[GitHub] [struts] JCgH4164838Gh792C124B5 opened a new pull request #404: Initial fix for WW-5069 (improve build behaviour JDK9+)
JCgH4164838Gh792C124B5 opened a new pull request #404: URL: https://github.com/apache/struts/pull/404 Initial fix for WW-5069: - Force US Locale for two tests that use date strings of the form MM/DD/CCYY. - When the tests/build are run in an environment with a non-US Locale and newer JDKs the tests may fail due to inability to parse the US date format. Note: Was noticed on Windows 10 with JDK11, but could affect other environments when run in a non-US Locale. This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
[GitHub] [struts] coveralls commented on issue #404: Initial fix for WW-5069 (improve build behaviour JDK9+)
coveralls commented on issue #404: URL: https://github.com/apache/struts/pull/404#issuecomment-616270788 [](https://coveralls.io/builds/30183114) Coverage remained the same at 47.069% when pulling **6d6a422db7950634ae5bfbc2153e27ae056adaff on JCgH4164838Gh792C124B5:WW-5069** into **f4c01358780ec6d5002d6a26c826ebe49d98652e on apache:struts-2-5-x**. This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
[GitHub] [struts] JCgH4164838Gh792C124B5 commented on issue #404: Initial fix for WW-5069 (improve build behaviour JDK9+)
JCgH4164838Gh792C124B5 commented on issue #404: URL: https://github.com/apache/struts/pull/404#issuecomment-616271172 Hello Apache Struts Team. This is a very basic PR (it was just a bit-of-a-pain to isolate the issue). Basically, the default locale behaviour for some date validation tests differs for JDK7/8 compared to newer JDKs (such as JDK 11). When running the tests in a non-US locale some date validation unit tests can fail, causing the Struts 2 Core build to fail. The proposed improvement is to ensure the affected unit tests utilize the expected US locale to process the MM/DD/CCYY formats as expected. Now they should work as intended on JDK7+, even if the base system's locale is not US. **Note**: Windows 10 with JDK 11 (OpenJDK and Oracle) still appear to fail during a full Struts 2 build due to an apache-rat-plugin failure. I was forced to locally use "-Drat.skip=true" to verify the full build with JDK11, but the Core build by itself passed fine). This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
[GitHub] [struts] lukaszlenart commented on issue #404: Initial fix for WW-5069 (improve build behaviour JDK9+)
lukaszlenart commented on issue #404: URL: https://github.com/apache/struts/pull/404#issuecomment-616317694 LGTM 👍 This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
[GitHub] [struts] lukaszlenart commented on issue #402: WW-5067-Fix1 (correct accidental artifactId change)
lukaszlenart commented on issue #402: URL: https://github.com/apache/struts/pull/402#issuecomment-616324497 LGTM 👍 This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
[GitHub] [struts-site] davelnewton opened a new pull request #145: Correct extension of JSP component.
davelnewton opened a new pull request #145: URL: https://github.com/apache/struts-site/pull/145 May also want a directory change to better reflect common JSP usage (and that it cannot be on classpath). This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
[GitHub] [struts-site] lukaszlenart commented on issue #145: Correct extension of JSP component.
lukaszlenart commented on issue #145: URL: https://github.com/apache/struts-site/pull/145#issuecomment-616719802 Hm... Jenkins triggering stopped working :\ This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
[GitHub] [struts-site] lukaszlenart commented on issue #145: Correct extension of JSP component.
lukaszlenart commented on issue #145: URL: https://github.com/apache/struts-site/pull/145#issuecomment-616720493 LGTM 👍 This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
[GitHub] [struts] lukaszlenart commented on issue #400: [WW-5065] Removing unnecessary part of AbstractMatcher#replaceParameters
lukaszlenart commented on issue #400: URL: https://github.com/apache/struts/pull/400#issuecomment-616730002 Right, this should express its external effect ``` struts.matcher.appendNamedParameters=true ``` If not objections I'm going to merge this PR and add the flag. This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
[GitHub] [struts] atkaiser commented on issue #400: [WW-5065] Removing unnecessary part of AbstractMatcher#replaceParameters
atkaiser commented on issue #400: URL: https://github.com/apache/struts/pull/400#issuecomment-616904644 Sounds good to me This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
[GitHub] [struts] lukaszlenart commented on issue #397: [WW-4789] [WW-3788] ActionContext refactoring
lukaszlenart commented on issue #397: URL: https://github.com/apache/struts/pull/397#issuecomment-617345083 I think this PR is finally ready. I know it's huge so if there are objections merging it AS-IS I can prepare another PR and just move `ActionContext`s changes and then update the rest with another PRs. This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
[GitHub] [struts] lukaszlenart commented on issue #229: WW-4796 Rename springconstants to have a uniform naming pattern
lukaszlenart commented on issue #229: URL: https://github.com/apache/struts/pull/229#issuecomment-617350536 I assume we are good to merge this PR if no objections, from my side LGTM 👍 This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
[GitHub] [struts] coveralls edited a comment on issue #397: [WW-4789] [WW-3788] ActionContext refactoring
coveralls edited a comment on issue #397: URL: https://github.com/apache/struts/pull/397#issuecomment-602049491 [](https://coveralls.io/builds/30235237) Coverage increased (+0.03%) to 49.212% when pulling **f071c9d0edd1bd7f6a5f0b3068996a88248a5806 on action-context-boost** into **230a300685d6d0b82b68818e743ebf506b3225aa on master**. This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
[GitHub] [struts] lukaszlenart commented on issue #397: [WW-4789] [WW-3788] ActionContext refactoring
lukaszlenart commented on issue #397: URL: https://github.com/apache/struts/pull/397#issuecomment-617547853 Here are the [ActionContext](https://github.com/apache/struts/pull/397/files#diff-8bd10f8c78a248734b503714a44e1dcc) changes I'm talking about. All the rest is a consequence of those changes, reviewing the changes should be sufficient. This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
[GitHub] [struts] lukaszlenart commented on issue #400: [WW-5065] Removing unnecessary part of AbstractMatcher#replaceParameters
lukaszlenart commented on issue #400: URL: https://github.com/apache/struts/pull/400#issuecomment-617550492 LGTM 👍 This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
[GitHub] [struts] lukaszlenart opened a new pull request #405: [WW-5065] Defines a new flag to control appending params
lukaszlenart opened a new pull request #405: URL: https://github.com/apache/struts/pull/405 Follow up on https://github.com/apache/struts/pull/400 Refs [WW-5065](https://issues.apache.org/jira/browse/WW-5065) This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
