[jira] [Commented] (WW-5012) Make a public state check the first acceptance check in SecurityMemberAccess
[ https://issues.apache.org/jira/browse/WW-5012?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16757812#comment-16757812 ] ASF GitHub Bot commented on WW-5012: JCgH4164838Gh792C124B5 commented on pull request #324: Back-port WW-5012 improvements from PR#323 to 2.5.x: URL: https://github.com/apache/struts/pull/324 Back-port WW-5012 improvements from PR#323 to 2.5.x: - Back-port improvements from PR#323: - Re-order SecurityMemberAccess to make public access check the 1st check. - Improvements to checkStaticMethodAccess(). - Back-port improvements from PR#320 that aligned with PR#323's enhancement: - Make one public getter final. - Brought additional ordering improvements that align and make 2.5.x's implementation easier to maintain. - Two improvements resulted directly from the back-porting: - Eliminated unnecessary boolean allow flag within the access check. - Eliminated a redundant call to !isClassExcluded(memberClass), implicitly possible due to re-ordering. This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org > Make a public state check the first acceptance check in SecurityMemberAccess > > > Key: WW-5012 > URL: https://issues.apache.org/jira/browse/WW-5012 > Project: Struts 2 > Issue Type: Improvement > Components: Core >Affects Versions: 2.5.20 > Environment: All environments. >Reporter: James Chaplin >Priority: Minor > Labels: performance, security > Fix For: 2.5.21, 2.6 > > > During discussion for WW-5004, a recommendation was made by two Apache Struts > Team members to adjust the sequence of calls in the SecurityMemberAccess > module. > The recommendation was to make the member's public state check (e.g. > checkPublicMemberAccess()) the absolute first check made during acceptance > checks). > This improvement would look at implementing this change for the access check > ordering, and any minor enhancements that are applicable to the ordering > change. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (WW-5011) Tiles bug when parsing file:// URLs including # as part of the URL
[ https://issues.apache.org/jira/browse/WW-5011?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16757441#comment-16757441 ] Jason Pyeron commented on WW-5011: -- there are structure changes to fix first... I will apply the struts format before commit - where is the struts code format standards defined (lint/eclipse/etc file)? > Tiles bug when parsing file:// URLs including # as part of the URL > -- > > Key: WW-5011 > URL: https://issues.apache.org/jira/browse/WW-5011 > Project: Struts 2 > Issue Type: Bug > Components: Plugin - Tiles >Affects Versions: 2.5.17 >Reporter: Jason Pyeron >Priority: Critical > Fix For: 2.5.21, 2.6 > > > This prevents deployment of a tiles application to sub contexts on Tomcat or > anywhere else the exploded war files' paths have certain special characters. > Tiles is in the Attic, it is no longer being maintained. > The Tiles plugin can shadow the particular class file as a workaround. > I will submit a patch. Please advise which branch the patch should be based > on. I need it for 2.5.17. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (WW-5004) No more calling of a static variable in Struts 2.8.20 available
[ https://issues.apache.org/jira/browse/WW-5004?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16757416#comment-16757416 ] Hudson commented on WW-5004: SUCCESS: Integrated in Jenkins build Struts-master-JDK7 #258 (See [https://builds.apache.org/job/Struts-master-JDK7/258/]) Fix for access issue for 2.6 discovered in WW-5004 (2nd amended commit): (43964333+jcgh4164838gh792c124b5: rev 925eb62949347eaf29867b295bcfbc55f210f23a) * (edit) core/src/main/java/com/opensymphony/xwork2/ognl/OgnlValueStack.java * (edit) core/src/test/java/com/opensymphony/xwork2/ognl/OgnlValueStackTest.java * (edit) core/src/test/java/com/opensymphony/xwork2/interceptor/ParametersInterceptorTest.java * (edit) core/src/test/java/org/apache/struts2/util/SecurityMemberAccessInServletsTest.java * (add) core/src/test/resources/com/opensymphony/xwork2/config/providers/xwork-test-staticfield-false.xml * (edit) core/src/test/java/com/opensymphony/xwork2/ognl/SecurityMemberAccessProxyTest.java * (edit) core/src/test/java/com/opensymphony/xwork2/ognl/SetPropertiesTest.java * (add) core/src/test/resources/com/opensymphony/xwork2/config/providers/xwork-test-staticfield-true.xml * (edit) core/src/main/java/org/apache/struts2/StrutsConstants.java * (edit) core/src/main/java/com/opensymphony/xwork2/ognl/OgnlValueStackFactory.java * (edit) core/src/test/java/org/apache/struts2/result/ServletRedirectResultTest.java * (edit) core/src/main/java/com/opensymphony/xwork2/config/providers/XWorkConfigurationProvider.java * (edit) core/src/main/java/com/opensymphony/xwork2/ognl/SecurityMemberAccess.java * (edit) core/src/main/java/com/opensymphony/xwork2/ognl/OgnlUtil.java * (edit) core/src/test/java/com/opensymphony/xwork2/ognl/OgnlUtilTest.java * (edit) core/src/test/java/com/opensymphony/xwork2/ognl/SecurityMemberAccessTest.java Fix for access issue for 2.6 discovered in WW-5004 (Minor update to (43964333+jcgh4164838gh792c124b5: rev 64bd12b26da0916b088910c21e1852ef1f2ccaeb) * (edit) core/src/main/java/com/opensymphony/xwork2/ognl/SecurityMemberAccess.java > No more calling of a static variable in Struts 2.8.20 available > --- > > Key: WW-5004 > URL: https://issues.apache.org/jira/browse/WW-5004 > Project: Struts 2 > Issue Type: Bug > Components: Core >Affects Versions: 2.5.20 > Environment: Java 7.1 and JSP Websites >Reporter: Deniz Renkligül >Priority: Critical > Labels: build, features, patch, usability > Fix For: 2.5.21, 2.6 > > > After the update from Struts 2.5.18 to 2.5.20 it is not more possible to call > a java static variable in JSP like > {code:java} > > {code} > Please see for more details the release notes of 2.5.20 > [link > https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.5.20|https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.5.20] > and I tried without success the following description assigned above in the > release version notes 2.5.20 with : > {code:java} > > > {code} > https://issues.apache.org/jira/browse/WW-4984 > > Thanks in advance for your support. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (WW-5004) No more calling of a static variable in Struts 2.8.20 available
[ https://issues.apache.org/jira/browse/WW-5004?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16757375#comment-16757375 ] ASF subversion and git services commented on WW-5004: - Commit 64bd12b26da0916b088910c21e1852ef1f2ccaeb in struts's branch refs/heads/master from JCgH4164838Gh792C124B5 [ https://gitbox.apache.org/repos/asf?p=struts.git;h=64bd12b ] Fix for access issue for 2.6 discovered in WW-5004 (Minor update to previous commit): - Restored ability to access public static fields (true by default). - Introduced a boolean configuration flag (allowStaticFieldAccess). - Replaced one remaining Boolean.parseBoolean() conversion in OgnlUtil use BooleanUtils.toBoolean(). - Enhanced unit tests to confirm proper operation of the fix. - Replicating L. Lenart's change in PR#317: - Removed injection parameter for setAllowStaticMethodAccess in OgnlValueStackFactory. - Replaced with lazy retrieval of allowStaticMethodAccess from container. - Used same pattern for the new allowStaticFieldAccess flag. - Added retrieval methods for both flags from the container. - Optimized calling sequence of isAccessible() based on feedback from previous commit. - Made a couple of getters and the protected checkXXX methods final (avoid descendant interference). > No more calling of a static variable in Struts 2.8.20 available > --- > > Key: WW-5004 > URL: https://issues.apache.org/jira/browse/WW-5004 > Project: Struts 2 > Issue Type: Bug > Components: Core >Affects Versions: 2.5.20 > Environment: Java 7.1 and JSP Websites >Reporter: Deniz Renkligül >Priority: Critical > Labels: build, features, patch, usability > Fix For: 2.5.21, 2.6 > > > After the update from Struts 2.5.18 to 2.5.20 it is not more possible to call > a java static variable in JSP like > {code:java} > > {code} > Please see for more details the release notes of 2.5.20 > [link > https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.5.20|https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.5.20] > and I tried without success the following description assigned above in the > release version notes 2.5.20 with : > {code:java} > > > {code} > https://issues.apache.org/jira/browse/WW-4984 > > Thanks in advance for your support. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (WW-5004) No more calling of a static variable in Struts 2.8.20 available
