This is an automated email from the ASF dual-hosted git repository.
git-site-role pushed a commit to branch asf-site
in repository https://gitbox.apache.org/repos/asf/struts-site.git
The following commit(s) were added to refs/heads/asf-site by this push:
new 6e568b0 Updates production by Jenkins
6e568b0 is described below
commit 6e568b02b5fa620bc235c2f6b6839787396e7b14
Author: jenkins <bui...@apache.org>
AuthorDate: Fri Mar 16 15:15:48 2018 +0000
Updates production by Jenkins
---
content/announce-2015.html | 2 +-
content/announce-2016.html | 2 +-
content/{announce.html => announce-2017.html} | 6 +-
content/announce.html | 504 ++------------------------
content/download.html | 44 +--
content/index.html | 10 +-
content/releases.html | 20 +-
7 files changed, 80 insertions(+), 508 deletions(-)
diff --git a/content/announce-2015.html b/content/announce-2015.html
index 134d341..6ec71a2 100644
--- a/content/announce-2015.html
+++ b/content/announce-2015.html
@@ -127,7 +127,7 @@
<section class="col-md-12">
<a class="edit-on-gh"
href="https://github.com/apache/struts-site/edit/master/source/announce-2015.md";
title="Edit this page on GitHub">Edit on GitHub</a>
- <h1 id="announcements">Announcements</h1>
+ <h1 id="announcements-2015">Announcements 2015</h1>
<p class="pull-right">
Skip to: <a href="announce-2014.html">Announcements - 2014</a>
diff --git a/content/announce-2016.html b/content/announce-2016.html
index d13a345..3a24b7b 100644
--- a/content/announce-2016.html
+++ b/content/announce-2016.html
@@ -127,7 +127,7 @@
<section class="col-md-12">
<a class="edit-on-gh"
href="https://github.com/apache/struts-site/edit/master/source/announce-2016.md";
title="Edit this page on GitHub">Edit on GitHub</a>
- <h1 id="announcements">Announcements</h1>
+ <h1 id="announcements-2016">Announcements 2016</h1>
<p class="pull-right">
Skip to: <a href="announce-2015.html">Announcements - 2015</a>
diff --git a/content/announce.html b/content/announce-2017.html
similarity index 99%
copy from content/announce.html
copy to content/announce-2017.html
index e0883f4..390c112 100644
--- a/content/announce.html
+++ b/content/announce-2017.html
@@ -7,7 +7,7 @@
<meta http-equiv="Content-Language" content="en"/>
<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
- <title>Announcements</title>
+ <title>Announcements 2017</title>
<link
href="//fonts.googleapis.com/css?family=Source+Sans+Pro:300,400,600,700,400italic,600italic,700italic"
rel="stylesheet" type="text/css">
<link
href="//netdna.bootstrapcdn.com/font-awesome/4.0.3/css/font-awesome.css"
rel="stylesheet">
@@ -125,9 +125,9 @@
<article class="container">
<section class="col-md-12">
- <a class="edit-on-gh"
href="https://github.com/apache/struts-site/edit/master/source/announce.md";
title="Edit this page on GitHub">Edit on GitHub</a>
+ <a class="edit-on-gh"
href="https://github.com/apache/struts-site/edit/master/source/announce-2017.md";
title="Edit this page on GitHub">Edit on GitHub</a>
- <h1 class="no_toc" id="announcements">Announcements</h1>
+ <h1 class="no_toc" id="announcements-2017">Announcements 2017</h1>
<ul id="markdown-toc">
<li><a href="#a20171130" id="markdown-toc-a20171130">30 November 2017 -
Struts 2.5.14.1 General Availability</a></li>
diff --git a/content/announce.html b/content/announce.html
index e0883f4..4d61c2f 100644
--- a/content/announce.html
+++ b/content/announce.html
@@ -7,7 +7,7 @@
<meta http-equiv="Content-Language" content="en"/>
<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
- <title>Announcements</title>
+ <title>Announcements 2018</title>
<link
href="//fonts.googleapis.com/css?family=Source+Sans+Pro:300,400,600,700,400italic,600italic,700italic"
rel="stylesheet" type="text/css">
<link
href="//netdna.bootstrapcdn.com/font-awesome/4.0.3/css/font-awesome.css"
rel="stylesheet">
@@ -127,63 +127,19 @@
<section class="col-md-12">
<a class="edit-on-gh"
href="https://github.com/apache/struts-site/edit/master/source/announce.md";
title="Edit this page on GitHub">Edit on GitHub</a>
- <h1 class="no_toc" id="announcements">Announcements</h1>
+ <h1 class="no_toc" id="announcements-2018">Announcements 2018</h1>
<ul id="markdown-toc">
- <li><a href="#a20171130" id="markdown-toc-a20171130">30 November 2017 -
Struts 2.5.14.1 General Availability</a></li>
- <li><a href="#a20171123" id="markdown-toc-a20171123">23 November 2017 -
Struts 2.5.14 General Availability</a></li>
- <li><a href="#a20170907" id="markdown-toc-a20170907">07 September 2017 -
Struts 2.3.34 General Availability</a></li>
- <li><a href="#a20170905" id="markdown-toc-a20170905">05 September 2017 -
Struts 2.5.13 General Availability</a></li>
- <li><a href="#a20170809" id="markdown-toc-a20170809">09 August 2017 - S2-049
Security Bulletin update</a></li>
- <li><a href="#a20170707" id="markdown-toc-a20170707">07 July 2017 - Struts
2.3.33 General Availability</a></li>
- <li><a href="#a20170706" id="markdown-toc-a20170706">06 July 2017 - Struts
2.5.12 General Availability</a></li>
- <li><a href="#a20170707" id="markdown-toc-a20170707">9 July 2017 - Possible
RCE in the Struts Showcase app in the Struts 1 plugin example in the Struts
2.3.x series</a></li>
- <li><a href="#a20170323" id="markdown-toc-a20170323">23 march 2017 - Struts
Extras secure Multipart plugins General Availability - versions 1.1</a></li>
- <li><a href="#a20170320" id="markdown-toc-a20170320">20 march 2017 - Struts
Extras secure Multipart plugins General Availability</a></li>
- <li><a href="#a20170307" id="markdown-toc-a20170307">7 march 2017 - Struts
2.5.10.1 General Availability</a></li>
- <li><a href="#a20170307-2" id="markdown-toc-a20170307-2">7 march 2017 -
Struts 2.3.32 General Availability</a></li>
- <li><a href="#a20170203" id="markdown-toc-a20170203">3 February 2017 -
Struts 2.5.10 General Availability</a></li>
+ <li><a href="#a20180316" id="markdown-toc-a20180316">16 March 2018 - Struts
2.5.16 General Availability</a></li>
</ul>
<p class="pull-right">
- Skip to: <a href="announce-2016.html">Announcements - 2016</a>
+ Skip to: <a href="announce-2017.html">Announcements - 2017</a>
</p>
-<h4 id="a20171130">30 November 2017 - Struts 2.5.14.1 General Availability</h4>
+<h4 id="a20180316">16 March 2018 - Struts 2.5.16 General Availability</h4>
-<p>The Apache Struts group is pleased to announce that Struts 2.5.14.1 is
available as a “General Availability”
-release. The GA designation is our highest quality grade.</p>
-
-<p>Apache Struts 2 is an elegant, extensible framework for creating
enterprise-ready Java web applications.
