[jira] [Commented] (WW-5247) Related to: [WW-5117] - %{id} evaluates different for data-* and value attribute

[Lukasz Lenart (Jira)]

[ 
https://issues.apache.org/jira/browse/WW-5247?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17620777#comment-17620777
 ] 

Lukasz Lenart commented on WW-5247:
---

Isn't this related to JQuery plugin?

> Related to: [WW-5117] - %{id} evaluates different for data-* and value 
> attribute
> 
>
> Key: WW-5247
> URL: https://issues.apache.org/jira/browse/WW-5247
> Project: Struts 2
>  Issue Type: Bug
>Affects Versions: 2.5.30
>Reporter: Javier
>Priority: Major
> Fix For: 6.1.0
>
>
> I upgraded from 2.5.20 to 2.5.30 and the following stopped working:
>  id="currentObj" name="${roleEntry.value}" >
>                 
>                  property="name"    />
>                  style="width:1%">
>                      theme="simple" action="getRoleAuthRolesPerms" >    
>                          value="%\{#attr.currentObj.roleid}" />
>                          indicator="roleIndicator"  cssClass="tooltipBorderless"  title="View Role" 
> type="image" src="../img/view.gif"  />
>                         
>                     
>                 
> 
> Generates:
>  action="/apps/epar/getRoleAuthRolesPerms.action" method="post" 
> class="formstyle">    
>                          value="159" id="getRole159_authorityRole_roleid">
>                          id="submit_213350257" value="Submit" class="tooltipBorderless" title="View 
> Role">
> 
> jQuery(document).ready(function () { 
>     var options_submit_213350257 = {};
>     options_submit_213350257.jqueryaction = "button";
>     options_submit_213350257.id = "submit_213350257";
>     options_submit_213350257.targets = "roleAjaxDiv";
>     options_submit_213350257.href = "#";
>     options_submit_213350257.formids = "getRole%\{#attr.currentObj.roleid}";
>     options_submit_213350257.indicatorid = "roleIndicator";
>     options_submit_213350257.effect = "highlight";
>     options_submit_213350257.effectoptions = {};
> jQuery.struts2_jquery.bind(jQuery('#submit_213350257'),options_submit_213350257);
>  });  
> 
>  
> The JS that it generates does NOT translate: 
> options_submit_213350257.formids = "getRole%\{#attr.currentObj.roleid}";
> This works with 2.5.20 but does NOT work with 2.5.29, 2.5.30. 
> Works with 6.0.3, but not ready to upgrade to it, seems very unstable.
> I believe this is related to: 
>  * [WW-5117] - %\{id} evaluates different for data-* and value attribute
>  
>  
>                 



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (WW-5247) Related to: [WW-5117] - %{id} evaluates different for data-* and value attribute

[Lukasz Lenart (Jira)]

 [ 
https://issues.apache.org/jira/browse/WW-5247?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Lukasz Lenart updated WW-5247:
--
Fix Version/s: 6.1.0

> Related to: [WW-5117] - %{id} evaluates different for data-* and value 
> attribute
> 
>
> Key: WW-5247
> URL: https://issues.apache.org/jira/browse/WW-5247
> Project: Struts 2
>  Issue Type: Bug
>Affects Versions: 2.5.30
>Reporter: Javier
>Priority: Major
> Fix For: 6.1.0
>
>
> I upgraded from 2.5.20 to 2.5.30 and the following stopped working:
>  id="currentObj" name="${roleEntry.value}" >
>                 
>                  property="name"    />
>                  style="width:1%">
>                      theme="simple" action="getRoleAuthRolesPerms" >    
>                          value="%\{#attr.currentObj.roleid}" />
>                          indicator="roleIndicator"  cssClass="tooltipBorderless"  title="View Role" 
> type="image" src="../img/view.gif"  />
>                         
>                     
>                 
> 
> Generates:
>  action="/apps/epar/getRoleAuthRolesPerms.action" method="post" 
> class="formstyle">    
>                          value="159" id="getRole159_authorityRole_roleid">
>                          id="submit_213350257" value="Submit" class="tooltipBorderless" title="View 
> Role">
> 
> jQuery(document).ready(function () { 
>     var options_submit_213350257 = {};
>     options_submit_213350257.jqueryaction = "button";
>     options_submit_213350257.id = "submit_213350257";
>     options_submit_213350257.targets = "roleAjaxDiv";
>     options_submit_213350257.href = "#";
>     options_submit_213350257.formids = "getRole%\{#attr.currentObj.roleid}";
>     options_submit_213350257.indicatorid = "roleIndicator";
>     options_submit_213350257.effect = "highlight";
>     options_submit_213350257.effectoptions = {};
> jQuery.struts2_jquery.bind(jQuery('#submit_213350257'),options_submit_213350257);
>  });  
> 
>  
> The JS that it generates does NOT translate: 
> options_submit_213350257.formids = "getRole%\{#attr.currentObj.roleid}";
> This works with 2.5.20 but does NOT work with 2.5.29, 2.5.30. 
> Works with 6.0.3, but not ready to upgrade to it, seems very unstable.
> I believe this is related to: 
>  * [WW-5117] - %\{id} evaluates different for data-* and value attribute
>  
>  
>                 



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Closed] (WW-5246) commons-text CVE issue

[Lukasz Lenart (Jira)]

 [ 
https://issues.apache.org/jira/browse/WW-5246?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Lukasz Lenart closed WW-5246.
-
Resolution: Fixed

Already addressed in WW-5244

> commons-text CVE issue
> --
>
> Key: WW-5246
> URL: https://issues.apache.org/jira/browse/WW-5246
> Project: Struts 2
>  Issue Type: Improvement
>Affects Versions: 6.0.0, 6.0.3
>Reporter: Daniel Wu
>Priority: Critical
>
> As you may already aware of the [NVD - CVE-2022-42889 (nist.gov) 
> {color:#172b4d}+issue+{color}|https://nvd.nist.gov/vuln/detail/CVE-2022-42889],
>  which impacts Apache Commons Text library (versions up to and including 1.9 
> are impacted). I am reaching out to your team to try to get an update on this 
> issue. Could you let me know the estimated timeline for addressing this 
> issue? It will be great if the upcoming release could include the fix. 
>  



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (WW-5246) commons-text CVE issue

[Daniel Wu (Jira)]

 [ 
https://issues.apache.org/jira/browse/WW-5246?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Daniel Wu updated WW-5246:
--
Issue Type: Improvement  (was: Dependency)

> commons-text CVE issue
> --
>
> Key: WW-5246
> URL: https://issues.apache.org/jira/browse/WW-5246
> Project: Struts 2
>  Issue Type: Improvement
>Affects Versions: 6.0.0, 6.0.3
>Reporter: Daniel Wu
>Priority: Critical
>
> As you may already aware of the [NVD - CVE-2022-42889 (nist.gov) 
> {color:#172b4d}+issue+{color}|https://nvd.nist.gov/vuln/detail/CVE-2022-42889],
>  which impacts Apache Commons Text library (versions up to and including 1.9 
> are impacted). I am reaching out to your team to try to get an update on this 
> issue. Could you let me know the estimated timeline for addressing this 
> issue? It will be great if the upcoming release could include the fix. 
>  



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Created] (WW-5247) Related to: [WW-5117] - %{id} evaluates different for data-* and value attribute

[Javier (Jira)]

Javier created WW-5247:
--

 Summary: Related to: [WW-5117] - %{id} evaluates different for 
data-* and value attribute
 Key: WW-5247
 URL: https://issues.apache.org/jira/browse/WW-5247
 Project: Struts 2
  Issue Type: Bug
Affects Versions: 2.5.30
Reporter: Javier


I upgraded from 2.5.20 to 2.5.30 and the following stopped working:


                
                
                
                        
                        

                        
                        
                    
                



Generates:

    
                        

                        

jQuery(document).ready(function () { 
    var options_submit_213350257 = {};
    options_submit_213350257.jqueryaction = "button";
    options_submit_213350257.id = "submit_213350257";
    options_submit_213350257.targets = "roleAjaxDiv";
    options_submit_213350257.href = "#";
    options_submit_213350257.formids = "getRole%\{#attr.currentObj.roleid}";
    options_submit_213350257.indicatorid = "roleIndicator";
    options_submit_213350257.effect = "highlight";
    options_submit_213350257.effectoptions = {};

jQuery.struts2_jquery.bind(jQuery('#submit_213350257'),options_submit_213350257);

 });  


 

The JS that it generates does NOT translate: 
options_submit_213350257.formids = "getRole%\{#attr.currentObj.roleid}";

This works with 2.5.20 but does NOT work with 2.5.29, 2.5.30. 
Works with 6.0.3, but not ready to upgrade to it, seems very unstable.

I believe this is related to: 
 * [WW-5117] - %\{id} evaluates different for data-* and value attribute

 

 


                



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Created] (WW-5246) commons-text CVE issue

[Daniel Wu (Jira)]

Daniel Wu created WW-5246:
-

 Summary: commons-text CVE issue
 Key: WW-5246
 URL: https://issues.apache.org/jira/browse/WW-5246
 Project: Struts 2
  Issue Type: Dependency
Affects Versions: 6.0.3, 6.0.0
Reporter: Daniel Wu


As you may already aware of the [NVD - CVE-2022-42889 (nist.gov) 
{color:#172b4d}+issue+{color}|https://nvd.nist.gov/vuln/detail/CVE-2022-42889], 
which impacts Apache Commons Text library (versions up to and including 1.9 are 
impacted). I am reaching out to your team to try to get an update on this 
issue. Could you let me know the estimated timeline for addressing this issue? 
It will be great if the upcoming release could include the fix. 