[ https://issues.apache.org/jira/browse/WW-5004?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16757376#comment-16757376 ] ASF subversion and git services commented on WW-5004: - Commit efd5a7c7abc0231bb0a96daab5fcde19916f5fa9 in struts's branch refs/heads/master from Aleksandr Mashchenko [ https://gitbox.apache.org/repos/asf?p=struts.git;h=efd5a7c ] Merge pull request #320 from JCgH4164838Gh792C124B5/localS2_26x_B2 Fix for access issue for 2.6 discovered in WW-5004: > No more calling of a static variable in Struts 2.8.20 available > --- > > Key: WW-5004 > URL: https://issues.apache.org/jira/browse/WW-5004 > Project: Struts 2 > Issue Type: Bug > Components: Core >Affects Versions: 2.5.20 > Environment: Java 7.1 and JSP Websites >Reporter: Deniz Renkligül >Priority: Critical > Labels: build, features, patch, usability > Fix For: 2.5.21, 2.6 > > > After the update from Struts 2.5.18 to 2.5.20 it is not more possible to call > a java static variable in JSP like > {code:java} > > {code} > Please see for more details the release notes of 2.5.20 > [link > https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.5.20|https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.5.20] > and I tried without success the following description assigned above in the > release version notes 2.5.20 with : > {code:java} > > > {code} > https://issues.apache.org/jira/browse/WW-4984 > > Thanks in advance for your support. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (WW-5004) No more calling of a static variable in Struts 2.8.20 available
[ https://issues.apache.org/jira/browse/WW-5004?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16757374#comment-16757374 ] ASF subversion and git services commented on WW-5004: - Commit 925eb62949347eaf29867b295bcfbc55f210f23a in struts's branch refs/heads/master from JCgH4164838Gh792C124B5 [ https://gitbox.apache.org/repos/asf?p=struts.git;h=925eb62 ] Fix for access issue for 2.6 discovered in WW-5004 (2nd amended commit): - Restored ability to access public static fields (true by default). - Introduced a boolean configuration flag (allowStaticFieldAccess). - Replaced one remaining Boolean.parseBoolean() conversion in OgnlUtil use BooleanUtils.toBoolean(). - Enhanced unit tests to confirm proper operation of the fix. - Replicating L. Lenart's change in PR#317: - Removed injection parameter for setAllowStaticMethodAccess in OgnlValueStackFactory. - Replaced with lazy retrieval of allowStaticMethodAccess from container. - Used same pattern for the new allowStaticFieldAccess flag. - Added retrieval methods for both flags from the container. > No more calling of a static variable in Struts 2.8.20 available > --- > > Key: WW-5004 > URL: https://issues.apache.org/jira/browse/WW-5004 > Project: Struts 2 > Issue Type: Bug > Components: Core >Affects Versions: 2.5.20 > Environment: Java 7.1 and JSP Websites >Reporter: Deniz Renkligül >Priority: Critical > Labels: build, features, patch, usability > Fix For: 2.5.21, 2.6 > > > After the update from Struts 2.5.18 to 2.5.20 it is not more possible to call > a java static variable in JSP like > {code:java} > > {code} > Please see for more details the release notes of 2.5.20 > [link > https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.5.20|https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.5.20] > and I tried without success the following description assigned above in the > release version notes 2.5.20 with : > {code:java} > > > {code} > https://issues.apache.org/jira/browse/WW-4984 > > Thanks in advance for your support. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (WW-5004) No more calling of a static variable in Struts 2.8.20 available