-The framework is designed to streamline the full development cycle, from
building, to deploying,
-to maintaining applications over time.</p>
-
-<p>This release contains fixes for the following potential security
vulnerabilities:</p>
-
-<ul>
- <li><a
href="https://cwiki.apache.org/confluence/display/WW/S2-054";>S2-054</a>
-A crafted JSON request can be used to perform a DoS attack when using the
Struts REST plugin</li>
- <li><a
href="https://cwiki.apache.org/confluence/display/WW/S2-055";>S2-055</a>
-Vulnerability in the Jackson JSON library</li>
-</ul>
-
-<blockquote>
- <p>Please read the <a
href="https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.5.14.1";>Version
Notes</a> to find more details about performed bug fixes and improvements.</p>
-</blockquote>
-
-<p><strong>All developers are strongly advised to perform this
action.</strong></p>
-
-<p>The 2.5.x series of the Apache Struts framework has a minimum requirement
of the following specification versions:
-Servlet API 2.4, JSP API 2.0, and Java 7.</p>
-
-<p>Should any issues arise with your use of any version of the Struts
framework, please post your comments
-to the user list, and, if appropriate, file a tracking ticket.</p>
-
-<p>You can download this version from our <a
href="download.cgi#struts-ga">download</a> page.</p>
-
-<h4 id="a20171123">23 November 2017 - Struts 2.5.14 General Availability</h4>
-
-<p>The Apache Struts group is pleased to announce that Struts 2.5.14 is
available as a “General Availability”
+<p>The Apache Struts group is pleased to announce that Struts 2.5.16 is
available as a “General Availability”
release. The GA designation is our highest quality grade.</p>
<p>Apache Struts 2 is an elegant, extensible framework for creating
enterprise-ready Java web applications.
@@ -193,271 +149,35 @@ to maintaining applications over time.</p>
<p>Below is a full list of all changes:</p>
<ul>
- <li>A class JSONWriter was converted into an interface with default
implementation in DefaultJSONWriter class. If you were
-using the class directly, you must update your code in other case it won’t
compile when using Struts 2.5.14.</li>
- <li>DefaultUrlHelper().buildUrl() not outputting port when used as
parameter</li>
- <li>Not able to convert Spring object to the JSON response</li>
- <li>The if test can accidently incorrectly assign a new value to an
object</li>
- <li>ObjectFactory constructor signature change breaks extensions</li>
- <li>Snippets in Struts documentation are missing</li>
- <li>I am migrating my struts 2.2.x to 2.5.13 and where all used struts
taglibs and tags UI is breaking where i have not used bootstrap there and all
working fine</li>
- <li>Default Multipart validation regex is invalid due to charset
encoding</li>
- <li>Exception starting filter struts-prepare: Unable to load configuration.
- interceptor - vfs</li>
- <li>createInstance method signature change of TextProviderFactory from
merged xwork-core code inside struts2-core-2.5.13.jar which was present with
xwork-core jar</li>
- <li>Struts2.5.13 can’t run in java9 win10</li>
- <li>StringConverter from OGNL 3.1.15 in Struts 2.5.13</li>
- <li>Decimal converters should avoid loss of user’s data caused by
rounding</li>
- <li>Struts text tag doesn’t print value from Stack</li>
- <li>No validations happening after upgrading to Struts 2.5.12</li>
- <li>Allow to use custom JSONwriter</li>
- <li>Implement Dependency Check in Maven build</li>
- <li>Fallback to ActionContext if container is null in ActionSupport</li>
- <li>Upgrade to the latest Jetty plugin in all examples</li>
- <li>Add missing header with license to all files reported by the Rat
plugin</li>
- <li>Review available interceptors and document the missing ones</li>
- <li>Fetch docs from new locations</li>
- <li>Allow define only TextProvider instead of providing the whole
TextProviderFactory</li>
- <li>HTML escaping on the text tag</li>
- <li>Upgrade FreeMarker to version 2.3.26-incubating</li>
- <li>Upgrade to Log4j2 2.9.1</li>
- <li>Upgrade com.fasterxml.jackson to version 2.8.2</li>
- <li>Upgrade net.sf.json-lib to version 2.4</li>
- <li>Upgrade Spring to version 4.1.9</li>
-</ul>
-
-<blockquote>
- <p>Please read the <a
href="https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.5.14";>Version
Notes</a> to find more details about performed bug fixes and improvements.</p>
-</blockquote>
-
-<p><strong>All developers are strongly advised to perform this
action.</strong></p>
-
-<p>The 2.5.x series of the Apache Struts framework has a minimum requirement
of the following specification versions:
-Servlet API 2.4, JSP API 2.0, and Java 7.</p>
-
-<p>Should any issues arise with your use of any version of the Struts
framework, please post your comments
-to the user list, and, if appropriate, file a tracking ticket.</p>
-
-<p>You can download this version from our <a
href="download.cgi#struts-ga">download</a> page.</p>
-
-<h4 id="a20170907">07 September 2017 - Struts 2.3.34 General Availability</h4>
-
-<p>The Apache Struts group is pleased to announce that Struts 2.3.34 is
available as a “General Availability”
-release. The GA designation is our highest quality grade.</p>
-
-<p>This release addresses two potential security vulnerabilities:</p>
-
-<ul>
- <li><a href="/docs/s2-050.html">S2-050</a>
- A regular expression Denial of Service when using URLValidator (similar to
S2-044 & S2-047)</li>
- <li><a href="/docs/s2-051.html">S2-051</a>
-A remote attacker may create a DoS attack by sending crafted xml request when
using the Struts REST plugin</li>
- <li><a href="/docs/s2-052.html">S2-052</a>
-Possible Remote Code Execution attack when using the Struts REST plugin with
XStream handler to handle XML payloads</li>
- <li><a href="/docs/s2-053.html">S2-053</a>
-A possible Remote Code Execution attack when using an unintentional expression
in Freemarker tag instead of string literals</li>
-</ul>
-
-<p>Also this version resolves the following issues:</p>
-
-<ul>
- <li>Struts2 JSON Plugin: Send Map with Strings as Key to JSON Action is
