, see WW-4562</li>
+ <li>Tiles 2 Plugin was upgraded to latest available Tiles 2 version, see
WW-4568</li>
+ <li>A dedicated assembly with minimal set of jars was defined, see
WW-4570</li>
+ <li>Struts2 Rest plugin properly handles JSESSIONID with DMI, see
WW-4585</li>
+ <li>Improved the Struts2 Rest plugin to honor Accept header, see WW-4588</li>
+ <li>MessageStoreInterceptor was refactored to use PreResultListener to store
messages, see WW-4605</li>
+ <li>A new annotation was added to support configuring Tiles -
@TilesDefinition, see WW-4606</li>
+</ul>
+
+<p>and many other improvements, please check the version notes</p>
+
+<p>The 2.3.x series of the Apache Struts framework has a minimum requirement
of the following specification versions:
+Servlet API 2.4, JSP API 2.0, and Java 6.</p>
+
+<p>Should any issues arise with your use of any version of the Struts
framework, please post your comments
+to the user list, and, if appropriate, file a tracking ticket.</p>
+
+<h4 id="a20160126">26 January 2016 - Struts 2.5-BETA3 (BETA)</h4>
+
+<p>The Apache Struts group is pleased to announce that Struts 2.5-BETA3 is
available as a âBETAâ release.</p>
+
+<p>Apache Struts 2 is an elegant, extensible framework for creating
enterprise-ready Java web applications.
+The framework is designed to streamline the full development cycle, from
building, to deploying,
+to maintaining applications over time.</p>
+
+<p>This release contains several breaking changes and improvements just to
mention few of them:</p>
+
+<ul>
+ <li>Dropped support for id and name - replaced with var, see WW-2069</li>
+ <li>Dedicated archive with a minimal set of dependencies was introduced, see
WW-4570</li>
+ <li>It is possible to use multiple names when defining a result, see
WW-4590</li>
+ <li>Rest plugin honors Accept header, see WW-4588</li>
+ <li>New result âJSONActionRedirectResultâ in json-plugin was defined,
see WW-4591</li>
+ <li>Tiles plugin was upgrade to the latest Tiles 3 and tiles3-plugin was
dropped, see WW-4584</li>
+ <li>JasperReports plugins was upgraded to JasperReport 6.0, see WW-4381</li>
+ <li>OGNL was upgraded to version 3.0.11 and it breaks access to properties
as it follows Java Bean Specification,
+see WW-4207 and WW-3909
+ <ul>
+ <li>and then OGNL was upgraded to version 3.1.1, see WW-4561</li>
+ <li>and then OGNL was upgraded to version 3.2.1, see WW-4577</li>
+ </ul>
+ </li>
+</ul>
+
+<p>and many other improvements, please check the version notes</p>
+
+<p>The 2.5.x series of the Apache Struts framework has a minimum requirement
of the following specification versions:
+Servlet API 2.4, JSP API 2.0, and Java 7.</p>
+
+<p>Should any issues arise with your use of any version of the Struts
framework, please post your comments
+to the user list, and, if appropriate, file a tracking ticket.</p>
+
+<p class="pull-right">
+ Skip to: <a href="announce-2015.html">Announcements - 2015</a>
+</p>
+
+<p class="pull-left">
+ <strong>Next:</strong>
+ <a href="kickstart.html">Kickstart FAQ</a>
+</p>
+
+ </section>
+</article>
+
+
+<footer class="container">
+ <div class="col-md-12">
+ Copyright © 2000-2016 <a href="http://www.apache.org/";>The Apache
Software Foundation </a>.
+ All Rights Reserved.
+ </div>
+ <div class="col-md-12">
+ Apache Struts, Struts, Apache, the Apache feather logo, and the Apache
Struts project logos are
+ trademarks of The Apache Software Foundation.
+ </div>
+ <div class="col-md-12">Logo and website design donated by <a
href="https://softwaremill.com/";>SoftwareMill</a>.</div>
+</footer>
+
+<script>!function (d, s, id) {
+ var js, fjs = d.getElementsByTagName(s)[0];
+ if (!d.getElementById(id)) {
+ js = d.createElement(s);
+ js.id = id;
+ js.src = "//platform.twitter.com/widgets.js";
+ fjs.parentNode.insertBefore(js, fjs);
+ }
+}(document, "script", "twitter-wjs");</script>
+<script src="https://apis.google.com/js/platform.js"; async="async"
defer="defer"></script>
+
+<div id="fb-root"></div>
+
+<script>(function (d, s, id) {
+ var js, fjs = d.getElementsByTagName(s)[0];
+ if (d.getElementById(id)) return;
+ js = d.createElement(s);
+ js.id = id;
+ js.src = "//connect.facebook.net/en_GB/all.js#xfbml=1";
+ fjs.parentNode.insertBefore(js, fjs);
+}(document, 'script', 'facebook-jssdk'));</script>
+
+
+<script>
+$(function() {
+ return $("h2, h3, h4, h5, h6").each(function(i, el) {
+ var $el, icon, id;
+ $el = $(el);
+ id = $el.attr('id');
+ icon = '<i class="fa fa-link"></i>';
+ if (id) {
+ return $el.prepend($("<a />").addClass("header-link").attr("href", "#" +
id).html(icon));
+ }
+ });
+});
+</script>
+
+</body>
+</html>
Modified: websites/production/struts/content/announce.html
==============================================================================
--- websites/production/struts/content/announce.html (original)
+++ websites/production/struts/content/announce.html Fri Feb 3 13:47:41 2017
@@ -121,378 +121,40 @@
<h1 id="announcements">Announcements</h1>
<p class="pull-right">
- Skip to: <a href="announce-2015.html">Announcements - 2015</a>
+ Skip to: <a href="announce-2016.html">Announcements - 2016</a>
</p>
-<h4 id="a20161219">19 Decemeber 2016 - Struts 2.5.8 General Availability</h4>
+<h4 id="a20170203">3 February 2016 - Struts 2.5.10 General Availability</h4>
-<p>The Apache Struts group is pleased to announce that Struts 2.5.8 is
available as a âGeneral Availabilityâ
+<p>The Apache Struts group is pleased to announce that Struts 2.5.10 is
available as a âGeneral Availabilityâ
release. The GA designation is our highest quality grade.</p>
<p>Apache Struts 2 is an elegant, extensible framework for creating
enterprise-ready Java web applications.