[GitHub] [struts] lukaszlenart commented on issue #400: [WW-5065] Removing unnecessary part of AbstractMatcher#replaceParameters
lukaszlenart commented on issue #400: URL: https://github.com/apache/struts/pull/400#issuecomment-617569364 @atkaiser @JCgH4164838Gh792C124B5 PR is ready https://github.com/apache/struts/pull/405 This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
[GitHub] [struts] coveralls commented on issue #405: [WW-5065] Defines a new flag to control appending params
coveralls commented on issue #405: URL: https://github.com/apache/struts/pull/405#issuecomment-617625161 [](https://coveralls.io/builds/30251043) Coverage increased (+0.02%) to 47.086% when pulling **c2765e5236dd99765851e90677f3bf4e53c7b5a7 on WW-5065-append-or-not** into **5c82f0246ef33584823e357e8b067979958e3a51 on struts-2-5-x**. This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
[GitHub] [struts] atkaiser commented on issue #405: [WW-5065] Defines a new flag to control appending params
atkaiser commented on issue #405: URL: https://github.com/apache/struts/pull/405#issuecomment-618022537 LGTM 👍 This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
[GitHub] [struts] coveralls edited a comment on issue #405: [WW-5065] Defines a new flag to control appending params
coveralls edited a comment on issue #405: URL: https://github.com/apache/struts/pull/405#issuecomment-617625161 [](https://coveralls.io/builds/30277905) Coverage increased (+0.02%) to 47.086% when pulling **30b43044a31e2dac6e1364cbb7388d860c4a5259 on WW-5065-append-or-not** into **5c82f0246ef33584823e357e8b067979958e3a51 on struts-2-5-x**. This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
[GitHub] [struts] JCgH4164838Gh792C124B5 commented on a change in pull request #397: [WW-4789] [WW-3788] ActionContext refactoring
JCgH4164838Gh792C124B5 commented on a change in pull request #397:
URL: https://github.com/apache/struts/pull/397#discussion_r414173368
##
File path: core/src/main/java/com/opensymphony/xwork2/util/ValueStack.java
##
@@ -28,23 +30,25 @@
*/
public interface ValueStack {
-public static final String VALUE_STACK =
"com.opensymphony.xwork2.util.ValueStack.ValueStack";
+String VALUE_STACK = "com.opensymphony.xwork2.util.ValueStack.ValueStack";
Review comment:
Thanks for pointing out why `static final` is redundant for interfaces
in newer Java versions. :)
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org
[GitHub] [struts] JCgH4164838Gh792C124B5 commented on a change in pull request #405: [WW-5065] Defines a new flag to control appending params
JCgH4164838Gh792C124B5 commented on a change in pull request #405:
URL: https://github.com/apache/struts/pull/405#discussion_r414181934
##
File path:
core/src/main/java/com/opensymphony/xwork2/config/impl/AbstractMatcher.java
##
@@ -36,6 +36,9 @@
* @since 2.1
*/
public abstract class AbstractMatcher implements Serializable {
+
+private static final Logger LOG =
LogManager.getLogger(AbstractMatcher.class);
Review comment:
This looks like it introduces a second private `Logger` reference ?
There is already:
```
private static final Logger log =
LogManager.getLogger(AbstractMatcher.class);
```
Maybe the intention was to rename `log` to `LOG` and update all the logger
calls ?
##
File path: core/src/main/java/org/apache/struts2/StrutsConstants.java
##
@@ -341,4 +341,7 @@
public static final String STRUTS_DISALLOW_PROXY_MEMBER_ACCESS =
"struts.disallowProxyMemberAccess";
public static final String STRUTS_OGNL_AUTO_GROWTH_COLLECTION_LIMIT =
"struts.ognl.autoGrowthCollectionLimit";
+
+/** See {@link
com.opensymphony.xwork2.config.impl.AbstractMatcher#appendNamedParameters */
+public static final String STRUTS_MATCHER_APPEND_NAMED_PARAMETERS = "";
Review comment:
Looks like the constant is currently `""` (empty string). Was that
intentional, or should it be changed to:
```
public static final String STRUTS_MATCHER_APPEND_NAMED_PARAMETERS =
"struts.matcher.appendNamedParameters";
```
which was the name Lukasz favoured in PR #400.
##
File path:
core/src/main/java/com/opensymphony/xwork2/config/impl/AbstractMatcher.java
##
@@ -50,10 +53,23 @@
* The compiled patterns and their associated target objects
*/
List> compiledPatterns = new ArrayList<>();
-;
+
+/**
+ * This flag controls if passed named params should be appended
+ * to the map in {@link #replaceParameters(Map, Map)}
+ * and will be accessible in {@link
com.opensymphony.xwork2.config.entities.ResultConfig}.
+ * If set to false, the named parameters won't be appended.
+ *
+ * This behaviour is controlled by {@link
org.apache.struts2.StrutsConstants#STRUTS_MATCHER_APPEND_NAMED_PARAMETERS}
+ *
+ * @since 2.5.23
+ * See WW-5065
+ */
+private final boolean appendNamedParameters;
-public AbstractMatcher(PatternMatcher helper) {
+public AbstractMatcher(PatternMatcher helper, boolean
appendNamedParameters) {
Review comment:
Because the original method
```
public AbstractMatcher(PatternMatcher helper)
```
is public, people may have extended this class, which would then break their
code unexpectedly with this change. Maybe it would be a good idea to add keep
the old method signature present with something like:
```
public AbstractMatcher(PatternMatcher helper) {
this(helper, true); // Set boolean to whatever default setting is
decided on
}
```
That should preserve backward-compatbility.
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org
[GitHub] [struts] JCgH4164838Gh792C124B5 commented on a change in pull request #405: [WW-5065] Defines a new flag to control appending params
JCgH4164838Gh792C124B5 commented on a change in pull request #405:
URL: https://github.com/apache/struts/pull/405#discussion_r414185407
##
File path:
core/src/main/java/com/opensymphony/xwork2/config/impl/AbstractMatcher.java
##
@@ -50,10 +53,23 @@
* The compiled patterns and their associated target objects
*/
List> compiledPatterns = new ArrayList<>();
-;
+
+/**
+ * This flag controls if passed named params should be appended
+ * to the map in {@link #replaceParameters(Map, Map)}
+ * and will be accessible in {@link
com.opensymphony.xwork2.config.entities.ResultConfig}.
+ * If set to false, the named parameters won't be appended.
+ *
+ * This behaviour is controlled by {@link
org.apache.struts2.StrutsConstants#STRUTS_MATCHER_APPEND_NAMED_PARAMETERS}
+ *
+ * @since 2.5.23
+ * See WW-5065
+ */
+private final boolean appendNamedParameters;
-public AbstractMatcher(PatternMatcher helper) {
+public AbstractMatcher(PatternMatcher helper, boolean
appendNamedParameters) {
Review comment:
Because the original method
```
public AbstractMatcher(PatternMatcher helper)
```
is public, people may have extended this class, which would then break their
code unexpectedly with this change. Maybe it would be a good idea to keep the
old method signature present with something like:
```
public AbstractMatcher(PatternMatcher helper) {
this(helper, true); // Set boolean to whatever default setting is
decided on
}
```
That should preserve backward-compatbility.
