svn commit: r981415 [3/4] - in /websites/production/struts/content: ./ docs/ docs/ajax-validation.data/

2016-02-29 Thread rgielen 
Modified: websites/production/struts/content/docs/message-store-interceptor.html
==
--- websites/production/struts/content/docs/message-store-interceptor.html 
(original)
+++ websites/production/struts/content/docs/message-store-interceptor.html Mon 
Feb 29 19:38:05 2016
@@ -138,114 +138,34 @@ under the License.
 
 
 
-
-An interceptor to store a ValidationAware action's messages / errors and field 
errors into
-HTTP Session, such that it will be retrievable at a later stage. This allows 
the action's message /
-errors and field errors to be available longer that just the particular HTTP 
request.
-
-
-
-If no session exists, nothing will be stored and can be retrieved later. In 
other terms,
-the application is responsible to open the session.
-
-
-
-In the 'STORE' mode, the interceptor will store the ValidationAware action's 
message / errors
-and field errors into HTTP session.
-
-
-
-In the 'RETRIEVE' mode, the interceptor will retrieve the stored action's 
message / errors  and field
-errors and put them back into the ValidationAware action.
-
-
-
-In the 'AUTOMATIC' mode, the interceptor will always retrieve the stored 
action's message / errors 
-and field errors and put them back into the ValidationAware action, and after 
Action execution, 
-if the com.opensymphony.xwork2.Result is an instance of ServletRedirectResult, 
the action's message / errors
-and field errors into automatically be stored in the HTTP session..
-
-
-
-The interceptor does nothing in the 'NONE' mode, which is the default.
-
-
-
-The operation mode could be switched using:
-1] Setting the interceptor parameter eg.
-
-
-  
- 
-STORE
- 
- 
- 
-  
-
-
-
-2] Through request parameter (allowRequestParameterSwitch must be 'true' which 
is the default)
-
-
-
-  // the request will have the operation mode in 'STORE'
-  http://localhost:8080/context/submitApplication.action?operationMode=STORE
-
-
-
-Parameters
-
-
-allowRequestParameterSwitch - To enable request parameter that 
could switch the operation mode
-   of this interceptor. 
requestParameterSwitch - The request parameter that will indicate what 
mode this
-  interceptor is in. operationMode - 
The operation mode this interceptor should be in
- (either 'STORE', 'RETRIEVE', 'AUTOMATIC', or 'NONE'). 
'NONE' being the default.
-
-
-Extending the 
Interceptor
-
-
-The following method could be overridden:
-
-
-getRequestOperationMode - get the operation mode of this 
interceptor based on the request parametersmergeCollection - merge two 
collectionsmergeMap - merge two map
-
-
-Examples
-
-
-
An interceptor to store a ValidationAware action's 
messages / errors and field errors into HTTP Session, such that it will be 
retrievable at a later stage. This allows the action's message / errors 
and field errors to be available longer that just the particular HTTP 
request.
If no session exists, nothing will be stored and can be 
retrieved later. In other terms, the application is responsible to open 
the session.
In the STORE mode, the interceptor 
will store the ValidationAware action's message / errors and field 
errors into HTTP session.
In the RETRIEVE mode, the 
interceptor will retrieve the stored action's message / errors and 
field errors and put them back into the ValidationAware action.
In the AUTOMATIC mode, the interceptor will always 
 >retrieve the stored action's message / errors and field errors and put 
 >them back into the [ValidationAware] action, and after Action 
 >execution, if the href="#">Result is an instance of href="#">ServletRedirectResult, the action's message / errors and 
 >field errors into automatically be stored in the HTTP session..
The 
 >interceptor does nothing in the NO

svn commit: r981415 [4/4] - in /websites/production/struts/content: ./ docs/ docs/ajax-validation.data/

2016-02-29 Thread rgielen 
Modified: websites/production/struts/content/docs/security-bulletins.html
==
--- websites/production/struts/content/docs/security-bulletins.html (original)
+++ websites/production/struts/content/docs/security-bulletins.html Mon Feb 29 
19:38:05 2016
@@ -126,7 +126,7 @@ under the License.
 