The framework is designed to streamline the full development cycle, from
building, to deploying,
to maintaining applications over time.</p>
-<p>This release addresses one potential security vulnerability:</p>
-
-<ul>
- <li>Possible DoS attack when using URLValidator - <a
href="/docs/s2-044.html">S2-044</a></li>
-</ul>
-
-<p>Also this release contains several breaking changes and improvements just
to mention few of them:</p>
-
-<ul>
- <li>Included XSL filesâ URI not being resolved for actions with result
<code class="highlighter-rouge">type="xslt"</code>, see WW-2561</li>
- <li><code class="highlighter-rouge">ConcurrentModificationException</code>
using <code class="highlighter-rouge">s:iterator</code> (intermittent), see
WW-3019</li>
- <li><code class="highlighter-rouge">ObjectFactory</code> reporting ERRORâs
when you attempt to set parameters on a Redirect result, see WW-3170</li>
- <li>preselect values in <code
class="highlighter-rouge"><s:optgroup></code>, see WW-4367</li>
- <li>File upload error message always in default language, see WW-4636</li>
- <li>Can no longer clear parameter on a <code
class="highlighter-rouge"><s:url></code> tag, see WW-4701</li>
- <li>List based parameters no longer work when there is only one value, see
WW-4702</li>
- <li><code class="highlighter-rouge">NullPointerException</code> in <code
class="highlighter-rouge">ActionSupport</code> when use <code
class="highlighter-rouge">ModelDriven</code>, see WW-4703</li>
- <li>Multiselect parameter behavior different between struts 2.5.5 and 2.5.1,
see WW-4707</li>
- <li>Invalid field value for field âidâ, see WW-4709</li>
- <li>Scope interceptor always resets because of <code
class="highlighter-rouge">org.apache.struts2.dispatcher.HttpParameters</code>,
see WW-4715</li>
- <li><code class="highlighter-rouge">focusElement</code> form attribute not
working, see WW-4718</li>
- <li>Portlet Issue with <code
class="highlighter-rouge">I18Interceptor</code>, see WW-4722</li>
- <li>Allow <code class="highlighter-rouge"><constant/></code> value
substitution in XML configuration, see WW-4698</li>
- <li>Upgrade to latest OGNL version, see WW-4704</li>
- <li>Add support for long type to <code
class="highlighter-rouge"><s:date></code> tag, see WW-4705</li>
- <li>Disallow access to <code
class="highlighter-rouge">HttpParameters.toMap</code>, see WW-4710</li>
- <li><code class="highlighter-rouge"><s:text/></code> tag should not
evaluate <code class="highlighter-rouge">defaultMessage</code> against a <code
class="highlighter-rouge">ValueStack</code> by default, see WW-4711</li>
- <li><code class="highlighter-rouge">TextProviderHelper#getText()</code>
should perform cleaning of <code
class="highlighter-rouge">defaultMessage</code>, see WW-4712</li>
- <li>Refactor file upload support to allow create virtual representation of
<code class="highlighter-rouge">java.io.File</code>, see WW-4717</li>
- <li>Move <code class="highlighter-rouge">DefaultClassFinder</code> into
<code class="highlighter-rouge">Convention</code> plugin, see WW-4719</li>
- <li><code class="highlighter-rouge">HttpParameters</code> should behave like
a <code class="highlighter-rouge">Map</code>, see WW-4720</li>
- <li>Add support for <code class="highlighter-rouge">roundingMode</code> in
<code class="highlighter-rouge"><s:number/></code> tag, see WW-4721</li>
-</ul>
-
-<p><strong>All developers are strongly advised to perform this
action.</strong></p>
-
-<p>The 2.5.x series of the Apache Struts framework has a minimum requirement
of the following specification versions:
-Servlet API 2.4, JSP API 2.0, and Java 7.</p>
-
-<p>Should any issues arise with your use of any version of the Struts
framework, please post your comments
-to the user list, and, if appropriate, file a tracking ticket.</p>
-
-<p>You can download this version from our <a
href="download.cgi#struts-ga">download</a> page.</p>
-
-<h4 id="a20161021">21 October 2016 - Struts 2.5.5 General Availability</h4>
-
-<p>The Apache Struts group is pleased to announce that Struts 2.5.5 is
available as a âGeneral Availabilityâ
-release. The GA designation is our highest quality grade.</p>
-
-<p>Apache Struts 2 is an elegant, extensible framework for creating
enterprise-ready Java web applications.
-The framework is designed to streamline the full development cycle, from
building, to deploying,
-to maintaining applications over time.</p>
-
-<p>This release contains several breaking changes and improvements just to
mention few of them:</p>
-
-<ul>
- <li>webconsole can always be accessed, see WW-4601</li>
- <li>Space character and includeParams, see WW-4628</li>
- <li>Empty <s:param name="p1" value=""></s:param> is being supressed, see
WW-4631</li>
- <li>remove ASM 3 from struts2, see WW-4646</li>
- <li>SMI do not work with JSON plugin, see WW-4649</li>
- <li>Concurrency issue in addDefaultResourceBundle, see WW-4652</li>
- <li>Action parameters should be included when building the URL to action,
see WW-4654</li>
- <li>StreamResult closes outputstream early, see WW-4662</li>
- <li>NullPointerException when displaying a form without action attribute,
see WW-4663</li>
- <li>ParametersInterceptor excludeParams only applies to first instance of
params interceptor in paramsPrepareParamsStack, see WW-4667</li>
- <li>URL validator is case sensitive, see WW-4671</li>
- <li>Select box does not pre-select chosen values, see WW-4675</li>
- <li>Tiles-Plugin unable to load tiles definition XML, see WW-4679</li>
- <li>Missing brackets in checkbox.ftl of css_xhtml template, see WW-4681</li>
- <li>Move Struts Archetypes to dedicated project, see WW-4316</li>
- <li>Add dedicated class to represent Http Parameters, see WW-4572</li>
- <li>ParametersInterceptor should check collection index to against DOS, see
WW-4620</li>
- <li>Move example portlet-app into struts-examples, see WW-4660</li>
- <li>Upgrade JFreeChart plugin to the latest version of JFreeChart, see
WW-4670</li>
- <li>StrutsPrepareAndExecuteFilter should check for response commited status,
see WW-4674</li>
- <li>ConversionErrorInterceptor to extend MethodFilterInterceptor, see
WW-4676</li>
- <li>I18N Interceptor automatically validates Locale, see WW-4677</li>
- <li>Upgrade Tiles to 3.0.7 GA version, see WW-4680</li>
- <li>Allow directly accessing I18N keys from Tiles defintions, see
WW-4685</li>
- <li>Merge two existing I18NInterceptors into one, see WW-4686</li>
- <li>Exclude âjava.ext.dirsâ when scanning for actions, see WW-4688</li>
- <li>CycleDetector - use enum instead of String constants, see WW-4689</li>
- <li>Upgrade Commons Collections to 4.1, see WW-4695</li>
- <li>Upgrade to Log4j 2.7, see WW-4696</li>
- <li>Warn about excluded action/method only when DMI is disabled, see
WW-4697</li>
-</ul>
-
-<p><strong>All developers are strongly advised to perform this
action.</strong></p>
-
-<p>The 2.5.x series of the Apache Struts framework has a minimum requirement
of the following specification versions:
-Servlet API 2.4, JSP API 2.0, and Java 7.</p>
-
-<p>Should any issues arise with your use of any version of the Struts
framework, please post your comments
-to the user list, and, if appropriate, file a tracking ticket.</p>
-
-<p>You can download this version from our <a
href="download.cgi#struts-ga">download</a> page.</p>
-
-<h4 id="a20161018">18 October 2016 - Struts 2.3.31 General Availability</h4>
-
-<p>The Apache Struts group is pleased to announce that Struts 2.3.31 is
available as a âGeneral Availabilityâ
-release. The GA designation is our highest quality grade.</p>
-
-<p>Apache Struts 2 is an elegant, extensible framework for creating
enterprise-ready Java web applications.
