svn commit: r53573 - /dev/struts/2.5.30/ /release/struts/2.5.30/
Author: lukaszlenart Date: Mon Apr 4 06:11:58 2022 New Revision: 53573 Log: Apache Struts 2.5.30 has been accepted as GA Added: release/struts/2.5.30/ - copied from r53572, dev/struts/2.5.30/ Removed: dev/struts/2.5.30/
svn commit: r53574 - /release/struts/2.5.28.3/
Author: lukaszlenart Date: Mon Apr 4 06:13:00 2022 New Revision: 53574 Log: Removes outdated version Removed: release/struts/2.5.28.3/
[struts-site] branch master updated: Announces Struts 2.5.30
This is an automated email from the ASF dual-hosted git repository.
lukaszlenart pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/struts-site.git
The following commit(s) were added to refs/heads/master by this push:
new 4419608dc Announces Struts 2.5.30
4419608dc is described below
commit 4419608dc4f0b4dec25ea762111cf3781ca90ee9
Author: Lukasz Lenart
AuthorDate: Mon Apr 4 08:20:12 2022 +0200
Announces Struts 2.5.30
---
_config.yml | 8
source/announce-2022.md | 46 ++
2 files changed, 50 insertions(+), 4 deletions(-)
diff --git a/_config.yml b/_config.yml
index 098ce5429..ad446c5c4 100644
--- a/_config.yml
+++ b/_config.yml
@@ -9,15 +9,15 @@ kramdown:
syntax_highlighter: rouge
# Simplifies introducing changes related to the latest release
-current_version: 2.5.29
-current_version_short: 2529
+current_version: 2.5.30
+current_version_short: 2530
prev_version: 2.3.37
prev_version_short: 2337
archetype_version: 2.5.22
current_beta_version: 2.5-BETA3
current_beta_version_short: 25B3
-release_date: 22 January 2022
-release_date_short: 20220122
+release_date: 04 April 2022
+release_date_short: 20220404
prev_release_date: 30 December 2018
prev_release_date_short: 20181230
beta_release_date_short: 20160126
diff --git a/source/announce-2022.md b/source/announce-2022.md
index 4313cefff..3ff84d30c 100644
--- a/source/announce-2022.md
+++ b/source/announce-2022.md
@@ -13,6 +13,52 @@ title: Announcements 2022
Skip to: Announcements - 2021
+ 04 April 2022 - Struts 2.5.30 General Availability {#a20220404}
+
+The Apache Struts group is pleased to announce that Struts 2.5.30 is available
as a "General Availability"
+release. The GA designation is our highest quality grade.
+
+ Internal Changes:
+
+Yasser's PR has been merged which contains a fix to double evaluation security
vulnerability - it should solve any future
+attack vectors, yet it can impact your application if you have been depending
on double evaluation.
+
+**How to test**
+Run all your app tests, you shouldn't see any WARN log like below:
+
+```
+Expression [so-and-so] isn't allowed by pattern [so-and-so]! See Accepted /
Excluded patterns at
+https://struts.apache.org/security/
+```
+
+See if following components are still functioning correctly regarding
java-scripts:
+- forms with client side validations
+- doubleselect
+- combobox
+
+Check also `StreamResult`, `AliasInterceptor` and `JasperReportResult` if they
are still working as expected.
+
+ Dependency:
+[WW-5170] - Upgrade Jackson-Core to version 2.10.5 and Jackson-Databind to
2.10.5.1
+[WW-5172] - Upgrade freemarker to 2.3.31
+
+> Please read the [Version Notes]({{ site.wiki_url }}/Version+Notes+2.5.30) to
find more details about performed
+> bug fixes and improvements.
+
+Apache Struts 2 is an elegant, extensible framework for creating
enterprise-ready Java web applications.
+The framework has been designed to streamline the full development cycle, from
building, to deploying,
+to maintaining applications over time.
+
+**All developers are strongly advised to perform this upgrade.**
+
+The 2.5.x series of the Apache Struts framework has a minimum requirement of
the following specification versions:
+Servlet API 2.4, JSP API 2.0, and Java 7.
+
+Should any issues arise with your use of any version of the Struts framework,
please post your comments to the user list,
+and, if appropriate, file [a tracking ticket]({{ site.jira_url }}).
+
+You can download this version from our [download](download.cgi#struts-ga) page.