[ https://issues.apache.org/jira/browse/WW-5004?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16757373#comment-16757373 ] ASF GitHub Bot commented on WW-5004: aleksandr-m commented on pull request #320: Fix for access issue for 2.6 discovered in WW-5004: URL: https://github.com/apache/struts/pull/320 This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org > No more calling of a static variable in Struts 2.8.20 available > --- > > Key: WW-5004 > URL: https://issues.apache.org/jira/browse/WW-5004 > Project: Struts 2 > Issue Type: Bug > Components: Core >Affects Versions: 2.5.20 > Environment: Java 7.1 and JSP Websites >Reporter: Deniz Renkligül >Priority: Critical > Labels: build, features, patch, usability > Fix For: 2.5.21, 2.6 > > > After the update from Struts 2.5.18 to 2.5.20 it is not more possible to call > a java static variable in JSP like > {code:java} > > {code} > Please see for more details the release notes of 2.5.20 > [link > https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.5.20|https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.5.20] > and I tried without success the following description assigned above in the > release version notes 2.5.20 with : > {code:java} > > > {code} > https://issues.apache.org/jira/browse/WW-4984 > > Thanks in advance for your support. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Created] (WW-5012) Make a public state check the first acceptance check in SecurityMemberAccess
James Chaplin created WW-5012: - Summary: Make a public state check the first acceptance check in SecurityMemberAccess Key: WW-5012 URL: https://issues.apache.org/jira/browse/WW-5012 Project: Struts 2 Issue Type: Improvement Components: Core Affects Versions: 2.5.20 Environment: All environments. Reporter: James Chaplin Fix For: 2.5.21, 2.6 During discussion for WW-5004, a recommendation was made by two Apache Struts Team members to adjust the sequence of calls in the SecurityMemberAccess module. The recommendation was to make the member's public state check (e.g. checkPublicMemberAccess()) the absolute first check made during acceptance checks). This improvement would look at implementing this change for the access check ordering, and any minor enhancements that are applicable to the ordering change. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (WW-5004) No more calling of a static variable in Struts 2.8.20 available
[ https://issues.apache.org/jira/browse/WW-5004?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16757292#comment-16757292 ] ASF subversion and git services commented on WW-5004: - Commit 5524c579d29dbe91fe82428a74fb4cb1888330ba in struts's branch refs/heads/struts-2-5-x from JCgH4164838Gh792C124B5 [ https://gitbox.apache.org/repos/asf?p=struts.git;h=5524c57 ] Fix for NPE issue discovered in WW-5004. (#316) * Fix for NPE issue discovered in WW-5004. - Guard fix for a NPE that can arise under certain conditions, identified by A. Mashchenko. * Fix for NPE issue discovered in WW-5004 (amended commit). - Guard fix for a NPE that can arise under certain conditions, identified by A. Mashchenko. - Requires the following elements to implement a fuller fix: - Back-port relevant guard logic in ProxyUtil from master into 2.5.x to deal with the NPE. - Update SecurityMemberAccess to block access to static fields. - Upgrade to OGNL 3.1.22 (re-enables access to public static fields w/out access checks). - Add unit test to confirm proper functionality of the fix. - Correct missing entry in 4 test configuration XML files (needed for new unit test). - Replaced literal injection parameter name for setStaticFieldAccessLevel in OgnlValueStackFactory with the appropriate constant. Note: Even though a constant was defined in StrutsConstants, the value for the injection name in all places is the XWorkConstants. It has to remain the same to avoid breaking anything. > No more calling of a static variable in Struts 2.8.20 available > --- > > Key: WW-5004 > URL: https://issues.apache.org/jira/browse/WW-5004 > Project: Struts 2 > Issue Type: Bug > Components: Core >Affects Versions: 2.5.20 > Environment: Java 7.1 and JSP Websites >Reporter: Deniz Renkligül >Priority: Critical > Labels: build, features, patch, usability > Fix For: 2.5.21, 2.6 > > > After the update from Struts 2.5.18 to 2.5.20 it is not more possible to call > a java static variable in JSP like > {code:java} > > {code} > Please see for more details the release notes of 2.5.20 > [link > https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.5.20|https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.5.20] > and I tried without success the following description assigned above in the > release version notes 2.5.20 with : > {code:java} > > > {code} > https://issues.apache.org/jira/browse/WW-4984 > > Thanks in advance for your support. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (WW-5004) No more calling of a static variable in Struts 2.8.20 available
