(struts-site) 01/01: Fixes link to the announcement page

[lukaszlenart]

This is an automated email from the ASF dual-hosted git repository.

lukaszlenart pushed a commit to branch fix/announce-2024
in repository https://gitbox.apache.org/repos/asf/struts-site.git

commit 770927ab366914c43aa8cd46869cc2b277f742e9
Author: Lukasz Lenart 
AuthorDate: Mon Apr 22 19:55:55 2024 +0200

Fixes link to the announcement page
---
 source/_includes/header.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/source/_includes/header.html b/source/_includes/header.html
index 3cd9c776e..a379646e4 100644
--- a/source/_includes/header.html
+++ b/source/_includes/header.html
@@ -26,7 +26,7 @@
 Welcome
 Download
 Releases
-Announcements
+Announcements
 http://www.apache.org/licenses/";>License
 https://www.apache.org/foundation/thanks.html";>Thanks!
 https://www.apache.org/foundation/sponsorship.html";>Sponsorship

(struts-site) branch fix/announce-2024 created (now 770927ab3)

[lukaszlenart]

This is an automated email from the ASF dual-hosted git repository.

lukaszlenart pushed a change to branch fix/announce-2024
in repository https://gitbox.apache.org/repos/asf/struts-site.git


  at 770927ab3 Fixes link to the announcement page

This branch includes the following new commits:

 new 770927ab3 Fixes link to the announcement page

The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.

(struts-site) branch fix/announce-2024 deleted (was 770927ab3)

[lukaszlenart]

This is an automated email from the ASF dual-hosted git repository.

lukaszlenart pushed a change to branch fix/announce-2024
in repository https://gitbox.apache.org/repos/asf/struts-site.git


 was 770927ab3 Fixes link to the announcement page

The revisions that were on this branch are still contained in
other references; therefore, this change does not discard any commits
from the repository.

(struts-site) branch master updated (47cbae9fc -> f8f712d0d)

[lukaszlenart]

This is an automated email from the ASF dual-hosted git repository.

lukaszlenart pushed a change to branch master
in repository https://gitbox.apache.org/repos/asf/struts-site.git


from 47cbae9fc Merge pull request #236 from apache/fix/sitemesh
 add 770927ab3 Fixes link to the announcement page
 new f8f712d0d Merge pull request #237 from apache/fix/announce-2024

The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.


Summary of changes:
 source/_includes/header.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(struts-site) 01/01: Merge pull request #237 from apache/fix/announce-2024

[lukaszlenart]

This is an automated email from the ASF dual-hosted git repository.

lukaszlenart pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/struts-site.git

commit f8f712d0df39818382cc6dcc58ce91def2d9
Merge: 47cbae9fc 770927ab3
Author: Lukasz Lenart 
AuthorDate: Mon Apr 22 20:01:35 2024 +0200

Merge pull request #237 from apache/fix/announce-2024

Fixes link to the announcement page

 source/_includes/header.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(struts-site) branch asf-staging updated: Updates stage by Jenkins

[git-site-role]

This is an automated email from the ASF dual-hosted git repository.

git-site-role pushed a commit to branch asf-staging
in repository https://gitbox.apache.org/repos/asf/struts-site.git


The following commit(s) were added to refs/heads/asf-staging by this push:
 new 3e2434005 Updates stage by Jenkins
3e2434005 is described below

commit 3e24340055e2285f29f54aad4cc0ce2ec20e57cc
Author: jenkins 
AuthorDate: Mon Apr 22 18:03:59 2024 +

Updates stage by Jenkins
---
 .../ajax-client-side-validation.html   | 84 ++---
 content/plugins/json/index.html| 12 +--
 content/plugins/json/json-ajax-validation.html | 86 +++---
 .../ajax-and-javascript-recipes.html   | 78 ++--
 content/tag-developers/ajax-div-template.html  | 12 +--
 content/tag-developers/ajax-event-system.html  |  4 +-
 6 files changed, 138 insertions(+), 138 deletions(-)

diff --git a/content/core-developers/ajax-client-side-validation.html 
b/content/core-developers/ajax-client-side-validation.html
index c6a0790ce..2a86ffe19 100644
--- a/content/core-developers/ajax-client-side-validation.html
+++ b/content/core-developers/ajax-client-side-validation.html
@@ -509,21 +509,21 @@ It takes care of hiding validation errors that might be 
present, submit the form
   *
   * @param event onSubmit event
   */
-function ajaxFormValidation(event) {
-event.preventDefault();
-_removeValidationErrors();
-var _form = $(event.target);
-var _formData = _form.serialize(true);
+function ajaxFormValidation(event) {
+event.preventDefault();
+_removeValidationErrors();
+var _form = $(event.target);
+var _formData = _form.serialize(true);
 // prepare visual feedback
 // you may want to use other elements here
-var originalButton = _form.find('.btn-primary');
+var originalButton = _form.find('.btn-primary');
 // note: jQuery returns an array-like object
-if (originalButton && originalButton.length && originalButton.length > 0) {
-originalButton.hide();
-var feedbackElement 
= $('
').insertAfter(originalButton);
+if (originalButton && originalButton.length && originalButton.length > 0) {
+originalButton.hide();
+var feedbackElement 
= $('
').insertAfter(originalButton);
 var restoreFunction 
= function() {
-originalButton.show();
-feedbackElement.remove();
+originalButton.show();
+feedbackElement.remove();
 }
 }
 var options = {
@@ -531,48 +531,48 @@ It takes care of hiding validation errors that might be 
present, submit the form
 async: true,
 processData: false,
 type: 'POST',
-success: function (response, statusText, xhr) {
-if (response.location) {
+success: function (response, statusText, xhr) {
+if (response.location) {
 // no validation errors
 // action has been executed and sent a 
redirect URL wrapped as JSON
 // cannot use a normal http-redirect 
(status-code 3xx) as this would be followed by browsers and would not be 
available here
 // follow JSON-redirect
 window.location.href 
= response.location;
 } else {
-if (restoreFunction) {
-restoreFunction();
+if (restoreFunction) {
+restoreFunction();
 }
-_handleValidationResult(_form, response);
+_handleValidationResult(_form, response);
 }
 },
 error: function(xhr, textStatus, errorThrown) {
-if (restoreFunction) {
-restoreFunction();
+if (restoreFunction) {
+restoreFunction();
 }
 // struts sends status code 400 when validation 
errors are present
-if (xhr.status 
=== 400) 
{
-_handleValidationResult(_form, JSON.parse(xhr.responseText))
+if (xhr.status 
=== 400) 
{
+_handleValidationResult(_form, JSON.parse(xhr.responseText))
 } else {
 // a real error occurred -> show user an 
error message
-_handleValidationResult(_form, {errors: ['Network or server 
error!']})
+_handleValidationResult(_form, {errors: ['Network or server 
error!']})
 }
 }
 }
 // send request, after delay to make sure everybody 
notices the visual feedback :)
-window.setTimeout(function() {
+window.setTimeout(function() {
 var url = _form[0].action;
-jQuery.ajax(url, options);
+jQuery.ajax(url, options);
 }, 1000);
 }
 /**
  * Removes validation errors from HTML DOM.
  */
-function _removeValidationErrors() {
+function _removeValidationErrors() 