 



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Work logged] (WW-3737) Parsing of excludePattern breaks regex

[ASF GitHub Bot (Jira)]

 [ 
https://issues.apache.org/jira/browse/WW-3737?focusedWorklogId=818446&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-818446
 ]

ASF GitHub Bot logged work on WW-3737:
--

Author: ASF GitHub Bot
Created on: 19/Oct/22 12:07
Start Date: 19/Oct/22 12:07
Worklog Time Spent: 10m 
  Work Description: sonarcloud[bot] commented on PR #621:
URL: https://github.com/apache/struts/pull/621#issuecomment-1283906441

   Kudos, SonarCloud Quality Gate passed!    [![Quality Gate 
passed](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/QualityGateBadge/passed-16px.png
 'Quality Gate 
passed')](https://sonarcloud.io/dashboard?id=apache_struts&pullRequest=621)
   
   
[![Bug](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/bug-16px.png
 
'Bug')](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=621&resolved=false&types=BUG)
 
[![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png
 
'A')](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=621&resolved=false&types=BUG)
 [0 
Bugs](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=621&resolved=false&types=BUG)
  
   
[![Vulnerability](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/vulnerability-16px.png
 
'Vulnerability')](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=621&resolved=false&types=VULNERABILITY)
 
[![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png
 
'A')](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=621&resolved=false&types=VULNERABILITY)
 [0 
Vulnerabilities](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=621&resolved=false&types=VULNERABILITY)
  
   [![Security 
Hotspot](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/security_hotspot-16px.png
 'Security 
Hotspot')](https://sonarcloud.io/project/security_hotspots?id=apache_struts&pullRequest=621&resolved=false&types=SECURITY_HOTSPOT)
 
[![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png
 
'A')](https://sonarcloud.io/project/security_hotspots?id=apache_struts&pullRequest=621&resolved=false&types=SECURITY_HOTSPOT)
 [0 Security 
Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_struts&pullRequest=621&resolved=false&types=SECURITY_HOTSPOT)
  
   [![Code 
Smell](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/code_smell-16px.png
 'Code 
Smell')](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=621&resolved=false&types=CODE_SMELL)
 
[![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png
 
'A')](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=621&resolved=false&types=CODE_SMELL)
 [3 Code 
Smells](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=621&resolved=false&types=CODE_SMELL)
   
   
[![100.0%](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/CoverageChart/100-16px.png
 
'100.0%')](https://sonarcloud.io/component_measures?id=apache_struts&pullRequest=621&metric=new_coverage&view=list)
 [100.0% 
Coverage](https://sonarcloud.io/component_measures?id=apache_struts&pullRequest=621&metric=new_coverage&view=list)
  
   
[![0.0%](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/Duplications/3-16px.png
 
'0.0%')](https://sonarcloud.io/component_measures?id=apache_struts&pullRequest=621&metric=new_duplicated_lines_density&view=list)
 [0.0% 
Duplication](https://sonarcloud.io/component_measures?id=apache_struts&pullRequest=621&metric=new_duplicated_lines_density&view=list)
   
   




Issue Time Tracking
---

Worklog Id: (was: 818446)
Time Spent: 20m  (was: 10m)

> Parsing of excludePattern breaks regex 
> ---
>
> Key: WW-3737
> URL: https://issues.apache.org/jira/browse/WW-3737
> Project: Struts 2
>  Issue Type: Bug
>  Components: Dispatch Filter
>Reporter: Erlend Oftedal
>Priority: Major
> Fix For: 6.1.0
>
>  Time Spent: 20m
>  Remaining Estimate: 0h
>
> See {{buildExcludedPatternsList()}} in 
> [http://svn.apache.org/repos/asf/struts/struts2/trunk/core/src/main/java/org/apache/struts2/dispatcher/ng/InitOperations.java]
> It simply splits on commas, making it impossible to write regex like 
> {{"/products/[0-9]\{1,10}.json"}} as this will be split in two.
> Please supply a way to escape commas by sticking a \ in front or something 
> like that.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[GitHub] [struts] sonarcloud[bot] commented on pull request #621: [WW-3737] Allows to define a custom separator used to split patterns

[GitBox]

sonarcloud[bot] commented on PR #621:
URL: https://github.com/apache/struts/pull/621#issuecomment-1283906441

   Kudos, SonarCloud Quality Gate passed!    [![Quality Gate 
passed](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/QualityGateBadge/passed-16px.png
 'Quality Gate 
passed')](https://sonarcloud.io/dashboard?id=apache_struts&pullRequest=621)
   
   
[![Bug](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/bug-16px.png
 
'Bug')](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=621&resolved=false&types=BUG)
 
[![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png
 
'A')](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=621&resolved=false&types=BUG)
 [0 
Bugs](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=621&resolved=false&types=BUG)
  
   
[![Vulnerability](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/vulnerability-16px.png
 
'Vulnerability')](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=621&resolved=false&types=VULNERABILITY)
 
[![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png
 
'A')](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=621&resolved=false&types=VULNERABILITY)
 [0 
Vulnerabilities](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=621&resolved=false&types=VULNERABILITY)
  
   [![Security 
Hotspot](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/security_hotspot-16px.png
 'Security 
Hotspot')](https://sonarcloud.io/project/security_hotspots?id=apache_struts&pullRequest=621&resolved=false&types=SECURITY_HOTSPOT)
 
[![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png
 
'A')](https://sonarcloud.io/project/security_hotspots?id=apache_struts&pullRequest=621&resolved=false&types=SECURITY_HOTSPOT)
 [0 Security 
Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_struts&pullRequest=621&resolved=false&types=SECURITY_HOTSPOT)
  
   [![Code 
Smell](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/code_smell-16px.png
 'Code 
Smell')](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=621&resolved=false&types=CODE_SMELL)
 
[![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png
 
'A')](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=621&resolved=false&types=CODE_SMELL)
 [3 Code 
Smells](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=621&resolved=false&types=CODE_SMELL)
   
   
[![100.0%](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/CoverageChart/100-16px.png
 
'100.0%')](https://sonarcloud.io/component_measures?id=apache_struts&pullRequest=621&metric=new_coverage&view=list)
 [100.0% 
Coverage](https://sonarcloud.io/component_measures?id=apache_struts&pullRequest=621&metric=new_coverage&view=list)
  
   
[![0.0%](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/Duplications/3-16px.png
 
'0.0%')](https://sonarcloud.io/component_measures?id=apache_struts&pullRequest=621&metric=new_duplicated_lines_density&view=list)
 [0.0% 
Duplication](https://sonarcloud.io/component_measures?id=apache_struts&pullRequest=621&metric=new_duplicated_lines_density&view=list)
   
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@struts.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[jira] [Commented] (WW-3737) Parsing of excludePattern breaks regex

[Lukasz Lenart (Jira)]

[ 
https://issues.apache.org/jira/browse/WW-3737?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17620290#comment-17620290
 ] 

Lukasz Lenart commented on WW-3737:
---

I added a new constant {{struts.action.excludePattern.separator}} to define a 
custom separator used to split patterns, which should solve the problem. By 
default {{,}} is used.

> Parsing of excludePattern breaks regex 
> ---
>
> Key: WW-3737
> URL: https://issues.apache.org/jira/browse/WW-3737
> Project: Struts 2
>  Issue Type: Bug
>  Components: Dispatch Filter
>Reporter: Erlend Oftedal
>Priority: Major
> Fix For: 6.1.0
>
>  Time Spent: 10m
>  Remaining Estimate: 0h
>
> See {{buildExcludedPatternsList()}} in 
> [http://svn.apache.org/repos/asf/struts/struts2/trunk/core/src/main/java/org/apache/struts2/dispatcher/ng/InitOperations.java]
> It simply splits on commas, making it impossible to write regex like 
> {{"/products/[0-9]\{1,10}.json"}} as this will be split in two.
> Please supply a way to escape commas by sticking a \ in front or something 
> like that.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Work logged] (WW-3737) Parsing of excludePattern breaks regex

[ASF GitHub Bot (Jira)]

 [ 
https://issues.apache.org/jira/browse/WW-3737?focusedWorklogId=818442&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-818442
 ]

ASF GitHub Bot logged work on WW-3737:
--

Author: ASF GitHub Bot
Created on: 19/Oct/22 11:58
Start Date: 19/Oct/22 11:58
Worklog Time Spent: 10m 
  Work Description: lukaszlenart opened a new pull request, #621:
URL: https://github.com/apache/struts/pull/621

   Closes [WW-3737](https://issues.apache.org/jira/browse/WW-3737)




Issue Time Tracking
---

Worklog Id: (was: 818442)
Remaining Estimate: 0h
Time Spent: 10m

> Parsing of excludePattern breaks regex 
> ---
>
> Key: WW-3737
> URL: https://issues.apache.org/jira/browse/WW-3737
> Project: Struts 2
>  Issue Type: Bug
>  Components: Dispatch Filter
>Reporter: Erlend Oftedal
>Priority: Major
> Fix For: 6.1.0
>
>  Time Spent: 10m
>  Remaining Estimate: 0h
>
> See {{buildExcludedPatternsList()}} in 
> [http://svn.apache.org/repos/asf/struts/struts2/trunk/core/src/main/java/org/apache/struts2/dispatcher/ng/InitOperations.java]
> It simply splits on commas, making it impossible to write regex like 
> {{"/products/[0-9]\{1,10}.json"}} as this will be split in two.
> Please supply a way to escape commas by sticking a \ in front or something 
> like that.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (WW-3737) Parsing of excludePattern breaks regex

[ASF subversion and git services (Jira)]

[ 
https://issues.apache.org/jira/browse/WW-3737?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17620288#comment-17620288
 ] 

ASF subversion and git services commented on WW-3737:
-

Commit c41f05fe68c4f89ba5042747a43bb74e108ce550 in struts's branch 
refs/heads/WW-3737-custom-separator from Lukasz Lenart
[ https://gitbox.apache.org/repos/asf?p=struts.git;h=c41f05fe6 ]

WW-3737 Allows to define a custom separator used to split patterns


> Parsing of excludePattern breaks regex 
> ---
>
> Key: WW-3737
> URL: https://issues.apache.org/jira/browse/WW-3737
> Project: Struts 2
>  Issue Type: Bug
>  Components: Dispatch Filter
>Reporter: Erlend Oftedal
>Priority: Major
> Fix For: 6.1.0
>
>
> See {{buildExcludedPatternsList()}} in 
> [http://svn.apache.org/repos/asf/struts/struts2/trunk/core/src/main/java/org/apache/struts2/dispatcher/ng/InitOperations.java]
> It simply splits on commas, making it impossible to write regex like 
> {{"/products/[0-9]\{1,10}.json"}} as this will be split in two.
> Please supply a way to escape commas by sticking a \ in front or something 
> like that.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[GitHub] [struts] sonarcloud[bot] commented on pull request #620: [WW-3529] Fixes using RegEx related characters in named pattern

[GitBox]

sonarcloud[bot] commented on PR #620:
URL: https://github.com/apache/struts/pull/620#issuecomment-1283783418

   Kudos, SonarCloud Quality Gate passed!    [![Quality Gate 
passed](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/QualityGateBadge/passed-16px.png
 'Quality Gate 
passed')](https://sonarcloud.io/dashboard?id=apache_struts&pullRequest=620)
   
   
[![Bug](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/bug-16px.png
 
'Bug')](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=620&resolved=false&types=BUG)
 
[![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png
 
'A')](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=620&resolved=false&types=BUG)
 [0 
Bugs](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=620&resolved=false&types=BUG)
  
