[jira] [Commented] (WW-5247) Related to: [WW-5117] - %{id} evaluates different for data-* and value attribute
[ https://issues.apache.org/jira/browse/WW-5247?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17620777#comment-17620777 ] Lukasz Lenart commented on WW-5247: --- Isn't this related to JQuery plugin? > Related to: [WW-5117] - %{id} evaluates different for data-* and value > attribute > > > Key: WW-5247 > URL: https://issues.apache.org/jira/browse/WW-5247 > Project: Struts 2 > Issue Type: Bug >Affects Versions: 2.5.30 >Reporter: Javier >Priority: Major > Fix For: 6.1.0 > > > I upgraded from 2.5.20 to 2.5.30 and the following stopped working: > id="currentObj" name="${roleEntry.value}" > > > property="name" /> > style="width:1%"> > theme="simple" action="getRoleAuthRolesPerms" > > value="%\{#attr.currentObj.roleid}" /> > indicator="roleIndicator" cssClass="tooltipBorderless" title="View Role" > type="image" src="../img/view.gif" /> > > > > > Generates: > action="/apps/epar/getRoleAuthRolesPerms.action" method="post" > class="formstyle"> > value="159" id="getRole159_authorityRole_roleid"> > id="submit_213350257" value="Submit" class="tooltipBorderless" title="View > Role"> > > jQuery(document).ready(function () { > var options_submit_213350257 = {}; > options_submit_213350257.jqueryaction = "button"; > options_submit_213350257.id = "submit_213350257"; > options_submit_213350257.targets = "roleAjaxDiv"; > options_submit_213350257.href = "#"; > options_submit_213350257.formids = "getRole%\{#attr.currentObj.roleid}"; > options_submit_213350257.indicatorid = "roleIndicator"; > options_submit_213350257.effect = "highlight"; > options_submit_213350257.effectoptions = {}; > jQuery.struts2_jquery.bind(jQuery('#submit_213350257'),options_submit_213350257); > }); > > > The JS that it generates does NOT translate: > options_submit_213350257.formids = "getRole%\{#attr.currentObj.roleid}"; > This works with 2.5.20 but does NOT work with 2.5.29, 2.5.30. > Works with 6.0.3, but not ready to upgrade to it, seems very unstable. > I believe this is related to: > * [WW-5117] - %\{id} evaluates different for data-* and value attribute > > > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (WW-5247) Related to: [WW-5117] - %{id} evaluates different for data-* and value attribute
[ https://issues.apache.org/jira/browse/WW-5247?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Lukasz Lenart updated WW-5247: -- Fix Version/s: 6.1.0 > Related to: [WW-5117] - %{id} evaluates different for data-* and value > attribute > > > Key: WW-5247 > URL: https://issues.apache.org/jira/browse/WW-5247 > Project: Struts 2 > Issue Type: Bug >Affects Versions: 2.5.30 >Reporter: Javier >Priority: Major > Fix For: 6.1.0 > > > I upgraded from 2.5.20 to 2.5.30 and the following stopped working: > id="currentObj" name="${roleEntry.value}" > > > property="name" /> > style="width:1%"> > theme="simple" action="getRoleAuthRolesPerms" > > value="%\{#attr.currentObj.roleid}" /> > indicator="roleIndicator" cssClass="tooltipBorderless" title="View Role" > type="image" src="../img/view.gif" /> > > > > > Generates: > action="/apps/epar/getRoleAuthRolesPerms.action" method="post" > class="formstyle"> > value="159" id="getRole159_authorityRole_roleid"> > id="submit_213350257" value="Submit" class="tooltipBorderless" title="View > Role"> > > jQuery(document).ready(function () { > var options_submit_213350257 = {}; > options_submit_213350257.jqueryaction = "button"; > options_submit_213350257.id = "submit_213350257"; > options_submit_213350257.targets = "roleAjaxDiv"; > options_submit_213350257.href = "#"; > options_submit_213350257.formids = "getRole%\{#attr.currentObj.roleid}"; > options_submit_213350257.indicatorid = "roleIndicator"; > options_submit_213350257.effect = "highlight"; > options_submit_213350257.effectoptions = {}; > jQuery.struts2_jquery.bind(jQuery('#submit_213350257'),options_submit_213350257); > }); > > > The JS that it generates does NOT translate: > options_submit_213350257.formids = "getRole%\{#attr.currentObj.roleid}"; > This works with 2.5.20 but does NOT work with 2.5.29, 2.5.30. > Works with 6.0.3, but not ready to upgrade to it, seems very unstable. > I believe this is related to: > * [WW-5117] - %\{id} evaluates different for data-* and value attribute > > > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Closed] (WW-5246) commons-text CVE issue
[ https://issues.apache.org/jira/browse/WW-5246?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Lukasz Lenart closed WW-5246. - Resolution: Fixed Already addressed in WW-5244 > commons-text CVE issue > -- > > Key: WW-5246 > URL: https://issues.apache.org/jira/browse/WW-5246 > Project: Struts 2 > Issue Type: Improvement >Affects Versions: 6.0.0, 6.0.3 >Reporter: Daniel Wu >Priority: Critical > > As you may already aware of the [NVD - CVE-2022-42889 (nist.gov) > {color:#172b4d}+issue+{color}|https://nvd.nist.gov/vuln/detail/CVE-2022-42889], > which impacts Apache Commons Text library (versions up to and including 1.9 > are impacted). I am reaching out to your team to try to get an update on this > issue. Could you let me know the estimated timeline for addressing this > issue? It will be great if the upcoming release could include the fix. > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (WW-5246) commons-text CVE issue