(struts-site) branch asf-staging updated: Updates stage by Jenkins

[git-site-role]

This is an automated email from the ASF dual-hosted git repository.

git-site-role pushed a commit to branch asf-staging
in repository https://gitbox.apache.org/repos/asf/struts-site.git


The following commit(s) were added to refs/heads/asf-staging by this push:
 new b229f5006 Updates stage by Jenkins
b229f5006 is described below

commit b229f50061423bc2b46118e6166e75f3a226e292
Author: jenkins 
AuthorDate: Mon Apr 22 21:35:14 2024 +

Updates stage by Jenkins
---
 content/security/index.html | 14 ++
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/content/security/index.html b/content/security/index.html
index ac8f34ddb..f271dfb73 100644
--- a/content/security/index.html
+++ b/content/security/index.html
@@ -608,10 +608,16 @@ with other known dangerous classes or packages in your 
application.
 We additionally recommend enabling the following options (enabled by 
default in 7.0).
 
 
-  struts.ognl.allowStaticFieldAccess=false - static 
methods are always blocked, but static fields can also optionally be 
blocked
-  struts.disallowProxyMemberAccess=true - disallow 
proxied objects from being used in OGNL expressions as they may present a 
security risk
-  struts.disallowDefaultPackageAccess=true - disallow 
access to classes in the default package which should not be used in 
production
-  struts.ognl.disallowCustomOgnlMap=true - disallow 
construction of custom OGNL maps which can be used to bypass the 
SecurityMemberAccess policy
+  struts.ognl.allowStaticFieldAccess=false - static 
field values which aren’t a primitive type can be used to access
+classes that wouldn’t otherwise be accessible
+  struts.disallowProxyObjectAccess=true - disallow 
proxied objects from being used in OGNL expressions as these often
+represent application beans or database entities which are sensitive
+  struts.disallowDefaultPackageAccess=true - disallow 
access to classes in the default package which should not be
+used in production
+  struts.ognl.disallowCustomOgnlMap=true - disallow 
construction of custom OGNL maps which can be used to bypass the
+SecurityMemberAccess policy
+  struts.actionConfig.fallbackToEmptyNamespace=false - 
prevent Actions in the empty namespace from being accessed from
+alternative endpoints
 
 
 Allowlist Capability

(struts) 02/06: Set version to 6.4.0-atlassian-1-SNAPSHOT

[kusal]

This is an automated email from the ASF dual-hosted git repository.

kusal pushed a commit to branch m02
in repository https://gitbox.apache.org/repos/asf/struts.git

commit c135a7898a208c927be6888a04468130f328bbb6
Author: Kusal Kithul-Godage 
AuthorDate: Fri Apr 12 17:49:45 2024 +1000

Set version to 6.4.0-atlassian-1-SNAPSHOT
---
 assembly/pom.xml | 2 +-
 core/pom.xml | 2 +-
 plugins/junit/pom.xml| 2 +-
 plugins/pom.xml  | 2 +-
 plugins/spring/pom.xml   | 2 +-
 plugins/velocity/pom.xml | 2 +-
 pom.xml  | 4 ++--
 7 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/assembly/pom.xml b/assembly/pom.xml
index c59792f80..46fdb912b 100644
--- a/assembly/pom.xml
+++ b/assembly/pom.xml
@@ -24,7 +24,7 @@
 
 org.apache.struts
 struts2-parent
-6.5.0-SNAPSHOT
+6.4.0-atlassian-1-SNAPSHOT
 
 
 struts2-assembly
diff --git a/core/pom.xml b/core/pom.xml
index 3fcfaaf7b..d4dd0bac9 100644
--- a/core/pom.xml
+++ b/core/pom.xml
@@ -24,7 +24,7 @@
 
 org.apache.struts
 struts2-parent
-6.5.0-SNAPSHOT
+6.4.0-atlassian-1-SNAPSHOT
 
 struts2-core
 jar
diff --git a/plugins/junit/pom.xml b/plugins/junit/pom.xml
index 6b0b02d57..b76d4ce0e 100644
--- a/plugins/junit/pom.xml
+++ b/plugins/junit/pom.xml
@@ -24,7 +24,7 @@
 