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org
[GitHub] [struts] JCgH4164838Gh792C124B5 commented on pull request #397: [WW-4789] [WW-3788] ActionContext refactoring
JCgH4164838Gh792C124B5 commented on pull request #397: URL: https://github.com/apache/struts/pull/397#issuecomment-618723503 Hi. I will try to go over the new changes in a few days. Thanks for all the work on this. 👍 This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
[GitHub] [struts] lukaszlenart commented on a change in pull request #405: [WW-5065] Defines a new flag to control appending params
lukaszlenart commented on a change in pull request #405:
URL: https://github.com/apache/struts/pull/405#discussion_r414359429
##
File path:
core/src/main/java/com/opensymphony/xwork2/config/impl/AbstractMatcher.java
##
@@ -50,10 +53,23 @@
* The compiled patterns and their associated target objects
*/
List> compiledPatterns = new ArrayList<>();
-;
+
+/**
+ * This flag controls if passed named params should be appended
+ * to the map in {@link #replaceParameters(Map, Map)}
+ * and will be accessible in {@link
com.opensymphony.xwork2.config.entities.ResultConfig}.
+ * If set to false, the named parameters won't be appended.
+ *
+ * This behaviour is controlled by {@link
org.apache.struts2.StrutsConstants#STRUTS_MATCHER_APPEND_NAMED_PARAMETERS}
+ *
+ * @since 2.5.23
+ * See WW-5065
+ */
+private final boolean appendNamedParameters;
-public AbstractMatcher(PatternMatcher helper) {
+public AbstractMatcher(PatternMatcher helper, boolean
appendNamedParameters) {
Review comment:
Right, done!
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org
[GitHub] [struts] lukaszlenart commented on a change in pull request #405: [WW-5065] Defines a new flag to control appending params
lukaszlenart commented on a change in pull request #405:
URL: https://github.com/apache/struts/pull/405#discussion_r414359578
##
File path: core/src/main/java/org/apache/struts2/StrutsConstants.java
##
@@ -341,4 +341,7 @@
public static final String STRUTS_DISALLOW_PROXY_MEMBER_ACCESS =
"struts.disallowProxyMemberAccess";
public static final String STRUTS_OGNL_AUTO_GROWTH_COLLECTION_LIMIT =
"struts.ognl.autoGrowthCollectionLimit";
+
+/** See {@link
com.opensymphony.xwork2.config.impl.AbstractMatcher#appendNamedParameters */
+public static final String STRUTS_MATCHER_APPEND_NAMED_PARAMETERS = "";
Review comment:
Good catch, fixed!
##
File path:
core/src/main/java/com/opensymphony/xwork2/config/impl/AbstractMatcher.java
##
@@ -36,6 +36,9 @@
* @since 2.1
*/
public abstract class AbstractMatcher implements Serializable {
+
+private static final Logger LOG =
LogManager.getLogger(AbstractMatcher.class);
Review comment:
Right, fixed :)
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org
[GitHub] [struts] coveralls edited a comment on pull request #405: [WW-5065] Defines a new flag to control appending params
coveralls edited a comment on pull request #405: URL: https://github.com/apache/struts/pull/405#issuecomment-617625161 [](https://coveralls.io/builds/30308885) Coverage increased (+0.01%) to 47.084% when pulling **6e1d2add0729a629412f0e4a407f0b02461b04a0 on WW-5065-append-or-not** into **5c82f0246ef33584823e357e8b067979958e3a51 on struts-2-5-x**. This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
[GitHub] [struts] lukaszlenart opened a new pull request #406: [WW-5070] Adds more sophisticated logic to search for the Root
lukaszlenart opened a new pull request #406: URL: https://github.com/apache/struts/pull/406 Resolves [WW-5070](https://issues.apache.org/jira/browse/WW-5070) This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
[GitHub] [struts] lukaszlenart opened a new pull request #407: [WW-5017] Drops deprecated Validation annotation as not needed
lukaszlenart opened a new pull request #407: URL: https://github.com/apache/struts/pull/407 Resolves [WW-5017](https://issues.apache.org/jira/browse/WW-5017) This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
[GitHub] [struts] lukaszlenart opened a new pull request #408: [WW-4043] Moves TestUtils into junit-plugin
lukaszlenart opened a new pull request #408: URL: https://github.com/apache/struts/pull/408 Resolves [WW-4043](https://issues.apache.org/jira/browse/WW-4043) This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
[GitHub] [struts] JCgH4164838Gh792C124B5 opened a new pull request #409: Cherry-Pick PR#404 into master
JCgH4164838Gh792C124B5 opened a new pull request #409: URL: https://github.com/apache/struts/pull/409 Cherry-Pick PR#404 change into master. Merge pull request #404 from JCgH4164838Gh792C124B5/WW-5069 Initial fix for WW-5069 (improve build behaviour JDK9+) (cherry picked from commit 1526b36dd623164d671ec1f03ecf832b6b71f313) This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
[GitHub] [struts] lukaszlenart opened a new pull request #410: [WW-5065] Defines a new flag to control appending params - cherry-pick
lukaszlenart opened a new pull request #410: URL: https://github.com/apache/struts/pull/410 Refs https://github.com/apache/struts/pull/405 Refs [WW-5065](https://issues.apache.org/jira/browse/WW-5065) This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
[GitHub] [struts] JCgH4164838Gh792C124B5 opened a new pull request #411: Minor change to fix WW-5072
JCgH4164838Gh792C124B5 opened a new pull request #411: URL: https://github.com/apache/struts/pull/411 Minor change to fix WW-5072 (single file upload failure): - Add action-local method to get upload file size. - Change file upload validation to use new method. This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
[GitHub] [struts] JCgH4164838Gh792C124B5 opened a new pull request #412: Cherry-Pick PR#411 into master
JCgH4164838Gh792C124B5 opened a new pull request #412: URL: https://github.com/apache/struts/pull/412 Cherry-Pick PR#411 change into master. Merge pull request #411 from JCgH4164838Gh792C124B5/WW-5072_fix Minor change to fix WW-5072 (cherry picked from commit e46e662a7ac7fde7f96ff322e557190765a88cc9) This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
[GitHub] [struts] JCgH4164838Gh792C124B5 opened a new pull request #413: Proposed WW-5074 Fix
JCgH4164838Gh792C124B5 opened a new pull request #413: URL: https://github.com/apache/struts/pull/413 Proposed WW-5074 Fix: - Exclude ASM 3.3.1 from inclusion as a dependency for commons-digester3 (also mark commons-digester3 as optional dependency since it is only listed to allow the exclusion). - Provide explicit test dependency of ASM 3.3.1 for portlet-plugin (otherwise its jmock tests are unable to execute). This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
[GitHub] [struts-archetypes] JCgH4164838Gh792C124B5 opened a new pull request #5: Update for archetype-descriptors / maven-compiler-plugin version consistency
JCgH4164838Gh792C124B5 opened a new pull request #5: URL: https://github.com/apache/struts-archetypes/pull/5 Minor changes: - Make all archetype-descriptor "name" attributes match the archetype they belong to. - Make all maven-compiler-plugin versions 3.6.2. This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
[GitHub] [struts-archetypes] JCgH4164838Gh792C124B5 commented on pull request #5: Update for archetype-descriptors / maven-compiler-plugin version consistency
JCgH4164838Gh792C124B5 commented on pull request #5: URL: https://github.com/apache/struts-archetypes/pull/5#issuecomment-626393098 Hello @lukaszlenart . I'm not familiar enough with Maven Archetypes to be certain, but I think the archetype-descriptor entries are intended to match the archetype they belong to ? If the preceding assumption is incorrect, then please just ignore this PR. :smile: This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