[ https://issues.apache.org/jira/browse/WW-5246?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Daniel Wu updated WW-5246: -- Issue Type: Improvement (was: Dependency) > commons-text CVE issue > -- > > Key: WW-5246 > URL: https://issues.apache.org/jira/browse/WW-5246 > Project: Struts 2 > Issue Type: Improvement >Affects Versions: 6.0.0, 6.0.3 >Reporter: Daniel Wu >Priority: Critical > > As you may already aware of the [NVD - CVE-2022-42889 (nist.gov) > {color:#172b4d}+issue+{color}|https://nvd.nist.gov/vuln/detail/CVE-2022-42889], > which impacts Apache Commons Text library (versions up to and including 1.9 > are impacted). I am reaching out to your team to try to get an update on this > issue. Could you let me know the estimated timeline for addressing this > issue? It will be great if the upcoming release could include the fix. > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (WW-5247) Related to: [WW-5117] - %{id} evaluates different for data-* and value attribute
Javier created WW-5247: -- Summary: Related to: [WW-5117] - %{id} evaluates different for data-* and value attribute Key: WW-5247 URL: https://issues.apache.org/jira/browse/WW-5247 Project: Struts 2 Issue Type: Bug Affects Versions: 2.5.30 Reporter: Javier I upgraded from 2.5.20 to 2.5.30 and the following stopped working: Generates: jQuery(document).ready(function () { var options_submit_213350257 = {}; options_submit_213350257.jqueryaction = "button"; options_submit_213350257.id = "submit_213350257"; options_submit_213350257.targets = "roleAjaxDiv"; options_submit_213350257.href = "#"; options_submit_213350257.formids = "getRole%\{#attr.currentObj.roleid}"; options_submit_213350257.indicatorid = "roleIndicator"; options_submit_213350257.effect = "highlight"; options_submit_213350257.effectoptions = {}; jQuery.struts2_jquery.bind(jQuery('#submit_213350257'),options_submit_213350257); }); The JS that it generates does NOT translate: options_submit_213350257.formids = "getRole%\{#attr.currentObj.roleid}"; This works with 2.5.20 but does NOT work with 2.5.29, 2.5.30. Works with 6.0.3, but not ready to upgrade to it, seems very unstable. I believe this is related to: * [WW-5117] - %\{id} evaluates different for data-* and value attribute -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (WW-5246) commons-text CVE issue
Daniel Wu created WW-5246: - Summary: commons-text CVE issue Key: WW-5246 URL: https://issues.apache.org/jira/browse/WW-5246 Project: Struts 2 Issue Type: Dependency Affects Versions: 6.0.3, 6.0.0 Reporter: Daniel Wu As you may already aware of the [NVD - CVE-2022-42889 (nist.gov) {color:#172b4d}+issue+{color}|https://nvd.nist.gov/vuln/detail/CVE-2022-42889], which impacts Apache Commons Text library (versions up to and including 1.9 are impacted). I am reaching out to your team to try to get an update on this issue. Could you let me know the estimated timeline for addressing this issue? It will be great if the upcoming release could include the fix. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Work logged] (WW-3737) Parsing of excludePattern breaks regex
[ https://issues.apache.org/jira/browse/WW-3737?focusedWorklogId=818446&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-818446 ] ASF GitHub Bot logged work on WW-3737: -- Author: ASF GitHub Bot Created on: 19/Oct/22 12:07 Start Date: 19/Oct/22 12:07 Worklog Time Spent: 10m Work Description: sonarcloud[bot] commented on PR #621: URL: https://github.com/apache/struts/pull/621#issuecomment-1283906441 Kudos, SonarCloud Quality Gate passed! [![Quality Gate passed](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/QualityGateBadge/passed-16px.png 'Quality Gate passed')](https://sonarcloud.io/dashboard?id=apache_struts&pullRequest=621) [![Bug](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/bug-16px.png 'Bug')](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=621&resolved=false&types=BUG) [![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png 'A')](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=621&resolved=false&types=BUG) [0 Bugs](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=621&resolved=false&types=BUG) [![Vulnerability](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/vulnerability-16px.png 'Vulnerability')](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=621&resolved=false&types=VULNERABILITY) [![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png 'A')](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=621&resolved=false&types=VULNERABILITY) [0 Vulnerabilities](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=621&resolved=false&types=VULNERABILITY) [![Security