 org.apache.struts
 struts2-plugins
-6.5.0-SNAPSHOT
+6.4.0-atlassian-1-SNAPSHOT
 
 
 struts2-junit-plugin
diff --git a/plugins/pom.xml b/plugins/pom.xml
index 17884a949..9c0e5ed55 100644
--- a/plugins/pom.xml
+++ b/plugins/pom.xml
@@ -24,7 +24,7 @@
 
 org.apache.struts
 struts2-parent
-6.5.0-SNAPSHOT
+6.4.0-atlassian-1-SNAPSHOT
 
 
 struts2-plugins
diff --git a/plugins/spring/pom.xml b/plugins/spring/pom.xml
index f34745f6f..126ea7423 100644
--- a/plugins/spring/pom.xml
+++ b/plugins/spring/pom.xml
@@ -24,7 +24,7 @@
 
 org.apache.struts
 struts2-plugins
-6.5.0-SNAPSHOT
+6.4.0-atlassian-1-SNAPSHOT
 
 
 struts2-spring-plugin
diff --git a/plugins/velocity/pom.xml b/plugins/velocity/pom.xml
index c7efbdc94..f3c5a46f2 100644
--- a/plugins/velocity/pom.xml
+++ b/plugins/velocity/pom.xml
@@ -24,7 +24,7 @@
 
 org.apache.struts
 struts2-plugins
-6.5.0-SNAPSHOT
+6.4.0-atlassian-1-SNAPSHOT
 
 
 struts2-velocity-plugin
diff --git a/pom.xml b/pom.xml
index a992167f0..09df6237c 100644
--- a/pom.xml
+++ b/pom.xml
@@ -29,7 +29,7 @@
 
 4.0.0
 struts2-parent
-6.5.0-SNAPSHOT
+6.4.0-atlassian-1-SNAPSHOT
 pom
 Struts 2
 https://struts.apache.org/
@@ -107,7 +107,7 @@
 
 
 UTF-8
-
2024-04-07T09:22:16Z
+
2024-04-12T07:47:44Z
 1.8
 1.8
 

(struts) 03/06: CONFSRVDEV-26354 Reinstate legacy WebWork syntax support (partial revert 7840fa1)

[kusal]

This is an automated email from the ASF dual-hosted git repository.

kusal pushed a commit to branch m02
in repository https://gitbox.apache.org/repos/asf/struts.git

commit 1bbea42769276b10dd890312ddbf37314c9a1698
Author: Kusal Kithul-Godage 
AuthorDate: Sat Apr 20 19:54:50 2024 +1000

CONFSRVDEV-26354 Reinstate legacy WebWork syntax support (partial revert 
7840fa1)
---
 .../org/apache/struts2/components/Component.java   | 24 ++
 .../struts2/components/DoubleListUIBean.java   |  2 +-
 .../org/apache/struts2/components/FormButton.java  |  2 +-
 .../java/org/apache/struts2/components/Label.java  | 11 +-
 .../java/org/apache/struts2/components/UIBean.java |  2 +-
 5 files changed, 24 insertions(+), 17 deletions(-)

diff --git a/core/src/main/java/org/apache/struts2/components/Component.java 
b/core/src/main/java/org/apache/struts2/components/Component.java
index ba0d672bf..70456ee3e 100644
--- a/core/src/main/java/org/apache/struts2/components/Component.java
+++ b/core/src/main/java/org/apache/struts2/components/Component.java
@@ -68,6 +68,7 @@ public class Component {
  */
 protected static ConcurrentMap, Collection> 
standardAttributesMap = new ConcurrentHashMap<>();
 
+protected boolean legacySyntax;
 protected boolean devMode = false;
 protected boolean escapeHtmlBody = false;
 protected ValueStack stack;
@@ -103,6 +104,12 @@ public class Component {
 return name.substring(dot + 1).toLowerCase();
 }
 
+// Required for Confluence 8.5 LTS
+@Inject(value = "struts.tag.altSyntax", required = false)
+public void setLegacySyntax(String legacySyntax) {
+this.legacySyntax = !BooleanUtils.toBoolean(legacySyntax);
+}
+
 @Inject(value = StrutsConstants.STRUTS_DEVMODE, required = false)
 public void setDevMode(String devMode) {
 this.devMode = BooleanUtils.toBoolean(devMode);
@@ -319,6 +326,9 @@ public class Component {
  * @return the modified expression wrapped with %{...}
  */
 protected String completeExpression(String expr) {
+if (legacySyntax) {
+return expr;
+}
 if (expr == null) {
 return null;
 }
@@ -378,15 +388,13 @@ public class Component {
  * @return the Object found, or null if not found.
  */
 protected Object findValue(String expression, Class toType) {
-if (toType == String.class) {
-if (ComponentUtils.containsExpression(expression)) {
-return TextParseUtil.translateVariables('%', expression, 
stack);
-} else {
-return expression;
-}
+if (legacySyntax || toType != String.class) {
+return getStack().findValue(stripExpression(expression), toType, 
throwExceptionOnELFailure);
+}
+if (ComponentUtils.containsExpression(expression)) {
+return TextParseUtil.translateVariables('%', expression, stack);
 } else {
-String strippedExpression = stripExpression(expression);
-return getStack().findValue(strippedExpression, toType, 
throwExceptionOnELFailure);
+return expression;
 }
 }
 
diff --git 
a/core/src/main/java/org/apache/struts2/components/DoubleListUIBean.java 
b/core/src/main/java/org/apache/struts2/components/DoubleListUIBean.java
index 9c4e30a0c..b8b7617e5 100644
--- a/core/src/main/java/org/apache/struts2/components/DoubleListUIBean.java
+++ b/core/src/main/java/org/apache/struts2/components/DoubleListUIBean.java
@@ -186,7 +186,7 @@ public abstract class DoubleListUIBean extends ListUIBean {
 