   
[![Vulnerability](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/vulnerability-16px.png
 
'Vulnerability')](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=620&resolved=false&types=VULNERABILITY)
 
[![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png
 
'A')](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=620&resolved=false&types=VULNERABILITY)
 [0 
Vulnerabilities](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=620&resolved=false&types=VULNERABILITY)
  
   [![Security 
Hotspot](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/security_hotspot-16px.png
 'Security 
Hotspot')](https://sonarcloud.io/project/security_hotspots?id=apache_struts&pullRequest=620&resolved=false&types=SECURITY_HOTSPOT)
 
[![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png
 
'A')](https://sonarcloud.io/project/security_hotspots?id=apache_struts&pullRequest=620&resolved=false&types=SECURITY_HOTSPOT)
 [0 Security 
Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_struts&pullRequest=620&resolved=false&types=SECURITY_HOTSPOT)
  
   [![Code 
Smell](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/code_smell-16px.png
 'Code 
Smell')](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=620&resolved=false&types=CODE_SMELL)
 
[![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png
 
'A')](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=620&resolved=false&types=CODE_SMELL)
 [1 Code 
Smell](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=620&resolved=false&types=CODE_SMELL)
   
   
[![94.9%](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/CoverageChart/90-16px.png
 
'94.9%')](https://sonarcloud.io/component_measures?id=apache_struts&pullRequest=620&metric=new_coverage&view=list)
 [94.9% 
Coverage](https://sonarcloud.io/component_measures?id=apache_struts&pullRequest=620&metric=new_coverage&view=list)
  
   
[![0.0%](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/Duplications/3-16px.png
 
'0.0%')](https://sonarcloud.io/component_measures?id=apache_struts&pullRequest=620&metric=new_duplicated_lines_density&view=list)
 [0.0% 
Duplication](https://sonarcloud.io/component_measures?id=apache_struts&pullRequest=620&metric=new_duplicated_lines_density&view=list)
   
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@struts.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[jira] [Work logged] (WW-3529) NamedVariablePatternMatcher does not properly escape characters

[ASF GitHub Bot (Jira)]

 [ 
https://issues.apache.org/jira/browse/WW-3529?focusedWorklogId=818416&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-818416
 ]

ASF GitHub Bot logged work on WW-3529:
--

Author: ASF GitHub Bot
Created on: 19/Oct/22 10:29
Start Date: 19/Oct/22 10:29
Worklog Time Spent: 10m 
  Work Description: sonarcloud[bot] commented on PR #620:
URL: https://github.com/apache/struts/pull/620#issuecomment-1283783418

   Kudos, SonarCloud Quality Gate passed!    [![Quality Gate 
passed](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/QualityGateBadge/passed-16px.png
 'Quality Gate 
passed')](https://sonarcloud.io/dashboard?id=apache_struts&pullRequest=620)
   
   
[![Bug](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/bug-16px.png
 
'Bug')](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=620&resolved=false&types=BUG)
 
[![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png
 
'A')](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=620&resolved=false&types=BUG)
 [0 
Bugs](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=620&resolved=false&types=BUG)
  
   
[![Vulnerability](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/vulnerability-16px.png
 
'Vulnerability')](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=620&resolved=false&types=VULNERABILITY)
 
[![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png
 
'A')](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=620&resolved=false&types=VULNERABILITY)
 [0 
Vulnerabilities](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=620&resolved=false&types=VULNERABILITY)
  
   [![Security 
Hotspot](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/security_hotspot-16px.png
 'Security 
Hotspot')](https://sonarcloud.io/project/security_hotspots?id=apache_struts&pullRequest=620&resolved=false&types=SECURITY_HOTSPOT)
 
[![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png
 
'A')](https://sonarcloud.io/project/security_hotspots?id=apache_struts&pullRequest=620&resolved=false&types=SECURITY_HOTSPOT)
 [0 Security 
Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_struts&pullRequest=620&resolved=false&types=SECURITY_HOTSPOT)
  
   [![Code 
Smell](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/code_smell-16px.png
 'Code 
Smell')](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=620&resolved=false&types=CODE_SMELL)
 
[![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png
 
'A')](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=620&resolved=false&types=CODE_SMELL)
 [1 Code 
Smell](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=620&resolved=false&types=CODE_SMELL)
   
   
[![94.9%](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/CoverageChart/90-16px.png
 
'94.9%')](https://sonarcloud.io/component_measures?id=apache_struts&pullRequest=620&metric=new_coverage&view=list)
 [94.9% 
Coverage](https://sonarcloud.io/component_measures?id=apache_struts&pullRequest=620&metric=new_coverage&view=list)
  
   
[![0.0%](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/Duplications/3-16px.png
 
'0.0%')](https://sonarcloud.io/component_measures?id=apache_struts&pullRequest=620&metric=new_duplicated_lines_density&view=list)
 [0.0% 
Duplication](https://sonarcloud.io/component_measures?id=apache_struts&pullRequest=620&metric=new_duplicated_lines_density&view=list)
   
   




Issue Time Tracking
---

Worklog Id: (was: 818416)
Time Spent: 20m  (was: 10m)

> NamedVariablePatternMatcher does not properly escape characters
> ---
>
> Key: WW-3529
> URL: https://issues.apache.org/jira/browse/WW-3529
> Project: Struts 2
>  Issue Type: Bug
>  Components: Other
>Affects Versions: 2.2.1
>Reporter: Richard Vermillion
>Priority: Major
> Fix For: 6.1.0
>
> Attachments: NamedVariablePatternMatcher.patch
>
>  Time Spent: 20m
>  Remaining Estimate: 0h
>
> The {{com.opensymphony.xwork2.util.NamedVariablePatternMatcher}} class has a 
> bug in the {{compilePattern(String)}} method. The purpose of the method is to 
> compile patterns such as {{"action/\{foo}"}} to a regular expression Pattern 
> and extract the variable names that match each group in the regex. In the 
> example given and the 2.2.1 code base, the pattern will be compiled as 
> {{{}"action/([^/]+)"{

[jira] [Work logged] (WW-3529) NamedVariablePatternMatcher does not properly escape characters

[ASF GitHub Bot (Jira)]

 [ 
https://issues.apache.org/jira/browse/WW-3529?focusedWorklogId=818414&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-818414
 ]

ASF GitHub Bot logged work on WW-3529:
--

Author: ASF GitHub Bot
Created on: 19/Oct/22 10:23
Start Date: 19/Oct/22 10:23
Worklog Time Spent: 10m 
  Work Description: lukaszlenart opened a new pull request, #620:
URL: https://github.com/apache/struts/pull/620

   Fixes [WW-3529](https://issues.apache.org/jira/browse/WW-3529)




Issue Time Tracking
---

Worklog Id: (was: 818414)
Remaining Estimate: 0h
Time Spent: 10m

> NamedVariablePatternMatcher does not properly escape characters
> ---
>
> Key: WW-3529
> URL: https://issues.apache.org/jira/browse/WW-3529
> Project: Struts 2
>  Issue Type: Bug
>  Components: Other
>Affects Versions: 2.2.1
>Reporter: Richard Vermillion
>Priority: Major
> Fix For: 6.1.0
>
> Attachments: NamedVariablePatternMatcher.patch
>
>  Time Spent: 10m
>  Remaining Estimate: 0h
>
> The {{com.opensymphony.xwork2.util.NamedVariablePatternMatcher}} class has a 
> bug in the {{compilePattern(String)}} method. The purpose of the method is to 
> compile patterns such as {{"action/\{foo}"}} to a regular expression Pattern 
> and extract the variable names that match each group in the regex. In the 
> example given and the 2.2.1 code base, the pattern will be compiled as 
> {{{}"action/([^/]+)"{}}}. However, if the pattern includes characters that 
> have special meaning to Java's regular expression engine, they are currently 
> not being escaped.
> For example, the pattern {{"action.\{format}"}} is being compiled to 
> {{"action.([^/]{+})"{+}}} which correctly matches {{"action.html"}} but also 
> {{"actionK.html"}} or any other character because the {{'.'}} is not escaped. 
> The bug really bites when a pattern like {{"\{name}.\{format}"}} is used. 
> This will be compiled to {{"([^/]).([^/]+)"}} which will match 
> {{"cars.html"}} but not the way you expect. Because of greediness, it will 
> set {{name = "cars.ht"}} and {{{}format = "l"{}}}.
> I will submit a patch to fix this behavior on the next screen.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (WW-3529) NamedVariablePatternMatcher does not properly escape characters

[ASF subversion and git services (Jira)]

[ 
https://issues.apache.org/jira/browse/WW-3529?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17620181#comment-17620181
 ] 

ASF subversion and git services commented on WW-3529:
-

Commit 993c4c4cab21ace8970d094da03291b21547ab83 in struts's branch 
refs/heads/WW-3529-named-pattern from Lukasz Lenart
[ https://gitbox.apache.org/repos/asf?p=struts.git;h=993c4c4ca ]

WW-3529 Fixes using RegEx related characters in named pattern


> NamedVariablePatternMatcher does not properly escape characters
> ---
>
> Key: WW-3529
> URL: https://issues.apache.org/jira/browse/WW-3529
> Project: Struts 2
>  Issue Type: Bug
>  Components: Other
>Affects Versions: 2.2.1
>Reporter: Richard Vermillion
>Priority: Major
> Fix For: 6.1.0
>
> Attachments: NamedVariablePatternMatcher.patch
>
>
> The {{com.opensymphony.xwork2.util.NamedVariablePatternMatcher}} class has a 
> bug in the {{compilePattern(String)}} method. The purpose of the method is to 
> compile patterns such as {{"action/\{foo}"}} to a regular expression Pattern 
> and extract the variable names that match each group in the regex. In the 
> example given and the 2.2.1 code base, the pattern will be compiled as 
> {{{}"action/([^/]+)"{}}}. However, if the pattern includes characters that 
> have special meaning to Java's regular expression engine, they are currently 
> not being escaped.
> For example, the pattern {{"action.\{format}"}} is being compiled to 
> {{"action.([^/]{+})"{+}}} which correctly matches {{"action.html"}} but also 
> {{"actionK.html"}} or any other character because the {{'.'}} is not escaped. 
> The bug really bites when a pattern like {{"\{name}.\{format}"}} is used. 
> This will be compiled to {{"([^/]).([^/]+)"}} which will match 
> {{"cars.html"}} but not the way you expect. Because of greediness, it will 
> set {{name = "cars.ht"}} and {{{}format = "l"{}}}.
> I will submit a patch to fix this behavior on the next screen.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (WW-3737) Parsing of excludePattern breaks regex

[Lukasz Lenart (Jira)]

 [ 
https://issues.apache.org/jira/browse/WW-3737?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Lukasz Lenart updated WW-3737:
--
Description: 
See {{buildExcludedPatternsList()}} in 
[http://svn.apache.org/repos/asf/struts/struts2/trunk/core/src/main/java/org/apache/struts2/dispatcher/ng/InitOperations.java]

It simply splits on commas, making it impossible to write regex like 
{{"/products/[0-9]\{1,10}.json"}} as this will be split in two.

