(tick) These are the notes for the Struts 2.3.28 distribution.

(tick) For prior notes in this release series, see Version Notes 2.3.20

  • If you are a Maven user, you might want to get started using the Maven Archetype.
  • Another quick-start entry point is the blank application. Rename and deploy the WAR as a starting point for your own development.
  • There is huge number of examples you can also use as a starting point for you application here
Maven Dependency
<dependency>
  <groupId>org.apache.struts</groupId>
  <artifactId>struts2-core</artifactId>
  <version>2.3.28</version>
</dependency>

You can also use Struts Archetype Catalog like below

Struts Archetype Catalog
mvn archetype:generate -DarchetypeCatalog=http://struts.apache.org/
Staging Repository
<repositories>
  <repository>
    <id>apache.nexus</id>
    <name>ASF Nexus Staging</name>
    <url>https://repository.apache.org/content/groups/staging/</url>
  </repository>
</repositories>

Internal Changes

  • (warning) Possible XSS vulnerability in pages not using UTF-8 was fixed, read more details in S2-028
  • (warning) Prevents possible RCE when reusing user input in tag's attributes, see more details in S2-029
  • (warning) I18NInterceptor narrows selected locale to those available in JVM to reduce possibility of another XSS vulnerability, see more details in S2-030
  • New Configurationprovider type was introduced - ServletContextAwareConfigurationProvider, see WW-4410
  • Setting status code in HttpHeaders isn't ignored anymore, see WW-4545
  • Spring BeanPostProcessor(s) are called only once to constructed objects., see WW-4554
  • OGNL was upgraded to version 3.0.13, see WW-4562
  • Tiles 2 Plugin was upgraded to latest available Tiles 2 version, see WW-4568
  • A dedicated assembly with minimal set of jars was defined, see WW-4570
  • Struts2 Rest plugin properly handles JSESSIONID with DMI, see WW-4585
  • Improved the Struts2 Rest plugin to honor Accept header, see WW-4588
  • MessageStoreInterceptor was refactored to use PreResultListener to store messages, see WW-4605
  • A new annotation was added to support configuring Tiles - @TilesDefinition, see WW-4606
  • and many other small improvements, please see the release notes

 

This release contains fix related to S2-028, S2-029 and S2-030 security bulletins, please read it carefully!

Issue Detail

Issue List

Other resources



  • No labels