[GitHub] [struts] lukaszlenart opened a new pull request #414: Tiny improvements
lukaszlenart opened a new pull request #414: URL: https://github.com/apache/struts/pull/414 Two small changes to address problems discovered during testing Struts 2.6 with AppEngine This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
[GitHub] [struts] JCgH4164838Gh792C124B5 opened a new pull request #415: Minor post WW-5030 Cleanup for 2.6.x
JCgH4164838Gh792C124B5 opened a new pull request #415: URL: https://github.com/apache/struts/pull/415 Minor post WW-5030 Cleanup: - Correction/fix for test within testMockPortletSession(), following recent changes to 2.6.x. - Fix TestMockMultipartFile.isEmpty() bug in both original logic and recent changes to 2.6.x. This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
[GitHub] [struts-archetypes] JCgH4164838Gh792C124B5 opened a new pull request #6: Minor archetype fixes for generated project unit tests
JCgH4164838Gh792C124B5 opened a new pull request #6: URL: https://github.com/apache/struts-archetypes/pull/6 Minor archetype fixes: - Allow the unit tests for projects built from the Angular and Convention archetypes to run under JDK 11 (issue not seen with JDK8). - Fix broken unit test for projects built from Blank archetype. - Fix broken unit test for projects built from Convention archetype. - Fix comment typo in HelloAction for the Convention archetype. This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
[GitHub] [struts-archetypes] JCgH4164838Gh792C124B5 commented on pull request #6: Minor archetype fixes for generated project unit tests
JCgH4164838Gh792C124B5 commented on pull request #6: URL: https://github.com/apache/struts-archetypes/pull/6#issuecomment-629711361 Hello Apache Struts Team. This PR should fix a few minor issues with the unit tests failing in a few of the projects generated from the struts2-archetypes. The "JDK11 only" test dependency for the projects built from the Angular and Convention archetypes (must declare a test-scope dependency on `commons-compress`) is weird, but applying it makes things work for both JDK 8 and JDK 11. If someone can see why this situation arises, please feel free to let others know in a comment. 😄 This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
[GitHub] [struts] JCgH4164838Gh792C124B5 opened a new pull request #416: Partial backport of Tiny improvements PR#414 to 2.5.x:
JCgH4164838Gh792C124B5 opened a new pull request #416: URL: https://github.com/apache/struts/pull/416 Partial backport of L. Lenart's PR#414 to 2.5.x: - Improve `Dispatcher` `getLocale()` handling if running in AppEngine. - Implemented the same improvement to the `defaultLocale` logic path within `getLocale()`. This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
[GitHub] [struts-archetypes] lukaszlenart merged pull request #6: Minor archetype fixes for generated project unit tests
lukaszlenart merged pull request #6: URL: https://github.com/apache/struts-archetypes/pull/6 This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
[GitHub] [struts] lukaszlenart merged pull request #415: Minor post WW-5030 Cleanup for 2.6.x
lukaszlenart merged pull request #415: URL: https://github.com/apache/struts/pull/415 This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
[GitHub] [struts] lukaszlenart merged pull request #416: Partial backport of Tiny improvements PR#414 to 2.5.x:
lukaszlenart merged pull request #416: URL: https://github.com/apache/struts/pull/416 This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
[GitHub] [struts] JCgH4164838Gh792C124B5 opened a new pull request #417: Provide unit test for partial backport PR#416 for 2.5.x
JCgH4164838Gh792C124B5 opened a new pull request #417: URL: https://github.com/apache/struts/pull/417 Provide unit test for partial backport PR#416 for 2.5.x (from L. Lenart's PR#414) : - DispatcherTest provides code coverage tests of all getLocale() paths. This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
[GitHub] [struts] lukaszlenart merged pull request #417: Provide unit test for partial backport PR#416 for 2.5.x
lukaszlenart merged pull request #417: URL: https://github.com/apache/struts/pull/417 This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
[GitHub] [struts] JCgH4164838Gh792C124B5 opened a new pull request #418: Cherry-pick PR#416 and PR#417 from 2.5.x into 2.6.x
JCgH4164838Gh792C124B5 opened a new pull request #418: URL: https://github.com/apache/struts/pull/418 Straightforward cherry-pick of PR #416 and PR #417 into 2.6.x. The 1st cherry-pick required a manual merge-conflict resolution, the 2nd was clean. This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
[GitHub] [struts] lukaszlenart merged pull request #418: Cherry-pick PR#416 and PR#417 from 2.5.x into 2.6.x
lukaszlenart merged pull request #418: URL: https://github.com/apache/struts/pull/418 This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
[GitHub] [struts] lukaszlenart opened a new pull request #419: [WW-5077] Better logs
lukaszlenart opened a new pull request #419: URL: https://github.com/apache/struts/pull/419 Refs [WW-5077](https://issues.apache.org/jira/browse/WW-5077) This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
[GitHub] [struts] lukaszlenart merged pull request #419: [WW-5077] Better logs
lukaszlenart merged pull request #419: URL: https://github.com/apache/struts/pull/419 This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
[GitHub] [struts] lukaszlenart opened a new pull request #420: [WW-5077] Uses better logging to inform user about excluded params (cherry-pick)
lukaszlenart opened a new pull request #420: URL: https://github.com/apache/struts/pull/420 Refs [WW-5077](https://issues.apache.org/jira/browse/WW-5077) This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
[GitHub] [struts-site] lukaszlenart opened a new pull request #146: Adds a note about action: prefix configuration
lukaszlenart opened a new pull request #146: URL: https://github.com/apache/struts-site/pull/146 Refs [S2-018](https://cwiki.apache.org/confluence/display/WW/S2-018) This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
[GitHub] [struts-archetypes] allc opened a new pull request #7: Fix class name in struts.xml for archetype starter
allc opened a new pull request #7: URL: https://github.com/apache/struts-archetypes/pull/7 Fix class name in `struts.xml` for archetype starter This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
[GitHub] [struts-archetypes] lukaszlenart commented on a change in pull request #7: Fix class name in struts.xml for archetype starter
lukaszlenart commented on a change in pull request #7: URL: https://github.com/apache/struts-archetypes/pull/7#discussion_r433643296 ## File path: struts2-archetype-starter/src/main/resources/archetype-resources/src/main/resources/struts.xml ## @@ -16,7 +16,7 @@ /WEB-INF/jsp/index.jsp - + Review comment: This need to match Spring bean name [here](https://github.com/apache/struts-archetypes/blob/master/struts2-archetype-starter/src/main/resources/archetype-resources/src/main/resources/applicationContext.xml#L6), btw. the package name need to be fixed there This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
[GitHub] [struts-site] lukaszlenart merged pull request #146: Adds a note about action: prefix configuration
lukaszlenart merged pull request #146: URL: https://github.com/apache/struts-site/pull/146 This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