 
 The following security bulletins 
are available:
-S2-001 
— Remote code exploit on form validation 
errorS2-002 — 
Cross site scripting (XSS) vulnerability on 
 and  tagsS2-003 — XWork 
ParameterInterceptors bypass allows OGNL statement executionS2-004 — Directory traversal vulnerability while serving static 
contentS2-005 — 
XWork ParameterInterceptors bypass allows remote 
command executionS2-006 
— Multiple Cross-Site Scripting (XSS) in XWork 
generated error pagesS2-007 — User input is 
evaluated as an OGNL expression when there's a conversion 
errorS2-008 — 
Multiple critical vulnerabilities in 
Struts2S2-009 — 
ParameterInterceptor vulnerability allows remote 
command executionS2-010 
— When using Struts 2 token mechanism for CSRF 
protection, token check may be bypassed by misusing known session 
attributesS2-011 — 
Long request parameter names might significantly 
promote the effectiveness of DOS attacksS2-012 — Showcase app 
vulnerability allows remote command execution
 S2-013 — A vulnerability, present in the includeParams attribute of 
the URL and Anchor Tag, allows remote command executionS2-014 — A 
vulnerability introduced by forcing parameter inclusion in the URL and Anchor 
Tag allows remote command execution, session access and manipulation and XSS 
attacksS2-015 — 
A vulnerability introduced by wildcard matching 
mechanism or double evaluation of OGNL Expression allows remote command 
execution.S2-016 — 
A vulnerability introduced by manipulating parameters 
prefixed with "action:"/"redirect:"/"redirectAction:" allows remote command 
executionS2-017 — 
A vulnerability introduced by manipulating parameters prefixed with 
"redirect:"/"redirectAction:" allows for open redirectsS2-018 — Broken Access Control Vulnerability in Apache 
Struts2S2-019 — 
Dynamic Method Invocation disabled by 
defaultS2-020 — 
Upgrade Commons FileUpload to version 1.3.1 (avoids DoS 
attacks) and adds 'class' to exclude params in ParametersInterceptor (avoid 
ClassLoader manipulation)S2-021 — Improves excluded 
params in ParametersInterceptor and CookieInterceptor to avoid ClassLoader 
manipulationS2-022 
— Extends excluded params in CookieInt
 erceptor to avoid manipulation of Struts' internalsS2-023 — Generated value of token can be predictableS2-024 — Wrong excludeParams overrides those defined in 
DefaultExcludedPatternsCheckerS2-025 — Cross-Site 
Scripting Vulnerability in Debug Mode and in exposed JSP 
filesS2-026 — 
Special top object can be used to access Struts' 
internals
+S2-001 
— Remote code exploit on form validation 
errorS2-002 — 
Cross site scripting (XSS) vulnerability on 
 and  tagsS2-003 — XWork 
ParameterInterceptors bypass allows OGNL statement executionS2-004 — Directory traversal vulnerability while serving static 
contentS2-005 — 
XWork ParameterInterceptors bypass allows remote 
command executionS2-006 
— Multiple Cross-Site Scripting (XSS) in XWork 
generated error pagesS2-007 — User input is 
evaluated as an OGNL expression when there's a conversion 
errorS2-008 — 
Multiple critical vulnerabilities in 
Struts2S2-009 — 
ParameterInterceptor vulnerability allows remote 
command executionS2-010 
— When using Struts 2 token mechanism for CSRF 
protection, token check may be bypassed by misusing known session 
attributesS2-011 — 
Long request parameter names might significantly 
promote the effectiveness of DOS attacksS2-012 — Showcase app 
vulnerability allows remote command execution
 S2-013 — A vulnerability, present in the includeParams attribute of 
the URL and Anchor Tag, allows remote command executionS2-014 — A 
vulnerability introduced by forcing parameter inclusion in the URL and Anchor 
Tag allows remote command execution, session access and manipulation and XSS 
attacksS2-015 — 
A vulnerability introduced by wildcard matching 
mechanism or double evaluation of OGNL Expression allows remote command 
execution.S2-016 — 
A vulnerability introduced by manipulating parameters 
prefixed with "action:"/"redirect:"/"redirectAction:" allows remote command 
executionS2-017 — 
A vulnerability introduced by manipulating parameters prefixed with 
"redirect:"/"redirectAction:" allows for open redirectsS2-018 — Broken Access Control Vulnerability in Apache 
Struts2S2-019 — 
Dynamic Method Invocation disabled by 
defaultS2-020 — 
Upgrade Commons FileUpload to version 1.3.1 (avoids DoS 
attacks) and adds 'class' to exclude params in ParametersInterceptor (avoid 
ClassLoader manipulation)S2-021 — Improves excluded 
params in ParametersInterceptor and CookieInterceptor to avoid ClassLoader