Hotspot](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/security_hotspot-16px.png 'Security Hotspot')](https://sonarcloud.io/project/security_hotspots?id=apache_struts&pullRequest=621&resolved=false&types=SECURITY_HOTSPOT) [![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png 'A')](https://sonarcloud.io/project/security_hotspots?id=apache_struts&pullRequest=621&resolved=false&types=SECURITY_HOTSPOT) [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_struts&pullRequest=621&resolved=false&types=SECURITY_HOTSPOT) [![Code Smell](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/code_smell-16px.png 'Code Smell')](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=621&resolved=false&types=CODE_SMELL) [![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png 'A')](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=621&resolved=false&types=CODE_SMELL) [3 Code Smells](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=621&resolved=false&types=CODE_SMELL) [![100.0%](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/CoverageChart/100-16px.png '100.0%')](https://sonarcloud.io/component_measures?id=apache_struts&pullRequest=621&metric=new_coverage&view=list) [100.0% Coverage](https://sonarcloud.io/component_measures?id=apache_struts&pullRequest=621&metric=new_coverage&view=list) [![0.0%](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/Duplications/3-16px.png '0.0%')](https://sonarcloud.io/component_measures?id=apache_struts&pullRequest=621&metric=new_duplicated_lines_density&view=list) [0.0% Duplication](https://sonarcloud.io/component_measures?id=apache_struts&pullRequest=621&metric=new_duplicated_lines_density&view=list) Issue Time Tracking --- Worklog Id: (was: 818446) Time Spent: 20m (was: 10m) > Parsing of excludePattern breaks regex > --- > > Key: WW-3737 > URL: https://issues.apache.org/jira/browse/WW-3737 > Project: Struts 2 > Issue Type: Bug > Components: Dispatch Filter >Reporter: Erlend Oftedal >Priority: Major > Fix For: 6.1.0 > > Time Spent: 20m > Remaining Estimate: 0h > > See {{buildExcludedPatternsList()}} in > [http://svn.apache.org/repos/asf/struts/struts2/trunk/core/src/main/java/org/apache/struts2/dispatcher/ng/InitOperations.java] > It simply splits on commas, making it impossible to write regex like > {{"/products/[0-9]\{1,10}.json"}} as this will be split in two. > Please supply a way to escape commas by sticking a \ in front or something > like that. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[GitHub] [struts] sonarcloud[bot] commented on pull request #621: [WW-3737] Allows to define a custom separator used to split patterns
sonarcloud[bot] commented on PR #621: URL: https://github.com/apache/struts/pull/621#issuecomment-1283906441 Kudos, SonarCloud Quality Gate passed! [![Quality Gate passed](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/QualityGateBadge/passed-16px.png 'Quality Gate passed')](https://sonarcloud.io/dashboard?id=apache_struts&pullRequest=621) [![Bug](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/bug-16px.png 'Bug')](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=621&resolved=false&types=BUG) [![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png 'A')](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=621&resolved=false&types=BUG) [0 Bugs](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=621&resolved=false&types=BUG) [![Vulnerability](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/vulnerability-16px.png 'Vulnerability')](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=621&resolved=false&types=VULNERABILITY) [![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png 'A')](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=621&resolved=false&types=VULNERABILITY) [0 Vulnerabilities](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=621&resolved=false&types=VULNERABILITY) [![Security Hotspot](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/security_hotspot-16px.png 'Security Hotspot')](https://sonarcloud.io/project/security_hotspots?id=apache_struts&pullRequest=621&resolved=false&types=SECURITY_HOTSPOT) [![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png 'A')](https://sonarcloud.io/project/security_hotspots?id=apache_struts&pullRequest=621&resolved=false&types=SECURITY_HOTSPOT) [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_struts&pullRequest=621&resolved=false&types=SECURITY_HOTSPOT) [![Code Smell](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/code_smell-16px.png 'Code Smell')](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=621&resolved=false&types=CODE_SMELL) [![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png 'A')](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=621&resolved=false&types=CODE_SMELL) [3 Code Smells](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=621&resolved=false&types=CODE_SMELL) [![100.0%](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/CoverageChart/100-16px.png '100.0%')](https://sonarcloud.io/component_measures?id=apache_struts&pullRequest=621&metric=new_coverage&view=list) [100.0% Coverage](https://sonarcloud.io/component_measures?id=apache_struts&pullRequest=621&metric=new_coverage&view=list) [![0.0%](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/Duplications/3-16px.png '0.0%')](https://sonarcloud.io/component_measures?id=apache_struts&pullRequest=621&metric=new_duplicated_lines_density&view=list) [0.0% Duplication](https://sonarcloud.io/component_measures?id=apache_struts&pullRequest=621&metric=new_duplicated_lines_density&view=list) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@struts.