This is an automated email from the ASF dual-hosted git repository.
github-bot pushed a change to branch dependabot/maven/log4j2.version-2.22.1
in repository https://gitbox.apache.org/repos/asf/struts.git
discard 8a888ddbd Bump log4j2.version from 2.20.0 to 2.22.1
add 55ca7a5b3 WW-5365 Reverts changes introduced in WW-5192 to allow
evaluate the value attribute
add d8dc720d4 Merge pull request #835 from apache/fix/WW-5365-radio-value
add 686189c1b Bump actions/upload-artifact from 4.0.0 to 4.1.0
add 0a94b50bc Merge pull request #842 from
apache/dependabot/github_actions/actions/upload-artifact-4.1.0
add 3c8fff46d WW-5352 Clean up OgnlValueStackTest
add 9b5cb2d7b WW-5352 Move method to XWorkTestCase
add bdcedc55b Merge pull request #841 from apache/WW-5352-ognlvaluestack
add 96618ebbd Bump org.apache.commons:commons-compress from 1.23.0 to
1.25.0
add d0ac76b9a Merge pull request #820 from
apache/dependabot/maven/org.apache.commons-commons-compress-1.25.0
add e9738698a WW-5387 Fixes remove() signature
add fdd996c68 Merge pull request #844 from apache/fix/WW-5387-remove
add 72f551f40 WW-5369 Re-define minimal library set
add 5ee381182 Merge pull request #847 from apache/fix/WW-5369-min-lib
add dc96c257d WW-5374 Allows to prepend reportUri with Servlet context
add d5932f82f WW-5374 Uses @code instead of <tt/>
add 790c663dd WW-5374 Adds additional test case to cover disabling
prepending context
add 3a1a89a54 Merge pull request #845 from apache/fix/WW-5374-context
add 9a6411c8c Extends sleep period to avoid breaking a build
add dd0f0b05a Merge pull request #849 from apache/fix/longer-sleep
add 3ec313aa0 WW-5357 Adds support for disabled attribute to anchor tag
add a763071d2 Merge pull request #848 from apache/fix/WW-5357-disabled
add 775febbdf Upgrade maven to 3.9.6 and wrapper to 3.2.0
add 1e56b7ce6 Merge pull request #853 from
sepe81/feature/upgrade-maven-to-3.9.6
add cde86457a Bump actions/upload-artifact from 4.1.0 to 4.2.0
add ec18f0eef Merge pull request #855 from
apache/dependabot/github_actions/actions/upload-artifact-4.2.0
add cf74a4450 Fixes excluding Plexus container in OWASP scan
add 65c0427ea Merge pull request #858 from apache/fix/plexus-exclusion
add 9f4b67a9a Drops JDK11 build and fixes duplicated steps
add 2de30e72a Merge pull request #859 from apache/fix/sped-up-build
add e7a13b963 Small spelling and MD fixes (IntelliJ assisted)
add 644bd1f8c Mention just the maintenance branches for supported versions
add 7843cd5e1 Merge pull request #854 from
sepe81/feature/update-security-policy
add 2513fcb29 Stops running sonar.yml on forks
add 5057aeac8 Merge pull request #862 from apache/lukaszlenart-patch-1
add eca0666f0 WW-5352 Introduce StrutsParameter annotation
add ad576f0fd WW-5352 Introduce ThreadAllowlist bean
add 4255da3ee WW-5352 First draft implementation
add bf3f407b5 WW-5352 Ensure allowlist is cleared if in unexpected state
add 4c5f2b026 WW-5352 Add full unit test coverage
add e9154b922 Merge branch 'master' into WW-5352-parameter-annotation-3
add 5d7930123 WW-5352 Fix missing curved bracket
add 4c60f39c7 WW-5352 Enable annotations for showcase
add b2c754226 WW-5352 Dispatcher should up thread allowlist
add a57c2882e WW-5352 Reinstate manual allowlist for generic types
add 0a71e2c3b WW-5352 Implement auto-allowlisting for Iterator component
add 770d31110 WW-5352 Mild optimisation
add 6df80041e WW-5352 Auto allowlist parameterized types!