[GitHub] [struts-archetypes] allc commented on a change in pull request #7: Fix class name in struts.xml for archetype starter
allc commented on a change in pull request #7: URL: https://github.com/apache/struts-archetypes/pull/7#discussion_r434354664 ## File path: struts2-archetype-starter/src/main/resources/archetype-resources/src/main/resources/struts.xml ## @@ -16,7 +16,7 @@ /WEB-INF/jsp/index.jsp - + Review comment: Thanks for the review. Sorry I did not realise the `helloWorld` action here looks intentionally different from the `index` action as there is Spring bean for it. When I setup the project with this archetype from the repositories somehow some files did not generate including `applicationContext.xml`, and have caused this confusion. Now I have tried installing this version here on git again and it works fine. Thanks. This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
[GitHub] [struts-archetypes] lukaszlenart commented on a change in pull request #7: Fix class name in struts.xml for archetype starter
lukaszlenart commented on a change in pull request #7: URL: https://github.com/apache/struts-archetypes/pull/7#discussion_r434359012 ## File path: struts2-archetype-starter/src/main/resources/archetype-resources/src/main/resources/struts.xml ## @@ -16,7 +16,7 @@ /WEB-INF/jsp/index.jsp - + Review comment: Thanks! We fixed a lot of problems and now the archetypes are under test phase, then we release new versions. This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
[GitHub] [struts-archetypes] lukaszlenart closed pull request #7: Fix class name in struts.xml for archetype starter
lukaszlenart closed pull request #7: URL: https://github.com/apache/struts-archetypes/pull/7 This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
[GitHub] [struts] lukaszlenart merged pull request #420: [WW-5077] Uses better logging to inform user about excluded params (cherry-pick)
lukaszlenart merged pull request #420: URL: https://github.com/apache/struts/pull/420 This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
[GitHub] [struts] lukaszlenart opened a new pull request #422: WW-5080 Defines a new result type plain to use directly with Java code
lukaszlenart opened a new pull request #422: URL: https://github.com/apache/struts/pull/422 Implements [WW-5080](https://issues.apache.org/jira/browse/WW-5080) This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
[GitHub] [struts] lukaszlenart opened a new pull request #423: [WW-5081] Makes textarea compatible with W3C
lukaszlenart opened a new pull request #423: URL: https://github.com/apache/struts/pull/423 Fixes [WW-5081](https://issues.apache.org/jira/browse/WW-5081) This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
[GitHub] [struts] yasserzamani merged pull request #423: [WW-5081] Makes textarea compatible with W3C
yasserzamani merged pull request #423: URL: https://github.com/apache/struts/pull/423 This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
[GitHub] [struts-site] lukaszlenart opened a new pull request #147: Contributors guide
lukaszlenart opened a new pull request #147: URL: https://github.com/apache/struts-site/pull/147 This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
[GitHub] [struts] yasserzamani merged pull request #422: [WW-5080] Defines a new result type plain to use directly with Java code
yasserzamani merged pull request #422: URL: https://github.com/apache/struts/pull/422 This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
[GitHub] [struts] gchatz22 opened a new pull request #424: Ww 5083
gchatz22 opened a new pull request #424: URL: https://github.com/apache/struts/pull/424 Initial implementation for Fetch Metadata creating a default resource isolation policy and a CSRF prevention interceptor This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
[GitHub] [struts] gchatz22 closed pull request #424: Ww 5083
gchatz22 closed pull request #424: URL: https://github.com/apache/struts/pull/424 This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
[GitHub] [struts] lukaszlenart opened a new pull request #425: [WW-5077] DMI aware pattern
lukaszlenart opened a new pull request #425: URL: https://github.com/apache/struts/pull/425 Refs [WW-5077](https://issues.apache.org/jira/browse/WW-5077) This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
[GitHub] [struts] salcho opened a new pull request #426: WW-5083: Adds support for Fetch Metadata in Struts2.
salcho opened a new pull request #426: URL: https://github.com/apache/struts/pull/426 Hello Struts devs, This PR builds Fetch Metadata support on for Struts2, namely: - If a request has `Sec-Fetch-*` headers (i.e. comes from a modern browser), the Fetch Metadata Interceptor will reject the request if it is requested cross-site (a potential CSRF attack). - One default Resource Isolation Policy is provided based on https://web.dev/fetch-metadata/, which prevents all major cross-site request forgery attacks. - This Interceptor gives the ability to add exemptions to this security mitigation, that is: URLs that are meant to be accessed cross-site. - The Fetch Metadata Interceptor has been added to the default interceptor stack. - The `Vary` header has been added to responses to ensure that any cached responses include Fetch Metadata headers in their key. This is an added layer of security against cache poisoning. This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
[GitHub] [struts] yasserzamani merged pull request #425: [WW-5077] DMI aware pattern
yasserzamani merged pull request #425: URL: https://github.com/apache/struts/pull/425 This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
[GitHub] [struts] lukaszlenart merged pull request #426: WW-5083: Adds support for Fetch Metadata in Struts2.
lukaszlenart merged pull request #426: URL: https://github.com/apache/struts/pull/426 This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
[GitHub] [struts] JCgH4164838Gh792C124B5 opened a new pull request #427: WW-5075 Fixes for OSGi plugin in 2.5.x
JCgH4164838Gh792C124B5 opened a new pull request #427: URL: https://github.com/apache/struts/pull/427 Initial attempt to fix OSGi Plugin issues discovered during examination of WW-5075. - Indication is that the OSGi Plugin has been failing since Struts 2.3.4. - Applied fix to ResourceFinder to restore 2.3.x logic that was broken in 2.5.x. - Implemented changes to restore OSGi Plugin functionality for 2.5.x. - Applied changes to the OSGi Admin Bundle to function under 2.5.x. - Updated the OSGi Admin Bundle JS libraries and related CSS to newer versions. - Added new unit tests for the OSGi plugin. - The OSGi plugin will only function properly with exploded/expanded WAR files. This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
[GitHub] [struts-site] JCgH4164838Gh792C124B5 commented on a change in pull request #147: Contributors guide
JCgH4164838Gh792C124B5 commented on a change in pull request #147:
URL: https://github.com/apache/struts-site/pull/147#discussion_r460444852
##
File path: source/contributors/building-with-maven.md
##
@@ -0,0 +1,206 @@
+---
+layout: default
+title: Building with Maven
+parent:
+ title: Contributors Guide
+ url: index.html
+---
+
+# Building with Maven
+{:.no_toc}
+
+* Will be replaced with the ToC, excluding a header
+{:toc}
+
+[Maven 3.0.0 or later](http://maven.apache.org) is required to build Struts 2
+
+First, let's review some Maven basics. Maven uses the notion of a build
_life-cycle_ to which plugins can attach.