ignored, Numeric Keys will work and mapped</li>
- <li>Threads get blocked due to unnecessary synchronization in OgnlRuntime
Dependency</li>
- <li>Upgrade to OGNL 3.0.21</li>
- <li>Upgrade to struts-master 11</li>
- <li>Improve RegEx used to validate URLs</li>
-</ul>
-
-<p>Apache Struts 2 is an elegant, extensible framework for creating
enterprise-ready Java web applications.
-The framework is designed to streamline the full development cycle, from
building, to deploying,
-to maintaining applications over time.</p>
-
-<p><strong>All developers are strongly advised to perform this
action.</strong></p>
-
-<p>The 2.3.x series of the Apache Struts framework has a minimum requirement
of the following specification versions:
-Servlet API 2.4, JSP API 2.0, and Java 6.</p>
-
-<p>Should any issues arise with your use of any version of the Struts
framework, please post your comments
-to the user list, and, if appropriate, file a tracking ticket.</p>
-
-<p>You can download this version from our <a
href="download.cgi#struts-23x">download</a> page.</p>
-
-<h4 id="a20170905">05 September 2017 - Struts 2.5.13 General Availability</h4>
-
-<p>The Apache Struts group is pleased to announce that Struts 2.5.13 is
available as a “General Availability”
-release. The GA designation is our highest quality grade.</p>
-
-<p>Apache Struts 2 is an elegant, extensible framework for creating
enterprise-ready Java web applications.
-The framework is designed to streamline the full development cycle, from
building, to deploying,
-to maintaining applications over time.</p>
-
-<p>This release contains fixes for the following potential security
vulnerabilities:</p>
-
-<ul>
- <li><a href="/docs/s2-050.html">S2-050</a>
- A regular expression Denial of Service when using URLValidator (similar to
S2-044 & S2-047)</li>
- <li><a href="/docs/s2-051.html">S2-051</a>
-A remote attacker may create a DoS attack by sending crafted xml request when
using the Struts REST plugin</li>
- <li><a href="/docs/s2-052.html">S2-052</a>
-Possible Remote Code Execution attack when using the Struts REST plugin with
XStream handler to handle XML payloads</li>
-</ul>
-
-<p>Except the above this release also contains several improvements just to
mention few of them:</p>
-
-<ul>
- <li>Struts2 JSON Plugin: Send Map with Strings as Key to JSON Action is
ignored, Numeric Keys will work and mapped</li>
- <li>NP with TextProvider and wildcardmapping</li>
- <li>Threads get blocked due to unnecessary synchronization in
OgnlRuntime</li>
- <li>Default Multipart validation regex is invalid</li>
- <li>Not fully initialized ObjectFactory tries to create beans</li>
- <li>http://struts.apache.org/dtds/struts-2.5.dtd missing</li>
- <li>Set a global resource bundle in class</li>
- <li>Override TextProvider doesnot work in struts 2.5.12</li>
- <li>Array-of-null parameters are converted to string “null”</li>
- <li>JakartaStreamMultiPartRequest Should Honor
“struts.multipart.maxSize”</li>
- <li>Build Fails Due to Unused com.sun Import</li>
- <li>Struts2.5.12 - NPE in DeligatingValidatorContext</li>
- <li>Struts 2 Fails to Initialize with JRebel</li>
- <li>Allow define more than one Action suffix</li>
- <li>Remove jQuery from debugging interceptor views</li>
- <li>update dependencies page on the struts site</li>
- <li>Improve RegEx used to validate URLs</li>
- <li>Make REST ContentHandlers configurable</li>
- <li>expose Freemarker incompatible_improvements into FreemarkerManager and
StrutsBeansWrapper</li>
- <li>Upgrade Commons Collections to 3.2.2</li>
- <li>Upgrade Commons IO to 2.5</li>
- <li>Upgrade to ASM version 5.2</li>
- <li>Upgrade to OGNL 3.1.15</li>
- <li>Upgrade xstream to the latest version</li>
- <li>Upgrade to struts-master 11</li>
-</ul>
-
-<blockquote>
- <p>Please read the <a href="/docs/version-notes-2513.html">Version Notes</a>
to find more details about performed bug fixes and improvements.</p>
-</blockquote>
-
-<p><strong>All developers are strongly advised to perform this
action.</strong></p>
-
-<p>The 2.5.x series of the Apache Struts framework has a minimum requirement
of the following specification versions:
-Servlet API 2.4, JSP API 2.0, and Java 7.</p>
-
-<p>Should any issues arise with your use of any version of the Struts
framework, please post your comments
-to the user list, and, if appropriate, file a tracking ticket.</p>
-
-<p>You can download this version from our <a
href="download.cgi#struts-ga">download</a> page.</p>
-
-<h4 id="a20170809">09 August 2017 - S2-049 Security Bulletin update</h4>
-
-<p>This is an update of the recently announced Security Bulletin - <a
href="/docs/s2-049.html">S2-049</a>.</p>
-
-<p>The bulletin was extended with an additional information when the potential
vulnerability
-can be present in your application. Please re-read the mentioned bulletin and
apply required
-actions if needed.</p>
-
-<p>Please report any problems back to the <a
href="mailto:security@struts.apache.org">Struts
Security</a> mailing list.</p>
-
-<h4 id="a20170707">07 July 2017 - Struts 2.3.33 General Availability</h4>
-
-<p>The Apache Struts group is pleased to announce that Struts 2.3.33 is
available as a “General Availability”
-release. The GA designation is our highest quality grade.</p>
-
-<p>This release addresses two potential security vulnerabilities:</p>
-
-<ul>
- <li><a href="/docs/s2-049.html">S2-049</a>
-A DoS attack is available for Spring secured actions</li>
- <li><a href="/docs/s2-048.html">S2-048</a>
-Possible RCE in the Struts Showcase app in the Struts 1 plugin example in
Struts 2.3.x series</li>
-</ul>
-
-<p>Also this version resolves the following issues:</p>
-
-<ul>
- <li><code class="highlighter-rouge">EmailValidator</code> does not accept
new domain suffixes</li>
- <li>Revision number still missing from <code
class="highlighter-rouge">dojo.js</code> and <code
class="highlighter-rouge">dojo.js.uncompressed.js</code></li>
- <li>Strange Behavior Parsing Action Requests</li>
-</ul>
-
-<p>Apache Struts 2 is an elegant, extensible framework for creating
enterprise-ready Java web applications.
