This is an automated email from the ASF dual-hosted git repository.
git-site-role pushed a commit to branch asf-staging
in repository https://gitbox.apache.org/repos/asf/struts-site.git
The following commit(s) were added to refs/heads/asf-staging by this push:
new 009299873 Updates stage by Jenkins
009299873 is described below
commit 0092998738f275918f837a8f2f0d47b2fd8f1006
Author: jenkins <[email protected]>
AuthorDate: Tue Feb 17 06:55:10 2026 +0000
Updates stage by Jenkins
---
.../action-file-upload-interceptor.html | 25 +++++++++++++--
content/core-developers/default-properties.html | 8 +++--
content/core-developers/prepare-interceptor.html | 8 ++++-
content/core-developers/type-conversion.html | 12 ++++++--
content/plugins/spring/index.html | 14 ++++++++-
content/security/index.html | 9 ++++--
content/tag-developers/checkbox-tag.html | 36 ++++++++++++++++++++++
7 files changed, 102 insertions(+), 10 deletions(-)
diff --git a/content/core-developers/action-file-upload-interceptor.html
b/content/core-developers/action-file-upload-interceptor.html
index a6134c3cf..6ff3e3d05 100644
--- a/content/core-developers/action-file-upload-interceptor.html
+++ b/content/core-developers/action-file-upload-interceptor.html
@@ -154,7 +154,10 @@
<h1 class="no_toc" id="action-file-upload-interceptor">Action File Upload
Interceptor</h1>
<ul id="markdown-toc">
- <li><a href="#parameters" id="markdown-toc-parameters">Parameters</a></li>
+ <li><a href="#parameters" id="markdown-toc-parameters">Parameters</a> <ul>
+ <li><a href="#dynamic-parameter-evaluation"
id="markdown-toc-dynamic-parameter-evaluation">Dynamic Parameter
Evaluation</a></li>
+ </ul>
+ </li>
<li><a href="#extending-the-interceptor"
id="markdown-toc-extending-the-interceptor">Extending the Interceptor</a></li>
<li><a href="#examples" id="markdown-toc-examples">Examples</a></li>
</ul>
@@ -186,7 +189,7 @@ file extensions specified</li>
<ul>
<li><code class="language-plaintext highlighter-rouge">maximumSize</code>
(optional) - the maximum size (in bytes) that the interceptor will allow a file
reference to be set
-on the action. Note, this is <b>not</b> related to the various properties
found in struts.properties.
+on the action. Note, this is <b>not</b> related to the various properties
found in struts.properties.