svn commit: r981415 [2/4] - in /websites/production/struts/content: ./ docs/ docs/ajax-validation.data/

2016-02-29 Thread rgielen 
Modified: 
websites/production/struts/content/docs/building-struts-2-normal-release.html
==
--- 
websites/production/struts/content/docs/building-struts-2-normal-release.html 
(original)
+++ 
websites/production/struts/content/docs/building-struts-2-normal-release.html 
Mon Feb 29 19:38:05 2016
@@ -139,11 +139,11 @@ under the License.
 
 
 Content/**/
+/*]]>*/
 1 Getting 
ready2 Update Draft 
Docs when needed3 Be sure 
your local copy is up-to-date4 Prepare 
release5 Perform the 
release6 Move the 
assemblies7 Announce availability8 Push 
changes9 Vote on it10 Copy files11 Promote 
release12 Clean up old 
releases13 Wait for 
rsync14 Update site15 Redeploy the docs 
(Optional)16 Post 
announcements
 Building 
Steps (Struts)Getting 
readyCreate an "Struts 2.x.y omnibus ticket" ticket in JIRA to 
refer to in upcoming release related commit comments and for general 
documentation purposes. Mark it with priority "Blocker".Switch to 
branch developEnsure that the master POM and Struts 
Annotations have current releasesReview JIRA for any issues without a 
fix version set, and for any issues that should be resolved for the pending 
release.Ensure that there are no repositories or pluginRepositories 
listed in the poms.If you have committed all changes regarding the 
release process, close the omnibus ticket as it is the last open ticket for the 
upcoming releaseRelease the upcoming version in JIRA (under 
Administration/Manage Releases) and tag the release dateAdd next 
milestone ve
 rsion to the JIRA roadmapCreate DONE and TODO filters for the new 
version, share with all, and remove obsolete TODO filterCreate a new 
Version Notes page in Confluence, link from Migration Guide, and link to prior release page 
and JIRA DONE filters of the version to releaseExport wiki pages and 
put them under /docsUpdate Draft Docs 
when neededCheckout struts-site project (see details 
at the bottom of this page) and perform export:
 cd struts-site

Modified: 
websites/production/struts/content/docs/building-struts-annotations.html
==
--- websites/production/struts/content/docs/building-struts-annotations.html 
(original)
+++ websites/production/struts/content/docs/building-struts-annotations.html 
Mon Feb 29 19:38:05 2016
@@ -140,11 +140,11 @@ under the License.
 
 Content
 /**/
+/*]]>*/
 1 Content
 1.1 Building 
Steps (Struts Annotations)
 1.1.1 Obtain
 a fresh check out of struts annotations1.1.2 Prepare 
release1.1.3 Perform 
release1.1.4 Send a VOTE 
email1.1.5 Promote release

Modified: websites/production/struts/content/docs/building-struts-master.html
==
--- websites/production/struts/content/docs/building-struts-master.html 
(original)
+++ websites/production/struts/content/docs/building-struts-master.html Mon Feb 
29 19:38:05 2016
@@ -140,11 +140,11 @@ under the License.
 