+Plugins are similar to Ant tasks. When a Maven build is invoked, we specify a
point in the life-cycle up to which
+the build _should_ proceed. The _compile_ phase comes before _test_ , and
_test_ comes before _package_ , and _package_
+comes before _install_ . Once we have Maven setup, we can invoke the Struts
build, and specify which phase the build should use.
+
+## Installing
+
+The _install_ phase builds up the project ("package"), and installs any JARs
it needs into your local repository, e.g.:
+
+```
+~/.m2/repository
+```
+
+Once installed, the JARs can be used by any other Maven project you build.
The _install_ phase is the **default** phase
+if none is specified.
+
+To run a basic install, change to the root of the source distribution, and
enter
+
+```
+mvn
+```
+
+That's it! Maven will download any dependencies the build needs; run all unit
tests; package up the JARs; then install th
+e new JARs locally. For your convenience, copies of the JARs can be found in
the _target_ directories of each module.
+For example, after the build, the main JAR can found at
+
+```
+core/target/struts2-core-2.0-SNAPSHOT.jar
+```
+
+> Sometimes, licensing restrictions prevent Maven from downloading all the
JARs that a build might need. For example,
+> JavaMail and Activation, can only be downloaded from Sun. When this happens,
Maven will display a helpful message
+> that explains how to install these JARs manually. After downloading the
required JAR, follow the instructions
+> to install it to the your local repository. Once installed, the JAR is
available to all your Maven builds, not just Struts.
+
+**Initial Build Successful**
+
+```
+[INFO] Reactor Summary:
Review comment:
Similar to the above, the `Reactor Summary` here appears to be for the
2.0.x line. Maybe using a more recent 2.5.x build's summary output could be
used instead ?
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org
[GitHub] [struts-site] JCgH4164838Gh792C124B5 commented on a change in pull request #147: Contributors guide
JCgH4164838Gh792C124B5 commented on a change in pull request #147:
URL: https://github.com/apache/struts-site/pull/147#discussion_r460445631
##
File path: source/contributors/building-with-maven.md
##
@@ -0,0 +1,206 @@
+---
+layout: default
+title: Building with Maven
+parent:
+ title: Contributors Guide
+ url: index.html
+---
+
+# Building with Maven
+{:.no_toc}
+
+* Will be replaced with the ToC, excluding a header
+{:toc}
+
+[Maven 3.0.0 or later](http://maven.apache.org) is required to build Struts 2
+
+First, let's review some Maven basics. Maven uses the notion of a build
_life-cycle_ to which plugins can attach.
+Plugins are similar to Ant tasks. When a Maven build is invoked, we specify a
point in the life-cycle up to which
+the build _should_ proceed. The _compile_ phase comes before _test_ , and
_test_ comes before _package_ , and _package_
+comes before _install_ . Once we have Maven setup, we can invoke the Struts
build, and specify which phase the build should use.
+
+## Installing
+
+The _install_ phase builds up the project ("package"), and installs any JARs
it needs into your local repository, e.g.:
+
+```
+~/.m2/repository
+```
+
+Once installed, the JARs can be used by any other Maven project you build.
The _install_ phase is the **default** phase
+if none is specified.
+
+To run a basic install, change to the root of the source distribution, and
enter
+
+```
+mvn
+```
+
+That's it! Maven will download any dependencies the build needs; run all unit
tests; package up the JARs; then install th
+e new JARs locally. For your convenience, copies of the JARs can be found in
the _target_ directories of each module.
+For example, after the build, the main JAR can found at
+
+```
+core/target/struts2-core-2.0-SNAPSHOT.jar
Review comment:
The reference is to the original Struts 2.0 release, could be updated to
a newer one like `struts2-core-2.5.24-SNAPSHOT.jar`. (meant to have been part
of the review ... oops).
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
-
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org
[GitHub] [struts] JCgH4164838Gh792C124B5 opened a new pull request #428: WW-5083 PR#426 follow-up.
JCgH4164838Gh792C124B5 opened a new pull request #428: URL: https://github.com/apache/struts/pull/428 WW-5083 PR#426 follow-up. - Updated ResourceIsolationPolicy Sec-Fetch* header cases to match spec. - Added the Sec-Fetch-User header, plus additional dest/site/mode values from the spec. - Renamed ResourceIsolationPolicy interface constants to follow the naming convention that was already present. - Made StrutsResourceIsolationPolicy checks case-insensitive (even if specification says things should be case-sensitive) to better handle client bugs that will likely occur in the future. - Updated FetchMetaDataInterceport to use more standard LOG reference name, parameterization and call forms seen in other Struts 2 Interceptors. - Including the Sec-Fetch-User in the Vary resonse header. - Make setExemptedPaths an injectable method (but not required). - Updated unit test to use more of the constants, added test confirming the Vary header replacement. - A few whitespace changes and JavaDoc additions, including reference to the W3C specification site. This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
[GitHub] [struts] salcho opened a new pull request #429: WW-5084: Add Content Security Policy support to Struts
salcho opened a new pull request #429: URL: https://github.com/apache/struts/pull/429 Hello Struts Devs! This PR adds Content Security Policy support for Struts 2. A very popular security mitigation against XSS and other injection vulnerabilities. CSP comes in many flavours, but we've chosen to add support for the most robust of them: nonce-based, strict-dynamic CSP. Here's a summary of these changes: - Allows users to configure whether CSP is enabled in reporting or enforcement modes and lets them set a report URI, where violation reports will be sent by the browser. - Implements a CSP Interceptor that generates a nonce-based, strict-dynamic policy and adds it to HTTP responses according to the user's configuration. - Implements custom JSP and FTL
[GitHub] [struts] salcho opened a new pull request #430: WW-5084: Add Content Security Policy support to Struts
salcho opened a new pull request #430: URL: https://github.com/apache/struts/pull/430 Hello Struts Devs! This PR adds Content Security Policy support for Struts 2. A very popular security mitigation against XSS and other injection vulnerabilities. CSP comes in many flavours, but we've chosen to add support for the most robust of them: nonce-based, strict-dynamic CSP. Here's a summary of these changes: Allows users to configure whether CSP is enabled in reporting or enforcement modes and lets them set a report URI, where violation reports will be sent by the browser. Implements a CSP Interceptor that generates a nonce-based, strict-dynamic policy and adds it to HTTP responses according to the user's configuration. Implements custom JSP and FTL
[GitHub] [struts] salcho closed pull request #429: WW-5084: Add Content Security Policy support to Struts
salcho closed pull request #429: URL: https://github.com/apache/struts/pull/429 This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
[GitHub] [struts] yasserzamani merged pull request #427: WW-5075 Fixes for OSGi plugin in 2.5.x
yasserzamani merged pull request #427: URL: https://github.com/apache/struts/pull/427 This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