[ https://issues.apache.org/jira/browse/WW-5004?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16757291#comment-16757291 ] ASF subversion and git services commented on WW-5004: - Commit 5524c579d29dbe91fe82428a74fb4cb1888330ba in struts's branch refs/heads/struts-2-5-x from JCgH4164838Gh792C124B5 [ https://gitbox.apache.org/repos/asf?p=struts.git;h=5524c57 ] Fix for NPE issue discovered in WW-5004. (#316) * Fix for NPE issue discovered in WW-5004. - Guard fix for a NPE that can arise under certain conditions, identified by A. Mashchenko. * Fix for NPE issue discovered in WW-5004 (amended commit). - Guard fix for a NPE that can arise under certain conditions, identified by A. Mashchenko. - Requires the following elements to implement a fuller fix: - Back-port relevant guard logic in ProxyUtil from master into 2.5.x to deal with the NPE. - Update SecurityMemberAccess to block access to static fields. - Upgrade to OGNL 3.1.22 (re-enables access to public static fields w/out access checks). - Add unit test to confirm proper functionality of the fix. - Correct missing entry in 4 test configuration XML files (needed for new unit test). - Replaced literal injection parameter name for setStaticFieldAccessLevel in OgnlValueStackFactory with the appropriate constant. Note: Even though a constant was defined in StrutsConstants, the value for the injection name in all places is the XWorkConstants. It has to remain the same to avoid breaking anything. > No more calling of a static variable in Struts 2.8.20 available > --- > > Key: WW-5004 > URL: https://issues.apache.org/jira/browse/WW-5004 > Project: Struts 2 > Issue Type: Bug > Components: Core >Affects Versions: 2.5.20 > Environment: Java 7.1 and JSP Websites >Reporter: Deniz Renkligül >Priority: Critical > Labels: build, features, patch, usability > Fix For: 2.5.21, 2.6 > > > After the update from Struts 2.5.18 to 2.5.20 it is not more possible to call > a java static variable in JSP like > {code:java} > > {code} > Please see for more details the release notes of 2.5.20 > [link > https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.5.20|https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.5.20] > and I tried without success the following description assigned above in the > release version notes 2.5.20 with : > {code:java} > > > {code} > https://issues.apache.org/jira/browse/WW-4984 > > Thanks in advance for your support. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (WW-5004) No more calling of a static variable in Struts 2.8.20 available
[ https://issues.apache.org/jira/browse/WW-5004?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16757289#comment-16757289 ] ASF GitHub Bot commented on WW-5004: yasserzamani commented on pull request #316: Fix for NPE issue discovered in WW-5004. URL: https://github.com/apache/struts/pull/316 This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org > No more calling of a static variable in Struts 2.8.20 available > --- > > Key: WW-5004 > URL: https://issues.apache.org/jira/browse/WW-5004 > Project: Struts 2 > Issue Type: Bug > Components: Core >Affects Versions: 2.5.20 > Environment: Java 7.1 and JSP Websites >Reporter: Deniz Renkligül >Priority: Critical > Labels: build, features, patch, usability > Fix For: 2.5.21, 2.6 > > > After the update from Struts 2.5.18 to 2.5.20 it is not more possible to call > a java static variable in JSP like > {code:java} > > {code} > Please see for more details the release notes of 2.5.20 > [link > https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.5.20|https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.5.20] > and I tried without success the following description assigned above in the > release version notes 2.5.20 with : > {code:java} > > > {code} > https://issues.apache.org/jira/browse/WW-4984 > > Thanks in advance for your support. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (WW-5004) No more calling of a static variable in Struts 2.8.20 available