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Commented] (WW-3737) Parsing of excludePattern breaks regex
[ https://issues.apache.org/jira/browse/WW-3737?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17620290#comment-17620290 ] Lukasz Lenart commented on WW-3737: --- I added a new constant {{struts.action.excludePattern.separator}} to define a custom separator used to split patterns, which should solve the problem. By default {{,}} is used. > Parsing of excludePattern breaks regex > --- > > Key: WW-3737 > URL: https://issues.apache.org/jira/browse/WW-3737 > Project: Struts 2 > Issue Type: Bug > Components: Dispatch Filter >Reporter: Erlend Oftedal >Priority: Major > Fix For: 6.1.0 > > Time Spent: 10m > Remaining Estimate: 0h > > See {{buildExcludedPatternsList()}} in > [http://svn.apache.org/repos/asf/struts/struts2/trunk/core/src/main/java/org/apache/struts2/dispatcher/ng/InitOperations.java] > It simply splits on commas, making it impossible to write regex like > {{"/products/[0-9]\{1,10}.json"}} as this will be split in two. > Please supply a way to escape commas by sticking a \ in front or something > like that. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Work logged] (WW-3737) Parsing of excludePattern breaks regex
[ https://issues.apache.org/jira/browse/WW-3737?focusedWorklogId=818442&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-818442 ] ASF GitHub Bot logged work on WW-3737: -- Author: ASF GitHub Bot Created on: 19/Oct/22 11:58 Start Date: 19/Oct/22 11:58 Worklog Time Spent: 10m Work Description: lukaszlenart opened a new pull request, #621: URL: https://github.com/apache/struts/pull/621 Closes [WW-3737](https://issues.apache.org/jira/browse/WW-3737) Issue Time Tracking --- Worklog Id: (was: 818442) Remaining Estimate: 0h Time Spent: 10m > Parsing of excludePattern breaks regex > --- > > Key: WW-3737 > URL: https://issues.apache.org/jira/browse/WW-3737 > Project: Struts 2 > Issue Type: Bug > Components: Dispatch Filter >Reporter: Erlend Oftedal >Priority: Major > Fix For: 6.1.0 > > Time Spent: 10m > Remaining Estimate: 0h > > See {{buildExcludedPatternsList()}} in > [http://svn.apache.org/repos/asf/struts/struts2/trunk/core/src/main/java/org/apache/struts2/dispatcher/ng/InitOperations.java] > It simply splits on commas, making it impossible to write regex like > {{"/products/[0-9]\{1,10}.json"}} as this will be split in two. > Please supply a way to escape commas by sticking a \ in front or something > like that. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (WW-3737) Parsing of excludePattern breaks regex
[ https://issues.apache.org/jira/browse/WW-3737?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17620288#comment-17620288 ] ASF subversion and git services commented on WW-3737: - Commit c41f05fe68c4f89ba5042747a43bb74e108ce550 in struts's branch refs/heads/WW-3737-custom-separator from Lukasz Lenart [ https://gitbox.apache.org/repos/asf?p=struts.git;h=c41f05fe6 ] WW-3737 Allows to define a custom separator used to split patterns > Parsing of excludePattern breaks regex > --- > > Key: WW-3737 > URL: https://issues.apache.org/jira/browse/WW-3737 > Project: Struts 2 > Issue Type: Bug > Components: Dispatch Filter >Reporter: Erlend Oftedal >Priority: Major > Fix For: 6.1.0 > > > See {{buildExcludedPatternsList()}} in > [http://svn.apache.org/repos/asf/struts/struts2/trunk/core/src/main/java/org/apache/struts2/dispatcher/ng/InitOperations.java] > It simply splits on commas, making it impossible to write regex like > {{"/products/[0-9]\{1,10}.json"}} as this will be split in two. > Please supply a way to escape commas by sticking a \ in front or something > like that. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[GitHub] [struts] sonarcloud[bot] commented on pull request #620: [WW-3529] Fixes using RegEx related characters in named pattern