[GitHub] [struts-site] lukaszlenart commented on pull request #147: Contributors guide
lukaszlenart commented on pull request #147: URL: https://github.com/apache/struts-site/pull/147#issuecomment-664589839 Sorry, this is still work-in-progress and I just opened the PR to test migration to new CI server :) This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
[GitHub] [struts] gchatz22 opened a new pull request #431: Initial implementation of coop
gchatz22 opened a new pull request #431: URL: https://github.com/apache/struts/pull/431 Initial implementation of COOP with coop interceptor and configuration This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
[GitHub] [struts] gchatz22 closed pull request #431: Initial implementation of coop
gchatz22 closed pull request #431: URL: https://github.com/apache/struts/pull/431 This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
[GitHub] [struts] gchatz22 opened a new pull request #432: Add Cross-Origin Opener Policy (COOP) and Cross-Origin Embedder Policy (COEP) support
gchatz22 opened a new pull request #432: URL: https://github.com/apache/struts/pull/432 Hello Struts Devs! This PR adds Cross-Origin Opener Policy (COOP) and Cross-Origin Embedder Policy (COEP) support for Struts2. Two very popular mitigations that aim to make a website cross-origin isolated. COOP is a security mitigation that lets developers isolate their resources against side-channel attacks and information leaks. COEP prevents a document from loading any non-same-origin resources which don't explicitly grant the document permission to be loaded. Both COOP and COEP require adding headers to the response object. COOP and COEP are independent mechanisms and they can be enabled, tested and deployed separately. Using COEP and COOP together allows developers to safely use powerful features such as `SharedArrayBuffer`, `performance.measureMemory()`, and the JS Self-Profiling API. COOP and COEP are now supported by all major browsers. See https://web.dev/why-coop-coep/ for reference. Here's a summary of the changes made: - We created 2 new interceptors, the `CoopInterceptor` and `CoepInterceptor`, that handle adding the response headers for the respective security mitigation. Both were added in the default stack of `struts-default.xml` - Using the `CoopInterceptor`, developers have the ability to choose the policy they want COOP to operate with (`same-origin`, `same-origin-allow-popups`, or `unsafe-none`), set to `same-origin` by default. An exception is thrown if another policy other than the specified 3 is chosen by the developer - Using the `CoepInterceptor`, developers have the ability to choose between the two modes they want COEP to operate under: enforcing mode (header set as `Cross-Origin-Embedder-Policy`) which blocks resources and reports violation, and reporting mode (header set as `Cross-Origin-Embedder-Policy-Report-Only`) which only reports the violation without blocking resources. - For both interceptors, developers are able to add exempted paths for which the chosen policy will not be applied to them In `struts-default.xml' here is how developers can customize the interceptors: ``` path1,path2 same-origin false false path1,path2 ``` This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
[GitHub] [struts-site] rgielen opened a new pull request #148: Add Announcement 202008
rgielen opened a new pull request #148: URL: https://github.com/apache/struts-site/pull/148 The PR adds a new announcement to the Struts site This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
[GitHub] [struts-site] rgielen merged pull request #148: Add Announcement 202008
rgielen merged pull request #148: URL: https://github.com/apache/struts-site/pull/148 This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
[GitHub] [struts-site] lukaszlenart closed pull request #147: Contributors guide
lukaszlenart closed pull request #147: URL: https://github.com/apache/struts-site/pull/147 This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
[GitHub] [struts-site] lukaszlenart closed pull request #147: Contributors guide
lukaszlenart closed pull request #147: URL: https://github.com/apache/struts-site/pull/147 This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
[GitHub] [struts] yasserzamani merged pull request #428: WW-5083 PR#426 follow-up.
yasserzamani merged pull request #428: URL: https://github.com/apache/struts/pull/428 This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
[GitHub] [struts-site] yasserzamani commented on pull request #147: Contributors guide
yasserzamani commented on pull request #147: URL: https://github.com/apache/struts-site/pull/147#issuecomment-674374091 LGTM :+1: thanks! This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
[GitHub] [struts] lukaszlenart merged pull request #432: WW-5085: Add Cross-Origin Opener Policy (COOP) and Cross-Origin Embedder Policy (COEP) support
lukaszlenart merged pull request #432: URL: https://github.com/apache/struts/pull/432 This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
[GitHub] [struts] JCgH4164838Gh792C124B5 opened a new pull request #433: WW-5075 Fixes for OSGi plugin in 2.6.x
JCgH4164838Gh792C124B5 opened a new pull request #433: URL: https://github.com/apache/struts/pull/433 Initial attempt to fix OSGi Plugin issues discovered during examination of WW-5075. - Draws on PR#427 and utilizes similar code, but updated for JDK8. - Updated OSGi plugin dependencies to OSGi R7. - Indication is that the OSGi Plugin has been failing since Struts 2.3.4. - Applied fix to ResourceFinder to restore 2.3.x logic that was broken in 2.5.x. - Implemented changes to restore OSGi Plugin functionality for 2.6.x. - Applied changes to the OSGi Admin Bundle to function under 2.6.x. - Applied changes to the OSGi Demo Bundle to function under 2.6.x. - Updated the OSGi Admin Bundle JS libraries and related CSS to newer versions. - Added new unit tests for the OSGi plugin. - The OSGi plugin will only function properly with exploded/expanded WAR files. - BundlePackageLoader changes suggested by L. Lenart (from PR#427). - FelixOsgiHost changes to better handle Felix bundle cache location processing (Windows and Linux). - FelixOsgIHost test modified to not fail if felix-cache directory cannot be created (warn only) to avoid failing the whole build. - FelixOsgIHost test modified to not fail if felix-cache directory bundle load issues arise (warn only) to avoid failing the whole build. This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
[GitHub] [struts-site] lukaszlenart closed pull request #147: Contributors guide
lukaszlenart closed pull request #147: URL: https://github.com/apache/struts-site/pull/147 This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
[GitHub] [struts] lukaszlenart merged pull request #433: WW-5075 Fixes for OSGi plugin in 2.6.x
lukaszlenart merged pull request #433: URL: https://github.com/apache/struts/pull/433 This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
[GitHub] [struts-site] salcho opened a new pull request #149: Adding documentation for Fetch Metadata, Cross-Origin Opener Poliy & Cross-Origin Embedder Policy
salcho opened a new pull request #149: URL: https://github.com/apache/struts-site/pull/149 Hello Struts devs! We're really proud to have contributed to Struts by adding Fetch Metadata (https://github.com/apache/struts/pull/426) and COOP/COEP support (https://github.com/apache/struts/pull/432) in the past few months while CSP is still being reviewed (https://github.com/apache/struts/pull/430). This PR updates documentation to reflect the new interceptors (not CSP!), their parameters, usage and brief explanations of what these security mitigations are and how they work. We hope this will motivate Struts developers to enable brand new security mitigations on their way forward :) This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