+
22 January 2022 - Struts 2.5.29 General Availability {#a20220122}
The Apache Struts group is pleased to announce that Struts 2.5.29 is available
as a "General Availability"
[struts-site] branch asf-site updated: Automatic Site Publish by Buildbot
This is an automated email from the ASF dual-hosted git repository. git-site-role pushed a commit to branch asf-site in repository https://gitbox.apache.org/repos/asf/struts-site.git The following commit(s) were added to refs/heads/asf-site by this push: new b7273f1e0 Automatic Site Publish by Buildbot b7273f1e0 is described below commit b7273f1e0a4f13afe08e9e0645b95c615307af33 Author: buildbot AuthorDate: Mon Apr 4 06:20:53 2022 + Automatic Site Publish by Buildbot --- output/announce-2022.html | 52 +++ output/download.html | 44 +++ output/index.html | 10 - output/releases.html | 2 +- 4 files changed, 80 insertions(+), 28 deletions(-) diff --git a/output/announce-2022.html b/output/announce-2022.html index 2155f888a..80b0f0676 100644 --- a/output/announce-2022.html +++ b/output/announce-2022.html @@ -131,6 +131,9 @@ Announcements 2022 + 04 April 2022 - Struts 2.5.30 General Availability + Internal Changes: + Dependency: 22 January 2022 - Struts 2.5.29 General Availability 02 January 2022 - Struts 2.5.28.3 General Availability @@ -139,6 +142,55 @@ Skip to: Announcements - 2021 +04 April 2022 - Struts 2.5.30 General Availability + +The Apache Struts group is pleased to announce that Struts 2.5.30 is available as a “General Availability” +release. The GA designation is our highest quality grade. + +Internal Changes: + +Yasser’s PR has been merged which contains a fix to double evaluation security vulnerability - it should solve any future +attack vectors, yet it can impact your application if you have been depending on double evaluation. + +How to test +Run all your app tests, you shouldn’t see any WARN log like below: + +Expression [so-and-so] isn't allowed by pattern [so-and-so]! See Accepted / Excluded patterns at +https://struts.apache.org/security/ + + +See if following components are still functioning correctly regarding java-scripts: + + forms with client side validations + doubleselect + combobox + + +Check also StreamResult, AliasInterceptor and JasperReportResult if they are still working as expected. + +Dependency: +[WW-5170] - Upgrade Jackson-Core to version 2.10.5 and Jackson-Databind to 2.10.5.1 +[WW-5172] - Upgrade freemarker to 2.3.31 + + + Please read the https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.5.30";>Version Notes to find more details about performed +bug fixes and improvements. + + +Apache Struts 2 is an elegant, extensible framework for creating enterprise-ready Java web applications. +The framework has been designed to streamline the full development cycle, from building, to deploying, +to maintaining applications over time. + +All developers are strongly advised to perform this upgrade. + +The 2.5.x series of the Apache Struts framework has a minimum requirement of the following specification versions: +Servlet API 2.4, JSP API 2.0, and Java 7. + +Should any issues arise with your use of any version of the Struts framework, please post your comments to the user list, +and, if appropriate, file https://issues.apache.org/jira/projects/WW/";>a tracking ticket. + +You can download this version from our download page. + 22 January 2022 - Struts 2.5.29 General Availability The Apache Struts group is pleased to announce that Struts 2.5.29 is available as a “General Availability” diff --git a/output/download.html b/output/download.html index 6f6bcc00f..685984168 100644 --- a/output/download.html +++ b/output/download.html @@ -190,26 +190,26 @@ Full Releases -Struts 2.5.29 +Struts 2.5.30 - https://struts.apache.org/";>Apache Struts 2.5.29 is an elegant, extensible + https://struts.apache.org/";>Apache Struts 2.5.30 is an elegant, extensible framework for creating enterprise-ready Java web applications. It is available in a full distribution, or as separate library, source, example and documentation distributions. - Struts 2.5.29 is the "best available" version of Struts in the 2.5 series. + Struts 2.5.30 is the "best available" version of Struts in the 2.5 series. -https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.5.29";>Version Notes +https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.5.30";>Version Notes Full Distribution: -struts-2.5.29-all.zip (65MB) -[https://downloads.apache.org/struts/2.5.29/struts-2.5.29-all.zip.asc";>PGP] -[https://downloads.apache.org/struts/2.5.29/struts-2.5.29-all.zip.sha256";>SHA256] +struts-2.5.30-all.zip (65MB) +[https://downloads.apache.org/struts/2.5.30/struts-2.5.30-all.zip.asc";>PGP] +[https://downloads.apache.org/struts/2.5.30/struts-2.5.30-all.zip.sha256";>SHA256] @@ -217,9 +217,9 @@ Example Applications: -struts-2.5.29-apps.zip (35MB) -[https://downloads.apache.or