sonarcloud[bot] commented on PR #620: URL: https://github.com/apache/struts/pull/620#issuecomment-1283783418 Kudos, SonarCloud Quality Gate passed! [![Quality Gate passed](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/QualityGateBadge/passed-16px.png 'Quality Gate passed')](https://sonarcloud.io/dashboard?id=apache_struts&pullRequest=620) [![Bug](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/bug-16px.png 'Bug')](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=620&resolved=false&types=BUG) [![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png 'A')](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=620&resolved=false&types=BUG) [0 Bugs](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=620&resolved=false&types=BUG) [![Vulnerability](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/vulnerability-16px.png 'Vulnerability')](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=620&resolved=false&types=VULNERABILITY) [![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png 'A')](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=620&resolved=false&types=VULNERABILITY) [0 Vulnerabilities](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=620&resolved=false&types=VULNERABILITY) [![Security Hotspot](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/security_hotspot-16px.png 'Security Hotspot')](https://sonarcloud.io/project/security_hotspots?id=apache_struts&pullRequest=620&resolved=false&types=SECURITY_HOTSPOT) [![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png 'A')](https://sonarcloud.io/project/security_hotspots?id=apache_struts&pullRequest=620&resolved=false&types=SECURITY_HOTSPOT) [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_struts&pullRequest=620&resolved=false&types=SECURITY_HOTSPOT) [![Code Smell](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/code_smell-16px.png 'Code Smell')](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=620&resolved=false&types=CODE_SMELL) [![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png 'A')](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=620&resolved=false&types=CODE_SMELL) [1 Code Smell](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=620&resolved=false&types=CODE_SMELL) [![94.9%](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/CoverageChart/90-16px.png '94.9%')](https://sonarcloud.io/component_measures?id=apache_struts&pullRequest=620&metric=new_coverage&view=list) [94.9% Coverage](https://sonarcloud.io/component_measures?id=apache_struts&pullRequest=620&metric=new_coverage&view=list) [![0.0%](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/Duplications/3-16px.png '0.0%')](https://sonarcloud.io/component_measures?id=apache_struts&pullRequest=620&metric=new_duplicated_lines_density&view=list) [0.0% Duplication](https://sonarcloud.io/component_measures?id=apache_struts&pullRequest=620&metric=new_duplicated_lines_density&view=list) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@struts.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Work logged] (WW-3529) NamedVariablePatternMatcher does not properly escape characters
[ https://issues.apache.org/jira/browse/WW-3529?focusedWorklogId=818416&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-818416 ] ASF GitHub Bot logged work on WW-3529: -- Author: ASF GitHub Bot Created on: 19/Oct/22 10:29 Start Date: 19/Oct/22 10:29 Worklog Time Spent: 10m Work Description: sonarcloud[bot] commented on PR #620: URL: https://github.com/apache/struts/pull/620#issuecomment-1283783418 Kudos, SonarCloud Quality Gate passed! [![Quality Gate passed](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/QualityGateBadge/passed-16px.png 'Quality Gate passed')](https://sonarcloud.io/dashboard?id=apache_struts&pullRequest=620) [![Bug](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/bug-16px.png 'Bug')](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=620&resolved=false&types=BUG) [![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png 'A')](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=620&resolved=false&types=BUG) [0 Bugs](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=620&resolved=false&types=BUG) [![Vulnerability](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/vulnerability-16px.png 'Vulnerability')](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=620&resolved=false&types=VULNERABILITY) [![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png 'A')](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=620&resolved=false&types=VULNERABILITY) [0 Vulnerabilities](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=620&resolved=false&types=VULNERABILITY) [![Security Hotspot](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/security_hotspot-16px.png 'Security Hotspot')](https://sonarcloud.io/project/security_hotspots?id=apache_struts&pullRequest=620&resolved=false&types=SECURITY_HOTSPOT) [![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png 'A')](https://sonarcloud.io/project/security_hotspots?id=apache_struts&pullRequest=620&resolved=false&types=SECURITY_HOTSPOT) [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_struts&pullRequest=620&resolved=false&types=SECURITY_HOTSPOT) [![Code Smell](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/code_smell-16px.png 'Code Smell')](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=620&resolved=false&types=CODE_SMELL) [![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png 