-The framework is designed to streamline the full development cycle, from
building, to deploying,
-to maintaining applications over time.</p>
-
-<p><strong>All developers are strongly advised to perform this
action.</strong></p>
-
-<p>The 2.3.x series of the Apache Struts framework has a minimum requirement
of the following specification versions:
-Servlet API 2.4, JSP API 2.0, and Java 6.</p>
-
-<p>Should any issues arise with your use of any version of the Struts
framework, please post your comments
-to the user list, and, if appropriate, file a tracking ticket.</p>
-
-<p>You can download this version from our <a
href="download.cgi#struts-23x">download</a> page.</p>
-
-<h4 id="a20170706">06 July 2017 - Struts 2.5.12 General Availability</h4>
-
-<p>The Apache Struts group is pleased to announce that Struts 2.5.12 is
available as a “General Availability”
-release. The GA designation is our highest quality grade.</p>
-
-<p>Apache Struts 2 is an elegant, extensible framework for creating
enterprise-ready Java web applications.
-The framework is designed to streamline the full development cycle, from
building, to deploying,
-to maintaining applications over time.</p>
-
-<p>This release contains fixes for the following potential security
vulnerabilities:</p>
-
-<ul>
- <li><a href="/docs/s2-047.html">S2-047</a>
-Possible DoS attack when using URLValidator</li>
- <li><a href="/docs/s2-049.html">S2-049</a>
-A DoS attack is available for Spring secured actions</li>
-</ul>
-
-<p>Except the above this release also contains several improvements just to
mention few of them:</p>
-
-<ul>
- <li><code class="highlighter-rouge">double</code> and <code
class="highlighter-rouge">Double</code> are not validated with the same decimal
separator</li>
- <li><code class="highlighter-rouge">ognl.MethodFailedException</code> when
you do not enter a value for a field mapped to an int</li>
- <li><code class="highlighter-rouge">Double</code> Value Conversion with
requestLocale=de</li>
- <li>The <code class="highlighter-rouge">TextProvider</code> injection in
<code class="highlighter-rouge">ActionSupport</code> isn’t quite integrated
into the framework’s core DI</li>
- <li>Struts2 raise <code
class="highlighter-rouge">java.lang.ClassCastException</code> when Result type
is <code class="highlighter-rouge">chain</code></li>
- <li><code class="highlighter-rouge">@InputConfig</code> annotation is not
working when integrating with spring aop</li>
- <li>Validators do not work for multiple values</li>
- <li><code class="highlighter-rouge">BigDecimal</code> are not converted
according context locale</li>
- <li><code class="highlighter-rouge">NullPointerException</code> when
displaying a form without action attribute</li>
+ <li>unclosed instantiation of PrintWriter</li>
<li>Http Sessions forcefully created for all requests using I18nInterceptor
with default Storage value.</li>
- <li><code class="highlighter-rouge">cssErrorClass</code> attribute has no
effect on <code class="highlighter-rouge">label</code> tag</li>
- <li>Why <code class="highlighter-rouge">JSONValidationInterceptor</code>
return Status Code <code class="highlighter-rouge">400 BAD_REQUEST</code>
instead of <code class="highlighter-rouge">200 SUCCESS</code></li>
- <li>@autowired does not work since Struts 2.3.28.1</li>
- <li>Mixed content https to http when upgraded to 2.3.32 or 2.5.10.1</li>
- <li>Upgrade from struts2-tiles3-plugin to struts2-tiles-plugin gives a
NoSuchDefinitionException</li>
- <li>Aspects are not executed when chaining AOPed actions</li>
- <li>Duplicate hidden input field checkboxListHandler</li>
- <li>The value of checkbox getted in server-side is “false” when no any
checkbox been selected.</li>
- <li>refactor file upload framework</li>
- <li><code class="highlighter-rouge">creditCard</code> validator available in
Struts 1 missing in Struts 2</li>
- <li>No easy way to have an empty interceptor stack if have default stack</li>
- <li><code class="highlighter-rouge">@TypeConversion</code> converter
attribute to class</li>
- <li>Convert <code class="highlighter-rouge">LocalizedTextUtil</code> into a
bean with default implementation</li>
- <li>NPE in <code
class="highlighter-rouge">StrutsTilesContainerFactory</code> when resource
isn’t found</li>
- <li>Buffer/Flush behaviour in <code
class="highlighter-rouge">FreemarkerResult</code></li>
- <li>Struts2 should know and consider config time class of user’s Actions</li>
- <li>getters of exclude-sets in OgnlUtil should return immutable
collections</li>
- <li>Mark <code class="highlighter-rouge">site-graph</code> plugin as
deprecated</li>
- <li>Use <code class="highlighter-rouge">TextProviderFactory</code> instead
of <code class="highlighter-rouge">TextProvider</code> as bean’s dependency</li>
- <li>Create <code class="highlighter-rouge">LocaleProviderFactory</code> and
uses instead of <code class="highlighter-rouge">LocaleProvider</code></li>
- <li>Improve error logging in <code
class="highlighter-rouge">DefaultDispatcherErrorHandler</code></li>
- <li>Make <code class="highlighter-rouge">jakarta-stream</code> multipart
parser more extensible</li>
- <li>Make Multipart parsers more extensible</li>
- <li>Add proper validation if request is a multipart request</li>
- <li>Make <code class="highlighter-rouge">SecurityMethodAccess</code>
excluded classes & packages definitions immutable</li>
- <li>Upgrade to Log4j2 2.8.2</li>
- <li>Allow disable file upload support via an configurable option</li>
- <li>Stop using <code
class="highlighter-rouge">DefaultLocalizedTextProvider#localeFromString</code>
static util method</li>
- <li>Don’t add <code class="highlighter-rouge">JBossFileManager</code> as a
possible FileManager when not on JBoss</li>