Please supply a way to escape commas by sticking a \ in front or something like 
that.

  was:
See {{buildExcludedPatternsList()}} in 
[http://svn.apache.org/repos/asf/struts/struts2/trunk/core/src/main/java/org/apache/struts2/dispatcher/ng/InitOperations.java]

It simply splits on commas, making it impossible to write regex like 
{{"/products/[0-9]{1,10}.json"}} as this will be split in two.

Please supply a way to escape commas by sticking a \ in front or something like 
that.


> Parsing of excludePattern breaks regex 
> ---
>
> Key: WW-3737
> URL: https://issues.apache.org/jira/browse/WW-3737
> Project: Struts 2
>  Issue Type: Bug
>  Components: Dispatch Filter
>Reporter: Erlend Oftedal
>Priority: Major
> Fix For: 6.1.0
>
>
> See {{buildExcludedPatternsList()}} in 
> [http://svn.apache.org/repos/asf/struts/struts2/trunk/core/src/main/java/org/apache/struts2/dispatcher/ng/InitOperations.java]
> It simply splits on commas, making it impossible to write regex like 
> {{"/products/[0-9]\{1,10}.json"}} as this will be split in two.
> Please supply a way to escape commas by sticking a \ in front or something 
> like that.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (WW-3737) Parsing of excludePattern breaks regex

[Lukasz Lenart (Jira)]

 [ 
https://issues.apache.org/jira/browse/WW-3737?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Lukasz Lenart updated WW-3737:
--
Description: 
See {{buildExcludedPatternsList()}} in 
[http://svn.apache.org/repos/asf/struts/struts2/trunk/core/src/main/java/org/apache/struts2/dispatcher/ng/InitOperations.java]

It simply splits on commas, making it impossible to write regex like 
{{"/products/[0-9]{1,10}.json"}} as this will be split in two.

Please supply a way to escape commas by sticking a \ in front or something like 
that.

  was:
See buildExcludedPatternsList() in 
http://svn.apache.org/repos/asf/struts/struts2/trunk/core/src/main/java/org/apache/struts2/dispatcher/ng/InitOperations.java

It simply splits on commas, making it impossible to write regex like 
/products/[0-9]{1,10}.json as this will be split in two.

Please supply a way to escape commas by sticking a \ in front or something like 
that.


> Parsing of excludePattern breaks regex 
> ---
>
> Key: WW-3737
> URL: https://issues.apache.org/jira/browse/WW-3737
> Project: Struts 2
>  Issue Type: Bug
>  Components: Dispatch Filter
>Reporter: Erlend Oftedal
>Priority: Major
> Fix For: 6.1.0
>
>
> See {{buildExcludedPatternsList()}} in 
> [http://svn.apache.org/repos/asf/struts/struts2/trunk/core/src/main/java/org/apache/struts2/dispatcher/ng/InitOperations.java]
> It simply splits on commas, making it impossible to write regex like 
> {{"/products/[0-9]{1,10}.json"}} as this will be split in two.
> Please supply a way to escape commas by sticking a \ in front or something 
> like that.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (WW-3529) NamedVariablePatternMatcher does not properly escape characters

[Lukasz Lenart (Jira)]

 [ 
https://issues.apache.org/jira/browse/WW-3529?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Lukasz Lenart updated WW-3529:
--
Description: 
The {{com.opensymphony.xwork2.util.NamedVariablePatternMatcher}} class has a 
bug in the {{compilePattern(String)}} method. The purpose of the method is to 
compile patterns such as {{"action/\{foo}"}} to a regular expression Pattern 
and extract the variable names that match each group in the regex. In the 
example given and the 2.2.1 code base, the pattern will be compiled as 
{{{}"action/([^/]+)"{}}}. However, if the pattern includes characters that have 
special meaning to Java's regular expression engine, they are currently not 
being escaped.

For example, the pattern {{"action.\{format}"}} is being compiled to 
{{"action.([^/]{+})"{+}}} which correctly matches {{"action.html"}} but also 
{{"actionK.html"}} or any other character because the {{'.'}} is not escaped. 
The bug really bites when a pattern like {{"\{name}.\{format}"}} is used. This 
will be compiled to {{"([^/]).([^/]+)"}} which will match {{"cars.html"}} but 
not the way you expect. Because of greediness, it will set {{name = "cars.ht"}} 
and {{{}format = "l"{}}}.

I will submit a patch to fix this behavior on the next screen.

  was:
The com.opensymphony.xwork2.util.NamedVariablePatternMatcher class has a bug in 
the {{compilePattern(String)}} method. The purpose of the method is to compile 
patterns such as {{"action/\{foo}"}} to a regular expression Pattern and 
extract the variable names that match each group in the regex.  In the example 
given and the 2.2.1 code base, the pattern will be compiled as 
{{"action/([^/]+)"}}.  However, if the pattern includes characters that have 
special meaning to Java's regular expression engine, they are currently not 
being escaped.

For example, the pattern {{"action.\{format}"}} is being compiled to 
{{"action.([^/]+)"}} which correctly matches {{"action.html"}} but also 
{{"actionK.html"}} or any other character because the {{'.'}} is not escaped.  
The bug really bites when a pattern like {{"\{name}.\{format}"}} is used.  This 
will be compiled to {{"([^/]+).([^/]+)"}} which will match {{"cars.html"}} but 
not the way you expect.  Because of greediness, it will set {{name = 
"cars.ht"}} and {{format = "l"}}.

I will submit a patch to fix this behavior on the next screen.


> NamedVariablePatternMatcher does not properly escape characters
> ---
>
> Key: WW-3529
> URL: https://issues.apache.org/jira/browse/WW-3529
> Project: Struts 2
>  Issue Type: Bug
>  Components: Other
>Affects Versions: 2.2.1
>Reporter: Richard Vermillion
>Priority: Major
> Fix For: 6.1.0
>
> Attachments: NamedVariablePatternMatcher.patch
>
>
> The {{com.opensymphony.xwork2.util.NamedVariablePatternMatcher}} class has a 
> bug in the {{compilePattern(String)}} method. The purpose of the method is to 
> compile patterns such as {{"action/\{foo}"}} to a regular expression Pattern 
> and extract the variable names that match each group in the regex. In the 
> example given and the 2.2.1 code base, the pattern will be compiled as 
> {{{}"action/([^/]+)"{}}}. However, if the pattern includes characters that 
> have special meaning to Java's regular expression engine, they are currently 
> not being escaped.
> For example, the pattern {{"action.\{format}"}} is being compiled to 
> {{"action.([^/]{+})"{+}}} which correctly matches {{"action.html"}} but also 
> {{"actionK.html"}} or any other character because the {{'.'}} is not escaped. 
> The bug really bites when a pattern like {{"\{name}.\{format}"}} is used. 
> This will be compiled to {{"([^/]).([^/]+)"}} which will match 
> {{"cars.html"}} but not the way you expect. Because of greediness, it will 
> set {{name = "cars.ht"}} and {{{}format = "l"{}}}.
> I will submit a patch to fix this behavior on the next screen.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (WW-3529) NamedVariablePatternMatcher does not properly escape characters

[Lukasz Lenart (Jira)]

 [ 
https://issues.apache.org/jira/browse/WW-3529?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Lukasz Lenart updated WW-3529:
--
Description: 
The com.opensymphony.xwork2.util.NamedVariablePatternMatcher class has a bug in 
the {{compilePattern(String)}} method. The purpose of the method is to compile 
patterns such as {{"action/\{foo}"}} to a regular expression Pattern and 
extract the variable names that match each group in the regex.  In the example 
given and the 2.2.1 code base, the pattern will be compiled as 
{{"action/([^/]+)"}}.  However, if the pattern includes characters that have 
special meaning to Java's regular expression engine, they are currently not 
being escaped.

For example, the pattern {{"action.\{format}"}} is being compiled to 
{{"action.([^/]+)"}} which correctly matches {{"action.html"}} but also 
{{"actionK.html"}} or any other character because the {{'.'}} is not escaped.  
The bug really bites when a pattern like {{"\{name}.\{format}"}} is used.  This 
will be compiled to {{"([^/]+).([^/]+)"}} which will match {{"cars.html"}} but 
not the way you expect.  Because of greediness, it will set {{name = 
"cars.ht"}} and {{format = "l"}}.

I will submit a patch to fix this behavior on the next screen.

  was:
The com.opensymphony.xwork2.util.NamedVariablePatternMatcher class has a bug in 
the {{compilePattern(String)}} method. The purpose of the method is to compile 
patterns such as {{"action/\{foo}"}} to a regular expression Pattern and 
extract the variable names that match each group in the regex.  In the example 
given and the 2.2.1 code base, the pattern will be compiled as 
{{"action/([^/]+)"}}.  However, if the pattern includes characters that have 
special meaning to Java's regular expression engine, they are currently not 
being escaped.

For example, the pattern "action.{format}" is being compiled to 
{{"action.([^/]+)"}} which correctly matches {{"action.html"}} but also 
{{"actionK.html"}} or any other character because the {{'.'}} is not escaped.  
The bug really bites when a pattern like {{"{name}.{format}"}} is used.  This 
will be compiled to {{"([^/]+).([^/]+)"}} which will match {{"cars.html"}} but 
not the way you expect.  Because of greediness, it will set {{name = 
"cars.ht"}} and {{format = "l"}}.

I will submit a patch to fix this behavior on the next screen.