 Form form = (Form) findAncestor(Form.class);
 if (doubleId != null) {
-addParameter("doubleId", findString(doubleId));
+addParameter("doubleId", legacySyntax ? doubleId : 
findString(doubleId));
 } else if (form != null) {
 addParameter("doubleId", form.getParameters().get("id") + "_" + 
escape(doubleName != null ? findString(doubleName) : null));
 } else {
diff --git a/core/src/main/java/org/apache/struts2/components/FormButton.java 
b/core/src/main/java/org/apache/struts2/components/FormButton.java
index 0ed08d47b..7051e23a2 100644
--- a/core/src/main/java/org/apache/struts2/components/FormButton.java
+++ b/core/src/main/java/org/apache/struts2/components/FormButton.java
@@ -99,7 +99,7 @@ public abstract class FormButton extends ClosingUIBean {
 String tmpId = "";
 if (id != null) {
 // this check is needed for backwards compatibility with 2.1.x
-tmpId = findString(id);
+tmpId = legacySyntax ? id : findString(id);
 } else {
 if (form != null && form.getParameters().get("id") != null) {
 tmpId = tmpId + form.getParameters().get("id").toString() + 
"_";
diff --git a/core/src/main/java/org/apache/struts2/components/Label.java 
b/core/src/main/java/org/apache/struts2/components/Label.java
inde

(struts) 05/06: Merge remote-tracking branch 'origin/master' into fork/6.4

[kusal]

This is an automated email from the ASF dual-hosted git repository.

kusal pushed a commit to branch m02
in repository https://gitbox.apache.org/repos/asf/struts.git

commit 0a3eef56229850616220586518a0e6c0763a470e
Merge: 6b79f3d40 3c21e8229
Author: Kusal Kithul-Godage 
AuthorDate: Sat Apr 20 20:14:58 2024 +1000

Merge remote-tracking branch 'origin/master' into fork/6.4

 core/pom.xml   |   9 +
 .../com/opensymphony/xwork2/XWorkTestCase.java |  35 ++-
 .../xwork2/config/entities/PackageConfig.java  |  13 ++
 .../xwork2/config/impl/DefaultConfiguration.java   |  18 +-
 .../providers/XmlDocConfigurationProvider.java |  25 ++-
 .../xwork2/ognl/DefaultOgnlCacheFactory.java   |   8 +-
 .../xwork2/ognl/SecurityMemberAccess.java  |  36 ++--
 .../com/opensymphony/xwork2/util/ProxyUtil.java|  59 -
 .../java/org/apache/struts2/StrutsConstants.java   |   3 +
 .../config/StrutsXmlConfigurationProvider.java |   1 +
 .../struts2/config/entities/ConstantConfig.java|  20 ++
 .../org/apache/struts2/dispatcher/Dispatcher.java  |  36 
 .../apache/struts2/dispatcher/InitOperations.java  |  25 +--
 .../struts2/dispatcher/PrepareOperations.java  |  18 +-
 .../filter/StrutsPrepareAndExecuteFilter.java  |  10 +-
 .../dispatcher/filter/StrutsPrepareFilter.java |  10 +-
 .../org/apache/struts2/default.properties  |   3 +
 core/src/main/resources/struts-6.5.dtd | 158 ++
 .../src/main/resources/struts-excluded-classes.xml |   2 +
 .../xwork2/config/ConfigurationTest.java   |  36 
 .../XmlConfigurationProviderPackagesTest.java  |  68 --
 .../xwork2/ognl/OgnlValueStackTest.java|   8 +-
 .../xwork2/ognl/SecurityMemberAccessTest.java  |   2 +-
 .../apache/struts2/dispatcher/DispatcherTest.java  |  26 +++
 .../struts2/dispatcher/InitOperationsTest.java |  86 
 ...rutsPrepareAndExecuteFilterIntegrationTest.java |  13 +-
 .../struts2/ognl/OgnlSetPossiblePropertyTest.java  | 240 +
 .../apache/struts2/views/jsp/ui/DebugTagTest.java  |  22 +-
 .../providers/xwork-test-package-extends-final.xml |  37 
 .../config/providers/xwork-test-package-final.xml  |  37 
 .../xwork2/ognl/SecurityMemberAccessProxyTest.java |  54 +++--
 pom.xml|   2 +-
 32 files changed, 892 insertions(+), 228 deletions(-)

(struts) 01/06: Atlassian fork preparation

[kusal]

This is an automated email from the ASF dual-hosted git repository.

kusal pushed a commit to branch m02
in repository https://gitbox.apache.org/repos/asf/struts.git

commit c065da4ef2e0211cf6b5b1f154baf8852a4708f2
Author: Kusal Kithul-Godage 
AuthorDate: Fri Apr 12 17:37:06 2024 +1000