 Content
 /**/
+/*]]>*/
 1 Building Steps 
(Struts)
 1.1 Obtain a fresh 
checkout.1.2 Change site 
target1.3 Prepare release1.4 Perform the 
release1.5 Announce 
availability1.6 Vote on it1.7 Promote release1.8 Wait for rsync1.9 Post announcements
 

Modified: websites/production/struts/content/docs/cdi-plugin.html
==
--- websites/production/struts/content/docs/cdi-plugin.html (original)
+++ websites/production/struts/content/docs/cdi-plugin.html Mon Feb 29 19:38:05 
2016
@@ -139,11 +139,11 @@ under the License.
 
 
 /*

svn commit: r981415 [1/4] - in /websites/production/struts/content: ./ docs/ docs/ajax-validation.data/

2016-02-29 Thread rgielen 
Author: rgielen
Date: Mon Feb 29 19:38:05 2016
New Revision: 981415

Log:
update volunteers and docs

Added:

websites/production/struts/content/docs/ajax-validation.data/struts2-ajax-vali-flow.png
   (with props)
websites/production/struts/content/docs/s2-027.html
websites/production/struts/content/docs/tiles-plugin.html
Modified:
websites/production/struts/content/docs/action-configuration.html
websites/production/struts/content/docs/actionmapper.html
websites/production/struts/content/docs/ajax-and-javascript-recipes.html
websites/production/struts/content/docs/ajax-validation.html
websites/production/struts/content/docs/ajax.html
websites/production/struts/content/docs/annotations.html

websites/production/struts/content/docs/building-struts-2-fast-track-release.html

websites/production/struts/content/docs/building-struts-2-normal-release.html
websites/production/struts/content/docs/building-struts-annotations.html
websites/production/struts/content/docs/building-struts-master.html
websites/production/struts/content/docs/cdi-plugin.html

websites/production/struts/content/docs/configuration-provider-configuration.html
websites/production/struts/content/docs/control-tags.html
websites/production/struts/content/docs/convention-plugin.html

websites/production/struts/content/docs/create-struts-2-web-application-with-artifacts-in-web-inf-lib-and-use-ant-to-build-the-application.html
websites/production/struts/content/docs/crud-demo-i.html
websites/production/struts/content/docs/cssxhtml-form-template.html
websites/production/struts/content/docs/faqs.html
websites/production/struts/content/docs/file-upload.html
websites/production/struts/content/docs/form-tags.html
websites/production/struts/content/docs/freemarker.html
websites/production/struts/content/docs/guides.html

websites/production/struts/content/docs/how-to-build-the-portlet-war-for-a-specific-portal-server.html
websites/production/struts/content/docs/interceptors.html
websites/production/struts/content/docs/json-plugin.html
websites/production/struts/content/docs/localization.html
websites/production/struts/content/docs/message-store-interceptor.html
websites/production/struts/content/docs/objectfactory.html
websites/production/struts/content/docs/obtain-response.html
websites/production/struts/content/docs/ognl-basics.html
websites/production/struts/content/docs/one-time-steps.html
websites/production/struts/content/docs/plugin-developers-guide.html
websites/production/struts/content/docs/portlet-tiles-plugin.html
websites/production/struts/content/docs/processing-forms.html
websites/production/struts/content/docs/release-notes-202.html
websites/production/struts/content/docs/release-plan-200.html
websites/production/struts/content/docs/rest-plugin.html
websites/production/struts/content/docs/result-configuration.html
websites/production/struts/content/docs/result-types.html
websites/production/struts/content/docs/s2-003.html
websites/production/struts/content/docs/sample-announcements.html
websites/production/struts/content/docs/security-bulletins.html
websites/production/struts/content/docs/security.html
websites/production/struts/content/docs/struts-2-blank-archetype.html
websites/production/struts/content/docs/struts-2-maven-archetypes.html
websites/production/struts/content/docs/struts-2-spring-2-jpa-ajax.html
websites/production/struts/content/docs/struts-next.html
websites/production/struts/content/docs/tiles-3-plugin.html
websites/production/struts/content/docs/tiles-use.html
websites/production/struts/content/docs/tutoriallesson06.html
websites/production/struts/content/docs/type-conversion.html
websites/production/struts/content/docs/user-guide.html
websites/production/struts/content/docs/using-freemarker-templates.html
websites/production/struts/content/docs/validation.html
websites/production/struts/content/docs/webxml.html

websites/production/struts/content/docs/what-are-some-of-the-frameworks-best-features.html
websites/production/struts/content/docs/what-is-the-actioncontext.html
websites/production/struts/content/index.html
websites/production/struts/content/volunteers.html

