Can't believe this is a minor release Great job, thank Lukasz! - René
Am 08.12.14 16:37, schrieb Lukasz Lenart: > The Apache Struts group is pleased to announce that Apache Struts > 2.3.20 is available as a "General Availability" release. The GA > designation is our highest quality grade. > > Apache Struts 2 is an elegant, extensible framework for creating > enterprise-ready Java web applications. The framework is designed to > streamline the full development cycle, from building, to deploying, to > maintaining applications over time. > > One medium security issue was solved with this release: > > S2-023 Generated value of token can be predictable > * http://struts.apache.org/docs/s2-023.html > > Besides that, this release contains several fixes and improvements > just to mention few of them: > - merged security fixes from version 2.3.16.1, 2.3.16.2, 2.3.16.3 > - extended existing security mechanism to block access to given Java > packages and Classes > - collection Parameters for RedirectResult > - make ParametersInterceptor supports chinese in hash key by default > - themes.properties can be loaded using ServletContext allows to put > template folder under WEB-INF or on classpath > - new tag datetextfield > - only valid Ognl expressions are cached > - custom TextProvider can be used for validation errors of model driven > actions > - datetimepicker's label fixed > - PropertiesJudge removed and properties are checked in SecurityMemberAccess > - resource reloading works in IBM JVM > - default reloading settings were removed from default.properties > - commons-fileupload library upgraded to version 1.3.1 to fix > potential security vulnerability > - the scheme attribute accepts expressions in s:url tag > - solves problem with infinite loop in FastByteArrayOutputStream > - LocalizedTextUtil supports many ClassLoaders > - Bill of Materials pom was introduced > - debug=browser|console was migrated to jQuery > - struts_dojo.js was fixed > - interface org/apache/struts2/views/TagLibrary was restored and > marked as @Depreacted > and many other small improvements, please careful read the version notes. > > The release notes are available online at: > * http://struts.apache.org/docs/version-notes-2320.html > > All developers are strongly advised to update existing Struts 2 > applications to Struts 2.3.20! > > Struts 2.3.20 is available in a full distribution, or as separate > library, source, example and documentation distributions, from the > releases page. > * http://struts.apache.org/download.cgi#struts2320 > > The release is also available from the central Maven repository under > Group ID "org.apache.struts". > > The 2.3.x series of the Apache Struts framework has a minimum > requirement of the following specification versions: > * Java Servlet 2.4 and JavaServer Pages (JSP) 2.0 > * Java 2 Standard Platform Edition (J2SE) 5 > > Should any issues arise with your use of any version of the Struts > framework, please post your comments to the user list, and, if > appropriate, file a tracking ticket.appropriate, file a tracking > ticket: > * https://issues.apache.org/jira/browse/WW > > > - The Apache Struts group. > > > Regards > -- René Gielen http://twitter.com/rgielen --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