'A')](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=620&resolved=false&types=CODE_SMELL) [1 Code Smell](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=620&resolved=false&types=CODE_SMELL) [![94.9%](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/CoverageChart/90-16px.png '94.9%')](https://sonarcloud.io/component_measures?id=apache_struts&pullRequest=620&metric=new_coverage&view=list) [94.9% Coverage](https://sonarcloud.io/component_measures?id=apache_struts&pullRequest=620&metric=new_coverage&view=list) [![0.0%](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/Duplications/3-16px.png '0.0%')](https://sonarcloud.io/component_measures?id=apache_struts&pullRequest=620&metric=new_duplicated_lines_density&view=list) [0.0% Duplication](https://sonarcloud.io/component_measures?id=apache_struts&pullRequest=620&metric=new_duplicated_lines_density&view=list) Issue Time Tracking --- Worklog Id: (was: 818416) Time Spent: 20m (was: 10m) > NamedVariablePatternMatcher does not properly escape characters > --- > > Key: WW-3529 > URL: https://issues.apache.org/jira/browse/WW-3529 > Project: Struts 2 > Issue Type: Bug > Components: Other >Affects Versions: 2.2.1 >Reporter: Richard Vermillion >Priority: Major > Fix For: 6.1.0 > > Attachments: NamedVariablePatternMatcher.patch > > Time Spent: 20m > Remaining Estimate: 0h > > The {{com.opensymphony.xwork2.util.NamedVariablePatternMatcher}} class has a > bug in the {{compilePattern(String)}} method. The purpose of the method is to > compile patterns such as {{"action/\{foo}"}} to a regular expression Pattern > and extract the variable names that match each group in the regex. In the > example given and the 2.2.1 code base, the pattern will be compiled as > {{{}"action/([^/]+)"{
[jira] [Work logged] (WW-3529) NamedVariablePatternMatcher does not properly escape characters
[ https://issues.apache.org/jira/browse/WW-3529?focusedWorklogId=818414&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-818414 ] ASF GitHub Bot logged work on WW-3529: -- Author: ASF GitHub Bot Created on: 19/Oct/22 10:23 Start Date: 19/Oct/22 10:23 Worklog Time Spent: 10m Work Description: lukaszlenart opened a new pull request, #620: URL: https://github.com/apache/struts/pull/620 Fixes [WW-3529](https://issues.apache.org/jira/browse/WW-3529) Issue Time Tracking --- Worklog Id: (was: 818414) Remaining Estimate: 0h Time Spent: 10m > NamedVariablePatternMatcher does not properly escape characters > --- > > Key: WW-3529 > URL: https://issues.apache.org/jira/browse/WW-3529 > Project: Struts 2 > Issue Type: Bug > Components: Other >Affects Versions: 2.2.1 >Reporter: Richard Vermillion >Priority: Major > Fix For: 6.1.0 > > Attachments: NamedVariablePatternMatcher.patch > > Time Spent: 10m > Remaining Estimate: 0h > > The {{com.opensymphony.xwork2.util.NamedVariablePatternMatcher}} class has a > bug in the {{compilePattern(String)}} method. The purpose of the method is to > compile patterns such as {{"action/\{foo}"}} to a regular expression Pattern > and extract the variable names that match each group in the regex. In the > example given and the 2.2.1 code base, the pattern will be compiled as > {{{}"action/([^/]+)"{}}}. However, if the pattern includes characters that > have special meaning to Java's regular expression engine, they are currently > not being escaped. > For example, the pattern {{"action.\{format}"}} is being compiled to > {{"action.([^/]{+})"{+}}} which correctly matches {{"action.html"}} but also > {{"actionK.html"}} or any other character because the {{'.'}} is not escaped. > The bug really bites when a pattern like {{"\{name}.\{format}"}} is used. > This will be compiled to {{"([^/]).([^/]+)"}} which will match > {{"cars.html"}} but not the way you expect. Because of greediness, it will > set {{name = "cars.ht"}} and {{{}format = "l"{}}}. > I will submit a patch to fix this behavior on the next screen. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (WW-3529) NamedVariablePatternMatcher does not properly escape characters
[ https://issues.apache.org/jira/browse/WW-3529?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17620181#comment-17620181 ] ASF subversion and git services commented on WW-3529: - Commit 993c4c4cab21ace8970d094da03291b21547ab83 in struts's branch refs/heads/WW-3529-named-pattern from Lukasz Lenart [ https://gitbox.apache.org/repos/asf?p=struts.git;h=993c4c4ca ] WW-3529 Fixes using RegEx related characters in named pattern > NamedVariablePatternMatcher does not properly escape characters > --- > > Key: WW-3529 > URL: https://issues.apache.org/jira/browse/WW-3529 > Project: Struts 2 > Issue Type: Bug > Components: Other >Affects Versions: 2.2.1 >Reporter: Richard Vermillion >Priority: Major > Fix For: 6.1.0 > > Attachments: NamedVariablePatternMatcher.patch > > > The {{com.opensymphony.xwork2.util.NamedVariablePatternMatcher}} class has a > bug in the {{compilePattern(String)}} method. The purpose of the method is to > compile patterns such as {{"action/\{foo}"}} to a regular expression Pattern > and extract the variable names that match each group in the regex. In the > example given and the 2.2.1 code base, the pattern will be compiled as > {{{}"action/([^/]+)"{}}}. However, if the pattern includes characters that > have special meaning to Java's regular expression engine, they are currently > not being escaped. > For example, the pattern {{"action.