[ https://issues.apache.org/jira/browse/WW-5004?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16757290#comment-16757290 ] ASF subversion and git services commented on WW-5004: - Commit 5524c579d29dbe91fe82428a74fb4cb1888330ba in struts's branch refs/heads/struts-2-5-x from JCgH4164838Gh792C124B5 [ https://gitbox.apache.org/repos/asf?p=struts.git;h=5524c57 ] Fix for NPE issue discovered in WW-5004. (#316) * Fix for NPE issue discovered in WW-5004. - Guard fix for a NPE that can arise under certain conditions, identified by A. Mashchenko. * Fix for NPE issue discovered in WW-5004 (amended commit). - Guard fix for a NPE that can arise under certain conditions, identified by A. Mashchenko. - Requires the following elements to implement a fuller fix: - Back-port relevant guard logic in ProxyUtil from master into 2.5.x to deal with the NPE. - Update SecurityMemberAccess to block access to static fields. - Upgrade to OGNL 3.1.22 (re-enables access to public static fields w/out access checks). - Add unit test to confirm proper functionality of the fix. - Correct missing entry in 4 test configuration XML files (needed for new unit test). - Replaced literal injection parameter name for setStaticFieldAccessLevel in OgnlValueStackFactory with the appropriate constant. Note: Even though a constant was defined in StrutsConstants, the value for the injection name in all places is the XWorkConstants. It has to remain the same to avoid breaking anything. > No more calling of a static variable in Struts 2.8.20 available > --- > > Key: WW-5004 > URL: https://issues.apache.org/jira/browse/WW-5004 > Project: Struts 2 > Issue Type: Bug > Components: Core >Affects Versions: 2.5.20 > Environment: Java 7.1 and JSP Websites >Reporter: Deniz Renkligül >Priority: Critical > Labels: build, features, patch, usability > Fix For: 2.5.21, 2.6 > > > After the update from Struts 2.5.18 to 2.5.20 it is not more possible to call > a java static variable in JSP like > {code:java} > > {code} > Please see for more details the release notes of 2.5.20 > [link > https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.5.20|https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.5.20] > and I tried without success the following description assigned above in the > release version notes 2.5.20 with : > {code:java} > > > {code} > https://issues.apache.org/jira/browse/WW-4984 > > Thanks in advance for your support. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Assigned] (WW-5009) EmptyStackException in JSON plugin due to concurrency
[ https://issues.apache.org/jira/browse/WW-5009?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Yasser Zamani reassigned WW-5009: - Assignee: Yasser Zamani > EmptyStackException in JSON plugin due to concurrency > - > > Key: WW-5009 > URL: https://issues.apache.org/jira/browse/WW-5009 > Project: Struts 2 > Issue Type: Bug > Components: Plugin - JSON >Affects Versions: 2.5.20 > Environment: JDK 1.8_0_191 > Tomcat 9.0.12 >Reporter: Eduardo Quintanilla >Assignee: Yasser Zamani >Priority: Critical > Labels: json, json-rpc > Fix For: 2.5.21, 2.6 > > Attachments: logs.txt, struts-json-example-master.zip > > > EmptyStackException in JSON plugin due to concurrency > Note: The issue was found in an app that was upgraded from version 2.3.34 > Logs: [^logs.txt] > I created a sample application that should help reproducing the error. > [^struts-json-example-master.zip] > The error happened opening the app (localhost/struts-json-example) in 4 > different browsers / sessions. > As a workaround I have overridden the JSONInterceptor so a new instance of > JSONUtil is used with every request and the issue is not happening anymore. I > suppose there is a performance cost with that change but for now it works. > -- This message was sent by Atlassian JIRA (v7.6.3#76005)