struts.xml : from: <interceptor-ref name="params"> <param name="excludeParams">dojo\..*</param> </interceptor-ref>
to: <interceptor-ref name="params"> <param name="excludeParams">^action:.*,^method:.*</param> </interceptor-ref> As we have our own default struts xml, its best to copy the settings from the default xml supplied with the latest version of struts. The parameter interceptor was the reason for the security upgrade. On 10 June 2014 01:56, Glen Mazza <glen.ma...@gmail.com> wrote: > OK, I'll get the validation files fixed, re-release and hold another vote. > Unless it's an immediate, clear fix I'll skip the deprecated warnings you > mention at the bottom, it's a given that 5.0.4 has old libraries but the > solution is to get 5.1 out rather than spend time trying to make 5.0.4 the > same as 5.1. > > BTW, between the ## signs below you mention struts.xml -- I'm unsure what > you're trying to say there--do I need to update the struts.xml as well? > > Thanks, > Glen > > On 6/9/2014 10:23 AM, Greg Huber wrote: > >> Glen, >> >> The validator does not work, >> >> ERROR 2014-06-09 13:55:47,277 CommonsLogger:error - Caught exception while >> loading file >> org/apache/roller/weblogger/ui/struts2/editor/EntryAdd-validation.xml >> http://www.opensymphony.com/xwork/xwork-validator-1.0.2.dtd - Class: >> sun.net.www.protocol.http.HttpURLConnection >> >> the dtd on the struts validation.xml files needs to be changed to match >> the >> one on the version of struts uses ie >> >> <!DOCTYPE validators PUBLIC >> "-//Apache Struts//XWork Validator 1.0.3//EN" >> "http://struts.apache.org/dtds/xwork-validator-1.0.3.dtd";> >> >> ## >> >> struts.xml : >> >> <interceptor-ref name="params"> >> <param name="excludeParams">dojo\..*</param> >> </interceptor-ref> >> >> <interceptor-ref name="params"> >> <param >> name="excludeParams">^action:.*,^method:.*</param> >> </interceptor-ref> >> >> #### >> >> There are some other warnings also, but not that important, >> >> ActionContextCleanUp <<< is deprecated! Please use the new filters! >>>>> FilterDispatcher <<< is deprecated! Please use the new filters! >>>>> >>>> >> >> On 9 June 2014 11:37, Glen Mazza <glen.ma...@gmail.com> wrote: >> >> OK, apparently voting is done on DEV and not the private list (not that >>> the latter emailing system appeared to be accepting my emails anyway...) >>> Vote is below and I'm resetting the 72 hour clock to zero. >>> >>> Thanks, >>> Glen >>> >>> >>> -------- Original Message -------- >>> >>> On 6/7/2014 11:44 PM, Glen Mazza wrote: >>> >>> Hi Team, >>>> >>>> This is a vote to release Roller 5.0.4, it upgrades its Struts library >>>> to 2.3.16.3 to fix some important issues with it; also, some of the >>>> LDAP configuration was fixed based on comments from a user. >>>> >>>> Binaries are here: http://people.apache.org/~gmazza/roller/ >>>> >>>> I tested the Tomcat version, it looks good. >>>> >>>> Here's my +1. Voting will be for 72 hours. >>>> >>>> Regards, >>>> Glen >>>> >>>> >>>> >
