This is an automated email from the ASF dual-hosted git repository.
github-bot pushed a change to branch
dependabot/maven/org.mockito-mockito-core-5.8.0
in repository https://gitbox.apache.org/repos/asf/struts.git
discard 7522656bc Bump org.mockito:mockito-core from 4.3.1 to 5.8.0
add cf4523fba Bump actions/setup-java from 3 to 4 (#804)
add ebdf01995 WW-5364 Modify XmlDocConfigurationProvider to be able to
load into allowlist
add 1d76bff95 WW-5364 Make allowlist classloader specific
add 198812fe8 WW-5364 Implement provider allowlist
add 3bf3e5f8d WW-5364 Inject ProviderAllowlist into SecurityMemberAccess
add ee442db9e WW-5364 Enable allowlist for showcase
add 39c3e332d WW-5364 Add Struts components to allowlist
add 6657e01f9 WW-5364 Don't throw ConfigurationException on unloadable
action or interceptor classes
add d7df9ce99 WW-5364 Replace some allowlist classes with packages
add 0566a207f Merge branch 'WW-5343-sec-extend' into
WW-5364-populate-allowlist
add d030532d6 WW-5343 Collect bootstrap factories
add 9aff37a83 Merge branch 'master' into WW-5364-populate-allowlist
add 5e33c7f2c WW-5343 Add unit test coverage for ProviderAllowlist
add 16f822a2b WW-5343 Move JUnit4 test case into Struts-core
add a26823386 WW-5343 Add integration tests for ConfigurationProvider
populating ProviderAllowlist
add 589219baa WW-5343 Add missing licenses
add a7d273c1f WW-5343 Make StrutsTestCase extend same package
add 80e83616b Merge pull request #800 from
apache/WW-5364-populate-allowlist
add 48a82fead WW-5339 Make ClassResolver a bean
add 002e598b7 WW-5339 Add option to block custom OGNL maps
add 6fcb50122 Merge pull request #806 from apache/WW-5339-astmap-block
add 13d972d6e WW-5370 Makes HttpParameters case-insensitive
add c40978f8c WW-5370 Uses TreeMap with case-insensitive comparator
add 4eaab8a79 WW-5370 Simplifies code
add 102e040e0 WW-5370 Adds proper logic to handle null
add f684effd9 Merge pull request #807 from apache/feature/http-params-case
add 0bc0217b9 WW-5371 Implements action based file upload
add dc4103bcb WW-5371 Uses the new upload mechanism in Showcase app
add 3ce3f8264 WW-5371 Simplifies file upload logic and extracts constants
add 3ef9ade89 WW-5371 Document how to use the new file upload logic
add 64c13cc74 WW-5370 Simplifies error handling logic
add f4501846c Merge pull request #808 from
apache/feature/WW-5371-modern-upload
add 165e464a1 Builds Struts 7 as part of the main pipeline
add 4bc19c773 Merge pull request #813 from
apache/feature/jenkins-pipeline-struts-7
add 5aeecd2d1 WW-5364 Add missing system allowlist classes
add 545292561 Merge pull request #815 from apache/WW-5364-fix-map-access
add 517d18bc4 Bump github/codeql-action from 2 to 3
add 3aeff1c69 Merge pull request #817 from
apache/dependabot/github_actions/github/codeql-action-3
add 8965c575c Update CspReportAction.java WW-5373
add 92227bb51 Merge pull request #814 from assachs/master
add e8881f664 WW-5328 Removes deprecated setters
add b5e07903f Merge pull request #811 from
apache/feature/WW-5328-removes-deprecated
add cc2eab79c Bump org.mockito:mockito-core from 4.3.1 to 5.8.0
This update added new revisions after undoing existing revisions.
That is to say, some revisions that were in the old version of the
branch are not in the new version. This situation occurs
when a user --force pushes a change and generates a repository
containing something like this:
* -- * -- B -- O -- O -- O (7522656bc)
\
N -- N -- N
refs/heads/dependabot/maven/org.mockito-mockito-core-5.8.0 (cc2eab79c)
You should already have received notification emails for all of the O
revisions, and so the following emails describe only the N revisions
from the common base, B.
Any revisions marked "omit" are not gone; other references still
refer to them. Any revisions marked "discard" are gone forever.
No new revisions were added by this update.