- <li>There is no <code
class="highlighter-rouge">@LongRangeFieldValidator</code> annotation to support
<code class="highlighter-rouge">LongRangeFieldValidator</code></li>
- <li>Upgrade to commons-lang 3.6</li>
- <li>Update commons-fileupload</li>
+ <li>NotSerializableException -
org.apache.struts2.dispatcher.StrutsRequestWrapper</li>
+ <li>NotSerializableException:
com.opensymphony.xwork2.inject.ContainerImpl$ConstructorInjector when using
ExecuteAndWait
+interceptor</li>
+ <li>ClassCastException in JarEntryRevision</li>
+ <li>Dependency Mapping Exception When Using
PrefixBasedActionProxyFactory</li>
+ <li>The converter() method of
com.opensymphony.xwork2.conversion.annotations.TypeConversion is now
deprecated. If this
+method is removed in some next release, it will forbid to describe a converter
by the name (id) of a Spring bean.</li>
+ <li>Conversion by annotation does not work</li>
+ <li>List of Boolean is not populated in Action class</li>
+ <li>JSONResult exception in struts2-json-plugin-2.5.14.1.jar</li>
+ <li>buttons with name=”method:METHODNAME” sometimes ignore
global-allowed-methods defined in struts.xml</li>
+ <li>Could not create JarEntryRevision for [zip:C:/…. unknown protocol c</li>
+ <li>NPE in I18nInterceptor$SessionLocaleHandler.read</li>
+ <li>JasperReportResult: NPE When Not Using SQL Connection</li>
+ <li>support JSR 303 Validation Groups in BeanValidation-Plugin</li>
+ <li>Debug tag should not display anything when not in dev mode</li>
+ <li>Allow using of Initializable interface on an implementation level</li>
+ <li>Allowed methods inheritance</li>
+ <li>Allow use Jackson XML bindings to serialise / deserialise XML</li>
+ <li>when using an custom array as a filed in struts 2 action form textfiled
data from jsp page in not populating into
+custom array but populating in String array or array list</li>
+ <li>Upgrade Spring to version 4.3.13</li>
+ <li>Update Log4j2 to 2.10.0</li>
</ul>
<blockquote>
- <p>Please read the <a href="/docs/version-notes-2512.html">Version Notes</a>
to find more details about performed bug fixes and improvements.</p>
+ <p>Please read the <a
href="https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.5.16";>Version
Notes</a> to find more details about performed bug fixes and improvements.</p>
</blockquote>
<p><strong>All developers are strongly advised to perform this
action.</strong></p>
@@ -470,168 +190,8 @@ to the user list, and, if appropriate, file a tracking
ticket.</p>
<p>You can download this version from our <a
href="download.cgi#struts-ga">download</a> page.</p>
-<h4 id="a20170707">9 July 2017 - Possible RCE in the Struts Showcase app in
the Struts 1 plugin example in the Struts 2.3.x series</h4>
-
-<p>A potential security vulnerability was reported in the Struts 1 plugin used
in the Struts 2.3.x series.
-It is possible to perform a Remote Code Execution attack if given construction
exists in the vulnerable
-application. Please read the security bulletin for more details and inspect
your application.</p>
-
-<ul>
- <li><a href="/docs/s2-048.html">S2-048</a>
-Possible RCE in the Struts Showcase app in the Struts 1 plugin example in
Struts 2.3.x series</li>
-</ul>
-
-<p>NOTE: Please notice that this vulnerability does not affect applications
using Struts 2.5.x series
-or applications that do not use the Struts 1 plugin. Even if the plugin is
available but certain code
-construction is not present, your application is safe.</p>
-
-<h4 id="a20170323">23 march 2017 - Struts Extras secure Multipart plugins
General Availability - versions 1.1</h4>
-
-<p>The Apache Struts group is pleased to announce that the Apache Struts 2
Secure Jakarta Multipart parser plugin 1.1
-and Apache Struts 2 Secure Jakarta Stream Multipart parser plugin 1.1 are
available as a “General Availability”
-release. The GA designation is our highest quality grade.</p>
-
-<p>These releases address one critical security vulnerability:</p>
-
-<ul>
- <li>Possible Remote Code Execution when performing file upload based on
Jakarta Multipart parser
-<a href="/docs/s2-045.html">S2-045</a>, <a
href="/docs/s2-046.html">S2-046</a></li>
-</ul>
-
-<p>Those plugins were released to allow users running older versions of the
Apache Struts secure their applications
-in an easy way. You don’t have to migrate to the latest version (which is
still preferable) but by applying one of those
-plugins, your application won’t be vulnerable anymore.</p>
-
-<p>Please read the <a
href="https://github.com/apache/struts-extras";>README</a> for more details and
supported Apache Struts versions.</p>
-
-<p><strong>All developers are strongly advised to perform this
action.</strong></p>
-
-<p>Should any issues arise with your use of any version of the Struts
framework, please post your comments
-to the user list, and, if appropriate, file a tracking ticket.</p>
-
-<p>You can download those plugins from our <a
href="download.cgi#struts-extras">download</a> page.</p>
-
-<h4 id="a20170320">20 march 2017 - Struts Extras secure Multipart plugins
General Availability</h4>
-
-<p>The Apache Struts group is pleased to announce that the Apache Struts 2
Secure Jakarta Multipart parser plugin
-and Apache Struts 2 Secure Jakarta Stream Multipart parser plugin are
available as a “General Availability”
-release. The GA designation is our highest quality grade.</p>
-
-<p>These releases address one critical security vulnerability:</p>
-
-<ul>
- <li>Possible Remote Code Execution when performing file upload based on
Jakarta Multipart parser
-<a href="/docs/s2-045.html">S2-045</a>, <a
href="/docs/s2-046.html">S2-046</a></li>
-</ul>
-
-<p>Those plugins were released to allow users running older versions of the
Apache Struts secure their applications in easy way.