-The framework is designed to streamline the full development cycle, from
building, to deploying,
-to maintaining applications over time.</p>
-
-<p>This release addresses two potential security vulnerabilities:</p>
-
-<ul>
- <li>Possible path traversal in the Convention plugin <a
href="/docs/s2-042.html">S2-042</a></li>
- <li>Using the Config Browser plugin in production <a
href="/docs/s2-043.html">S2-043</a></li>
-</ul>
-
-<p>Also this release contains several breaking changes and improvements just
to mention few of them:</p>
-
-<ul>
- <li>webconsole can always be accessed, see WW-4601</li>
- <li>Space character and includeParams,see WW-4628</li>
- <li>ParametersInterceptor excludeParams only applies to first instance of
params interceptor in paramsPrepareParamsStack,see WW-4667</li>
- <li>Select box does not pre-select chosen values,see WW-4675</li>
- <li>StrutsPrepareAndExecuteFilter should check for response committed
status,see WW-4674</li>
- <li>Allow directly accessing I18N keys from Tiles definitions,see
WW-4685</li>
-</ul>
-
-<p><strong>All developers are strongly advised to perform this
action.</strong></p>
-
-<p>The 2.3.x series of the Apache Struts framework has a minimum requirement
of the following specification versions:
-Servlet API 2.4, JSP API 2.0, and Java 6.</p>
-
-<p>Should any issues arise with your use of any version of the Struts
framework, please post your comments
-to the user list, and, if appropriate, file a tracking ticket.</p>
-
-<p>You can download this version from our <a
href="download.cgi#struts-2331">download</a> page.</p>
-
-<h4 id="a20160707">7 July 2016 - Struts 2.5.2 General Availability</h4>
-
-<p>The Apache Struts group is pleased to announce that Struts 2.5.2 is
available as a âGeneral Availabilityâ
-release. The GA designation is our highest quality grade.</p>
-
-<p>Apache Struts 2 is an elegant, extensible framework for creating
enterprise-ready Java web applications.
-The framework is designed to streamline the full development cycle, from
building, to deploying,
-to maintaining applications over time.</p>
-
-<p>Struts 2.5.2 release contains several improvements just to mention few of
them:</p>
-
-<ul>
- <li>SecurityMemberAccess exclude class design issue, see WW-4645</li>
- <li>Json deserialization does not work in 2.5.1, see WW-4650</li>
- <li>Negative number is considered an arithmetic expression, see WW-4651</li>
- <li>Wildcard redirect and path <code
class="highlighter-rouge">/static/</code>, see WW-4656</li>
- <li>Upgrade commons-fileupload to the latest version, see WW-4648</li>
- <li>Cleans up logic in <code class="highlighter-rouge">StreamResult</code>
and update docs, see WW-4655</li>
-</ul>
-
-<p><strong>All developers are strongly advised to perform this
action.</strong></p>
-
-<p>The 2.5.x series of the Apache Struts framework has a minimum requirement
of the following specification versions:
-Servlet API 2.4, JSP API 2.0, and Java 7.</p>
-
-<p>Should any issues arise with your use of any version of the Struts
framework, please post your comments
-to the user list, and, if appropriate, file a tracking ticket.</p>
-
-<p>You can download this version from our <a
href="download.cgi#struts-ga">download</a> page.</p>
-
-<h4 id="a20160707-2">7 July 2016 - Struts 2.3.30 General Availability</h4>
-
-<p>The Apache Struts group is pleased to announce that Struts 2.3.30 is
available as a âGeneral Availabilityâ
-release. The GA designation is our highest quality grade.</p>
-
-<p>Apache Struts 2 is an elegant, extensible framework for creating
enterprise-ready Java web applications.
-The framework is designed to streamline the full development cycle, from
building, to deploying,
-to maintaining applications over time.</p>
-
-<p>This release contains several breaking changes and improvements just to
mention few of them:</p>
-
-<ul>
- <li>Pre-evaluation of ânameâ attribute stopped working, see WW-4641</li>
- <li>Unable to retrieve <code class="highlighter-rouge">s:hidden</code> field
values, see WW-4642</li>
- <li>SecurityMemberAccess exclude class design issue, see WW-4645</li>
- <li>Negative number is considered an arithmetic expression, see WW-4651</li>
- <li>Upgrade commons-fileupload to the latest version, see WW-4648</li>
-</ul>
-
-<p><strong>All developers are strongly advised to perform this
action.</strong></p>
-
-<p>The 2.3.x series of the Apache Struts framework has a minimum requirement
of the following specification versions:
-Servlet API 2.4, JSP API 2.0, and Java 6.</p>
-
-<p>Should any issues arise with your use of any version of the Struts
framework, please post your comments
-to the user list, and, if appropriate, file a tracking ticket.</p>
-
-<p>You can download this version from our <a
href="download.cgi#struts-2330">download</a> page.</p>
-
-<h4 id="a20160618">18 June 2016 - Struts 2.5.1 General Availability</h4>
-
-<p>The Apache Struts group is pleased to announce that Struts 2.5.1 is
available as a âGeneral Availabilityâ
-release. The GA designation is our highest quality grade.</p>
-
-<p>Apache Struts 2 is an elegant, extensible framework for creating
enterprise-ready Java web applications.