[GitHub] [struts-site] yasserzamani commented on a change in pull request #149: Adding documentation for Fetch Metadata, Cross-Origin Opener Poliy & Cross-Origin Embedder Policy
yasserzamani commented on a change in pull request #149: URL: https://github.com/apache/struts-site/pull/149#discussion_r479367165 ## File path: source/core-developers/coep-interceptor.md ## @@ -0,0 +1,43 @@ +--- +layout: default +title: COEP Interceptor +parent: +title: Interceptors +url: interceptors.html +--- + +# Fetch Metadata Interceptor + +## Description + +Interceptor that implements Cross-Origin Embedder Policy on incoming requests. + +COEP prevents the document from loading any framed documents which don't opt-in by setting the COEP header. (`Cross-Origin-Embedder-Policy: require-corp`). This provides protection for documents that don't restrict framing. A document that doesn't set COEP cannot be framed by another document with COEP. All descendents of a document with COEP will also enforce the same restrictions. + +COEP is now supported by all major browsers. + + + +[More information about COEP](https://web.dev/why-coop-coep/#coep). + +## Parameters + +- `exemptedPaths` - Set of opt out endpoints that are meant to serve cross-site traffic. Paths should contain leading slashes and must be relative. This field is empty by default. +- `enforcingMode` - Boolean variable allowing the user to let COEP operate in `enforcing`, which blocks both resource and reports violations, or `report-only` mode, which only reports violations. Default value for field is `false`. +- `disabled` - Boolean variable disabling and enabling COEP. Default value for field is `false`. + +## Examples + +```xml + Review comment: As you've already defined and added it to `struts-default.xml`.`defaultStack` at [here](https://github.com/apache/struts/pull/432/files#diff-710b29900cea21e85893cae43dd08c92) , this duplicate definition is not needed as far as I can remember but please wait if @apache/struts-committers acknowledge as well. ## File path: source/core-developers/coop-interceptor.md ## @@ -0,0 +1,45 @@ +--- +layout: default +title: COOP Interceptor +parent: +title: Interceptors +url: interceptors.html +--- + +# Fetch Metadata Interceptor + +## Description + +Interceptor that implements Cross-Origin Opener Policy on incoming requests. + +COOP is a security mitigation that lets developers isolate their resources against side-channel attacks and information leaks. The COOP response header allows a document to request a new browsing context group to better isolate itself from other untrustworthy origins. Separating browsing contexts is necessary because at least two types of attacks are possible when a document shares a browsing context group and possibly an operating system process with cross-origin documents: + +- Cross-window attacks. A malicious document can open a victim document in a new window and later navigate the window to a look-alike document to trick the user, or attempt to exploit postMessage vulnerabilities in the victim document. +- Process-wide attacks. Side channel and transient execution attacks like Spectre may provide an opportunity to the malicious document to get access to sensitive data from the victim document, if they share an OS process. + +The COOP header can have one of 3 values: `same-origin`, `same-origin-allow-popups`, `unsafe-none`. If the COOP values are the same, and the origins of the documents match the relationship declared in the COOP header value, documents can interact with each other. Otherwise if at least one of the documents sets COOP, the browser will create a new browsing context group severing the link between the documents. Sites can use `same-origin-allow-popups` to allow popups they open to be in their browsing context group (unless the popup's own COOP prevents this). + +COOP is now supported by all major browsers. + + +[More information about COOP](https://web.dev/why-coop-coep/#coop). + +## Parameters + +- `exemptedPaths` - Set of opt out endpoints that are meant to serve cross-site traffic. Paths should contain leading slashes and must be relative. This field is empty by default. +- `mode` - The policy mode COOP should follow. Available modes are `same-origin`, `same-origin-allow-popups`, `unsafe-none`. Default mode is `same-origin`. + +## Examples + +```xml + + + + + Review comment: (similar here) ## File path: source/core-developers/fetch-metadata-interceptor.md ## @@ -0,0 +1,42 @@ +--- +layout: default +title: Fetch Metadata Interceptor +parent: +title: Interceptors +url: interceptors.html +--- + +# Fetch Metadata Interceptor + +## Description + +An interceptor that implements Fetch Metadata on incoming requests used to protect against CSRF, XSSI, and cross-origin information leaks. Uses a default Resource Isolation Policy to programmatically reject cross-origin requests. + +A Resource Isolation Policy is a strong defense in-depth mechanism that prevents the resources on a server from being requested by external websites. This poli
[GitHub] [struts-site] gchatz22 commented on pull request #149: Adding documentation for Fetch Metadata, Cross-Origin Opener Poliy & Cross-Origin Embedder Policy
gchatz22 commented on pull request #149: URL: https://github.com/apache/struts-site/pull/149#issuecomment-682771689 Thank you for your comments @yasserzamani ! Applied your changes and as said will also be waiting for @apache/struts-committers opinion. This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
[GitHub] [struts-site] gchatz22 edited a comment on pull request #149: Adding documentation for Fetch Metadata, Cross-Origin Opener Poliy & Cross-Origin Embedder Policy
gchatz22 edited a comment on pull request #149: URL: https://github.com/apache/struts-site/pull/149#issuecomment-682771689 Thank you for your comments @yasserzamani ! Applied your changes and as said will also be waiting for @[apache/struts-committers](https://github.com/orgs/apache/teams/struts-committers) opinion. This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
[GitHub] [struts-site] gchatz22 edited a comment on pull request #149: Adding documentation for Fetch Metadata, Cross-Origin Opener Poliy & Cross-Origin Embedder Policy
gchatz22 edited a comment on pull request #149: URL: https://github.com/apache/struts-site/pull/149#issuecomment-682771689 Thank you for your comments @yasserzamani ! Applied your changes and as said will also be waiting for @apache/struts-committers opinion. This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
[GitHub] [struts-site] gchatz22 edited a comment on pull request #149: Adding documentation for Fetch Metadata, Cross-Origin Opener Poliy & Cross-Origin Embedder Policy
gchatz22 edited a comment on pull request #149: URL: https://github.com/apache/struts-site/pull/149#issuecomment-682771689 Thank you for your comments @yasserzamani ! Applied your changes and as said will also be waiting for @apache/struts-committers opinion This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
[GitHub] [struts] aleksandr-m merged pull request #430: WW-5084: Add Content Security Policy support to Struts
aleksandr-m merged pull request #430: URL: https://github.com/apache/struts/pull/430 This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