-You don’t have to migrate to the latest version (which is still preferable)
but by applying one of those plugins,
-your application won’t be vulnerable anymore.</p>
-
-<p>It is a drop-in installation, just select a proper jar file and copy it to
<code class="highlighter-rouge">WEB-INF/lib</code> folder.
-Please read the <a href="https://github.com/apache/struts-extras";>README</a>
for more details and supported Apache Struts versions.</p>
-
-<p><strong>All developers are strongly advised to perform this
action.</strong></p>
-
-<p>Should any issues arise with your use of any version of the Struts
framework, please post your comments
-to the user list, and, if appropriate, file a tracking ticket.</p>
-
-<p>You can download those plugins from our <a
href="download.cgi#struts-extras">download</a> page.</p>
-
-<h4 id="a20170307">7 march 2017 - Struts 2.5.10.1 General Availability</h4>
-
-<p>The Apache Struts group is pleased to announce that Struts 2.5.10.1 is
available as a “General Availability”
-release. The GA designation is our highest quality grade.</p>
-
-<p>This release addresses one potential security vulnerability:</p>
-
-<ul>
- <li>Possible Remote Code Execution when performing file upload based on
Jakarta Multipart parser - <a href="/docs/s2-045.html">S2-045</a></li>
-</ul>
-
-<p>Apache Struts 2 is an elegant, extensible framework for creating
enterprise-ready Java web applications.
-The framework is designed to streamline the full development cycle, from
building, to deploying,
-to maintaining applications over time.</p>
-
-<p><strong>All developers are strongly advised to perform this
action.</strong></p>
-
-<p>The 2.5.x series of the Apache Struts framework has a minimum requirement
of the following specification versions:
-Servlet API 2.4, JSP API 2.0, and Java 7.</p>
-
-<p>Should any issues arise with your use of any version of the Struts
framework, please post your comments
-to the user list, and, if appropriate, file a tracking ticket.</p>
-
-<p>You can download this version from our <a
href="download.cgi#struts-ga">download</a> page.</p>
-
-<h4 id="a20170307-2">7 march 2017 - Struts 2.3.32 General Availability</h4>
-
-<p>The Apache Struts group is pleased to announce that Struts 2.3.32 is
available as a “General Availability”
-release. The GA designation is our highest quality grade.</p>
-
-<p>This release addresses one potential security vulnerability:</p>
-
-<ul>
- <li>Possible Remote Code Execution when performing file upload based on
Jakarta Multipart parser - <a href="/docs/s2-045.html">S2-045</a></li>
-</ul>
-
-<p>Apache Struts 2 is an elegant, extensible framework for creating
enterprise-ready Java web applications.
-The framework is designed to streamline the full development cycle, from
building, to deploying,
-to maintaining applications over time.</p>
-
-<p><strong>All developers are strongly advised to perform this
action.</strong></p>
-
-<p>The 2.3.x series of the Apache Struts framework has a minimum requirement
of the following specification versions:
-Servlet API 2.4, JSP API 2.0, and Java 6.</p>
-
-<p>Should any issues arise with your use of any version of the Struts
framework, please post your comments
-to the user list, and, if appropriate, file a tracking ticket.</p>
-
-<p>You can download this version from our <a
href="download.cgi#struts-23x">download</a> page.</p>
-
-<h4 id="a20170203">3 February 2017 - Struts 2.5.10 General Availability</h4>
-
-<p>The Apache Struts group is pleased to announce that Struts 2.5.10 is
available as a “General Availability”
-release. The GA designation is our highest quality grade.</p>
-
-<p>Apache Struts 2 is an elegant, extensible framework for creating
enterprise-ready Java web applications.