> NamedVariablePatternMatcher does not properly escape characters
> ---
>
> Key: WW-3529
> URL: https://issues.apache.org/jira/browse/WW-3529
> Project: Struts 2
>  Issue Type: Bug
>  Components: Other
>Affects Versions: 2.2.1
>Reporter: Richard Vermillion
>Priority: Major
> Fix For: 6.1.0
>
> Attachments: NamedVariablePatternMatcher.patch
>
>
> The com.opensymphony.xwork2.util.NamedVariablePatternMatcher class has a bug 
> in the {{compilePattern(String)}} method. The purpose of the method is to 
> compile patterns such as {{"action/\{foo}"}} to a regular expression Pattern 
> and extract the variable names that match each group in the regex.  In the 
> example given and the 2.2.1 code base, the pattern will be compiled as 
> {{"action/([^/]+)"}}.  However, if the pattern includes characters that have 
> special meaning to Java's regular expression engine, they are currently not 
> being escaped.
> For example, the pattern {{"action.\{format}"}} is being compiled to 
> {{"action.([^/]+)"}} which correctly matches {{"action.html"}} but also 
> {{"actionK.html"}} or any other character because the {{'.'}} is not escaped. 
>  The bug really bites when a pattern like {{"\{name}.\{format}"}} is used.  
> This will be compiled to {{"([^/]+).([^/]+)"}} which will match 
> {{"cars.html"}} but not the way you expect.  Because of greediness, it will 
> set {{name = "cars.ht"}} and {{format = "l"}}.
> I will submit a patch to fix this behavior on the next screen.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Work logged] (WW-5230) Upgrade OGNL to version 3.3.4

[ASF GitHub Bot (Jira)]

 [ 
https://issues.apache.org/jira/browse/WW-5230?focusedWorklogId=818398&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-818398
 ]

ASF GitHub Bot logged work on WW-5230:
--

Author: ASF GitHub Bot
Created on: 19/Oct/22 09:47
Start Date: 19/Oct/22 09:47
Worklog Time Spent: 10m 
  Work Description: sonarcloud[bot] commented on PR #619:
URL: https://github.com/apache/struts/pull/619#issuecomment-1283726980

   Kudos, SonarCloud Quality Gate passed!    [![Quality Gate 
passed](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/QualityGateBadge/passed-16px.png
 'Quality Gate 
passed')](https://sonarcloud.io/dashboard?id=apache_struts&pullRequest=619)
   
   
[![Bug](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/bug-16px.png
 
'Bug')](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=619&resolved=false&types=BUG)
 
[![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png
 
'A')](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=619&resolved=false&types=BUG)
 [0 
Bugs](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=619&resolved=false&types=BUG)
  
   
[![Vulnerability](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/vulnerability-16px.png
 
'Vulnerability')](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=619&resolved=false&types=VULNERABILITY)
 
[![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png
 
'A')](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=619&resolved=false&types=VULNERABILITY)
 [0 
Vulnerabilities](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=619&resolved=false&types=VULNERABILITY)
  
   [![Security 
Hotspot](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/security_hotspot-16px.png
 'Security 
Hotspot')](https://sonarcloud.io/project/security_hotspots?id=apache_struts&pullRequest=619&resolved=false&types=SECURITY_HOTSPOT)
 
[![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png
 
'A')](https://sonarcloud.io/project/security_hotspots?id=apache_struts&pullRequest=619&resolved=false&types=SECURITY_HOTSPOT)
 [0 Security 
Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_struts&pullRequest=619&resolved=false&types=SECURITY_HOTSPOT)
  
   [![Code 
Smell](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/code_smell-16px.png
 'Code 
Smell')](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=619&resolved=false&types=CODE_SMELL)
 
[![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png
 
'A')](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=619&resolved=false&types=CODE_SMELL)
 [0 Code 
Smells](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=619&resolved=false&types=CODE_SMELL)
   
   [![No Coverage 
information](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/CoverageChart/NoCoverageInfo-16px.png
 'No Coverage 
information')](https://sonarcloud.io/component_measures?id=apache_struts&pullRequest=619&metric=coverage&view=list)
 No Coverage information  
   
[![0.0%](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/Duplications/3-16px.png
 
'0.0%')](https://sonarcloud.io/component_measures?id=apache_struts&pullRequest=619&metric=new_duplicated_lines_density&view=list)
 [0.0% 
Duplication](https://sonarcloud.io/component_measures?id=apache_struts&pullRequest=619&metric=new_duplicated_lines_density&view=list)
   
   




Issue Time Tracking
---

Worklog Id: (was: 818398)
Time Spent: 20m  (was: 10m)

> Upgrade OGNL to version 3.3.4
> -
>
> Key: WW-5230
> URL: https://issues.apache.org/jira/browse/WW-5230
> Project: Struts 2
>  Issue Type: Dependency
>  Components: Core
>Reporter: Lukasz Lenart
>Priority: Major
> Fix For: 6.1.0
>
>  Time Spent: 20m
>  Remaining Estimate: 0h
>
> Version notes
> https://github.com/orphan-oss/ognl/releases/tag/OGNL_3_3_4



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[GitHub] [struts] sonarcloud[bot] commented on pull request #619: [WW-5230] Upgrades OGNL to version 3.3.4

[GitBox]

sonarcloud[bot] commented on PR #619:
URL: https://github.com/apache/struts/pull/619#issuecomment-1283726980

   Kudos, SonarCloud Quality Gate passed!    [![Quality Gate 
passed](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/QualityGateBadge/passed-16px.png
 'Quality Gate 
passed')](https://sonarcloud.io/dashboard?id=apache_struts&pullRequest=619)
   
   
[![Bug](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/bug-16px.png
 
'Bug')](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=619&resolved=false&types=BUG)
 
[![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png
 
'A')](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=619&resolved=false&types=BUG)
 [0 
Bugs](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=619&resolved=false&types=BUG)
  
   
[![Vulnerability](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/vulnerability-16px.png
 
'Vulnerability')](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=619&resolved=false&types=VULNERABILITY)
 
[![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png
 
'A')](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=619&resolved=false&types=VULNERABILITY)
 [0 
Vulnerabilities](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=619&resolved=false&types=VULNERABILITY)
  
   [![Security 
Hotspot](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/security_hotspot-16px.png
 'Security 
Hotspot')](https://sonarcloud.io/project/security_hotspots?id=apache_struts&pullRequest=619&resolved=false&types=SECURITY_HOTSPOT)
 
[![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png
 
'A')](https://sonarcloud.io/project/security_hotspots?id=apache_struts&pullRequest=619&resolved=false&types=SECURITY_HOTSPOT)
 [0 Security 
Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_struts&pullRequest=619&resolved=false&types=SECURITY_HOTSPOT)
  
   [![Code 
Smell](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/code_smell-16px.png
 'Code 
Smell')](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=619&resolved=false&types=CODE_SMELL)
 
[![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png
 
'A')](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=619&resolved=false&types=CODE_SMELL)
 [0 Code 
Smells](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=619&resolved=false&types=CODE_SMELL)
   
   [![No Coverage 
information](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/CoverageChart/NoCoverageInfo-16px.png
 'No Coverage 
information')](https://sonarcloud.io/component_measures?id=apache_struts&pullRequest=619&metric=coverage&view=list)
 No Coverage information  
   
[![0.0%](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/Duplications/3-16px.png
 
'0.0%')](https://sonarcloud.io/component_measures?id=apache_struts&pullRequest=619&metric=new_duplicated_lines_density&view=list)
 [0.0% 
Duplication](https://sonarcloud.io/component_measures?id=apache_struts&pullRequest=619&metric=new_duplicated_lines_density&view=list)
   
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@struts.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[jira] [Updated] (WW-3529) NamedVariablePatternMatcher does not properly escape characters

[Lukasz Lenart (Jira)]

 [ 
https://issues.apache.org/jira/browse/WW-3529?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Lukasz Lenart updated WW-3529:
--
Description: 
The com.opensymphony.xwork2.util.NamedVariablePatternMatcher class has a bug in 
the {{compilePattern(String)}} method. The purpose of the method is to compile 
patterns such as {{"action/{foo}"}} to a regular expression Pattern and extract 
the variable names that match each group in the regex.  In the example given 
and the 2.2.1 code base, the pattern will be compiled as {{"action/([^/]+)"}}.  
However, if the pattern includes characters that have special meaning to Java's 
regular expression engine, they are currently not being escaped.

For example, the pattern "action.{format}" is being compiled to 
{{"action.([^/]+)"}} which correctly matches {{"action.html"}} but also 
{{"actionK.html"}} or any other character because the {{'.'}} is not escaped.  
The bug really bites when a pattern like {{"{name}.{format}"}} is used.  This 
will be compiled to {{"([^/]+).([^/]+)"}} which will match {{"cars.html"}} but 
not the way you expect.  Because of greediness, it will set {{name = 
"cars.ht"}} and {{format = "l"}}.

I will submit a patch to fix this behavior on the next screen.

  was:
The com.opensymphony.xwork2.util.NamedVariablePatternMatcher class has a bug in 
the compilePattern(String) method.  The purpose of the method is to compile 
patterns such as "action/{foo}" to a regular expression Pattern and extract the 
variable names that match each group in the regex.  In the example given and 
the 2.2.1 code base, the pattern will be compiled as "action/([^/]+)".  
However, if the pattern includes characters that have special meaning to Java's 
regular expression engine, they are currently not being escaped.

For example, the pattern "action.{format}" is being compiled to 
"action.([^/]+)" which correctly matches "action.html" but also "actionK.html" 
or any other character because the '.' is not escaped.  The bug really bites 
when a pattern like "{name}.{format}" is used.  This will be compiled to 
"([^/]+).([^/]+)" which will match "cars.html" but not the way you expect.  
Because of greediness, it will set name = "cars.ht" and format = "l".

I will submit a patch to fix this behavior on the next screen.


> NamedVariablePatternMatcher does not properly escape characters
> ---
>
> Key: WW-3529
> URL: https://issues.apache.org/jira/browse/WW-3529
> Project: Struts 2
>  Issue Type: Bug
>  Components: Other
>Affects Versions: 2.2.1
>Reporter: Richard Vermillion
>Priority: Major
> Fix For: 6.1.0
>
> Attachments: NamedVariablePatternMatcher.patch
>
>
> The com.opensymphony.xwork2.util.NamedVariablePatternMatcher class has a bug 
> in the {{compilePattern(String)}} method. The purpose of the method is to 
> compile patterns such as {{"action/{foo}"}} to a regular expression Pattern 
> and extract the variable names that match each group in the regex.  In the 
> example given and the 2.2.1 code base, the pattern will be compiled as 
> {{"action/([^/]+)"}}.  However, if the pattern includes characters that have 
> special meaning to Java's regular expression engine, they are currently not 
> being escaped.
> For example, the pattern "action.{format}" is being compiled to 
> {{"action.([^/]+)"}} which correctly matches {{"action.html"}} but also 
> {{"actionK.html"}} or any other character because the {{'.'}} is not escaped. 
>  The bug really bites when a pattern like {{"{name}.{format}"}} is used.  
> This will be compiled to {{"([^/]+).([^/]+)"}} which will match 
> {{"cars.html"}} but not the way you expect.  Because of greediness, it will 
> set {{name = "cars.ht"}} and {{format = "l"}}.
> I will submit a patch to fix this behavior on the next screen.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (WW-3529) NamedVariablePatternMatcher does not properly escape characters

[Lukasz Lenart (Jira)]

 [ 
https://issues.apache.org/jira/browse/WW-3529?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Lukasz Lenart updated WW-3529:
--
Description: 
The com.opensymphony.xwork2.util.NamedVariablePatternMatcher class has a bug in 
the {{compilePattern(String)}} method. The purpose of the method is to compile 
patterns such as {{"action/\{foo}"}} to a regular expression Pattern and 
extract the variable names that match each group in the regex.  In the example 
given and the 2.2.1 code base, the pattern will be compiled as 
{{"action/([^/]+)"}}.  However, if the pattern includes characters that have 
special meaning to Java's regular expression engine, they are currently not 
being escaped.