Default to approximately 2MB.</li>
<li><code class="language-plaintext highlighter-rouge">allowedTypes</code>
(optional) - a comma separated list of content types (ie: <code
class="language-plaintext highlighter-rouge">text/html</code>) that the
interceptor will allow
a file reference to be set on the action. If none is specified allow all types
to be uploaded.</li>
@@ -194,6 +197,24 @@ a file reference to be set on the action. If none is
specified allow all types t
a file reference to be set on the action. If none is specified allow all
extensions to be uploaded.</li>
</ul>
+<h3 id="dynamic-parameter-evaluation">Dynamic Parameter Evaluation</h3>
+
+<blockquote>
+ <p>Since Struts 7.2.0</p>
+</blockquote>
+
+<p>The <code class="language-plaintext highlighter-rouge">allowedTypes</code>,
<code class="language-plaintext highlighter-rouge">allowedExtensions</code>,
and <code class="language-plaintext highlighter-rouge">maximumSize</code>
parameters support <code class="language-plaintext
highlighter-rouge">${...}</code> expression evaluation,
+enabling per-request dynamic validation. This is available when used with
<code class="language-plaintext highlighter-rouge">WithLazyParams</code>.</p>
+
+<div class="language-xml highlighter-rouge"><div class="highlight"><pre
class="highlight"><code><span class="nt"><interceptor-ref</span> <span
class="na">name=</span><span class="s">"actionFileUpload"</span><span
class="nt">></span>
+ <span class="nt"><param</span> <span class="na">name=</span><span
class="s">"allowedTypes"</span><span
class="nt">></span>${allowedContentTypes}<span
class="nt"></param></span>
+ <span class="nt"><param</span> <span class="na">name=</span><span
class="s">"maximumSize"</span><span class="nt">></span>${maxFileSize}<span
class="nt"></param></span>
+<span class="nt"></interceptor-ref></span>
+</code></pre></div></div>
+
+<p>The expressions are evaluated against the ValueStack at the time of the
upload, allowing your action to provide
+dynamic values based on the current request context.</p>
+
<h2 id="extending-the-interceptor">Extending the Interceptor</h2>
<p>You can extend this interceptor and override the acceptFile method to
provide more control over which files are supported
diff --git a/content/core-developers/default-properties.html
b/content/core-developers/default-properties.html
index 3006ea88b..3dbf66537 100644
--- a/content/core-developers/default-properties.html
+++ b/content/core-developers/default-properties.html
@@ -209,8 +209,8 @@ struts.objectFactory.spring.autoWire = name
struts.objectFactory.spring.useClassCache = true
### ensures the autowire strategy is always respected.
-### valid values are: true, false (false is the default)
-struts.objectFactory.spring.autoWire.alwaysRespect = false
+### valid values are: true, false (true is the default)
+struts.objectFactory.spring.autoWire.alwaysRespect=true
### By default SpringObjectFactory doesn't support AOP
### This flag was added just temporally to check if nothing is broken
@@ -486,6 +486,10 @@ struts.url.decoder=strutsUrlDecoder
### Defines source to read nonce value from, possible values are: request,
session
struts.csp.nonceSource=session
+### Checkbox hidden field prefix
+### Default prefix for backward compatibility. Change to "struts_checkbox_"
for HTML5 validation.
+struts.ui.checkbox.hiddenPrefix=__checkbox_
+
### END SNIPPET: complete_file</code></pre></figure>
diff --git a/content/core-developers/prepare-interceptor.html
b/content/core-developers/prepare-interceptor.html
index 79d14b954..bd91fce65 100644
--- a/content/core-developers/prepare-interceptor.html
+++ b/content/core-developers/prepare-interceptor.html
@@ -179,10 +179,16 @@ method that will be run before the invocation of the
input method.</p>
<ol>
<li>if the action class have <code class="language-plaintext
highlighter-rouge">prepare<MethodName>()</code>, it will be invoked</li>
<li>else if the action class have <code class="language-plaintext
highlighter-rouge">prepareDo<MethodName>()</code>, it will be invoked</li>
- <li>no matter if 1] or 2] is performed, if <code class="language-plaintext
highlighter-rouge">alwaysInvokePrepare</code> property of the interceptor is
<code class="language-plaintext highlighter-rouge">true</code> (which is by
+ <li>no matter if 1] or 2] is performed, if <code class="language-plaintext
highlighter-rouge">alwaysInvokePrepare</code> property of the interceptor is
<code class="language-plaintext highlighter-rouge">true</code> (which is by
default <code class="language-plaintext highlighter-rouge">true</code>),
<code class="language-plaintext highlighter-rouge">prepare()</code> will be
invoked.</li>
</ol>
+<blockquote>
+ <p>Since Struts 7.2.0: The <code class="language-plaintext
highlighter-rouge">Preparable.prepare()</code> method is now a <code
class="language-plaintext highlighter-rouge">default</code> method with an
empty implementation.