-The framework is designed to streamline the full development cycle, from
building, to deploying,
-to maintaining applications over time.</p>
-
-<p>This release contains several breaking changes and improvements just to
mention few of them:</p>
-
-<ul>
- <li>How to handle 404 when using wildcard instead of error 500 when the
wildcard method doesn’t exist</li>
- <li>MessageStoreInterceptor must handle all redirects</li>
- <li><code class="highlighter-rouge">MaxMultiPartUpload</code> limited to 2GB
(Long –> Integer)</li>
- <li><code class="highlighter-rouge">JSONValidationInterceptor</code> change
static parameters names</li>
- <li><code class="highlighter-rouge">ServletDispatcherResult</code> can’t
handle parameters anymore</li>
- <li><code class="highlighter-rouge">TokenInterceptor</code> synchronized on
<code class="highlighter-rouge">session.getId().intern()</code></li>
- <li>XSLT error during transformation</li>
- <li>No default parameter defined for result <code
class="highlighter-rouge">json</code> of type <code
class="highlighter-rouge">org.apache.struts2.json.JSONResult</code></li>
- <li><code class="highlighter-rouge">I18Interceptor</code> ignores session or
cookie Locale after first lookup failure</li>
- <li><code class="highlighter-rouge">EmailValidator</code> does not accept
new domain suffixes</li>
- <li><code class="highlighter-rouge">AnnotationValidationInterceptor</code> :
<code class="highlighter-rouge">NullPointerException</code> when method is
null</li>
- <li><code class="highlighter-rouge">struts.xml</code> include not loading in
dependant jar files</li>
- <li><code class="highlighter-rouge">AnnotationValidationInterceptor</code>
should consult <code class="highlighter-rouge">UnknownHandler</code> before
throwing <code class="highlighter-rouge">NoSuchMethodException</code></li>
- <li><code class="highlighter-rouge">ActionSupport.LOG</code> should be
private</li>
- <li>Remove <code class="highlighter-rouge">StrutsObjectFactory</code> and
define <code class="highlighter-rouge">StrutsInterceptorFactory</code>
instead</li>
- <li>Make <code class="highlighter-rouge">OgnlValueStack</code> and <code
class="highlighter-rouge">OgnlValueStackFactory</code> More Extensible</li>
- <li>Make interceptor parameters dynamic</li>
- <li>allow include other config files from classpath</li>
-</ul>
-
-<p><strong>All developers are strongly advised to perform this
action.</strong></p>
-
-<p>The 2.5.x series of the Apache Struts framework has a minimum requirement
of the following specification versions:
-Servlet API 2.4, JSP API 2.0, and Java 7.</p>
-
-<p>Should any issues arise with your use of any version of the Struts
framework, please post your comments
-to the user list, and, if appropriate, file a tracking ticket.</p>
-
-<p>You can download this version from our <a
href="download.cgi#struts-ga">download</a> page.</p>
-
<p class="pull-right">
- Skip to: <a href="announce-2016.html">Announcements - 2016</a>
+ Skip to: <a href="announce-2016.html">Announcements - 2017</a>
</p>
<p class="pull-left">
diff --git a/content/download.html b/content/download.html
index 0bdb093..73b1735 100644
--- a/content/download.html
+++ b/content/download.html
@@ -189,26 +189,26 @@
<h2 id="struts-ga">Full Releases</h2>
-<h3 id="struts2514.1">Struts 2.5.14.1</h3>
+<h3 id="struts2516">Struts 2.5.16</h3>
<p>
- <a href="https://struts.apache.org/";>Apache Struts 2.5.14.1</a> is an
elegant, extensible
+ <a href="https://struts.apache.org/";>Apache Struts 2.5.16</a> is an elegant,
extensible
framework for creating enterprise-ready Java web applications. It is
available in a full distribution,
or as separate library, source, example and documentation distributions.
- Struts 2.5.14.1 is the "best available" version of Struts in the 2.5 series.
+ Struts 2.5.16 is the "best available" version of Struts in the 2.5 series.
</p>
<ul>
<li>
- <a
href="https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.5.14.1";>Version
Notes</a>
+ <a
href="https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.5.16";>Version
Notes</a>
</li>
<li>Full Distribution:
<ul>
<li>
- <a
href="[preferred]struts/2.5.14.1/struts-2.5.14.1-all.zip">struts-2.5.14.1-all.zip</a>
(65MB)
- [<a
href="https://www.apache.org/dist/struts/2.5.14.1/struts-2.5.14.1-all.zip.asc";>PGP</a>]
- [<a
href="https://www.apache.org/dist/struts/2.5.14.1/struts-2.5.14.1-all.zip.md5";>MD5</a>]
+ <a
href="[preferred]struts/2.5.16/struts-2.5.16-all.zip">struts-2.5.16-all.zip</a>
(65MB)
+ [<a
href="https://www.apache.org/dist/struts/2.5.16/struts-2.5.16-all.zip.asc";>PGP</a>]
+ [<a
href="https://www.apache.org/dist/struts/2.5.16/struts-2.5.16-all.zip.md5";>MD5</a>]
</li>
</ul>
</li>
@@ -216,9 +216,9 @@
<li>Example Applications:
<ul>
<li>
- <a
href="[preferred]struts/2.5.14.1/struts-2.5.14.1-apps.zip">struts-2.5.14.1-apps.zip</a>
(35MB)
- [<a
href="https://www.apache.org/dist/struts/2.5.14.1/struts-2.5.14.1-apps.zip.asc";>PGP</a>]
- [<a
href="https://www.apache.org/dist/struts/2.5.14.1/struts-2.5.14.1-apps.zip.md5";>MD5</a>]
+ <a
href="[preferred]struts/2.5.16/struts-2.5.16-apps.zip">struts-2.5.16-apps.zip</a>
(35MB)
+ [<a
