-
Terminally Deprecated ElementsElementDescriptionSince 7.2.0, use
CookieLocaleHandler. Scheduled for removal in the next release cycle.Since 7.2.0, use the top-level handler classes inorg.apache.struts2.interceptor.i18n. Scheduled for removal in the next release cycle.Since 7.2.0, useRequestLocaleHandler. Scheduled for removal in the next release cycle.Since 7.2.0, useSessionLocaleHandler. Scheduled for removal in the next release cycle.Use instance methodJSONUtil.deserializeInput(Reader, int)with injected JSONUtil insteadUse instance methodJSONUtil.deserializeInput(Reader, int)with injected JSONUtil insteadsince 6.8.0, to be removed, seeReflectionContextFactorysince 7.2.0, scheduled for removal in a future major version. XStream has a long history of deserialization vulnerabilities and requires per-class allowlist maintenance. The defaultxmlbinding instruts-plugin.xmlusesJacksonXmlHandler, which respects@StrutsParameterauthorization via theAuthorizationAwareContentTypeHandlermechanism. Users who have explicitly overridden thexmlhandler toXStreamHandlershould migrate toJacksonXmlHandler.This feature has been removed for security reasons (potential XML Entity Expansion attacks). This method now always returns false and will be removed in a future version.This feature has been removed for security reasons (potential XML Entity Expansion attacks). This method is now a no-op and will be removed in a future version.since 6.8.0, avoid using this interface and any of its implementation, it's going to be removed soon
-
Deprecated InterfacesInterfaceDescriptionsince 6.8.0, avoid using this interface and any of its implementation, it's going to be removed soon
-
Deprecated ClassesClassDescriptionSince 7.2.0, use
AcceptLanguageLocaleHandler. Scheduled for removal in the next release cycle.Since 7.2.0, useCookieLocaleHandler. Scheduled for removal in the next release cycle.Since 7.2.0, use the top-level handler classes inorg.apache.struts2.interceptor.i18n. Scheduled for removal in the next release cycle.Since 7.2.0, useRequestLocaleHandler. Scheduled for removal in the next release cycle.Since 7.2.0, useSessionLocaleHandler. Scheduled for removal in the next release cycle.since 6.8.0, to be removed, seeReflectionContextFactorysince 7.2.0, scheduled for removal in a future major version. XStream has a long history of deserialization vulnerabilities and requires per-class allowlist maintenance. The defaultxmlbinding instruts-plugin.xmlusesJacksonXmlHandler, which respects@StrutsParameterauthorization via theAuthorizationAwareContentTypeHandlermechanism. Users who have explicitly overridden thexmlhandler toXStreamHandlershould migrate toJacksonXmlHandler.since 7.2, injectProxyServiceinstead. This class will be removed in a future version.
-
Deprecated Fields
-
Deprecated MethodsMethodDescriptionsince 7.2.0. Override
CookieInterceptor.populateCookieValueIntoStack(String, String, Map, ValueStack, Object)instead so cookie writes are authorized byParameterAuthorizer. The default 5-arg implementation calls this method after the authorization gate, so existing overrides continue to receive only authorized cookies.Use instance methodJSONUtil.deserializeInput(Reader, int)with injected JSONUtil insteadUse instance methodJSONUtil.deserializeInput(Reader, int)with injected JSONUtil insteadThis feature has been removed for security reasons (potential XML Entity Expansion attacks). This method now always returns false and will be removed in a future version.This feature has been removed for security reasons (potential XML Entity Expansion attacks). This method is now a no-op and will be removed in a future version.since 7.1, useProxyService.resolveTargetMember(Member, Class)instead.since 7.2, injectProxyServiceinsteadsince 7.2, injectProxyServiceinsteadsince 7.2, injectProxyServiceinsteadsince 7.2, injectProxyServiceinsteadsince 7.2, injectProxyServiceinsteadsince 7.1, useProxyUtil.resolveTargetMember(Member, Class)instead. Since 7.2, injectProxyServiceinstead.since 7.2, injectProxyServiceinstead
AcceptLanguageLocaleHandler. Scheduled for removal in the next release cycle.