\{format}"}} is being compiled to > {{"action.([^/]{+})"{+}}} which correctly matches {{"action.html"}} but also > {{"actionK.html"}} or any other character because the {{'.'}} is not escaped. > The bug really bites when a pattern like {{"\{name}.\{format}"}} is used. > This will be compiled to {{"([^/]).([^/]+)"}} which will match > {{"cars.html"}} but not the way you expect. Because of greediness, it will > set {{name = "cars.ht"}} and {{{}format = "l"{}}}. > I will submit a patch to fix this behavior on the next screen. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (WW-3737) Parsing of excludePattern breaks regex
[ https://issues.apache.org/jira/browse/WW-3737?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Lukasz Lenart updated WW-3737: -- Description: See {{buildExcludedPatternsList()}} in [http://svn.apache.org/repos/asf/struts/struts2/trunk/core/src/main/java/org/apache/struts2/dispatcher/ng/InitOperations.java] It simply splits on commas, making it impossible to write regex like {{"/products/[0-9]\{1,10}.json"}} as this will be split in two. Please supply a way to escape commas by sticking a \ in front or something like that. was: See {{buildExcludedPatternsList()}} in [http://svn.apache.org/repos/asf/struts/struts2/trunk/core/src/main/java/org/apache/struts2/dispatcher/ng/InitOperations.java] It simply splits on commas, making it impossible to write regex like {{"/products/[0-9]{1,10}.json"}} as this will be split in two. Please supply a way to escape commas by sticking a \ in front or something like that. > Parsing of excludePattern breaks regex > --- > > Key: WW-3737 > URL: https://issues.apache.org/jira/browse/WW-3737 > Project: Struts 2 > Issue Type: Bug > Components: Dispatch Filter >Reporter: Erlend Oftedal >Priority: Major > Fix For: 6.1.0 > > > See {{buildExcludedPatternsList()}} in > [http://svn.apache.org/repos/asf/struts/struts2/trunk/core/src/main/java/org/apache/struts2/dispatcher/ng/InitOperations.java] > It simply splits on commas, making it impossible to write regex like > {{"/products/[0-9]\{1,10}.json"}} as this will be split in two. > Please supply a way to escape commas by sticking a \ in front or something > like that. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (WW-3737) Parsing of excludePattern breaks regex
[ https://issues.apache.org/jira/browse/WW-3737?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Lukasz Lenart updated WW-3737: -- Description: See {{buildExcludedPatternsList()}} in [http://svn.apache.org/repos/asf/struts/struts2/trunk/core/src/main/java/org/apache/struts2/dispatcher/ng/InitOperations.java] It simply splits on commas, making it impossible to write regex like {{"/products/[0-9]{1,10}.json"}} as this will be split in two. Please supply a way to escape commas by sticking a \ in front or something like that. was: See buildExcludedPatternsList() in http://svn.apache.org/repos/asf/struts/struts2/trunk/core/src/main/java/org/apache/struts2/dispatcher/ng/InitOperations.java It simply splits on commas, making it impossible to write regex like /products/[0-9]{1,10}.json as this will be split in two. Please supply a way to escape commas by sticking a \ in front or something like that. > Parsing of excludePattern breaks regex > --- > > Key: WW-3737 > URL: https://issues.apache.org/jira/browse/WW-3737 > Project: Struts 2 > Issue Type: Bug > Components: Dispatch Filter >Reporter: Erlend Oftedal >Priority: Major > Fix For: 6.1.0 > > > See {{buildExcludedPatternsList()}} in > [http://svn.apache.org/repos/asf/struts/struts2/trunk/core/src/main/java/org/apache/struts2/dispatcher/ng/InitOperations.java] > It simply splits on commas, making it impossible to write regex like > {{"/products/[0-9]{1,10}.json"}} as this will be split in two. > Please supply a way to escape commas by sticking a \ in front or something > like that. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (WW-3529) NamedVariablePatternMatcher does not properly escape characters