-The framework is designed to streamline the full development cycle, from
building, to deploying,
-to maintaining applications over time.</p>
-
-<p>This release addresses one potential security vulnerability:</p>
-
-<ul>
- <li><a href="/docs/s2-041.html">S2-041</a>
-Possible DoS attack when using URLValidator</li>
-</ul>
-
-<p>Also all security patches applied to version Struts 2.3.29 were also
applied to this version (just in case).</p>
-
-<p>This release contains several improvements just to mention few of them:</p>
-
-<ul>
- <li>contentType override ignored for JSONInterceptor - see WW-4558</li>
- <li>MessageStorePreResultListener does not store messages for 3rd-party
RedirectResult subclasses - see WW-4618</li>
- <li>EmailValidator flags .cat emails as invalid - see WW-4626</li>
- <li>SMI cannot be disabled - see WW-4632</li>
- <li>Centre alignment does not seem to work in Velocity tags - see
WW-4634</li>
- <li>Unable to process Jar entry (javassist-3.20.0-GA.jar) - see WW-4637</li>
- <li>Strict Method Invocation breaks Action-Less Results - see WW-4643</li>
- <li>When method is not allowed throw exception with meaningful message - see
WW-4640</li>
- <li>update struts2 bom - see WW-4644</li>
-</ul>
-
-<p><strong>All developers are strongly advised to perform this
action.</strong></p>
-
-<p>The 2.5.x series of the Apache Struts framework has a minimum requirement
of the following specification versions:
-Servlet API 2.4, JSP API 2.0, and Java 7.</p>
-
-<p>Should any issues arise with your use of any version of the Struts
framework, please post your comments
-to the user list, and, if appropriate, file a tracking ticket.</p>
-
-<p>You can download this version from our <a
href="download.cgi#struts-ga">download</a> page.</p>
-
-<h4 id="a20160617">17 June 2016 - Struts 2.3.29 General Availability with
Security Fixes Release</h4>
-
-<p>The Apache Struts group is pleased to announce that Struts 2.3.29 is
available as a âGeneral Availabilityâ
-release. The GA designation is our highest quality grade.</p>
-
-<p>Apache Struts 2 is an elegant, extensible framework for creating
enterprise-ready Java web applications.
-The framework is designed to streamline the full development cycle, from
building, to deploying,
-to maintaining applications over time.</p>
-
-<p>This release addresses these potential security vulnerabilities:</p>
-
-<ul>
- <li>
- <p><a href="/docs/s2-035.html">S2-035</a>
-Action name clean up is error prone</p>
- </li>
- <li>
- <p><a href="/docs/s2-036.html">S2-036</a>
-Forced double OGNL evaluation, when evaluated on raw user input in tag
attributes,
-may lead to remote code execution (similar to S2-029)</p>
- </li>
- <li>
- <p><a href="/docs/s2-037.html">S2-037</a>
-Remote Code Execution can be performed when using REST Plugin.</p>
- </li>
- <li>
- <p><a href="/docs/s2-038.html">S2-038</a>
-It is possible to bypass token validation and perform a CSRF attack</p>
- </li>
- <li>
- <p><a href="/docs/s2-039.html">S2-039</a>
-Getter as action method leads to security bypass</p>
- </li>
- <li>
- <p><a href="/docs/s2-040.html">S2-040</a>
-Input validation bypass using existing default action method.</p>
- </li>
- <li>
- <p><a href="/docs/s2-041.html">S2-041</a>
-Possible DoS attack when using URLValidator</p>
- </li>
-</ul>
-
<p>This release contains several breaking changes and improvements just to
mention few of them:</p>
<ul>
- <li>Json result type breaks</li>
- <li>MessageStorePreResultListener doesnât store messages for 3rd-party
RedirectResult subclasses</li>
- <li>Multiple tiles.xml in web.xml</li>
- <li>New Tiles version can not find tiles*.xml files in sub-directories</li>
- <li>EmailValidator flags .cat emails as invalid</li>
- <li>Struts2 JSON Plugin: messages in fieldsErrors are serialized twice since
jdk1.7_80</li>
- <li>Tile definition Inheritance/overriding is broken in Struts2 tiles plugin
2.3.28+</li>
- <li><code class="highlighter-rouge"><s:submit></code> generates a
value attribute for type=image which violates W3C</li>
- <li>ClassCastException while generating report using Struts 2.3.28 and
jasperreports 4.5.1</li>
-</ul>
-
-<p><strong>All developers are strongly advised to perform this
action.</strong></p>
-
-<p>The 2.3.x series of the Apache Struts framework has a minimum requirement
of the following specification versions:
-Servlet API 2.4, JSP API 2.0, and Java 6.</p>
-
-<p>Should any issues arise with your use of any version of the Struts
framework, please post your comments
-to the user list, and, if appropriate, file a tracking ticket.</p>
-
-<p>You can download this version from our <a
href="download.cgi#struts-ga">download</a> page.</p>
-
-<h4 id="a20160601">1 June 2016 - Two security vulnerabilities reported</h4>
-
-<p>Two potential security vulnerabilities were reported which were already
addressed in the latest Apache Struts 2 versions.
-Those reports just added other vectors of attack.</p>
-
-<ul>
- <li>
- <p><a href="/docs/s2-033.html">S2-033</a>
-Remote Code Execution can be performed when using REST Plugin with ! operator
when Dynamic Method Invocation is enabled</p>
- </li>
- <li>
- <p><a href="/docs/s2-034.html">S2-034</a>
-OGNL cache poisoning can lead to DoS vulnerability</p>
- </li>
-</ul>
-
-<p>Please read carefully the Security Bulletins and take suggested actions.
The simplest way to avoid those vulnerabilities
-in your application is to upgrade the Apache Struts to latest available
version in 2.3.x series or to the Apache Struts 2.5.</p>
-
-<p>You can download those versions from our <a
href="download.cgi#struts-ga">download</a> page.</p>
-
-<h4 id="a20160509">9 May 2016 - Struts 2.5 General Availability</h4>
-
-<p>The Apache Struts group is pleased to announce that Struts 2.5 is available
as a âGeneral Availabilityâ
-release. The GA designation is our highest quality grade.</p>
-
-<p>Apache Struts 2 is an elegant, extensible framework for creating
enterprise-ready Java web applications.
-The framework is designed to streamline the full development cycle, from
building, to deploying,
-to maintaining applications over time.</p>
-
-<p>This release contains several breaking changes and improvements just to
mention few of them:</p>
-
-<ul>
- <li>XWork source was merged into Struts Core source, it means that there be
no more xwork artifact nor dedicated jar</li>
- <li>Spring dependency for tests and spring plugin was upgraded to version
4.1.6, see WW-4510.</li>
- <li>Struts2 internal logging api was marked as deprecated and was replaced
with new Log4j2 api as logging layer, see WW-4504.</li>
- <li>Struts2 is now build with JDK7, see WW-4503.</li>
- <li>New plugin to support bean validation is now part of the distribution,
see WW-4505.</li>
- <li>Deprecated plugins are now removed from the distribution and are not
longer supported anymore.