+Actions that only use per-method variants (e.g., <code
class="language-plaintext highlighter-rouge">prepareEdit()</code>, <code
class="language-plaintext highlighter-rouge">prepareSave()</code>) no longer
need to provide
+an empty <code class="language-plaintext highlighter-rouge">prepare()</code>
override.</p>
+</blockquote>
+
<h2 id="parameters">Parameters</h2>
<ul>
diff --git a/content/core-developers/type-conversion.html
b/content/core-developers/type-conversion.html
index 0420aaeb6..bda69b01d 100644
--- a/content/core-developers/type-conversion.html
+++ b/content/core-developers/type-conversion.html
@@ -291,13 +291,21 @@ amount=com.acme.converters.MyCustomBigDecimalConverter
<h2 id="applying-a-type-converter-for-an-application">Applying a Type
Converter for an application</h2>
-<p>Application-wide converters can be specified in a file called <code
class="language-plaintext
highlighter-rouge">struts-conversion.properties</code> or <code
class="language-plaintext highlighter-rouge">xwork-conversion.properties</code>
(deprecated)
+<p>Application-wide converters can be specified in a file called <code
class="language-plaintext
highlighter-rouge">struts-conversion.properties</code> or <code
class="language-plaintext highlighter-rouge">xwork-conversion.properties</code>
(deprecated)
located in the root of the classpath.</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre
class="highlight"><code># syntax: <type> = <converterClassName>
-java.math.BigDecimal = com.acme.MyBigDecimalConverter
+java.math.BigDecimal = com.acme.MyBigDecimalConverter
</code></pre></div></div>
+<blockquote>
+ <p>Since Struts 7.2.0: When the Spring plugin is active, you can use Spring
bean names in addition to fully qualified
+class names as converter values in <code class="language-plaintext
highlighter-rouge">struts-conversion.properties</code>. For example, if you
have a Spring bean named
+<code class="language-plaintext
highlighter-rouge">myBigDecimalConverter</code>, you can reference it
directly:</p>
+ <div class="language-plaintext highlighter-rouge"><div
class="highlight"><pre class="highlight"><code>java.math.BigDecimal =
myBigDecimalConverter
+</code></pre></div> </div>
+</blockquote>
+
<h2 id="a-simple-example">A Simple Example</h2>
<p>Type conversion is great for situations where you need to turn a String in
to a more complex object. Because the web
diff --git a/content/plugins/spring/index.html
b/content/plugins/spring/index.html
index 69828ec43..40f69b9ee 100644
--- a/content/plugins/spring/index.html
+++ b/content/plugins/spring/index.html
@@ -160,6 +160,7 @@
<li><a href="#autowiring" id="markdown-toc-autowiring">Autowiring</a></li>
<li><a href="#initializing-actions-from-spring"
id="markdown-toc-initializing-actions-from-spring">Initializing Actions from
Spring</a></li>
<li><a href="#class-reloading" id="markdown-toc-class-reloading">Class
Reloading</a></li>
+ <li><a href="#migration-note-autowire-alwaysrespect-default-change-720"
id="markdown-toc-migration-note-autowire-alwaysrespect-default-change-720">Migration
Note: autowire alwaysRespect default change (7.2.0)</a></li>
<li><a href="#settings" id="markdown-toc-settings">Settings</a></li>
<li><a href="#installation"
id="markdown-toc-installation">Installation</a></li>
</ul>
@@ -404,6 +405,17 @@ so only actions are handled by it. This constant supports
a comma separated list
<p>This feature is experimental, and <strong>should never</strong> be used
in production systems.</p>
</blockquote>
+<h2 id="migration-note-autowire-alwaysrespect-default-change-720">Migration
Note: autowire alwaysRespect default change (7.2.0)</h2>
+
+<p class="alert alert-warning">Starting with Struts 7.2.0, the <code
class="language-plaintext
highlighter-rouge">struts.objectFactory.spring.autoWire.alwaysRespect</code>
constant defaults to <code class="language-plaintext
highlighter-rouge">true</code>
+(previously <code class="language-plaintext highlighter-rouge">false</code>).
This means the configured autowire strategy is now always applied consistently,
which fixes issues
+such as broken redirect URLs when Spring String beans are involved.</p>
+
+<p>If you experience unexpected behavior after upgrading to 7.2.0, you can
restore the previous behavior by setting:</p>
+
+<div class="language-xml highlighter-rouge"><div class="highlight"><pre
class="highlight"><code><span class="nt"><constant</span> <span
class="na">name=</span><span
class="s">"struts.objectFactory.spring.autoWire.alwaysRespect"</span> <span
class="na">value=</span><span class="s">"false"</span> <span
class="nt">/></span>
+</code></pre></div></div>
+
<h2 id="settings">Settings</h2>
<p>The following settings can be customized. See the <a
href="/core-developers/configuration-files">developer guide</a>.</p>
@@ -427,7 +439,7 @@ so only actions are handled by it. This constant supports a
comma separated list
<tr>
<td>struts.objectFactory.spring.autoWire.alwaysRespect</td>
<td>Whether the autowire strategy should always be used, or if the
framework should try to guess the best strategy based on the situation</td>
- <td>false for backwards-compatibility</td>
+ <td>true (changed from false in 7.2.0)</td>
<td>true or false</td>
</tr>
<tr>
diff --git a/content/security/index.html b/content/security/index.html
index 570402208..514e76446 100644
--- a/content/security/index.html
+++ b/content/security/index.html
@@ -212,13 +212,18 @@ by security level.</p>
<h3 id="never-expose-jsp-files-directly">Never expose JSP files directly</h3>
-<p>You must always hide JSP file behind an action, you cannot allow for direct
access to the JSP files as this can leads
+<p>You must always hide JSP file behind an action, you cannot allow for direct
access to the JSP files as this can leads
to unpredictable security vulnerabilities. You can achieve this by putting all
your JSP files under the <code class="language-plaintext
highlighter-rouge">WEB-INF</code> folder</p>
<ul>
- <li>most of the JEE containers restrict access to files placed under the
<code class="language-plaintext highlighter-rouge">WEB-INF</code> folder.
