This is an automated email from the ASF dual-hosted git repository. github-bot pushed a change to branch dependabot/maven/log4j2.version-2.22.1 in repository https://gitbox.apache.org/repos/asf/struts.git
discard 8a888ddbd Bump log4j2.version from 2.20.0 to 2.22.1 add 55ca7a5b3 WW-5365 Reverts changes introduced in WW-5192 to allow evaluate the value attribute add d8dc720d4 Merge pull request #835 from apache/fix/WW-5365-radio-value add 686189c1b Bump actions/upload-artifact from 4.0.0 to 4.1.0 add 0a94b50bc Merge pull request #842 from apache/dependabot/github_actions/actions/upload-artifact-4.1.0 add 3c8fff46d WW-5352 Clean up OgnlValueStackTest add 9b5cb2d7b WW-5352 Move method to XWorkTestCase add bdcedc55b Merge pull request #841 from apache/WW-5352-ognlvaluestack add 96618ebbd Bump org.apache.commons:commons-compress from 1.23.0 to 1.25.0 add d0ac76b9a Merge pull request #820 from apache/dependabot/maven/org.apache.commons-commons-compress-1.25.0 add e9738698a WW-5387 Fixes remove() signature add fdd996c68 Merge pull request #844 from apache/fix/WW-5387-remove add 72f551f40 WW-5369 Re-define minimal library set add 5ee381182 Merge pull request #847 from apache/fix/WW-5369-min-lib add dc96c257d WW-5374 Allows to prepend reportUri with Servlet context add d5932f82f WW-5374 Uses @code instead of <tt/> add 790c663dd WW-5374 Adds additional test case to cover disabling prepending context add 3a1a89a54 Merge pull request #845 from apache/fix/WW-5374-context add 9a6411c8c Extends sleep period to avoid breaking a build add dd0f0b05a Merge pull request #849 from apache/fix/longer-sleep add 3ec313aa0 WW-5357 Adds support for disabled attribute to anchor tag add a763071d2 Merge pull request #848 from apache/fix/WW-5357-disabled add 775febbdf Upgrade maven to 3.9.6 and wrapper to 3.2.0 add 1e56b7ce6 Merge pull request #853 from sepe81/feature/upgrade-maven-to-3.9.6 add cde86457a Bump actions/upload-artifact from 4.1.0 to 4.2.0 add ec18f0eef Merge pull request #855 from apache/dependabot/github_actions/actions/upload-artifact-4.2.0 add cf74a4450 Fixes excluding Plexus container in OWASP scan add 65c0427ea Merge pull request #858 from apache/fix/plexus-exclusion add 9f4b67a9a Drops JDK11 build and fixes duplicated steps add 2de30e72a Merge pull request #859 from apache/fix/sped-up-build add e7a13b963 Small spelling and MD fixes (IntelliJ assisted) add 644bd1f8c Mention just the maintenance branches for supported versions add 7843cd5e1 Merge pull request #854 from sepe81/feature/update-security-policy add 2513fcb29 Stops running sonar.yml on forks add 5057aeac8 Merge pull request #862 from apache/lukaszlenart-patch-1 add eca0666f0 WW-5352 Introduce StrutsParameter annotation add ad576f0fd WW-5352 Introduce ThreadAllowlist bean add 4255da3ee WW-5352 First draft implementation add bf3f407b5 WW-5352 Ensure allowlist is cleared if in unexpected state add 4c5f2b026 WW-5352 Add full unit test coverage add e9154b922 Merge branch 'master' into WW-5352-parameter-annotation-3 add 5d7930123 WW-5352 Fix missing curved bracket add 4c60f39c7 WW-5352 Enable annotations for showcase add b2c754226 WW-5352 Dispatcher should up thread allowlist add a57c2882e WW-5352 Reinstate manual allowlist for generic types add 0a71e2c3b WW-5352 Implement auto-allowlisting for Iterator component add 770d31110 WW-5352 Mild optimisation add 