2014-09-29 17:38 GMT+02:00 Christoph Nenning <christoph.nenn...@lex-com.net>: >> Hi, >> >> I have deployed new artefacts to staging repo, please test the bits! >> >> Staging Maven repo >> https://repository.apache.org/content/groups/staging/ >> >> Standalone artifacts >> http://people.apache.org/builds/struts/2.3.18/ >> >> Release notes >> https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.3.18 >> >> >> Thanks in advance >> -- >> Łukasz >> + 48 606 323 122 http://www.lenart.org.pl/ >> >> --------------------------------------------------------------------- > > > Hi, > > > could already see some of my patches in action, yay :) > > > I found some issues with our apps. Some stuff must be fixed there, but for > other stuff i'm not sure whether it shall be fixed in the framework or the > app. > > > > 1. OGNL security blocking (https://github.com/apache/struts/pull/11) > I'm actually hit by this. So it means: it really works ;) > I have JSPs that create a ViewModel Object with ognl which is blocked now. > (new is used in ognl expression) > The question here is how to enable the new whitelist? > There should be a link on the Version Notes page. > > > 2. LocalizedTextUtil > Now I'm getting lots of WARN messages in log like this: > WARN opensymphony.xwork2.util.LocalizedTextUtil - Missing key [...] in > bundle [...]! > In this app we use some JARs which provide their own resource bundles. > Those messages appear while struts searches the bundles for the current > key. > Probably that is caused by WW-4379. > > Is there a way to set a default resource bundle? So that I don't need to > specify a bundle everywhere. > > > > 3. LocaleProvider created by a ConfigurationProvider > To deal with errors on file uploads we have a ConfigurationProvider that > registers a LocaleProvider programmatically which is only used before the > interceptor stack is executed. > With struts 2.3.16 that LocaleProvider was only called once per request, > now it is called all over the place (probably for each getText()). > So it seems that the before-interceptor-stack-approach does not work > anymore. > > > > 4. ActionContext.getContext().getSession() > Again the ConfigurationProvider from point 3. It tries to access the > HttpSession to figure out if the user has a language chosen. > With struts 2.3.16 it returned always a map which may have been empty. Now > we get null. > That happens on the login page, so there might be no session yet. > > > > Should I create JIRAs for some of these?
Yes, please - there is too many of them to keep track via mail :-) Regards -- Łukasz + 48 606 323 122 http://www.lenart.org.pl/ --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
