> Hi, > > I have deployed new artefacts to staging repo, please test the bits! > > Staging Maven repo > https://repository.apache.org/content/groups/staging/ > > Standalone artifacts > http://people.apache.org/builds/struts/2.3.18/ > > Release notes > https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.3.18 > > > Thanks in advance > -- > Ćukasz > + 48 606 323 122 http://www.lenart.org.pl/ > > ---------------------------------------------------------------------
Hi, could already see some of my patches in action, yay :) I found some issues with our apps. Some stuff must be fixed there, but for other stuff i'm not sure whether it shall be fixed in the framework or the app. 1. OGNL security blocking (https://github.com/apache/struts/pull/11) I'm actually hit by this. So it means: it really works ;) I have JSPs that create a ViewModel Object with ognl which is blocked now. (new is used in ognl expression) The question here is how to enable the new whitelist? There should be a link on the Version Notes page. 2. LocalizedTextUtil Now I'm getting lots of WARN messages in log like this: WARN opensymphony.xwork2.util.LocalizedTextUtil - Missing key [...] in bundle [...]! In this app we use some JARs which provide their own resource bundles. Those messages appear while struts searches the bundles for the current key. Probably that is caused by WW-4379. Is there a way to set a default resource bundle? So that I don't need to specify a bundle everywhere. 3. LocaleProvider created by a ConfigurationProvider To deal with errors on file uploads we have a ConfigurationProvider that registers a LocaleProvider programmatically which is only used before the interceptor stack is executed. With struts 2.3.16 that LocaleProvider was only called once per request, now it is called all over the place (probably for each getText()). So it seems that the before-interceptor-stack-approach does not work anymore. 4. ActionContext.getContext().getSession() Again the ConfigurationProvider from point 3. It tries to access the HttpSession to figure out if the user has a language chosen. With struts 2.3.16 it returned always a map which may have been empty. Now we get null. That happens on the login page, so there might be no session yet. Should I create JIRAs for some of these? regards, Christoph This Email was scanned by Sophos Anti Virus