For example, the pattern "action.{format}" is being compiled to 
{{"action.([^/]+)"}} which correctly matches {{"action.html"}} but also 
{{"actionK.html"}} or any other character because the {{'.'}} is not escaped.  
The bug really bites when a pattern like {{"{name}.{format}"}} is used.  This 
will be compiled to {{"([^/]+).([^/]+)"}} which will match {{"cars.html"}} but 
not the way you expect.  Because of greediness, it will set {{name = 
"cars.ht"}} and {{format = "l"}}.

I will submit a patch to fix this behavior on the next screen.

  was:
The com.opensymphony.xwork2.util.NamedVariablePatternMatcher class has a bug in 
the {{compilePattern(String)}} method. The purpose of the method is to compile 
patterns such as {{"action/{foo}"}} to a regular expression Pattern and extract 
the variable names that match each group in the regex.  In the example given 
and the 2.2.1 code base, the pattern will be compiled as {{"action/([^/]+)"}}.  
However, if the pattern includes characters that have special meaning to Java's 
regular expression engine, they are currently not being escaped.

For example, the pattern "action.{format}" is being compiled to 
{{"action.([^/]+)"}} which correctly matches {{"action.html"}} but also 
{{"actionK.html"}} or any other character because the {{'.'}} is not escaped.  
The bug really bites when a pattern like {{"{name}.{format}"}} is used.  This 
will be compiled to {{"([^/]+).([^/]+)"}} which will match {{"cars.html"}} but 
not the way you expect.  Because of greediness, it will set {{name = 
"cars.ht"}} and {{format = "l"}}.

I will submit a patch to fix this behavior on the next screen.


> NamedVariablePatternMatcher does not properly escape characters
> ---
>
> Key: WW-3529
> URL: https://issues.apache.org/jira/browse/WW-3529
> Project: Struts 2
>  Issue Type: Bug
>  Components: Other
>Affects Versions: 2.2.1
>Reporter: Richard Vermillion
>Priority: Major
> Fix For: 6.1.0
>
> Attachments: NamedVariablePatternMatcher.patch
>
>
> The com.opensymphony.xwork2.util.NamedVariablePatternMatcher class has a bug 
> in the {{compilePattern(String)}} method. The purpose of the method is to 
> compile patterns such as {{"action/\{foo}"}} to a regular expression Pattern 
> and extract the variable names that match each group in the regex.  In the 
> example given and the 2.2.1 code base, the pattern will be compiled as 
> {{"action/([^/]+)"}}.  However, if the pattern includes characters that have 
> special meaning to Java's regular expression engine, they are currently not 
> being escaped.
> For example, the pattern "action.{format}" is being compiled to 
> {{"action.([^/]+)"}} which correctly matches {{"action.html"}} but also 
> {{"actionK.html"}} or any other character because the {{'.'}} is not escaped. 
>  The bug really bites when a pattern like {{"{name}.{format}"}} is used.  
> This will be compiled to {{"([^/]+).([^/]+)"}} which will match 
> {{"cars.html"}} but not the way you expect.  Because of greediness, it will 
> set {{name = "cars.ht"}} and {{format = "l"}}.
> I will submit a patch to fix this behavior on the next screen.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (WW-3529) NamedVariablePatternMatcher does not properly escape characters

[Lukasz Lenart (Jira)]

 [ 
https://issues.apache.org/jira/browse/WW-3529?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Lukasz Lenart updated WW-3529:
--
Summary: NamedVariablePatternMatcher does not properly escape characters  
(was: In xwork-core, NamedVariablePatternMatcher does not properly escape 
characters)

> NamedVariablePatternMatcher does not properly escape characters
> ---
>
> Key: WW-3529
> URL: https://issues.apache.org/jira/browse/WW-3529
> Project: Struts 2
>  Issue Type: Bug
>  Components: Other
>Affects Versions: 2.2.1
>Reporter: Richard Vermillion
>Priority: Major
> Fix For: 6.1.0
>
> Attachments: NamedVariablePatternMatcher.patch
>
>
> The com.opensymphony.xwork2.util.NamedVariablePatternMatcher class has a bug 
> in the compilePattern(String) method.  The purpose of the method is to 
> compile patterns such as "action/{foo}" to a regular expression Pattern and 
> extract the variable names that match each group in the regex.  In the 
> example given and the 2.2.1 code base, the pattern will be compiled as 
> "action/([^/]+)".  However, if the pattern includes characters that have 
> special meaning to Java's regular expression engine, they are currently not 
> being escaped.
> For example, the pattern "action.{format}" is being compiled to 
> "action.([^/]+)" which correctly matches "action.html" but also 
> "actionK.html" or any other character because the '.' is not escaped.  The 
> bug really bites when a pattern like "{name}.{format}" is used.  This will be 
> compiled to "([^/]+).([^/]+)" which will match "cars.html" but not the way 
> you expect.  Because of greediness, it will set name = "cars.ht" and format = 
> "l".
> I will submit a patch to fix this behavior on the next screen.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (WW-3717) Http Method as part of action mapping

[Lukasz Lenart (Jira)]

 [ 
https://issues.apache.org/jira/browse/WW-3717?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Lukasz Lenart updated WW-3717:
--
Description: 
Struts action configuration (and dispatcher) should allow discrimination of 
actions based on the HTTP method. This would allow generic REST style 
interfaces (in excess of the rest plugin).

e.g. 

{code:xml}
 ...
 ...
{code}

This is helpful when combined with regex patternmatcher for custom restful urls

e.g. 
{code:xml}

{code}



  was:
Struts action configuration (and dispatcher) should allow discrimination of 
actions based on the HTTP method. This would allow generic REST style 
interfaces (in excess of the rest plugin).

e.g. 
 ...
 ...

This is helpful when combined with regex patternmatcher for custom restful urls

e.g. 





> Http Method as part of action mapping
> -
>
> Key: WW-3717
> URL: https://issues.apache.org/jira/browse/WW-3717
> Project: Struts 2
>  Issue Type: New Feature
>  Components: Dispatch Filter, XML Configuration
> Environment: All
>Reporter: Jeremy Norman
>Priority: Major
>  Labels: restful
> Fix For: 6.1.0
>
>
> Struts action configuration (and dispatcher) should allow discrimination of 
> actions based on the HTTP method. This would allow generic REST style 
> interfaces (in excess of the rest plugin).
> e.g. 
> {code:xml}
>  ...
>  ...
> {code}
> This is helpful when combined with regex patternmatcher for custom restful 
> urls
> e.g. 
> {code:xml}
> 
> {code}



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Work logged] (WW-5230) Upgrade OGNL to version 3.3.4

[ASF GitHub Bot (Jira)]

 [ 
https://issues.apache.org/jira/browse/WW-5230?focusedWorklogId=818392&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-818392
 ]

ASF GitHub Bot logged work on WW-5230:
--

Author: ASF GitHub Bot
Created on: 19/Oct/22 09:39
Start Date: 19/Oct/22 09:39
Worklog Time Spent: 10m 
  Work Description: lukaszlenart opened a new pull request, #619:
URL: https://github.com/apache/struts/pull/619

   Closes [WW-5230](https://issues.apache.org/jira/browse/WW-5230)




Issue Time Tracking
---

Worklog Id: (was: 818392)
Remaining Estimate: 0h
Time Spent: 10m

> Upgrade OGNL to version 3.3.4
> -
>
> Key: WW-5230
> URL: https://issues.apache.org/jira/browse/WW-5230
> Project: Struts 2
>  Issue Type: Dependency
>  Components: Core
>Reporter: Lukasz Lenart
>Priority: Major
> Fix For: 6.1.0
>
>  Time Spent: 10m
>  Remaining Estimate: 0h
>
> Version notes
> https://github.com/orphan-oss/ognl/releases/tag/OGNL_3_3_4



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (WW-5230) Upgrade OGNL to version 3.3.4

[ASF subversion and git services (Jira)]

[ 
https://issues.apache.org/jira/browse/WW-5230?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17620149#comment-17620149
 ] 

ASF subversion and git services commented on WW-5230:
-

Commit 01164c4d7461d4b42b49aec84762f7b8562638fe in struts's branch 
refs/heads/WW-5230-ognl from Lukasz Lenart
[ https://gitbox.apache.org/repos/asf?p=struts.git;h=01164c4d7 ]

WW-5230 Upgrades OGNL to version 3.3.4


> Upgrade OGNL to version 3.3.4
> -
>
> Key: WW-5230
> URL: https://issues.apache.org/jira/browse/WW-5230
> Project: Struts 2
>  Issue Type: Dependency
>  Components: Core
>Reporter: Lukasz Lenart
>Priority: Major
> Fix For: 6.1.0
>
>
> Version notes
> https://github.com/orphan-oss/ognl/releases/tag/OGNL_3_3_4



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (WW-4323) Ability to accept params purely by implementing ParamNameAware is broken

[Lukasz Lenart (Jira)]

 [ 
https://issues.apache.org/jira/browse/WW-4323?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Lukasz Lenart updated WW-4323:
--
Fix Version/s: 6.2.0
   (was: 6.1.0)