- <ul>
- <li>Dojo Plugin</li>
- <li>Codebehind Plugin</li>
- <li>JSF Plugin</li>
- <li>Struts1 Plugin</li>
- </ul>
- </li>
- <li>New security option was added - Strict Method Invocation (also known as
Strict DMI), see WW-4540</li>
- <li>Added support for latest stable AngularJS in Maven archetype, see
WW-4522</li>
- <li>Dropped support for id and name - replaced with var, see WW-2069</li>
- <li>Dedicated archive with a minimal set of dependencies was introduced, see
WW-4570</li>
- <li>It is possible to use multiple names when defining a result, see
WW-4590</li>
- <li>Rest plugin honors Accept header, see WW-4588</li>
- <li>New result âJSONActionRedirectResultâ in json-plugin was defined,
see WW-4591</li>
- <li>Tiles plugin was upgrade to the latest Tiles 3 and tiles3-plugin was
dropped, see WW-4584</li>
- <li>JasperReports plugins was upgraded to JasperReport 6.0, see WW-4381</li>
- <li>OGNL was upgraded to version 3.1.4 and it breaks access to properties as
it follows Java Bean Specification, see WW-4207 and WW-3909</li>
- <li>Annotations to configure Tiles, see WW-4594 and Tiles Plugin</li>
+ <li>How to handle 404 when using wildcard instead of error 500 when the
wildcard method doesnât exist</li>
+ <li>MessageStoreInterceptor must handle all redirects</li>
+ <li><code class="highlighter-rouge">MaxMultiPartUpload</code> limited to 2GB
(Long â> Integer)</li>
+ <li>Struts 2.5.8 no longer supports the <code
class="highlighter-rouge"><include></code> directive in the <code
class="highlighter-rouge">struts.xml</code></li>
+ <li><code class="highlighter-rouge">JSONValidationInterceptor</code> change
static parameters names</li>
+ <li><code class="highlighter-rouge">ServletDispatcherResult</code> canât
handle parameters anymore</li>
+ <li><code class="highlighter-rouge">TokenInterceptor</code> synchronized on
<code class="highlighter-rouge">session.getId().intern()</code></li>
+ <li>XSLT error during transformation</li>
+ <li>No default parameter defined for result <code
class="highlighter-rouge">json</code> of type <code
class="highlighter-rouge">org.apache.struts2.json.JSONResult</code></li>
+ <li><code class="highlighter-rouge">I18Interceptor</code> ignores session or
cookie Locale after first lookup failure</li>
+ <li><code class="highlighter-rouge">EmailValidator</code> does not accept
new domain suffixes</li>
+ <li><code class="highlighter-rouge">AnnotationValidationInterceptor</code> :
<code class="highlighter-rouge">NullPointerException</code> when method is
null</li>
+ <li><code class="highlighter-rouge">struts.xml</code> include not loading in
dependant jar files</li>
+ <li><code class="highlighter-rouge">AnnotationValidationInterceptor</code>
should consult <code class="highlighter-rouge">UnknownHandler</code> before
throwing <code class="highlighter-rouge">NoSuchMethodException</code></li>
+ <li><code class="highlighter-rouge">ActionSupport.LOG</code> should be
private</li>
+ <li>Remove <code class="highlighter-rouge">StrutsObjectFactory</code> and
define <code class="highlighter-rouge">StrutsInterceptorFactory</code>
instead</li>
+ <li>Make <code class="highlighter-rouge">OgnlValueStack</code> and <code
class="highlighter-rouge">OgnlValueStackFactory</code> More Extensible</li>
+ <li>Make interceptor parameters dynamic</li>
+ <li>allow include other config files from classpath</li>
</ul>
<p><strong>All developers are strongly advised to perform this
action.</strong></p>
@@ -505,162 +167,8 @@ to the user list, and, if appropriate, f
<p>You can download this version from our <a
href="download.cgi#struts-ga">download</a> page.</p>
-<h4 id="a20160419">19 April 2016 - Struts 2.3.28.1 General Availability with
Security Fixes Release</h4>
-
-<p>The Apache Struts group is pleased to announce that Struts 2.3.28.1 is
available as a âGeneral Availabilityâ
-release. The GA designation is our highest quality grade.</p>
-
-<p>Apache Struts 2 is an elegant, extensible framework for creating
enterprise-ready Java web applications.
-The framework is designed to streamline the full development cycle, from
building, to deploying,
-to maintaining applications over time.</p>
-
-<p>This release addresses two potential security vulnerabilities:</p>
-
-<ul>
- <li>
- <p><a href="/docs/s2-031.html">S2-031</a>
-Possible RCE vulnerability in <code
class="highlighter-rouge">XSLTResult</code> was fixed.</p>
- </li>
- <li>
- <p><a href="/docs/s2-032.html">S2-032</a>
-Prevents execution of chained expressions based on new <code
class="highlighter-rouge">isSequence</code> flag introduce in appropriated OGNL
versions.</p>
- </li>
-</ul>
-
-<p><strong>All developers are strongly advised to perform this
action.</strong></p>
-
-<p>The 2.3.x series of the Apache Struts framework has a minimum requirement
of the following specification versions:
-Servlet API 2.4, JSP API 2.0, and Java 6.</p>
-
-<p>Should any issues arise with your use of any version of the Struts
framework, please post your comments
-to the user list, and, if appropriate, file a tracking ticket.</p>
-
-<p>You can download this version from our <a
href="download.cgi#struts-ga">download</a> page.</p>
-
-<h4 id="a20160419-1">19 April 2016 - Struts 2.3.20.3 & 2.3.24.3 General
Availability with Security Fixes Release</h4>
-
-<p>The Apache Struts group is pleased to announce that Struts 2.3.20.3 &
Struts 2.3.24.3 are available as a âGeneral Availabilityâ
-releases. The GA designation is our highest quality grade.</p>
-
-<p>Apache Struts 2 is an elegant, extensible framework for creating
enterprise-ready Java web applications.