href="https://www.apache.org/dist/struts/2.5.16/struts-2.5.16-apps.zip.asc";>PGP</a>]
+ [<a
href="https://www.apache.org/dist/struts/2.5.16/struts-2.5.16-apps.zip.md5";>MD5</a>]
</li>
</ul>
</li>
@@ -226,9 +226,9 @@
<li>Essential Dependencies Only:
<ul>
<li>
- <a
href="[preferred]struts/2.5.14.1/struts-2.5.14.1-min-lib.zip">struts-2.5.14.1-min-lib.zip</a>
(4MB)
- [<a
href="https://www.apache.org/dist/struts/2.5.14.1/struts-2.5.14.1-min-lib.zip.asc";>PGP</a>]
- [<a
href="https://www.apache.org/dist/struts/2.5.14.1/struts-2.5.14.1-min-lib.zip.md5";>MD5</a>]
+ <a
href="[preferred]struts/2.5.16/struts-2.5.16-min-lib.zip">struts-2.5.16-min-lib.zip</a>
(4MB)
+ [<a
href="https://www.apache.org/dist/struts/2.5.16/struts-2.5.16-min-lib.zip.asc";>PGP</a>]
+ [<a
href="https://www.apache.org/dist/struts/2.5.16/struts-2.5.16-min-lib.zip.md5";>MD5</a>]
</li>
</ul>
</li>
@@ -236,9 +236,9 @@
<li>All Dependencies:
<ul>
<li>
- <a
href="[preferred]struts/2.5.14.1/struts-2.5.14.1-lib.zip">struts-2.5.14.1-lib.zip</a>
(19MB)
- [<a
href="https://www.apache.org/dist/struts/2.5.14.1/struts-2.5.14.1-lib.zip.asc";>PGP</a>]
- [<a
href="https://www.apache.org/dist/struts/2.5.14.1/struts-2.5.14.1-lib.zip.md5";>MD5</a>]
+ <a
href="[preferred]struts/2.5.16/struts-2.5.16-lib.zip">struts-2.5.16-lib.zip</a>
(19MB)
+ [<a
href="https://www.apache.org/dist/struts/2.5.16/struts-2.5.16-lib.zip.asc";>PGP</a>]
+ [<a
href="https://www.apache.org/dist/struts/2.5.16/struts-2.5.16-lib.zip.md5";>MD5</a>]
</li>
</ul>
</li>
@@ -246,9 +246,9 @@
<li>Documentation:
<ul>
<li>
- <a
href="[preferred]struts/2.5.14.1/struts-2.5.14.1-docs.zip">struts-2.5.14.1-docs.zip</a>
(13MB)
- [<a
href="https://www.apache.org/dist/struts/2.5.14.1/struts-2.5.14.1-docs.zip.asc";>PGP</a>]
- [<a
href="https://www.apache.org/dist/struts/2.5.14.1/struts-2.5.14.1-docs.zip.md5";>MD5</a>]
+ <a
href="[preferred]struts/2.5.16/struts-2.5.16-docs.zip">struts-2.5.16-docs.zip</a>
(13MB)
+ [<a
href="https://www.apache.org/dist/struts/2.5.16/struts-2.5.16-docs.zip.asc";>PGP</a>]
+ [<a
href="https://www.apache.org/dist/struts/2.5.16/struts-2.5.16-docs.zip.md5";>MD5</a>]
</li>
</ul>
</li>
@@ -256,9 +256,9 @@
<li>Source:
<ul>
<li>
- <a
href="[preferred]struts/2.5.14.1/struts-2.5.14.1-src.zip">struts-2.5.14.1-src.zip</a>
(7MB)
- [<a
href="https://www.apache.org/dist/struts/2.5.14.1/struts-2.5.14.1-src.zip.asc";>PGP</a>]
- [<a
href="https://www.apache.org/dist/struts/2.5.14.1/struts-2.5.14.1-src.zip.md5";>MD5</a>]
+ <a
href="[preferred]struts/2.5.16/struts-2.5.16-src.zip">struts-2.5.16-src.zip</a>
(7MB)
+ [<a
href="https://www.apache.org/dist/struts/2.5.16/struts-2.5.16-src.zip.asc";>PGP</a>]
+ [<a
href="https://www.apache.org/dist/struts/2.5.16/struts-2.5.16-src.zip.md5";>MD5</a>]
</li>
</ul>
</li>
diff --git a/content/index.html b/content/index.html
index 954b049..123cfaf 100644
--- a/content/index.html
+++ b/content/index.html
@@ -131,7 +131,7 @@
extensible using a plugin architecture, and ships with plugins to support
REST, AJAX and JSON.
</p>
- <a href="download.cgi#struts2514.1" class="btn btn-primary btn-large">
+ <a href="download.cgi#struts2516" class="btn btn-primary btn-large">
<img src="img/download-icon.svg"> Download
</a>
<a href="primer.html" class="btn btn-info btn-large">
@@ -151,12 +151,12 @@
</p>
</div>
<div class="column col-md-4">
- <h2>Apache Struts 2.5.14.1 GA</h2>
+ <h2>Apache Struts 2.5.16 GA</h2>
<p>
- Apache Struts 2.5.14.1 GA has been released<br/>on 30 November 2017.
+ Apache Struts 2.5.16 GA has been released<br/>on 16 March 2018.
</p>
- Read more in <a href="announce.html#a20171130">Announcement</a> or in
- <a
href="https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.5.14.1";>Version
notes</a>
+ Read more in <a href="announce.html#a20180316">Announcement</a> or in
+ <a
href="https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.5.16";>Version
notes</a>
</div>
<div class="column col-md-4">
<h2>Apache Struts 2.3.34 GA</h2>
diff --git a/content/releases.html b/content/releases.html
index 8913c7a..7011d8d 100644
--- a/content/releases.html
+++ b/content/releases.html
@@ -147,7 +147,7 @@
<ul>
<li>
<a href="http://struts.apache.org/download.cgi#struts-ga";>
- Struts 2.5.14.1
+ Struts 2.5.16
</a> ("best available")
</li>
</ul>
@@ -231,6 +231,18 @@
<tbody>
<tr>
<td class="no-wrap">
+ Struts 2.5.14.1
+ </td>
+ <td class="no-wrap">30 November 2017</td>
+ <td>
+ <br/>
+ </td>
+ <td>
+ <a
href="https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.5.14.1";>Version
notes</a>
+ </td>
+ </tr>
+ <tr>
+ <td class="no-wrap">
Struts 2.5.14
</td>
<td class="no-wrap">23 November 2017</td>
@@ -246,7 +258,7 @@
<td class="no-wrap">
Struts 2.3.34
</td>
- <td class="no-wrap">September 2017</td>
+ <td class="no-wrap">7 September 2017</td>
<td>
</td>
<td>
@@ -287,7 +299,7 @@
<td class="no-wrap">
Struts 2.3.33
</td>
- <td class="no-wrap">July 2017</td>
+ <td class="no-wrap">7 July 2017</td>
<td>
</td>
<td>
@@ -317,7 +329,7 @@
<td class="no-wrap">
Struts 2.3.32
</td>
- <td class="no-wrap">March 2017</td>
+ <td class="no-wrap">7 March 2017</td>
<td>
<a href="/docs/s2-048.html">S2-048</a>
</td>
--
To stop receiving notification emails like this one, please contact
git-site-r...@apache.org.