> Ability to accept params purely by implementing ParamNameAware is broken
> 
>
> Key: WW-4323
> URL: https://issues.apache.org/jira/browse/WW-4323
> Project: Struts 2
>  Issue Type: Bug
>Affects Versions: 2.3.16.1
> Environment: struts2 version 2.3.16.1
>Reporter: Kyle Braak
>Priority: Major
> Fix For: 6.2.0
>
>
> The ability to accept params purely by implementing ParamNameAware is broken.
> Relates to WW-3866 which is when this feature was added for version 2.3.5
> The commit that breaks this feature is: 
> https://github.com/apache/struts/commit/4e981b08cc37374d06e77cf78000d98c5ff0
> Description:
> Prior to this change/2.3.16.1 it was quite convenient to define what 
> parameters my action should accept, by implementing 
> ParameterNameAware#acceptableParameterName. With this change, there is the 
> additional requirement that the parameter names must also satisfy 
> acceptableName(name).
> In the ParametersInterceptor javadoc, it says: "if you wish to apply a global 
> rule that isn't implemented in your action, then you could extend this 
> interceptor and override the {@link #acceptableName(String)} method." So this 
> isn't suitable for customizing a single action.
> Looking more carefully at the code, another alternative to defining what 
> parameters my action can accept, looks to be via populating the 
> ParametersInterceptor's field acceptParams. Apparently this could be done in 
> the interceptor stack from what I have read here: 
> http://struts.apache.org/release/2.3.x/docs/parameters-interceptor.html
> By forcing one to populate acceptParams, and also implement 
> ParameterNameAware#acceptableParameterName it becomes quite difficult to add 
> custom behavior. I understand people should fully understand what they are 
> doing due to the security risks involved, but it is probably safer to define 
> the behavior in a single place.
> I'd greatly appreciate your help understanding how to adapt to this change. 
> In the meantime, I'll have to continue using 2.3.15.3
> Thanks



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (WW-5230) Upgrade OGNL to version 3.3.4

[Lukasz Lenart (Jira)]

 [ 
https://issues.apache.org/jira/browse/WW-5230?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Lukasz Lenart updated WW-5230:
--
Fix Version/s: 6.1.0

> Upgrade OGNL to version 3.3.4
> -
>
> Key: WW-5230
> URL: https://issues.apache.org/jira/browse/WW-5230
> Project: Struts 2
>  Issue Type: Dependency
>  Components: Core
>Reporter: Lukasz Lenart
>Priority: Major
> Fix For: 6.1.0
>
>
> Version notes
> https://github.com/orphan-oss/ognl/releases/tag/OGNL_3_3_4



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (WW-5233) Include Apache Tiles code base in the Tiles plugin

[Lukasz Lenart (Jira)]

 [ 
https://issues.apache.org/jira/browse/WW-5233?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Lukasz Lenart updated WW-5233:
--
Fix Version/s: 6.2.0
   (was: 6.1.0)

> Include Apache Tiles code base in the Tiles plugin
> --
>
> Key: WW-5233
> URL: https://issues.apache.org/jira/browse/WW-5233
> Project: Struts 2
>  Issue Type: Improvement
>  Components: Plugin - Tiles
>Reporter: Lukasz Lenart
>Priority: Major
> Fix For: 6.2.0
>
>  Time Spent: 3h
>  Remaining Estimate: 0h
>
> Apache Tiles has retired and it isn't maintained anymore. There are some 
> outstanding security issues that can be addressed right now. It will be 
> easier to maintain the code base as a part of the Tiles plugin instead of 
> taking the project back from attick.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Work logged] (WW-5233) Include Apache Tiles code base in the Tiles plugin

[ASF GitHub Bot (Jira)]

 [ 
https://issues.apache.org/jira/browse/WW-5233?focusedWorklogId=818340&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-818340
 ]

ASF GitHub Bot logged work on WW-5233:
--

Author: ASF GitHub Bot
Created on: 19/Oct/22 07:15
Start Date: 19/Oct/22 07:15
Worklog Time Spent: 10m 
  Work Description: sonarcloud[bot] commented on PR #608:
URL: https://github.com/apache/struts/pull/608#issuecomment-1283541842

   SonarCloud Quality Gate failed.    [![Quality Gate 
failed](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/QualityGateBadge/failed-16px.png
 'Quality Gate 
failed')](https://sonarcloud.io/dashboard?id=apache_struts&pullRequest=608)
   
   
[![Bug](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/bug-16px.png
 
'Bug')](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=608&resolved=false&types=BUG)
 
[![B](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/B-16px.png
 
'B')](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=608&resolved=false&types=BUG)
 [2 
Bugs](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=608&resolved=false&types=BUG)
  
   
[![Vulnerability](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/vulnerability-16px.png
 
'Vulnerability')](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=608&resolved=false&types=VULNERABILITY)
 
[![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png
 
'A')](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=608&resolved=false&types=VULNERABILITY)
 [0 
Vulnerabilities](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=608&resolved=false&types=VULNERABILITY)
  
   [![Security 
Hotspot](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/security_hotspot-16px.png
 'Security 
Hotspot')](https://sonarcloud.io/project/security_hotspots?id=apache_struts&pullRequest=608&resolved=false&types=SECURITY_HOTSPOT)
 
[![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png
 
'A')](https://sonarcloud.io/project/security_hotspots?id=apache_struts&pullRequest=608&resolved=false&types=SECURITY_HOTSPOT)
 [0 Security 
Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_struts&pullRequest=608&resolved=false&types=SECURITY_HOTSPOT)
  
   [![Code 
Smell](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/code_smell-16px.png
 'Code 
Smell')](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=608&resolved=false&types=CODE_SMELL)
 
[![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png
 
'A')](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=608&resolved=false&types=CODE_SMELL)
 [200 Code 
Smells](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=608&resolved=false&types=CODE_SMELL)
   
   
[![62.6%](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/CoverageChart/60-16px.png
 
'62.6%')](https://sonarcloud.io/component_measures?id=apache_struts&pullRequest=608&metric=new_coverage&view=list)
 [62.6% 
Coverage](https://sonarcloud.io/component_measures?id=apache_struts&pullRequest=608&metric=new_coverage&view=list)
  
   
[![3.8%](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/Duplications/5-16px.png
 
'3.8%')](https://sonarcloud.io/component_measures?id=apache_struts&pullRequest=608&metric=new_duplicated_lines_density&view=list)
 [3.8% 
Duplication](https://sonarcloud.io/component_measures?id=apache_struts&pullRequest=608&metric=new_duplicated_lines_density&view=list)
   
   




Issue Time Tracking
---

Worklog Id: (was: 818340)
Time Spent: 3h  (was: 2h 50m)

> Include Apache Tiles code base in the Tiles plugin
> --
>
> Key: WW-5233
> URL: https://issues.apache.org/jira/browse/WW-5233
> Project: Struts 2
>  Issue Type: Improvement
>  Components: Plugin - Tiles
>Reporter: Lukasz Lenart
>Priority: Major
> Fix For: 6.1.0
>
>  Time Spent: 3h
>  Remaining Estimate: 0h
>
> Apache Tiles has retired and it isn't maintained anymore. There are some 
> outstanding security issues that can be addressed right now. It will be 
> easier to maintain the code base as a part of the Tiles plugin instead of 
> taking the project back from attick.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[GitHub] [struts] sonarcloud[bot] commented on pull request #608: [WW-5233] Include Apache Tiles code base in the Tiles plugin

[GitBox]

sonarcloud[bot] commented on PR #608:
URL: https://github.com/apache/struts/pull/608#issuecomment-1283541842

   SonarCloud Quality Gate failed.    [![Quality Gate 
failed](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/QualityGateBadge/failed-16px.png
 'Quality Gate 
failed')](https://sonarcloud.io/dashboard?id=apache_struts&pullRequest=608)
   
   
[![Bug](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/bug-16px.png
 
'Bug')](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=608&resolved=false&types=BUG)
 
[![B](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/B-16px.png
 
'B')](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=608&resolved=false&types=BUG)
 [2 
Bugs](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=608&resolved=false&types=BUG)
  
   
[![Vulnerability](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/vulnerability-16px.png
 
'Vulnerability')](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=608&resolved=false&types=VULNERABILITY)
 
[![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png
 
'A')](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=608&resolved=false&types=VULNERABILITY)
 [0 
Vulnerabilities](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=608&resolved=false&types=VULNERABILITY)
  
   [![Security 
Hotspot](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/security_hotspot-16px.png
 'Security 
Hotspot')](https://sonarcloud.io/project/security_hotspots?id=apache_struts&pullRequest=608&resolved=false&types=SECURITY_HOTSPOT)
 
[![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png
 
'A')](https://sonarcloud.io/project/security_hotspots?id=apache_struts&pullRequest=608&resolved=false&types=SECURITY_HOTSPOT)
 [0 Security 
Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_struts&pullRequest=608&resolved=false&types=SECURITY_HOTSPOT)
  
   [![Code 
Smell](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/code_smell-16px.png
 'Code 
Smell')](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=608&resolved=false&types=CODE_SMELL)
 
[![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png
 
'A')](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=608&resolved=false&types=CODE_SMELL)
 [200 Code 
Smells](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=608&resolved=false&types=CODE_SMELL)
   
   
[![62.6%](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/CoverageChart/60-16px.png
 
'62.6%')](https://sonarcloud.io/component_measures?id=apache_struts&pullRequest=608&metric=new_coverage&view=list)
 [62.6% 
Coverage](https://sonarcloud.io/component_measures?id=apache_struts&pullRequest=608&metric=new_coverage&view=list)
  
   
[![3.8%](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/Duplications/5-16px.png
 
'3.8%')](https://sonarcloud.io/component_measures?id=apache_struts&pullRequest=608&metric=new_duplicated_lines_density&view=list)
 [3.8% 
Duplication](https://sonarcloud.io/component_measures?id=apache_struts&pullRequest=608&metric=new_duplicated_lines_density&view=list)
   
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@struts.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[jira] [Commented] (WW-5245) Upgrade jackson-databind to version 2.13.4.1

[ASF subversion and git services (Jira)]

[ 
https://issues.apache.org/jira/browse/WW-5245?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17620049#comment-17620049
 ] 

ASF subversion and git services commented on WW-5245:
-

Commit 738d27952f3c9fe89d6c2161e7ae8d6145e44bbb in struts's branch 
refs/heads/master from Lukasz Lenart
[ https://gitbox.apache.org/repos/asf?p=struts.git;h=738d27952 ]

Merge pull request #618 from apache/WW-5245-jackson-databind

[WW-5245] Upgrades Jackson Databind to version 2.13.4.2

> Upgrade jackson-databind to version 2.13.4.1
> 
>
> Key: WW-5245
> URL: https://issues.apache.org/jira/browse/WW-5245
> Project: Struts 2
>  Issue Type: Dependency
>Reporter: Lukasz Lenart
>Priority: Trivial
> Fix For: 6.1.0
>
>  Time Spent: 0.5h
>  Remaining Estimate: 0h
>




--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Resolved] (WW-5245) Upgrade jackson-databind to version 2.13.4.1

[Lukasz Lenart (Jira)]

 [ 
https://issues.apache.org/jira/browse/WW-5245?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Lukasz Lenart resolved WW-5245.
---
Resolution: Fixed