Atlassian fork preparation
---
 README.md   | 34 ++
 plugins/pom.xml | 50 +-
 pom.xml | 32 +++-
 3 files changed, 78 insertions(+), 38 deletions(-)

diff --git a/README.md b/README.md
index cdabef1fc..d4ad3907a 100644
--- a/README.md
+++ b/README.md
@@ -14,6 +14,40 @@
  See the License for the specific language governing permissions and
  limitations under the License.
 -->
+
+# This branch is an Atlassian fork of Apache Struts
+
+# This fork/6.4 branch no longer contains Atlassian modifications and is 
effectively a pre-release version of Struts 6.5.
+
+## Updating this branch fork with upstream master
+
+1. Clone this repo and checkout this branch
+2. Add upstream repo as a remote: `git remote add apache 
https://github.com/apache/struts.git`
+3. Fetch the upstream repo: `git fetch --all`
+4. Merge upstream master into this branch, eg. `git merge apache/master`
+
+## Updating this branch fork for a new patch release
+
+1. Clone this repo and checkout this branch
+2. Add upstream repo as a remote: `git remote add apache 
https://github.com/apache/struts.git`
+3. Fetch the upstream tags: `git fetch --tags apache`
+4. Merge latest patch version tag into this branch, eg. `git merge 
STRUTS_6_4_1`
+
+## Creating a new branch fork for a new major/minor release
+
+1. Clone this repo and checkout this branch
+2. Add upstream repo as a remote: `git remote add apache 
https://github.com/apache/struts.git`
+3. Fetch the upstream tags: `git fetch --tags apache`
+4. Checkout a new branch from the desired tag, eg. `git checkout -b fork/6.5 
STRUTS_6_5_0`
+5. Merge previous forked branch into new branch, eg. `git merge 
origin/fork/6.4`
+
+## Releasing a new version
+
+1. Ensure correct snapshot version, eg. `mvn versions:set 
-DnewVersion=6.4.0-atlassian-1-SNAPSHOT`
+2. Ensure that the `scm` and `distributionManagement` sections in `pom.xml` 
are consistent with previous releases
+3. Grant yourself Artifactory write permission: `atlas packages permission 
grant`
+4. Commence release: `mvn -B release:clean release:prepare release:perform`
+
 The Apache Struts web framework
 ---
 
diff --git a/plugins/pom.xml b/plugins/pom.xml
index 27f729071..17884a949 100644
--- a/plugins/pom.xml
+++ b/plugins/pom.xml
@@ -32,34 +32,34 @@
 Struts 2 Plugins
 
 
-async
-bean-validation
-cdi
-config-browser
-convention
-dwr
-embeddedjsp
-gxp
-jasperreports
-javatemplates
-jfreechart
-json
+
+
+
+
+
+
+
+
+
+
+
+
 junit
-osgi
-oval
-pell-multipart
-plexus
-portlet
-portlet-junit
-portlet-mocks
-portlet-tiles
-rest
-sitemesh
+
+
+
+
+
+
+
+
+
+
 spring
-testng
-tiles
+
+
 velocity
-xslt
+
 
 
 
diff --git a/pom.xml b/pom.xml
index 34490d5e3..a992167f0 100644
--- a/pom.xml
+++ b/pom.xml
@@ -48,10 +48,10 @@
 -->
 
 
-
scm:git:https://gitbox.apache.org/repos/asf/struts.git
-
scm:git:https://gitbox.apache.org/repos/asf/struts.git
-https://github.com/apache/struts/
-STRUTS_6_3_0_1
+
scm:git:ssh://g...@stash.atlassian.com:7997/bam/struts2-atlassian.git
+
scm:git:ssh://g...@stash.atlassian.com:7997/bam/struts2-atlassian.git
+
https://stash.atlassian.com/projects/BAM/repos/struts2-atlassian/browse
+HEAD
 
 
 
@@ -73,19 +73,22 @@
 
 
 
-
-struts-site
-Apache Struts
-https://struts.apache.org/maven/
-
+
+
+
+
+
+atlassian-3rdparty
+https://packages.atlassian.com/mvn/maven-3rdparty
+
 
 
 
-bom
+
 core
 plugins
-bundles
-apps
+
+
 
 
 
@@ -138,7 +141,7 @@
 includeAssembly
 
 
-!skipAssembly
+includeAssembly
 
 
 
@@ -382,6 +385,9 @@
 org.apache.maven.plugins
 maven-release-plugin
 3.0.1
+
+-Dmaven.test.skip -Dgpg.skip
+
 
 
 maven-jar-plugin

(struts) 06/06: Prepare milestone m02

[kusal]

This is an automated email from the ASF dual-hosted git repository.

kusal pushed a commit to branch m02
in repository https://gitbox.apache.org/repos/asf/struts.git

commit d398fbe608a40f7cc50e8f552a15d0c891033e29
Author: Kusal Kithul-Godage 
AuthorDate: Tue Apr 23 15:22:09 2024 +1000

Prepare milestone m02
---
 assembly/pom.xml |  2 +-
 core/pom.xml |  2 +-
 plugins/junit/pom.xml|  2 +-
 plugins/pom.xml  |  2 +-
 plugins/spring/pom.xml   |  2 +-
 plugins/velocity/pom.xml |  2 +-
 pom.xml  | 14 +++---
 7 files changed, 13 insertions(+), 13 deletions(-)

diff --git a/assembly/pom.xml b/assembly/pom.xml
index 46fdb912b..58218da3e 100644
--- a/assembly/pom.xml
+++ b/assembly/pom.xml
@@ -24,7 +24,7 @@
 
 org.apache.struts
 struts2-parent
-6.4.0-atlassian-1-SNAPSHOT
+6.4.0-atlassian-1-m02-SNAPSHOT
 
 
 struts2-assembly
diff --git a/core/pom.xml b/core/pom.xml
index a9085beeb..44b09e5be 100644
--- a/core/pom.xml
+++ b/core/pom.xml
@@ -24,7 +24,7 @@
 
 org.apache.struts
 struts2-parent
-6.4.0-atlassian-1-SNAPSHOT
+6.4.0-atlassian-1-m02-SNAPSHOT
 