[struts-site] branch master updated: Drops headers as they mess with ToC
This is an automated email from the ASF dual-hosted git repository. lukaszlenart pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/struts-site.git The following commit(s) were added to refs/heads/master by this push: new 6d9be1ee5 Drops headers as they mess with ToC 6d9be1ee5 is described below commit 6d9be1ee5d35f55b9879ecab4ef5c079557e063e Author: Lukasz Lenart AuthorDate: Mon Apr 4 08:30:28 2022 +0200 Drops headers as they mess with ToC --- source/announce-2022.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/source/announce-2022.md b/source/announce-2022.md index 3ff84d30c..4140d902f 100644 --- a/source/announce-2022.md +++ b/source/announce-2022.md @@ -18,7 +18,7 @@ title: Announcements 2022 The Apache Struts group is pleased to announce that Struts 2.5.30 is available as a "General Availability" release. The GA designation is our highest quality grade. - Internal Changes: +Internal Changes: Yasser's PR has been merged which contains a fix to double evaluation security vulnerability - it should solve any future attack vectors, yet it can impact your application if you have been depending on double evaluation. @@ -38,7 +38,7 @@ See if following components are still functioning correctly regarding java-scrip Check also `StreamResult`, `AliasInterceptor` and `JasperReportResult` if they are still working as expected. - Dependency: +Dependency: [WW-5170] - Upgrade Jackson-Core to version 2.10.5 and Jackson-Databind to 2.10.5.1 [WW-5172] - Upgrade freemarker to 2.3.31
[struts-site] branch asf-site updated: Automatic Site Publish by Buildbot
This is an automated email from the ASF dual-hosted git repository. git-site-role pushed a commit to branch asf-site in repository https://gitbox.apache.org/repos/asf/struts-site.git The following commit(s) were added to refs/heads/asf-site by this push: new cd328a253 Automatic Site Publish by Buildbot cd328a253 is described below commit cd328a253a29c6c31668e6aed93c06632b47d137 Author: buildbot AuthorDate: Mon Apr 4 06:31:04 2022 + Automatic Site Publish by Buildbot --- output/announce-2022.html | 8 +++- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/output/announce-2022.html b/output/announce-2022.html index 80b0f0676..964d795a3 100644 --- a/output/announce-2022.html +++ b/output/announce-2022.html @@ -132,8 +132,6 @@ 04 April 2022 - Struts 2.5.30 General Availability - Internal Changes: - Dependency: 22 January 2022 - Struts 2.5.29 General Availability 02 January 2022 - Struts 2.5.28.3 General Availability @@ -147,7 +145,7 @@ The Apache Struts group is pleased to announce that Struts 2.5.30 is available as a “General Availability” release. The GA designation is our highest quality grade. -Internal Changes: +Internal Changes: Yasser’s PR has been merged which contains a fix to double evaluation security vulnerability - it should solve any future attack vectors, yet it can impact your application if you have been depending on double evaluation. @@ -168,8 +166,8 @@ https://struts.apache.org/security/ Check also StreamResult, AliasInterceptor and JasperReportResult if they are still working as expected. -Dependency: -[WW-5170] - Upgrade Jackson-Core to version 2.10.5 and Jackson-Databind to 2.10.5.1 +Dependency: +[WW-5170] - Upgrade Jackson-Core to version 2.10.5 and Jackson-Databind to 2.10.5.1 [WW-5172] - Upgrade freemarker to 2.3.31
[struts-site] branch master updated: Improves styling a bit
This is an automated email from the ASF dual-hosted git repository. lukaszlenart pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/struts-site.git The following commit(s) were added to refs/heads/master by this push: new 53779e126 Improves styling a bit 53779e126 is described below commit 53779e126700c26882322fb524e6187aa47fa33e Author: Lukasz Lenart AuthorDate: Mon Apr 4 08:31:36 2022 +0200 Improves styling a bit --- source/announce-2022.md | 7 --- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/source/announce-2022.md b/source/announce-2022.md index 4140d902f..05035e815 100644 --- a/source/announce-2022.md +++ b/source/announce-2022.md @@ -24,7 +24,8 @@ Yasser's PR has been merged which contains a fix to double evaluation security v attack vectors, yet it can impact your application if you have been depending on double evaluation. **How to test** -Run all your app tests, you shouldn't see any WARN log like below: + +Run all your app tests, you shouldn't see any `WARN` log like below: ``` Expression [so-and-so] isn't allowed by pattern [so-and-so]! See Accepted / Excluded patterns at @@ -33,8 +34,8 @@ https://struts.apache.org/security/ See if following components are still functioning correctly regarding java-scripts: - forms with client side validations -- doubleselect -- combobox +- `doubleselect` tag +- `combobox` tag Check also `StreamResult`, `AliasInterceptor` and `JasperReportResult` if they are still working as expected.