add f106b2098 WW-5352 Map-like type support
add bf7737fa0 WW-5352 Add unit test coverage for generics
add 56d8361b4 WW-5352 Implement transition mode
add 49b9c0c78 WW-5352 Ensure superclasses and interfaces allowlisted
add 728d695ce WW-5352 Add debug logging for parameter rejections
add b50616942 WW-5352 Acceptance test coverage
add 71d77df3f WW-5352 Normalise parameter name
add bd783a0e1 Merge pull request #832 from
apache/WW-5352-parameter-annotation-3
add a358db585 WW-5360 Introduces additional countStr & indexStr to allow
to ignore conversion
add b83607295 Merge pull request #852 from apache/fix/WW-5360-iterator
add 372aad2c6 Bump actions/upload-artifact from 4.2.0 to 4.3.0
add eb469779f Merge pull request #864 from
apache/dependabot/github_actions/actions/upload-artifact-4.3.0
add e299bba11 Update maven-war-plugin to 3.4.0
add 8087ba97e Update maven-site-plugin to 3.12.1
add 028fedd30 Update assertj to 3.25.2
add 77285186d Update slf4j to 2.0.11
add 71d28ed90 Update jackson to 2.16.1
add f8a8172a3 Update spring to 5.3.31
add fd2cf9160 Update log4j2 to 2.21.1
add 8ef55db35 Update maven-dependency-plugin to 3.6.1
add 27f0b5696 Update maven-enforcer-plugin to 3.4.1
add fd7e74867 Update commons-lang3 to 3.14.0
add 218e634bf Update commons-io to 2.15.1
add abd824fdd Update commons-text to 1.11.0
add ce2467522 Merge pull request #863 from
sepe81/feature/dependency-updates
add a33534a8d Bump log4j2.version from 2.20.0 to 2.22.1
This update added new revisions after undoing existing revisions.
That is to say, some revisions that were in the old version of the
branch are not in the new version. This situation occurs
when a user --force pushes a change and generates a repository
containing something like this:
* -- * -- B -- O -- O -- O (8a888ddbd)
\
N -- N -- N refs/heads/dependabot/maven/log4j2.version-2.22.1
(a33534a8d)
You should already have received notification emails for all of the O
revisions, and so the following emails describe only the N revisions
from the common base, B.
Any revisions marked "omit" are not gone; other references still
refer to them. Any revisions marked "discard" are gone forever.
No new revisions were added by this update.
Summary of changes:
.github/workflows/scorecards-analysis.yaml | 2 +-
.github/workflows/sonar.yml | 1 +
.mvn/wrapper/MavenWrapperDownloader.java | 117 -------
.mvn/wrapper/maven-wrapper.properties | 8 +-
Jenkinsfile | 62 +---
SECURITY.md | 12 +-
.../org/apache/struts2/showcase/UITagExample.java | 24 +-
.../showcase/action/ParamsAnnotationAction.java | 133 ++++++++
.../struts2/showcase/action/SkillAction.java | 2 +
.../struts2/showcase/async/ChatRoomAction.java | 3 +
.../struts2/showcase/conversion/AddressAction.java | 4 +-
.../showcase/conversion/OperationsEnumAction.java | 2 +
.../struts2/showcase/conversion/PersonAction.java | 2 +
.../showcase/filedownload/FileDownloadAction.java | 2 +
.../showcase/fileupload/FileUploadAction.java | 2 +
.../org/apache/struts2/showcase/model/MyDto.java | 23 +-
.../validation/FieldValidatorsExampleAction.java | 11 +
.../struts2/showcase/wait/LongProcessAction.java | 2 +
.../main/resources/struts-params-annotation.xml | 10 +-
apps/showcase/src/main/resources/struts.xml | 14 +-
.../src/main/webapp/WEB-INF/paramsannotation.vm | 8 +-
.../struts2/showcase/StrutsParametersTest.java | 239 ++++++++++++++