> Upgrade jackson-databind to version 2.13.4.1
> 
>
> Key: WW-5245
> URL: https://issues.apache.org/jira/browse/WW-5245
> Project: Struts 2
>  Issue Type: Dependency
>Reporter: Lukasz Lenart
>Priority: Trivial
> Fix For: 6.1.0
>
>  Time Spent: 0.5h
>  Remaining Estimate: 0h
>




--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Work logged] (WW-5245) Upgrade jackson-databind to version 2.13.4.1

[ASF GitHub Bot (Jira)]

 [ 
https://issues.apache.org/jira/browse/WW-5245?focusedWorklogId=818337&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-818337
 ]

ASF GitHub Bot logged work on WW-5245:
--

Author: ASF GitHub Bot
Created on: 19/Oct/22 07:08
Start Date: 19/Oct/22 07:08
Worklog Time Spent: 10m 
  Work Description: lukaszlenart merged PR #618:
URL: https://github.com/apache/struts/pull/618




Issue Time Tracking
---

Worklog Id: (was: 818337)
Time Spent: 0.5h  (was: 20m)

> Upgrade jackson-databind to version 2.13.4.1
> 
>
> Key: WW-5245
> URL: https://issues.apache.org/jira/browse/WW-5245
> Project: Struts 2
>  Issue Type: Dependency
>Reporter: Lukasz Lenart
>Priority: Trivial
> Fix For: 6.1.0
>
>  Time Spent: 0.5h
>  Remaining Estimate: 0h
>




--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (WW-5245) Upgrade jackson-databind to version 2.13.4.1

[ASF subversion and git services (Jira)]

[ 
https://issues.apache.org/jira/browse/WW-5245?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17620048#comment-17620048
 ] 

ASF subversion and git services commented on WW-5245:
-

Commit 984f8eff2e0f02c74b36f531d45518d58dd4a56e in struts's branch 
refs/heads/master from Lukasz Lenart
[ https://gitbox.apache.org/repos/asf?p=struts.git;h=984f8eff2 ]

WW-5245 Upgrades Jackson Databind to version 2.13.4.2


> Upgrade jackson-databind to version 2.13.4.1
> 
>
> Key: WW-5245
> URL: https://issues.apache.org/jira/browse/WW-5245
> Project: Struts 2
>  Issue Type: Dependency
>Reporter: Lukasz Lenart
>Priority: Trivial
> Fix For: 6.1.0
>
>  Time Spent: 0.5h
>  Remaining Estimate: 0h
>




--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[GitHub] [struts] dependabot[bot] commented on pull request #617: Bump jackson-databind from 2.13.2.1 to 2.13.4.1

[GitBox]

dependabot[bot] commented on PR #617:
URL: https://github.com/apache/struts/pull/617#issuecomment-1283534514

   Looks like com.fasterxml.jackson.core:jackson-databind is up-to-date now, so 
this is no longer needed.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@struts.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[jira] [Commented] (WW-5233) Include Apache Tiles code base in the Tiles plugin

[ASF subversion and git services (Jira)]

[ 
https://issues.apache.org/jira/browse/WW-5233?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17620047#comment-17620047
 ] 

ASF subversion and git services commented on WW-5233:
-

Commit 34f30be749ca2a976d17f01363b3b28a18004010 in struts's branch 
refs/heads/WW-5233-tiles from Lukasz Lenart
[ https://gitbox.apache.org/repos/asf?p=struts.git;h=34f30be74 ]

WW-5233 Marks Velocity dependencies as optional


> Include Apache Tiles code base in the Tiles plugin
> --
>
> Key: WW-5233
> URL: https://issues.apache.org/jira/browse/WW-5233
> Project: Struts 2
>  Issue Type: Improvement
>  Components: Plugin - Tiles
>Reporter: Lukasz Lenart
>Priority: Major
> Fix For: 6.1.0
>
>  Time Spent: 2h 50m
>  Remaining Estimate: 0h
>
> Apache Tiles has retired and it isn't maintained anymore. There are some 
> outstanding security issues that can be addressed right now. It will be 
> easier to maintain the code base as a part of the Tiles plugin instead of 
> taking the project back from attick.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Work logged] (WW-5233) Include Apache Tiles code base in the Tiles plugin

[ASF GitHub Bot (Jira)]

 [ 
https://issues.apache.org/jira/browse/WW-5233?focusedWorklogId=818336&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-818336
 ]

ASF GitHub Bot logged work on WW-5233:
--

Author: ASF GitHub Bot
Created on: 19/Oct/22 07:01
Start Date: 19/Oct/22 07:01
Worklog Time Spent: 10m 
  Work Description: sonarcloud[bot] commented on PR #608:
URL: https://github.com/apache/struts/pull/608#issuecomment-1283527535

   SonarCloud Quality Gate failed.    [![Quality Gate 
failed](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/QualityGateBadge/failed-16px.png
 'Quality Gate 
failed')](https://sonarcloud.io/dashboard?id=apache_struts&pullRequest=608)
   
   
[![Bug](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/bug-16px.png
 
'Bug')](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=608&resolved=false&types=BUG)
 
[![B](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/B-16px.png
 
'B')](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=608&resolved=false&types=BUG)
 [2 
Bugs](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=608&resolved=false&types=BUG)
  
   
[![Vulnerability](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/vulnerability-16px.png
 
'Vulnerability')](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=608&resolved=false&types=VULNERABILITY)
 
[![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png
 
'A')](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=608&resolved=false&types=VULNERABILITY)
 [0 
Vulnerabilities](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=608&resolved=false&types=VULNERABILITY)
  
   [![Security 
Hotspot](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/security_hotspot-16px.png
 'Security 
Hotspot')](https://sonarcloud.io/project/security_hotspots?id=apache_struts&pullRequest=608&resolved=false&types=SECURITY_HOTSPOT)
 
[![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png
 
'A')](https://sonarcloud.io/project/security_hotspots?id=apache_struts&pullRequest=608&resolved=false&types=SECURITY_HOTSPOT)
 [0 Security 
Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_struts&pullRequest=608&resolved=false&types=SECURITY_HOTSPOT)
  
   [![Code 
Smell](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/code_smell-16px.png
 'Code 
Smell')](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=608&resolved=false&types=CODE_SMELL)
 
[![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png
 
'A')](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=608&resolved=false&types=CODE_SMELL)
 [200 Code 
Smells](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=608&resolved=false&types=CODE_SMELL)
   
   
[![62.6%](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/CoverageChart/60-16px.png
 
'62.6%')](https://sonarcloud.io/component_measures?id=apache_struts&pullRequest=608&metric=new_coverage&view=list)
 [62.6% 
Coverage](https://sonarcloud.io/component_measures?id=apache_struts&pullRequest=608&metric=new_coverage&view=list)
  
   
[![3.8%](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/Duplications/5-16px.png
 
'3.8%')](https://sonarcloud.io/component_measures?id=apache_struts&pullRequest=608&metric=new_duplicated_lines_density&view=list)
 [3.8% 
Duplication](https://sonarcloud.io/component_measures?id=apache_struts&pullRequest=608&metric=new_duplicated_lines_density&view=list)
   
   




Issue Time Tracking
---

Worklog Id: (was: 818336)
Time Spent: 2h 50m  (was: 2h 40m)

> Include Apache Tiles code base in the Tiles plugin
> --
>
> Key: WW-5233
> URL: https://issues.apache.org/jira/browse/WW-5233
> Project: Struts 2
>  Issue Type: Improvement
>  Components: Plugin - Tiles
>Reporter: Lukasz Lenart
>Priority: Major
> Fix For: 6.1.0
>
>  Time Spent: 2h 50m
>  Remaining Estimate: 0h
>
> Apache Tiles has retired and it isn't maintained anymore. There are some 
> outstanding security issues that can be addressed right now. It will be 
> easier to maintain the code base as a part of the Tiles plugin instead of 
> taking the project back from attick.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[GitHub] [struts] sonarcloud[bot] commented on pull request #608: [WW-5233] Include Apache Tiles code base in the Tiles plugin

[GitBox]

sonarcloud[bot] commented on PR #608:
URL: https://github.com/apache/struts/pull/608#issuecomment-1283527535

   SonarCloud Quality Gate failed.    [![Quality Gate 
failed](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/QualityGateBadge/failed-16px.png
 'Quality Gate 
failed')](https://sonarcloud.io/dashboard?id=apache_struts&pullRequest=608)
   
   
[![Bug](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/bug-16px.png
 
'Bug')](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=608&resolved=false&types=BUG)
 
[![B](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/B-16px.png
 
'B')](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=608&resolved=false&types=BUG)
 [2 
Bugs](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=608&resolved=false&types=BUG)
  
   
[![Vulnerability](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/vulnerability-16px.png
 
'Vulnerability')](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=608&resolved=false&types=VULNERABILITY)
 
[![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png
 
'A')](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=608&resolved=false&types=VULNERABILITY)
 [0 
Vulnerabilities](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=608&resolved=false&types=VULNERABILITY)
  
   [![Security 
Hotspot](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/security_hotspot-16px.png
 'Security 
Hotspot')](https://sonarcloud.io/project/security_hotspots?id=apache_struts&pullRequest=608&resolved=false&types=SECURITY_HOTSPOT)
 
[![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png
 
'A')](https://sonarcloud.io/project/security_hotspots?id=apache_struts&pullRequest=608&resolved=false&types=SECURITY_HOTSPOT)
 [0 Security 
Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_struts&pullRequest=608&resolved=false&types=SECURITY_HOTSPOT)
  
   [![Code 
Smell](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/code_smell-16px.png
 'Code 
Smell')](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=608&resolved=false&types=CODE_SMELL)
 
[![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png
 
'A')](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=608&resolved=false&types=CODE_SMELL)
 [200 Code 
Smells](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=608&resolved=false&types=CODE_SMELL)
   
   
[![62.6%](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/CoverageChart/60-16px.png
 
'62.6%')](https://sonarcloud.io/component_measures?id=apache_struts&pullRequest=608&metric=new_coverage&view=list)
 [62.6% 
Coverage](https://sonarcloud.io/component_measures?id=apache_struts&pullRequest=608&metric=new_coverage&view=list)
  
   
[![3.8%](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/Duplications/5-16px.png
 
'3.8%')](https://sonarcloud.io/component_measures?id=apache_struts&pullRequest=608&metric=new_duplicated_lines_density&view=list)
 [3.8% 
Duplication](https://sonarcloud.io/component_measures?id=apache_struts&pullRequest=608&metric=new_duplicated_lines_density&view=list)
   
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@struts.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org