 struts2-core
 jar
diff --git a/plugins/junit/pom.xml b/plugins/junit/pom.xml
index b76d4ce0e..06a7b8fcc 100644
--- a/plugins/junit/pom.xml
+++ b/plugins/junit/pom.xml
@@ -24,7 +24,7 @@
 
 org.apache.struts
 struts2-plugins
-6.4.0-atlassian-1-SNAPSHOT
+6.4.0-atlassian-1-m02-SNAPSHOT
 
 
 struts2-junit-plugin
diff --git a/plugins/pom.xml b/plugins/pom.xml
index 9c0e5ed55..1ca65d924 100644
--- a/plugins/pom.xml
+++ b/plugins/pom.xml
@@ -24,7 +24,7 @@
 
 org.apache.struts
 struts2-parent
-6.4.0-atlassian-1-SNAPSHOT
+6.4.0-atlassian-1-m02-SNAPSHOT
 
 
 struts2-plugins
diff --git a/plugins/spring/pom.xml b/plugins/spring/pom.xml
index 126ea7423..4c8dd9e4e 100644
--- a/plugins/spring/pom.xml
+++ b/plugins/spring/pom.xml
@@ -24,7 +24,7 @@
 
 org.apache.struts
 struts2-plugins
-6.4.0-atlassian-1-SNAPSHOT
+6.4.0-atlassian-1-m02-SNAPSHOT
 
 
 struts2-spring-plugin
diff --git a/plugins/velocity/pom.xml b/plugins/velocity/pom.xml
index f3c5a46f2..aa2febdf6 100644
--- a/plugins/velocity/pom.xml
+++ b/plugins/velocity/pom.xml
@@ -24,7 +24,7 @@
 
 org.apache.struts
 struts2-plugins
-6.4.0-atlassian-1-SNAPSHOT
+6.4.0-atlassian-1-m02-SNAPSHOT
 
 
 struts2-velocity-plugin
diff --git a/pom.xml b/pom.xml
index 53d90d889..0ce3586d3 100644
--- a/pom.xml
+++ b/pom.xml
@@ -29,7 +29,7 @@
 
 4.0.0
 struts2-parent
-6.4.0-atlassian-1-SNAPSHOT
+6.4.0-atlassian-1-m02-SNAPSHOT
 pom
 Struts 2
 https://struts.apache.org/
@@ -73,14 +73,14 @@
 
 
 
-
-
-
-
 
-atlassian-3rdparty
-https://packages.atlassian.com/mvn/maven-3rdparty
+atlassian-restricted
+https://packages.atlassian.com/mvn/maven-restricted
 
+
+
+
+
 
 
 

(struts) 04/06: CONFSRVDEV-26304 Type preservation for Velocity directive parameters (cherry-picked from 82ef6576c5d and 059de2305af)

[kusal]

This is an automated email from the ASF dual-hosted git repository.

kusal pushed a commit to branch m02
in repository https://gitbox.apache.org/repos/asf/struts.git

commit 6b79f3d40a8157bf1973e64629e4fe73d664c713
Author: Kusal Kithul-Godage 
AuthorDate: Mon Mar 27 21:27:33 2023 +1100

CONFSRVDEV-26304 Type preservation for Velocity directive parameters 
(cherry-picked from 82ef6576c5d and 059de2305af)
---
 .../velocity/components/AbstractDirective.java | 76 ++
 1 file changed, 76 insertions(+)

diff --git 
a/plugins/velocity/src/main/java/org/apache/struts2/views/velocity/components/AbstractDirective.java
 
b/plugins/velocity/src/main/java/org/apache/struts2/views/velocity/components/AbstractDirective.java
index 539f64bdd..ea35e7f47 100644
--- 
a/plugins/velocity/src/main/java/org/apache/struts2/views/velocity/components/AbstractDirective.java
+++ 
b/plugins/velocity/src/main/java/org/apache/struts2/views/velocity/components/AbstractDirective.java
@@ -20,6 +20,9 @@ package org.apache.struts2.views.velocity.components;
 
 import com.opensymphony.xwork2.inject.Container;
 import com.opensymphony.xwork2.util.ValueStack;
+import org.apache.commons.lang3.StringUtils;
+import org.apache.logging.log4j.LogManager;
+import org.apache.logging.log4j.Logger;
 import org.apache.struts2.ServletActionContext;
 import org.apache.struts2.components.Component;
 import org.apache.struts2.util.ValueStackProvider;
@@ -32,16 +35,24 @@ import 
org.apache.velocity.exception.MethodInvocationException;
 import org.apache.velocity.exception.ParseErrorException;
 import org.apache.velocity.exception.ResourceNotFoundException;
 import org.apache.velocity.runtime.directive.Directive;
+import org.apache.velocity.runtime.parser.node.ASTReference;
+import org.apache.velocity.runtime.parser.node.ASTStringLiteral;
 import org.apache.velocity.runtime.parser.node.Node;
+import org.apache.velocity.runtime.parser.node.SimpleNode;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import java.io.IOException;
 import java.io.Writer;
+import java.lang.reflect.Field;
 import java.util.HashMap;
 import java.util.Map;
 
+import static java.text.MessageFormat.format;
+
 public abstract class AbstractDirective extends Directive {
+
+private static final Logger LOG = 
LogManager.getLogger(AbstractDirective.class);
 public String getName() {
 return "s" + getBeanName();
 }
@@ -169,6 +180,14 @@ public abstract class AbstractDirective extends Directive {
  * @throws MethodInvocationException in case of method invocation errors
  */
 protected void putProperty(Map propertyMap, InternalContextAdapter 
contextAdapter, Node node) throws ParseErrorException, 
MethodInvocationException {
+// Start forked modification
+if (putPropertyWithType(propertyMap, contextAdapter, node)) {
+return;
+} else {
+LOG.debug("Property value type preservation failed, falling back 
to default string resolution behaviour.");
+}
+// End modification
+
 // node.value uses the StrutsValueStack to evaluate the directive's 
value parameter
 String param = node.value(contextAdapter).toString();
 