-The framework is designed to streamline the full development cycle, from
building, to deploying,
-to maintaining applications over time.</p>
-
-<p>These releases address three potential security vulnerabilities:</p>
-
-<ul>
- <li>
- <p><a href="/docs/s2-029.html">S2-029</a>
-Forced double OGNL evaluation, when evaluated on raw user input in tag
attributes, may lead to remote code execution.</p>
- </li>
- <li>
- <p><a href="/docs/s2-031.html">S2-031</a>
-Possible RCE vulnerability in <code
class="highlighter-rouge">XSLTResult</code> was fixed.</p>
- </li>
- <li>
- <p><a href="/docs/s2-032.html">S2-032</a>
-Prevents execution of chained expressions based on new <code
class="highlighter-rouge">isSequence</code> flag introduce in appropriated OGNL
versions.</p>
- </li>
-</ul>
-
-<p><strong>All developers are strongly advised to perform this
action.</strong></p>
-
-<p>The 2.3.x series of the Apache Struts framework has a minimum requirement
of the following specification versions:
-Servlet API 2.4, JSP API 2.0, and Java 6.</p>
-
-<p>Should any issues arise with your use of any version of the Struts
framework, please post your comments
-to the user list, and, if appropriate, file a tracking ticket.</p>
-
-<p>You can download these versions from our <a
href="download.cgi#prior-releases">download</a> page.</p>
-
-<h4 id="a20160318">18 March 2016 - Struts 2.3.28 General Availability with
Security Fix Release</h4>
-
-<p>The Apache Struts group is pleased to announce that Struts 2.3.28 is
available as a âGeneral Availabilityâ
-release. The GA designation is our highest quality grade.</p>
-
-<p>Apache Struts 2 is an elegant, extensible framework for creating
enterprise-ready Java web applications.
-The framework is designed to streamline the full development cycle, from
building, to deploying,
-to maintaining applications over time.</p>
-
-<p>This release addresses three potential security vulnerabilities:</p>
-
-<ul>
- <li>
- <p><a href="/docs/s2-028.html">S2-028</a>
-Possible XSS vulnerability in pages not using UTF-8 was fixed.</p>
- </li>
- <li>
- <p><a href="/docs/s2-029.html">S2-029</a>
-Forced double OGNL evaluation, when evaluated on raw user input in tag
attributes, may lead to remote code execution.</p>
- </li>
- <li>
- <p><a href="/docs/s2-030.html">S2-030</a>
-I18NInterceptor narrows selected locale to those available in JVM to reduce
possibility of another XSS vulnerability.</p>
- </li>
-</ul>
-
-<p><strong>All developers are strongly advised to perform this
action.</strong></p>
-
-<p>This release contains several breaking changes and improvements just to
mention few of them:</p>
-
-<ul>
- <li>New Configurationprovider type was introduced -
ServletContextAwareConfigurationProvider, see WW-4410</li>
- <li>Setting status code in HttpHeaders isnât ignored anymore, see
WW-4545</li>
- <li>Spring BeanPostProcessor(s) are called only once to constructed
objects., see WW-4554</li>
- <li>OGNL was upgraded to version 3.0.13, see WW-4562</li>
- <li>Tiles 2 Plugin was upgraded to latest available Tiles 2 version, see
WW-4568</li>
- <li>A dedicated assembly with minimal set of jars was defined, see
WW-4570</li>
- <li>Struts2 Rest plugin properly handles JSESSIONID with DMI, see
WW-4585</li>
- <li>Improved the Struts2 Rest plugin to honor Accept header, see WW-4588</li>
- <li>MessageStoreInterceptor was refactored to use PreResultListener to store
messages, see WW-4605</li>
- <li>A new annotation was added to support configuring Tiles -
@TilesDefinition, see WW-4606</li>
-</ul>
-
-<p>and many other improvements, please check the version notes</p>
-
-<p>The 2.3.x series of the Apache Struts framework has a minimum requirement
of the following specification versions:
-Servlet API 2.4, JSP API 2.0, and Java 6.</p>
-
-<p>Should any issues arise with your use of any version of the Struts
framework, please post your comments
-to the user list, and, if appropriate, file a tracking ticket.</p>
-
-<h4 id="a20160126">26 January 2016 - Struts 2.5-BETA3 (BETA)</h4>
-
-<p>The Apache Struts group is pleased to announce that Struts 2.5-BETA3 is
available as a âBETAâ release.</p>
-
-<p>Apache Struts 2 is an elegant, extensible framework for creating
enterprise-ready Java web applications.
-The framework is designed to streamline the full development cycle, from
building, to deploying,
-to maintaining applications over time.</p>
-
-<p>This release contains several breaking changes and improvements just to
mention few of them:</p>
-
-<ul>
- <li>Dropped support for id and name - replaced with var, see WW-2069</li>
- <li>Dedicated archive with a minimal set of dependencies was introduced, see
WW-4570</li>
- <li>It is possible to use multiple names when defining a result, see
WW-4590</li>
- <li>Rest plugin honors Accept header, see WW-4588</li>
- <li>New result âJSONActionRedirectResultâ in json-plugin was defined,
see WW-4591</li>
- <li>Tiles plugin was upgrade to the latest Tiles 3 and tiles3-plugin was
dropped, see WW-4584</li>
- <li>JasperReports plugins was upgraded to JasperReport 6.0, see WW-4381</li>
- <li>OGNL was upgraded to version 3.0.11 and it breaks access to properties
as it follows Java Bean Specification,
-see WW-4207 and WW-3909
- <ul>
- <li>and then OGNL was upgraded to version 3.1.1, see WW-4561</li>
- <li>and then OGNL was upgraded to version 3.2.1, see WW-4577</li>
- </ul>
- </li>
-</ul>
-
-<p>and many other improvements, please check the version notes</p>
-
-<p>The 2.5.x series of the Apache Struts framework has a minimum requirement
of the following specification versions:
-Servlet API 2.4, JSP API 2.0, and Java 7.</p>
-
-<p>Should any issues arise with your use of any version of the Struts
framework, please post your comments
-to the user list, and, if appropriate, file a tracking ticket.</p>
-
<p class="pull-right">
- Skip to: <a href="announce-2015.html">Announcements - 2015</a>
+ Skip to: <a href="announce-2016.html">Announcements - 2016</a>
</p>
<p class="pull-left">
Modified: websites/production/struts/content/docs/ajax-validation.html
==============================================================================
--- websites/production/struts/content/docs/ajax-validation.html (original)
+++ websites/production/struts/content/docs/ajax-validation.html Fri Feb 3
13:47:41 2017
@@ -138,7 +138,16 @@ under the License.
<div class="pagecontent">
<div class="wiki-content">
- <div id="ConfluenceContent"><h2
id="AJAXValidation-Description">Description</h2><p>Struts provides <a
shape="rect" href="client-validation.html">client side validation</a>(using
JavaScript) for a few validators. Using AJAX validation, all <a shape="rect"
href="validation.html">validators</a> available to the application on the
server side can be used without forcing the page to reload, just to show
validation errors. AJAX validation has a server side, which is in included in
<a shape="rect"
href="https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=34268";>JSON
Plugin</a> (an interceptor and a result). Client side must be handled by
applictions themself. One reason for that is there are too many JavaScript
frameworks and libraries. Struts has no preference which of them you use.