Second option is to add security
+ <li>most of the JEE containers restrict access to files placed under the
<code class="language-plaintext highlighter-rouge">WEB-INF</code> folder.
Second option is to add security
constraint to the <code class="language-plaintext
highlighter-rouge">web.xml</code> file:</li>
</ul>
+<blockquote>
+ <p>Since Struts 7.2.0: The framework now logs a security warning when JSP
tags are accessed directly outside of
+an action scope. This helps identify JSP files that are inadvertently exposed
without action protection.</p>
+</blockquote>
+
<div class="language-xml highlighter-rouge"><div class="highlight"><pre
class="highlight"><code><span class="c"><!-- Restricts access to pure JSP
files - access available only via Struts action --></span>
<span class="nt"><security-constraint></span>
<span class="nt"><display-name></span>No direct JSP access<span
class="nt"></display-name></span>
diff --git a/content/tag-developers/checkbox-tag.html
b/content/tag-developers/checkbox-tag.html
index 2ac9ded45..104d9f353 100644
--- a/content/tag-developers/checkbox-tag.html
+++ b/content/tag-developers/checkbox-tag.html
@@ -557,6 +557,42 @@
<div class="language-html highlighter-rouge"><div class="highlight"><pre
class="highlight"><code><span class="nt"><input</span> <span
class="na">type=</span><span class="s">"checkbox"</span> <span
class="na">name=</span><span class="s">"checkboxField1"</span> <span
class="na">value=</span><span class="s">"true"</span> <span
class="na">checked=</span><span class="s">"checked"</span> <span
class="nt">/></span>
</code></pre></div></div>
+<h2 id="hidden-field-prefix">Hidden Field Prefix</h2>
+
+<blockquote>
+ <p>Since Struts 7.2.0</p>
+</blockquote>
+
+<p>The checkbox tag generates a companion hidden field to ensure that
unchecked values are still submitted with the form.
+By default, this hidden field uses the prefix <code class="language-plaintext
highlighter-rouge">__checkbox_</code> (e.g., <code class="language-plaintext
highlighter-rouge">__checkbox_checkboxField1</code>).</p>
+
+<p>For HTML5 compliance, you can change the prefix to <code
class="language-plaintext highlighter-rouge">struts_checkbox_</code> using the
<code class="language-plaintext
highlighter-rouge">struts.ui.checkbox.hiddenPrefix</code> constant:</p>
+
+<div class="language-xml highlighter-rouge"><div class="highlight"><pre
class="highlight"><code><span class="nt"><constant</span> <span
class="na">name=</span><span class="s">"struts.ui.checkbox.hiddenPrefix"</span>
<span class="na">value=</span><span class="s">"struts_checkbox_"</span> <span
class="nt">/></span>
+</code></pre></div></div>
+
+<table>
+ <thead>
+ <tr>
+ <th>Prefix</th>
+ <th>Example Hidden Field Name</th>
+ <th>Notes</th>
+ </tr>
+ </thead>
+ <tbody>
+ <tr>
+ <td><code class="language-plaintext
highlighter-rouge">__checkbox_</code></td>
+ <td><code class="language-plaintext
highlighter-rouge">__checkbox_checkboxField1</code></td>
+ <td>Default, backward-compatible</td>
+ </tr>
+ <tr>
+ <td><code class="language-plaintext
highlighter-rouge">struts_checkbox_</code></td>
+ <td><code class="language-plaintext
highlighter-rouge">struts_checkbox_checkboxField1</code></td>
+ <td>HTML5-compliant alternative</td>
+ </tr>
+ </tbody>
+</table>
+
</section>
</article>