@@ -183,4 +202,61 @@ public abstract class AbstractDirective extends Directive {
 throw new ParseErrorException("#" + this.getName() + " arguments 
must include an assignment operator!  For example #tag( Component 
\"template=mytemplate\" ).  #tag( TextField \"mytemplate\" ) is illegal!");
 }
 }
+
+/**
+ * Required for Confluence 8.5 LTS.
+ * Temporary workaround using reflection to preserve type for attributes 
based on template variables. This preserves
+ * compatibility for bodyTag/param directives that were converted to 
s-prefixed directives in Confluence.
+ */
+private boolean putPropertyWithType(Map propertyMap, 
InternalContextAdapter contextAdapter, Node node) {
+String param = node.value(contextAdapter).toString();
+int idx = param.indexOf('=');
+if (idx == -1 || !(node instanceof ASTStringLiteral)) {
+return false;
+}
+try {
+String property = param.substring(0, idx);
+SimpleNode nodeTree = reflectField(node, "nodeTree");
+if (nodeTree != null && nodeTree.jjtGetNumChildren() == 3 && 
nodeTree.jjtGetChild(1) instanceof ASTReference &&
+StringUtils.isBlank(nodeTree.jjtGetChild(2).literal())) {
+ASTReference ref = (ASTReference) nodeTree.jjtGetChild(1);
+Object resolvedVar = ref.value(contextAdapter);
+if (reflectField(ref, "nullString").equals(resolvedVar)) {
+// If resolution failed, set to null
+resolvedVar = null;
+}
+String firstChild = nodeTree.jjtGetChild(0).literal();
+char lastChar = firstChild.charAt(first

(struts) branch m02 created (now d398fbe60)

[kusal]

This is an automated email from the ASF dual-hosted git repository.

kusal pushed a change to branch m02
in repository https://gitbox.apache.org/repos/asf/struts.git


  at d398fbe60 Prepare milestone m02

This branch includes the following new commits:

 new c065da4ef Atlassian fork preparation
 new c135a7898 Set version to 6.4.0-atlassian-1-SNAPSHOT
 new 1bbea4276 CONFSRVDEV-26354 Reinstate legacy WebWork syntax support 
(partial revert 7840fa1)
 new 6b79f3d40 CONFSRVDEV-26304 Type preservation for Velocity directive 
parameters (cherry-picked from 82ef6576c5d and 059de2305af)
 new 0a3eef562 Merge remote-tracking branch 'origin/master' into fork/6.4
 new d398fbe60 Prepare milestone m02

The 6 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.

(struts-site) branch master updated (f8f712d0d -> 4ac7942b0)

[kusal]

This is an automated email from the ASF dual-hosted git repository.

kusal pushed a change to branch master
in repository https://gitbox.apache.org/repos/asf/struts-site.git


from f8f712d0d Merge pull request #237 from apache/fix/announce-2024
 add e99d7d05b WW-5407 WW-5408 Update additional security options section
 new 4ac7942b0 Merge pull request #234 from apache/WW-5407-docs

The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.


Summary of changes:
 source/security/index.md | 14 ++
 1 file changed, 10 insertions(+), 4 deletions(-)

(struts-site) branch WW-5407-docs deleted (was e99d7d05b)

[kusal]

This is an automated email from the ASF dual-hosted git repository.

kusal pushed a change to branch WW-5407-docs
in repository https://gitbox.apache.org/repos/asf/struts-site.git


 was e99d7d05b WW-5407 WW-5408 Update additional security options section

The revisions that were on this branch are still contained in
other references; therefore, this change does not discard any commits
from the repository.

(struts-site) branch asf-site updated: Automatic Site Publish by Buildbot

[git-site-role]

This is an automated email from the ASF dual-hosted git repository.

git-site-role pushed a commit to branch asf-site
in repository https://gitbox.apache.org/repos/asf/struts-site.git


The following commit(s) were added to refs/heads/asf-site by this push:
 new 6c701d3c0 Automatic Site Publish by Buildbot
6c701d3c0 is described below

commit 6c701d3c00057e757851a6dfcde4dd8ac5c7e152
Author: buildbot 
AuthorDate: Tue Apr 23 05:33:26 2024 +

Automatic Site Publish by Buildbot
---
 output/security/index.html | 14 ++
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/output/security/index.html b/output/security/index.html
index ac8f34ddb..f271dfb73 100644
--- a/output/security/index.html
+++ b/output/security/index.html
@@ -608,10 +608,16 @@ with other known dangerous classes or packages in your 
application.
 We additionally recommend enabling the following options (enabled by 
default in 7.0).
 