assembly/src/main/assembly/min-lib.xml | 2 +
.../com/opensymphony/xwork2/XWorkTestCase.java | 10 +
.../xwork2/config/impl/DefaultConfiguration.java | 2 +
.../xwork2/ognl/SecurityMemberAccess.java | 10 +-
.../security/DefaultAcceptedPatternsChecker.java | 18 +-
.../java/org/apache/struts2/StrutsConstants.java | 3 +
.../struts2/components/IteratorComponent.java | 13 +-
.../java/org/apache/struts2/components/Radio.java | 8 -
.../apache/struts2/dispatcher/ApplicationMap.java | 9 +-
.../org/apache/struts2/dispatcher/Dispatcher.java | 8 +
.../org/apache/struts2/dispatcher/RequestMap.java | 9 +-
.../struts2/interceptor/csp/CspInterceptor.java | 43 ++-
.../parameter/ParametersInterceptor.java | 204 +++++++++++-
.../interceptor/parameter/StrutsParameter.java | 96 +++---
.../apache/struts2/ognl/ThreadAllowlist.java} | 48 ++-
.../struts2/views/jsp/ComponentTagSupport.java | 19 +-
.../apache/struts2/views/jsp/IteratorStatus.java | 20 +-
core/src/main/resources/struts-beans.xml | 1 +
.../src/main/resources/template/simple/a-close.ftl | 3 +
.../xwork2/ognl/OgnlValueStackTest.java | 115 +++----
.../xwork2/ognl/SecurityMemberAccessTest.java | 6 +-
.../java/com/opensymphony/xwork2/test/User.java | 6 +
.../test/java/org/apache/struts2/TestAction.java | 18 ++
.../struts2/components/IteratorComponentTest.java | 208 +++++++++++-
.../struts2/interceptor/CspInterceptorTest.java | 51 ++-
.../exec/StrutsBackgroundProcessTest.java | 2 +-
.../parameter/StrutsParameterAnnotationTest.java | 348 +++++++++++++++++++++
.../apache/struts2/views/jsp/IteratorTagTest.java | 205 ++++++------
.../apache/struts2/views/jsp/ui/AnchorTest.java | 17 +
.../org/apache/struts2/views/jsp/ui/RadioTest.java | 37 ++-
.../org/apache/struts2/views/jsp/ui/Radio-11.txt | 4 +
.../org/apache/struts2/views/jsp/ui/href-6.txt | 1 +
mvnw | 218 +++++++------
mvnw.cmd | 31 +-
.../struts2/portlet/PortletApplicationMap.java | 9 +-
pom.xml | 31 +-
src/etc/project-suppression.xml | 21 +-
59 files changed, 1833 insertions(+), 704 deletions(-)
delete mode 100644 .mvn/wrapper/MavenWrapperDownloader.java
create mode 100644
apps/showcase/src/main/java/org/apache/struts2/showcase/action/ParamsAnnotationAction.java
copy
core/src/main/java/com/opensymphony/xwork2/conversion/annotations/ConversionType.java
=> apps/showcase/src/main/java/org/apache/struts2/showcase/model/MyDto.java
(67%)
copy plugins/xslt/src/main/resources/struts-plugin.xml =>
apps/showcase/src/main/resources/struts-params-annotation.xml (78%)
copy plugins/embeddedjsp/src/test/resources/org/apache/struts2/dont-use.jsp =>
apps/showcase/src/main/webapp/WEB-INF/paramsannotation.vm (93%)
create mode 100644
apps/showcase/src/test/java/it/org/apache/struts2/showcase/StrutsParametersTest.java
copy
plugins/convention/src/main/java/org/apache/struts2/convention/annotation/ExceptionMapping.java
=>
core/src/main/java/org/apache/struts2/interceptor/parameter/StrutsParameter.java
(57%)
copy core/src/main/java/{com/opensymphony/xwork2/mock/MockContainer.java =>
org/apache/struts2/ognl/ThreadAllowlist.java} (50%)
create mode 100644
core/src/test/java/org/apache/struts2/interceptor/parameter/StrutsParameterAnnotationTest.java
create mode 100644
core/src/test/resources/org/apache/struts2/views/jsp/ui/Radio-11.txt
create mode 100644
core/src/test/resources/org/apache/struts2/views/jsp/ui/href-6.txt