[struts-site] branch asf-site updated: Automatic Site Publish by Buildbot
This is an automated email from the ASF dual-hosted git repository. git-site-role pushed a commit to branch asf-site in repository https://gitbox.apache.org/repos/asf/struts-site.git The following commit(s) were added to refs/heads/asf-site by this push: new 1f5f57ac4 Automatic Site Publish by Buildbot 1f5f57ac4 is described below commit 1f5f57ac4619039437c40516727d5881ec820d41 Author: buildbot AuthorDate: Mon Apr 4 06:32:04 2022 + Automatic Site Publish by Buildbot --- output/announce-2022.html | 9 + 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/output/announce-2022.html b/output/announce-2022.html index 964d795a3..38a1a91e4 100644 --- a/output/announce-2022.html +++ b/output/announce-2022.html @@ -150,8 +150,9 @@ release. The GA designation is our highest quality grade. Yasser’s PR has been merged which contains a fix to double evaluation security vulnerability - it should solve any future attack vectors, yet it can impact your application if you have been depending on double evaluation. -How to test -Run all your app tests, you shouldn’t see any WARN log like below: +How to test + +Run all your app tests, you shouldn’t see any WARN log like below: Expression [so-and-so] isn't allowed by pattern [so-and-so]! See Accepted / Excluded patterns at https://struts.apache.org/security/ @@ -160,8 +161,8 @@ https://struts.apache.org/security/ See if following components are still functioning correctly regarding java-scripts: forms with client side validations - doubleselect - combobox + doubleselect tag + combobox tag Check also StreamResult, AliasInterceptor and JasperReportResult if they are still working as expected.
[struts-site] branch master updated: Re-formats list of issues
This is an automated email from the ASF dual-hosted git repository.
lukaszlenart pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/struts-site.git
The following commit(s) were added to refs/heads/master by this push:
new b053999da Re-formats list of issues
b053999da is described below
commit b053999da8469f0b6cdb98b635e8216499b8d0d2
Author: Lukasz Lenart
AuthorDate: Mon Apr 4 08:33:06 2022 +0200
Re-formats list of issues
---
source/announce-2022.md | 10 +-
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/source/announce-2022.md b/source/announce-2022.md
index 05035e815..c6d5084cc 100644
--- a/source/announce-2022.md
+++ b/source/announce-2022.md
@@ -33,15 +33,15 @@ https://struts.apache.org/security/
```
See if following components are still functioning correctly regarding
java-scripts:
-- forms with client side validations
-- `doubleselect` tag
-- `combobox` tag
+ - forms with client side validations
+ - `doubleselect` tag
+ - `combobox` tag
Check also `StreamResult`, `AliasInterceptor` and `JasperReportResult` if they
are still working as expected.
Dependency:
-[WW-5170] - Upgrade Jackson-Core to version 2.10.5 and Jackson-Databind to
2.10.5.1
-[WW-5172] - Upgrade freemarker to 2.3.31
+ - [WW-5170] - Upgrade Jackson-Core to version 2.10.5 and Jackson-Databind to
2.10.5.1
+ - [WW-5172] - Upgrade freemarker to 2.3.31
> Please read the [Version Notes]({{ site.wiki_url }}/Version+Notes+2.5.30) to
> find more details about performed
> bug fixes and improvements.
[struts-site] branch asf-site updated: Automatic Site Publish by Buildbot
This is an automated email from the ASF dual-hosted git repository. git-site-role pushed a commit to branch asf-site in repository https://gitbox.apache.org/repos/asf/struts-site.git The following commit(s) were added to refs/heads/asf-site by this push: new 9aa84eb6a Automatic Site Publish by Buildbot 9aa84eb6a is described below commit 9aa84eb6a0b2879dd8aecd026ac76c4a6ce328fe Author: buildbot AuthorDate: Mon Apr 4 06:33:31 2022 + Automatic Site Publish by Buildbot --- output/announce-2022.html | 8 +--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/output/announce-2022.html b/output/announce-2022.html index 38a1a91e4..101618a25 100644 --- a/output/announce-2022.html +++ b/output/announce-2022.html @@ -167,9 +167,11 @@ https://struts.apache.org/security/ Check also StreamResult, AliasInterceptor and JasperReportResult if they are still working as expected. -Dependency: -[WW-5170] - Upgrade Jackson-Core to version 2.10.5 and Jackson-Databind to 2.10.5.1 -[WW-5172] - Upgrade freemarker to 2.3.31 +Dependency: + + [WW-5170] - Upgrade Jackson-Core to version 2.10.5 and Jackson-Databind to 2.10.5.1 + [WW-5172] - Upgrade freemarker to 2.3.31 + Please read the https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.5.30";>Version Notes to find more details about performed