Summary of changes:
.github/workflows/codeql.yml | 6 +-
.github/workflows/maven.yml | 2 +-
.github/workflows/scorecards-analysis.yaml | 2 +-
.github/workflows/sonar.yml | 2 +-
Jenkinsfile | 81 ++++-
.../showcase/fileupload/FileUploadAction.java | 122 ++++---
apps/showcase/src/main/resources/struts.xml | 13 +
.../webapp/WEB-INF/fileupload/upload-success.jsp | 9 +-
.../opensymphony/xwork2}/XWorkJUnit4TestCase.java | 3 +-
.../xwork2/config/impl/DefaultConfiguration.java | 103 +++---
.../StrutsDefaultConfigurationProvider.java | 167 +++-------
.../providers/XmlDocConfigurationProvider.java | 88 +++--
.../com/opensymphony/xwork2/ognl/OgnlUtil.java | 10 +-
.../xwork2/ognl/OgnlValueStackFactory.java | 13 +-
.../xwork2/ognl/SecurityMemberAccess.java | 34 +-
.../xwork2/ognl/accessor/CompoundRootAccessor.java | 15 +-
.../opensymphony/xwork2/util/ConfigParseUtil.java | 11 +-
.../xwork2/util/MemberAccessValueStack.java | 16 -
.../java/org/apache/struts2/StrutsConstants.java | 2 +
.../org/apache/struts2/action/CspReportAction.java | 2 +-
.../{SessionAware.java => UploadedFilesAware.java} | 22 +-
.../apache/struts2/dispatcher/HttpParameters.java | 32 +-
.../org/apache/struts2/dispatcher/Parameter.java | 13 +
.../multipart/JakartaMultiPartRequest.java | 6 +-
.../multipart/JakartaStreamMultiPartRequest.java | 42 +--
.../dispatcher/multipart/StrutsUploadedFile.java | 64 +++-
.../struts2/dispatcher/multipart/UploadedFile.java | 8 +-
.../interceptor/AbstractFileUploadInterceptor.java | 263 +++++++++++++++
.../interceptor/ActionFileUploadInterceptor.java | 191 +++++++++++
.../struts2/interceptor/FileUploadInterceptor.java | 265 ++-------------
.../org/apache/struts2/ognl/ProviderAllowlist.java | 73 ++++
.../apache/struts2/struts-messages_en.properties | 27 +-
core/src/main/resources/struts-beans.xml | 4 +
core/src/main/resources/struts-default.xml | 11 +-
.../src/main/resources/struts-excluded-classes.xml | 12 +-
.../ConfigurationProviderOgnlAllowlistTest.java | 114 +++++++
.../com/opensymphony/xwork2/ognl/MyCustomMap.java} | 10 +-
.../com/opensymphony/xwork2/ognl/OgnlUtilTest.java | 12 +
.../xwork2/ognl/SecurityMemberAccessTest.java | 9 +-
.../conversion/UploadedFileConverterTest.java | 19 +-
.../struts2/dispatcher/HttpParametersTest.java | 78 +++++
...t.java => ActionFileUploadInterceptorTest.java} | 369 ++++++++++-----------
.../interceptor/FileUploadInterceptorTest.java | 182 +++++-----
.../apache/struts2/ognl/ProviderAllowlistTest.java | 88 +++++
...clude-parent.xml => xwork-test-allowlist-2.xml} | 16 +-
...rceptors-basic.xml => xwork-test-allowlist.xml} | 24 +-
.../org/apache/struts2/junit/StrutsTestCase.java | 1 -
.../apache/struts2/junit/XWorkJUnit4TestCase.java | 71 +---
.../org/apache/struts2/junit/XWorkTestCase.java} | 6 +-
.../dispatcher/multipart/PellMultiPartRequest.java | 13 +-
50 files changed, 1751 insertions(+), 995 deletions(-)
copy {plugins/junit/src/main/java/org/apache/struts2/junit =>
core/src/main/java/com/opensymphony/xwork2}/XWorkJUnit4TestCase.java (97%)
copy core/src/main/java/org/apache/struts2/action/{SessionAware.java =>
UploadedFilesAware.java} (57%)
create mode 100644
core/src/main/java/org/apache/struts2/interceptor/AbstractFileUploadInterceptor.java
create mode 100644
core/src/main/java/org/apache/struts2/interceptor/ActionFileUploadInterceptor.java
create mode 100644
core/src/main/java/org/apache/struts2/ognl/ProviderAllowlist.java
create mode 100644
core/src/test/java/com/opensymphony/xwork2/config/providers/ConfigurationProviderOgnlAllowlistTest.java
copy
core/src/{main/java/com/opensymphony/xwork2/DefaultLocaleProviderFactory.java
=> test/java/com/opensymphony/xwork2/ognl/MyCustomMap.java} (80%)
create mode 100644
core/src/test/java/org/apache/struts2/dispatcher/HttpParametersTest.java
copy
core/src/test/java/org/apache/struts2/interceptor/{FileUploadInterceptorTest.java
=> ActionFileUploadInterceptorTest.java} (56%)
create mode 100644
core/src/test/java/org/apache/struts2/ognl/ProviderAllowlistTest.java
copy
core/src/test/resources/com/opensymphony/xwork2/config/providers/{xwork-include-parent.xml
=> xwork-test-allowlist-2.xml} (76%)
copy
core/src/test/resources/com/opensymphony/xwork2/config/providers/{xwork-test-interceptors-basic.xml
=> xwork-test-allowlist.xml} (70%)
copy plugins/junit/src/{test/java/org/apache/struts2/junit/MySessionBean.java
=> main/java/org/apache/struts2/junit/XWorkTestCase.java} (90%)