6df80041e WW-5352 Auto allowlist parameterized types! add f106b2098 WW-5352 Map-like type support add bf7737fa0 WW-5352 Add unit test coverage for generics add 56d8361b4 WW-5352 Implement transition mode add 49b9c0c78 WW-5352 Ensure superclasses and interfaces allowlisted add 728d695ce WW-5352 Add debug logging for parameter rejections add b50616942 WW-5352 Acceptance test coverage add 71d77df3f WW-5352 Normalise parameter name add bd783a0e1 Merge pull request #832 from apache/WW-5352-parameter-annotation-3 add a358db585 WW-5360 Introduces additional countStr & indexStr to allow to ignore conversion add b83607295 Merge pull request #852 from apache/fix/WW-5360-iterator add 372aad2c6 Bump actions/upload-artifact from 4.2.0 to 4.3.0 add eb469779f Merge pull request #864 from apache/dependabot/github_actions/actions/upload-artifact-4.3.0 add e299bba11 Update maven-war-plugin to 3.4.0 add 8087ba97e Update maven-site-plugin to 3.12.1 add 028fedd30 Update assertj to 3.25.2 add 77285186d Update slf4j to 2.0.11 add 71d28ed90 Update jackson to 2.16.1 add f8a8172a3 Update spring to 5.3.31 add fd2cf9160 Update log4j2 to 2.21.1 add 8ef55db35 Update maven-dependency-plugin to 3.6.1 add 27f0b5696 Update maven-enforcer-plugin to 3.4.1 add fd7e74867 Update commons-lang3 to 3.14.0 add 218e634bf Update commons-io to 2.15.1 add abd824fdd Update commons-text to 1.11.0 add ce2467522 Merge pull request #863 from sepe81/feature/dependency-updates add a33534a8d Bump log4j2.version from 2.20.0 to 2.22.1 This update added new revisions after undoing existing revisions. That is to say, some revisions that were in the old version of the branch are not in the new version. This situation occurs when a user --force pushes a change and generates a repository containing something like this: * -- * -- B -- O -- O -- O (8a888ddbd) \ N -- N -- N refs/heads/dependabot/maven/log4j2.version-2.22.1 (a33534a8d) You should already have received notification emails for all of the O revisions, and so the following emails describe only the N revisions from the common base, B. Any revisions marked "omit" are not gone; other references still refer to them. Any revisions marked "discard" are gone forever. No new revisions were added by this update. Summary of changes: .github/workflows/scorecards-analysis.yaml | 2 +- .github/workflows/sonar.yml | 1 + .mvn/wrapper/MavenWrapperDownloader.java | 117 ------- .mvn/wrapper/maven-wrapper.properties | 8 +- Jenkinsfile | 62 +--- SECURITY.md | 12 +- .../org/apache/struts2/showcase/UITagExample.java | 24 +- .../showcase/action/ParamsAnnotationAction.java | 133 ++++++++ .../struts2/showcase/action/SkillAction.java | 2 + .../struts2/showcase/async/ChatRoomAction.java | 3 + .../struts2/showcase/conversion/AddressAction.java | 4 +- .../showcase/conversion/OperationsEnumAction.java | 2 + .../struts2/showcase/conversion/PersonAction.java | 2 + .../showcase/filedownload/FileDownloadAction.java | 2 + .../showcase/fileupload/FileUploadAction.java | 2 + .../org/apache/struts2/showcase/model/MyDto.java | 23 +- .../validation/FieldValidatorsExampleAction.java | 11 + .../struts2/showcase/wait/LongProcessAction.java | 2 + .../main/resources/struts-params-annotation.xml | 10 +- apps/showcase/src/main/resources/struts.xml | 14 +- .../src/main/webapp/WEB-INF/paramsannotation.vm | 8 +- .../struts2/showcase/StrutsParametersTest.java | 239 ++++++++++++++ assembly/src/main/assembly/min-lib.xml | 2 + .../com/opensymphony/xwork2/XWorkTestCase.java | 10 + .../xwork2/config/impl/DefaultConfiguration.java | 2 + .../xwork2/ognl/SecurityMemberAccess.java | 10 +- .../security/DefaultAcceptedPatternsChecker.java | 18 +- .../java/org/apache/struts2/StrutsConstants.java | 3 + .../struts2/components/IteratorComponent.java | 13 +- .../java/org/apache/struts2/components/Radio.java | 8 - .../apache/struts2/dispatcher/ApplicationMap.java | 9 +- .../org/apache/struts2/dispatcher/Dispatcher.java | 8 + .../org/apache/struts2/dispatcher/RequestMap.java | 9 +- .../struts2/interceptor/csp/CspInterceptor.java | 43 ++- .../parameter/ParametersInterceptor.java | 204 +++++++++++- .../interceptor/parameter/StrutsParameter.java | 96 +++--- .../apache/struts2/ognl/ThreadAllowlist.java} | 48 ++- .../struts2/views/jsp/ComponentTagSupport.java | 19 +- .../apache/struts2/views/jsp/IteratorStatus.java | 20 +- core/src/main/resources/struts-beans.xml | 1 + .../src/main/resources/template/simple/a-close.ftl | 3 + .../xwork2/ognl/OgnlValueStackTest.java | 115 +++---- .../xwork2/ognl/SecurityMemberAccessTest.java | 6 +- .../java/com/opensymphony/xwork2/test/User.java | 6 + .../test/java/org/apache/struts2/TestAction.java | 18 ++ .../struts2/components/IteratorComponentTest.java | 208 +++++++++++- .../struts2/interceptor/CspInterceptorTest.java | 51 ++- .../exec/StrutsBackgroundProcessTest.java | 2 +- .../parameter/StrutsParameterAnnotationTest.java | 348 +++++++++++++++++++++ .../apache/struts2/views/jsp/IteratorTagTest.java | 205 ++++++------ .../apache/struts2/views/jsp/ui/AnchorTest.java | 17 + .../org/apache/struts2/views/jsp/ui/RadioTest.java | 37 ++- .../org/apache/struts2/views/jsp/ui/Radio-11.txt | 4 + .../org/apache/struts2/views/jsp/ui/href-6.txt | 1 + mvnw | 218 +++++++------ mvnw.cmd | 31 +- .../struts2/portlet/PortletApplicationMap.java | 9 +- pom.xml | 31 +- src/etc/project-suppression.xml | 21 +- 59 files changed, 1833 insertions(+), 704 deletions(-) delete mode 100644 .mvn/wrapper/MavenWrapperDownloader.java create mode 100644 apps/showcase/src/main/java/org/apache/struts2/showcase/action/ParamsAnnotationAction.java copy core/src/main/java/com/opensymphony/xwork2/conversion/annotations/ConversionType.java => apps/showcase/src/main/java/org/apache/struts2/showcase/model/MyDto.java (67%) copy plugins/xslt/src/main/resources/struts-plugin.xml => apps/showcase/src/main/resources/struts-params-annotation.xml (78%) copy plugins/embeddedjsp/src/test/resources/org/apache/struts2/dont-use.jsp => apps/showcase/src/main/webapp/WEB-INF/paramsannotation.vm (93%) create mode 100644 apps/showcase/src/test/java/it/org/apache/struts2/showcase/StrutsParametersTest.java copy plugins/convention/src/main/java/org/apache/struts2/convention/annotation/ExceptionMapping.java => core/src/main/java/org/apache/struts2/interceptor/parameter/StrutsParameter.java (57%) copy core/src/main/java/{com/opensymphony/xwork2/mock/MockContainer.java => org/apache/struts2/ognl/ThreadAllowlist.java} (50%) create mode 100644 core/src/test/java/org/apache/struts2/interceptor/parameter/StrutsParameterAnnotationTest.java create mode 100644 core/src/test/resources/org/apache/struts2/views/jsp/ui/Radio-11.txt create mode 100644 core/src/test/resources/org/apache/struts2/views/jsp/ui/href-6.txt