 
-  struts.ognl.allowStaticFieldAccess=false - static 
methods are always blocked, but static fields can also optionally be 
blocked
-  struts.disallowProxyMemberAccess=true - disallow 
proxied objects from being used in OGNL expressions as they may present a 
security risk
-  struts.disallowDefaultPackageAccess=true - disallow 
access to classes in the default package which should not be used in 
production
-  struts.ognl.disallowCustomOgnlMap=true - disallow 
construction of custom OGNL maps which can be used to bypass the 
SecurityMemberAccess policy
+  struts.ognl.allowStaticFieldAccess=false - static 
field values which aren’t a primitive type can be used to access
+classes that wouldn’t otherwise be accessible
+  struts.disallowProxyObjectAccess=true - disallow 
proxied objects from being used in OGNL expressions as these often
+represent application beans or database entities which are sensitive
+  struts.disallowDefaultPackageAccess=true - disallow 
access to classes in the default package which should not be
+used in production
+  struts.ognl.disallowCustomOgnlMap=true - disallow 
construction of custom OGNL maps which can be used to bypass the
+SecurityMemberAccess policy
+  struts.actionConfig.fallbackToEmptyNamespace=false - 
prevent Actions in the empty namespace from being accessed from
+alternative endpoints
 
 
 Allowlist Capability

(struts-site) 01/01: Merge pull request #234 from apache/WW-5407-docs

[kusal]

This is an automated email from the ASF dual-hosted git repository.

kusal pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/struts-site.git

commit 4ac7942b0c49b659821eb8ea6d5635a4cf10402f
Merge: f8f712d0d e99d7d05b
Author: Kusal Kithul-Godage 
AuthorDate: Tue Apr 23 15:32:52 2024 +1000

Merge pull request #234 from apache/WW-5407-docs

WW-5407 WW-5408 Update additional security options section

 source/security/index.md | 14 ++
 1 file changed, 10 insertions(+), 4 deletions(-)

(struts-site) branch asf-staging updated: Updates stage by Jenkins

[git-site-role]

This is an automated email from the ASF dual-hosted git repository.

git-site-role pushed a commit to branch asf-staging
in repository https://gitbox.apache.org/repos/asf/struts-site.git


The following commit(s) were added to refs/heads/asf-staging by this push:
 new 41996a166 Updates stage by Jenkins
41996a166 is described below

commit 41996a166f99af74ba5cacd5e3168a51865e5bd8
Author: jenkins 
AuthorDate: Tue Apr 23 05:35:21 2024 +

Updates stage by Jenkins
---
 .../ajax-client-side-validation.html   | 84 ++---
 content/plugins/json/index.html| 12 +--
 content/plugins/json/json-ajax-validation.html | 86 +++---
 .../ajax-and-javascript-recipes.html   | 78 ++--
 content/tag-developers/ajax-div-template.html  | 12 +--
 content/tag-developers/ajax-event-system.html  |  4 +-
 6 files changed, 138 insertions(+), 138 deletions(-)

diff --git a/content/core-developers/ajax-client-side-validation.html 
b/content/core-developers/ajax-client-side-validation.html
index 2a86ffe19..c6a0790ce 100644
--- a/content/core-developers/ajax-client-side-validation.html
+++ b/content/core-developers/ajax-client-side-validation.html
@@ -509,21 +509,21 @@ It takes care of hiding validation errors that might be 
present, submit the form
   *
   * @param event onSubmit event
   */
-function ajaxFormValidation(event) {
-event.preventDefault();
-_removeValidationErrors();
-var _form = $(event.target);
-var _formData = _form.serialize(true);
+function ajaxFormValidation(event) {
+event.preventDefault();
+_removeValidationErrors();
+var _form = $(event.target);
+var _formData = _form.serialize(true);
 // prepare visual feedback
 // you may want to use other elements here
-var originalButton = _form.find('.btn-primary');
+var originalButton = _form.find('.btn-primary');
 // note: jQuery returns an array-like object
-if (originalButton && originalButton.length && originalButton.length > 0) {
-originalButton.hide();
-var feedbackElement 
= $('
').insertAfter(originalButton);
+if (originalButton && originalButton.length && originalButton.length > 0) {
+originalButton.hide();
+var feedbackElement 
= $('
').insertAfter(originalButton);
 var restoreFunction 
= function() {
-originalButton.show();
-feedbackElement.remove();
+originalButton.show();
+feedbackElement.remove();
 }
 }
 var options = {
@@ -531,48 +531,48 @@ It takes care of hiding validation errors that might be 
present, submit the form
 async: true,
 processData: false,
 type: 'POST',
-success: function (response, statusText, xhr) {
-if (response.location) {
+success: function (response, statusText, xhr) {
+if (response.location) {
 // no validation errors
 // action has been executed and sent a 
redirect URL wrapped as JSON
 // cannot use a normal http-redirect 
(status-code 3xx) as this would be followed by browsers and would not be 
available here
 // follow JSON-redirect
 window.location.href 
= response.location;
 } else {
-if (restoreFunction) {
-restoreFunction();
+if (restoreFunction) {
+restoreFunction();
 }
-_handleValidationResult(_form, response);
+_handleValidationResult(_form, response);
 }
 },
 error: function(xhr, textStatus, errorThrown) {
-if (restoreFunction) {
-restoreFunction();
+if (restoreFunction) {
+restoreFunction();
 }
 // struts sends status code 400 when validation 
errors are present
-if (xhr.status 
=== 400) 
{
-_handleValidationResult(_form, JSON.parse(xhr.responseText))
+if (xhr.status 
=== 400) 
{
+_handleValidationResult(_form, JSON.parse(xhr.responseText))
 } else {
 // a real error occurred -> show user an 
error message
-_handleValidationResult(_form, {errors: ['Network or server 
error!']})
+_handleValidationResult(_form, {errors: ['Network or server 
error!']})
 }
 }
 }
 // send request, after delay to make sure everybody 
notices the visual feedback :)
-window.setTimeout(function() {
+window.setTimeout(function() {
 var url = _form[0].action;
-jQuery.ajax(url, options);
+jQuery.ajax(url, options);
 }, 1000);
 }
 /**
  * Removes validation errors from HTML DOM.
  */
-function _removeValidationErrors() {
+function _removeValidationErrors()