Previous versions of Struts included a client side which was relying on the
Dojo JS framework and was located in Struts Dojo plugin. That has been
deprecated for a long time and was ev
entually removed.</p><h2 id="AJAXValidation-Example">Example</h2><p>This
example is taken from the Struts showcase application.</p><h3
id="AJAXValidation-Createtheactionclass">Create the action class</h3><div
class="code panel pdl" style="border-width: 1px;"><div class="codeContent
panelContent pdl">
+ <div id="ConfluenceContent"><p><style type="text/css">/*<![CDATA[*/
+div.rbtoc1484828425540 {padding: 0px;}
+div.rbtoc1484828425540 ul {list-style: disc;margin-left: 0px;}
+div.rbtoc1484828425540 li {margin-left: 0px;padding-left: 0px;}
+
+/*]]>*/</style></p><div class="toc-macro rbtoc1484828425540">
+<ul class="toc-indentation"><li><a shape="rect"
href="#AJAXValidation-Description">Description</a></li><li><a shape="rect"
href="#AJAXValidation-Example">Example</a>
+<ul class="toc-indentation"><li><a shape="rect"
href="#AJAXValidation-Createtheactionclass">Create the action
class</a></li><li><a shape="rect" href="#AJAXValidation-MaptheAction">Map the
Action</a></li><li><a shape="rect" href="#AJAXValidation-CreatetheJSP">Create
the JSP</a></li><li><a shape="rect" href="#AJAXValidation-CustomTheme">Custom
Theme</a></li><li><a shape="rect" href="#AJAXValidation-CSS">CSS</a></li><li><a
shape="rect" href="#AJAXValidation-JavaScript">JavaScript</a></li></ul>
+</li><li><a shape="rect" href="#AJAXValidation-Howitworks">How it
works</a></li><li><a shape="rect"
href="#AJAXValidation-JSONValidationInterceptorparameters">JSONValidationInterceptor
parameters</a></li><li><a shape="rect"
href="#AJAXValidation-FlowchartofAJAXvalidation">Flow chart of AJAX
validation</a></li></ul>
+</div><h2 id="AJAXValidation-Description">Description</h2><p>Struts provides
<a shape="rect" href="client-validation.html">client side validation</a>(using
JavaScript) for a few validators. Using AJAX validation, all <a shape="rect"
href="validation.html">validators</a> available to the application on the
server side can be used without forcing the page to reload, just to show
validation errors. AJAX validation has a server side, which is in included in
<a shape="rect"
href="https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=34268";>JSON
Plugin</a> (an interceptor and a result). Client side must be handled by
applictions themself. One reason for that is there are too many JavaScript
frameworks and libraries. Struts has no preference which of them you use.
Previous versions of Struts included a client side which was relying on the
Dojo JS framework and was located in Struts Dojo plugin. That has been
deprecated for a long time and was eventually removed.</p><h2 id="AJAXV
alidation-Example">Example</h2><p>This example is taken from the Struts
showcase application.</p><h3 id="AJAXValidation-Createtheactionclass">Create
the action class</h3><div class="code panel pdl" style="border-width:
1px;"><div class="codeContent panelContent pdl">
<pre class="brush: java; gutter: false; theme: Default"
style="font-size:12px;">public class AjaxFormSubmitAction extends ActionSupport
{
private String requiredValidatorField = null;
private String requiredStringValidatorField = null;
@@ -501,7 +510,7 @@ $(window).bind('load', function() {
</div></div><p>If <em>struts.validateOnly</em> is false the action and result
are executed. In this case <em>jsonActionRedirect</em> result is very useful.
It creates a JSON response in the form:</p><div class="code panel pdl"
style="border-width: 1px;"><div class="codeContent panelContent pdl">
<pre class="brush: javascript; gutter: false; theme: Default"
style="font-size:12px;">{"location": "<url to be loaded next>"}
</pre>
-</div></div><div class="confluence-information-macro
confluence-information-macro-warning"><span class="aui-icon aui-icon-small
aui-iconfont-error confluence-information-macro-icon"></span><div
class="confluence-information-macro-body"><p>Remember to set
struts.enableJSONValidation=true in the request to enable AJAX
validation</p></div></div><p> </p><h2
id="AJAXValidation-FlowchartofAJAXvalidation">Flow chart of AJAX
validation</h2><div class="confluence-information-macro
confluence-information-macro-note"><span class="aui-icon aui-icon-small
aui-iconfont-warning confluence-information-macro-icon"></span><div
class="confluence-information-macro-body"><p>Some details are omitted, like
results used.</p></div></div><div class="confluence-information-macro
confluence-information-macro-note"><span class="aui-icon aui-icon-small
aui-iconfont-warning confluence-information-macro-icon"></span><div
class="confluence-information-macro-body"><p>As explained above: there is a
case where fo
rm is submitted twice, one time as AJAX with validation only and another time
as usual submit.</p></div></div><p><a shape="rect"
href="ajax-validation.data/struts2-ajax-vali-flow.png?version=2&modificationDate=1454052624000&api=v2"
data-linked-resource-id="61338002" data-linked-resource-version="2"
data-linked-resource-type="attachment"
data-linked-resource-default-alias="struts2-ajax-vali-flow.png"
data-nice-type="Image" data-linked-resource-content-type="image/png"
data-linked-resource-container-id="13850"
data-linked-resource-container-version="41"><span
class="confluence-embedded-file-wrapper"><img class="confluence-embedded-image"
src="ajax-validation.data/struts2-ajax-vali-flow.png"></span></a></p><p> </p></div>
+</div></div><div class="confluence-information-macro
confluence-information-macro-warning"><span class="aui-icon aui-icon-small
aui-iconfont-error confluence-information-macro-icon"></span><div
class="confluence-information-macro-body"><p>Remember to set
struts.enableJSONValidation=true in the request to enable AJAX
validation</p></div></div><h2
id="AJAXValidation-JSONValidationInterceptorparameters">JSONValidationInterceptor
parameters</h2><p>The following request parameters can be used to enable
exposing validation errors:</p><ul style="list-style-type:
square;"><li><strong>struts.enableJSONValidation</strong> - a request
parameter must be set to <strong>true</strong> to use this
interceptor</li><li><strong>struts.validateOnly</strong> - If the request has
this parameter, execution will return after validation (action won't be
executed). If <strong>struts.validateOnly</strong> is set to false you may
want to use <a shape="rect" class="createlink" href="https://cwiki
.apache.org/confluence/pages/createpage.action?spaceKey=WW&title=JSONActionRedirectResult&linkCreation=true&fromPageId=13850">JSONActionRedirectResult</a></li><li><strong>struts.JSONValidation.no.encoding</strong>
- If the request has this parameter set to<strong> true,</strong> the
character encoding will <strong>NOT</strong> be set on the response - is needed