Modified: websites/production/struts/content/docs/action-configuration.html
==
--- websites/production/struts/content/docs/action-configuration.html (original)
+++ websites/production/struts/content/docs/action-configuration.html Mon Feb 
29 19:38:05 2016
@@ -139,11 +139,11 @@ under the License.
 
 
 The action mappings are the basic 
"unit-of-work" in the framework. Essentially, the action maps an identifier to 
a handler class. When a request matches the action's name, the framework uses 
the mapping to determine

[2/2] struts-site git commit: adjust security announcement on main page

2016-02-29 Thread rgielen 
adjust security announcement on main page


Project: http://git-wip-us.apache.org/repos/asf/struts-site/repo
Commit: http://git-wip-us.apache.org/repos/asf/struts-site/commit/d4509abb
Tree: http://git-wip-us.apache.org/repos/asf/struts-site/tree/d4509abb
Diff: http://git-wip-us.apache.org/repos/asf/struts-site/diff/d4509abb

Branch: refs/heads/master
Commit: d4509abb7dc25d465d20229ecde0037634d21366
Parents: a781826
Author: Rene Gielen 
Authored: Mon Feb 29 20:40:20 2016 +0100
Committer: Rene Gielen 
Committed: Mon Feb 29 20:40:20 2016 +0100

--
 source/index.html | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/struts-site/blob/d4509abb/source/index.html
--
diff --git a/source/index.html b/source/index.html
index ea47f97..183b9ad 100644
--- a/source/index.html
+++ b/source/index.html
@@ -51,10 +51,10 @@ title: Welcome to the Apache Struts project
   
   
   
-Security Bulletin S2-025
+Security Bulletin S2-026
 
   A new security bulletin was published, please carefully read the
-  Announcement
+  Announcement

[1/2] struts-site git commit: add Greg Huber to PMC

2016-02-29 Thread rgielen 
Repository: struts-site
Updated Branches:
  refs/heads/master cebb28bd0 -> d4509abb7


add Greg Huber to PMC


Project: http://git-wip-us.apache.org/repos/asf/struts-site/repo
Commit: http://git-wip-us.apache.org/repos/asf/struts-site/commit/a781826c
Tree: http://git-wip-us.apache.org/repos/asf/struts-site/tree/a781826c
Diff: http://git-wip-us.apache.org/repos/asf/struts-site/diff/a781826c

Branch: refs/heads/master
Commit: a781826c0d86880fa0448487f786768beabc3094
Parents: cebb28b
Author: Rene Gielen 
Authored: Mon Feb 29 20:05:57 2016 +0100
Committer: Rene Gielen 
Committed: Mon Feb 29 20:05:57 2016 +0100

--
 source/volunteers.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
--


http://git-wip-us.apache.org/repos/asf/struts-site/blob/a781826c/source/volunteers.md
--
diff --git a/source/volunteers.md b/source/volunteers.md
index 3ca1437..5efb199 100644
--- a/source/volunteers.md
+++ b/source/volunteers.md
@@ -31,6 +31,7 @@ or committee member.
 - Johannes Geppert (jogep at apache.org)
 - Christian Grobmeier (grobmeier at apache.org)
 - Christoph Nenning (cnenning at apache.org)
+- Greg Huber (ghuber at apache.org)
 
 ## Committers
 
@@ -46,7 +47,6 @@ Other committers are listed in the chronological order, 
according to the date ea
 - Mathias Bogaert (pathos at apache.org)
 - John Lindal (jafl at apache.org)
 - Bruce A. Phillips (bphillips at apache.org)
-- Greg Huber (ghuber at apache.org)
 - Aleksandr Mashchenko (amashchenko at apache.org)
 
 ## Emeritus Volunteers