in portlet environment</li></ul><p>You can override names of these parameters
by specifying the following parameters when setting up a stack:</p><ul
style="list-style-type: square;"><li><strong>validateJsonParam</strong> -
to override name
of <strong>struts.enableJSONValidation</strong><strong><br
clear="none"></strong></li><li><strong>validateOnlyParam</strong> - to override
name of
<strong>struts.validateOnly</strong></li><li><strong>noEncodingSetParam</strong>
- to override name
of <strong>struts.JSONValidation.no.encoding</strong></li><li><strong>validationFailedStatus</strong>
- status to be se
t on response when there are validation errors, by default
<strong>400</strong></li></ul><p><strong><br clear="none"></strong></p><div
class="confluence-information-macro confluence-information-macro-note"><span
class="aui-icon aui-icon-small aui-iconfont-warning
confluence-information-macro-icon"></span><div
class="confluence-information-macro-body"> Parameters overriding is
available since Struts 2.5.9</div></div><h2
id="AJAXValidation-FlowchartofAJAXvalidation">Flow chart of AJAX
validation</h2><div class="confluence-information-macro
confluence-information-macro-note"><span class="aui-icon aui-icon-small
aui-iconfont-warning confluence-information-macro-icon"></span><div
class="confluence-information-macro-body"><p>Some details are omitted, like
results used.</p></div></div><div class="confluence-information-macro
confluence-information-macro-note"><span class="aui-icon aui-icon-small
aui-iconfont-warning confluence-information-macro-icon"></span><div
class="confluence-info
rmation-macro-body"><p>As explained above: there is a case where form is
submitted twice, one time as AJAX with validation only and another time as
usual submit.</p></div></div><p><a shape="rect"
href="ajax-validation.data/struts2-ajax-vali-flow.png?version=2&modificationDate=1454052624000&api=v2"
data-linked-resource-id="61338002" data-linked-resource-version="2"
data-linked-resource-type="attachment"
data-linked-resource-default-alias="struts2-ajax-vali-flow.png"
data-nice-type="Image" data-linked-resource-content-type="image/png"
data-linked-resource-container-id="13850"
data-linked-resource-container-version="46"><span
class="confluence-embedded-file-wrapper"><img class="confluence-embedded-image"
src="ajax-validation.data/struts2-ajax-vali-flow.png"></span></a></p><p> </p></div>
</div>
Modified: websites/production/struts/content/docs/i18n-interceptor.html
==============================================================================
--- websites/production/struts/content/docs/i18n-interceptor.html (original)
+++ websites/production/struts/content/docs/i18n-interceptor.html Fri Feb 3
13:47:41 2017
@@ -138,19 +138,17 @@ under the License.
<div class="pagecontent">
<div class="wiki-content">
- <div id="ConfluenceContent"><div class="error"><span
class="error">Error formatting macro: snippet:
java.lang.IndexOutOfBoundsException: Index: 20, Size: 20</span> </div>
+ <div id="ConfluenceContent"><h2
id="I18nInterceptor-Description">Description</h2><p>An interceptor that handles
setting the locale specified in a session as the locale for the current action
request. In addition, this interceptor will look for a specific HTTP request
parameter and set the locale to whatever value is provided, it also looks for
specific cookie to read locale from. This means that this interceptor can be
used to allow for your application to dynamically change the locale for the
user's session or, alternatively, only for the current  request. This is
very useful for applications that require multi-lingual support and want the
user to be able to set his or her language preference at any point. The locale
parameter is removed during the execution of this interceptor, ensuring that
properties aren't set on an action (such as request_locale) that have no
typical corresponding setter in your action.</p><p>For example, using the
default parameter name, a re
quest to <strong>foo.action?request_locale=en_US</strong>, then the locale for
US English is saved in the user's session and will be used for all future
requests. If there is no locale set (for example with the first visit), the
interceptor uses the browser locale.</p><h2
id="I18nInterceptor-Parameters">Parameters</h2><ul style="list-style-type:
square;"><li><strong>parameterName</strong> (optional) - the name of the HTTP
request parameter that dictates the locale to switch to and save in the
session. By default this is
<strong>request_locale</strong></li><li><strong>requestCookieParameterName</strong>
(optional) - the name of the HTTP request parameter that dictates the locale
to switch to and save in a cookie. By default this is
<strong>request_cookie_locale</strong></li><li><strong>requestOnlyParameterName</strong>
(optional) - the name of the HTTP request parameter that dictates the locale
to switch to for the current request only, without saving it in the session. By
default th
is is
<strong>request_only_locale</strong></li><li><strong>attributeName</strong>
(optional) - the name of the session key to store the selected locale. By
default this is
<strong>WW_TRANS_I18N_LOCALE</strong></li><li><strong>localeStorage</strong>
(optional) - the name of storage location, it can be <strong>none</strong>,
<strong>session</strong> or <strong>cookie</strong>. By default this is
<strong>session</strong></li></ul><h2
id="I18nInterceptor-Examples">Examples</h2><div class="code panel pdl"
style="border-width: 1px;"><div class="codeContent panelContent pdl">
+<pre class="brush: xml; gutter: false; theme: Default"
style="font-size:12px;"><interceptor name="i18nCookie"
class="org.apache.struts2.interceptor.I18nInterceptor"/>
-<h2 id="I18nInterceptor-Parameters">Parameters</h2>
-
-<div class="error"><span class="error">Error formatting macro: snippet:
java.lang.IndexOutOfBoundsException: Index: 20, Size: 20</span> </div>
-
-<h2 id="I18nInterceptor-ExtendingtheInterceptor">Extending the Interceptor</h2>
-
-<div class="error"><span class="error">Error formatting macro: snippet:
java.lang.IndexOutOfBoundsException: Index: 20, Size: 20</span> </div>
-
-<h2 id="I18nInterceptor-Examples">Examples</h2>
-
-<div class="error"><span class="error">Error formatting macro: snippet:
java.lang.IndexOutOfBoundsException: Index: 20, Size: 20</span> </div></div>
+<action name="someAction" class="com.examples.SomeAction">
+ <interceptor-ref name="i18nCookie">
+ <param name="localeStorage">cookie</param>
+ </interceptor-ref>
+ <interceptor-ref name="basicStack"/>
+ <result name="success">good_result.ftl</result>
+</action></pre>
+</div></div><p> </p><p> </p></div>
</div>
![https://s3.amazonaws.com/github/ribbons/forkme_right_red_aa0000.png"](https://s3.amazonaws.com/github/ribbons/forkme_right_red_aa0000.png"){kind=link}