[ https://issues.apache.org/jira/browse/WW-3529?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Lukasz Lenart updated WW-3529: -- Description: The {{com.opensymphony.xwork2.util.NamedVariablePatternMatcher}} class has a bug in the {{compilePattern(String)}} method. The purpose of the method is to compile patterns such as {{"action/\{foo}"}} to a regular expression Pattern and extract the variable names that match each group in the regex. In the example given and the 2.2.1 code base, the pattern will be compiled as {{{}"action/([^/]+)"{}}}. However, if the pattern includes characters that have special meaning to Java's regular expression engine, they are currently not being escaped. For example, the pattern {{"action.\{format}"}} is being compiled to {{"action.([^/]{+})"{+}}} which correctly matches {{"action.html"}} but also {{"actionK.html"}} or any other character because the {{'.'}} is not escaped. The bug really bites when a pattern like {{"\{name}.\{format}"}} is used. This will be compiled to {{"([^/]).([^/]+)"}} which will match {{"cars.html"}} but not the way you expect. Because of greediness, it will set {{name = "cars.ht"}} and {{{}format = "l"{}}}. I will submit a patch to fix this behavior on the next screen. was: The com.opensymphony.xwork2.util.NamedVariablePatternMatcher class has a bug in the {{compilePattern(String)}} method. The purpose of the method is to compile patterns such as {{"action/\{foo}"}} to a regular expression Pattern and extract the variable names that match each group in the regex. In the example given and the 2.2.1 code base, the pattern will be compiled as {{"action/([^/]+)"}}. However, if the pattern includes characters that have special meaning to Java's regular expression engine, they are currently not being escaped. For example, the pattern {{"action.\{format}"}} is being compiled to {{"action.([^/]+)"}} which correctly matches {{"action.html"}} but also {{"actionK.html"}} or any other character because the {{'.'}} is not escaped. The bug really bites when a pattern like {{"\{name}.\{format}"}} is used. This will be compiled to {{"([^/]+).([^/]+)"}} which will match {{"cars.html"}} but not the way you expect. Because of greediness, it will set {{name = "cars.ht"}} and {{format = "l"}}. I will submit a patch to fix this behavior on the next screen. > NamedVariablePatternMatcher does not properly escape characters > --- > > Key: WW-3529 > URL: https://issues.apache.org/jira/browse/WW-3529 > Project: Struts 2 > Issue Type: Bug > Components: Other >Affects Versions: 2.2.1 >Reporter: Richard Vermillion >Priority: Major > Fix For: 6.1.0 > > Attachments: NamedVariablePatternMatcher.patch > > > The {{com.opensymphony.xwork2.util.NamedVariablePatternMatcher}} class has a > bug in the {{compilePattern(String)}} method. The purpose of the method is to > compile patterns such as {{"action/\{foo}"}} to a regular expression Pattern > and extract the variable names that match each group in the regex. In the > example given and the 2.2.1 code base, the pattern will be compiled as > {{{}"action/([^/]+)"{}}}. However, if the pattern includes characters that > have special meaning to Java's regular expression engine, they are currently > not being escaped. > For example, the pattern {{"action.\{format}"}} is being compiled to > {{"action.([^/]{+})"{+}}} which correctly matches {{"action.html"}} but also > {{"actionK.html"}} or any other character because the {{'.'}} is not escaped. > The bug really bites when a pattern like {{"\{name}.\{format}"}} is used. > This will be compiled to {{"([^/]).([^/]+)"}} which will match > {{"cars.html"}} but not the way you expect. Because of greediness, it will > set {{name = "cars.ht"}} and {{{}format = "l"{}}}. > I will submit a patch to fix this behavior on the next screen. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (WW-3529) NamedVariablePatternMatcher does not properly escape characters
[ https://issues.apache.org/jira/browse/WW-3529?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Lukasz Lenart updated WW-3529: -- Description: The com.opensymphony.xwork2.util.NamedVariablePatternMatcher class has a bug in the {{compilePattern(String)}} method. The purpose of the method is to compile patterns such as {{"action/\{foo}"}} to a regular expression Pattern and extract the variable names that match each group in the regex. In the example given and the 2.2.1 code base, the pattern will be compiled as {{"action/([^/]+)"}}. However, if the pattern includes characters that have special meaning to Java's regular expression engine, they are currently not being escaped. For example, the pattern {{"action.\{format}"}} is being compiled to {{"action.([^/]+)"}} which correctly matches {{"action.html"}} but also {{"actionK.html"}} or any other character because the {{'.'}} is not escaped. The bug really bites when a pattern like {{"\{name}.\{format}"}} is used. This will be compiled to {{"([^/]+).([^/]+)"}} which will match {{"cars.html"}} but not the way you expect. Because of greediness, it will set {{name = "cars.ht"}} and {{format = "l"}}. I will submit a patch to fix this behavior on the next screen. was: The com.opensymphony.xwork2.util.NamedVariablePatternMatcher class has a bug in the {{compilePattern(String)}} method. The purpose of the method is to compile patterns such as {{"action/\{foo}"}} to a regular expression Pattern and extract the variable names that match each group in the regex. In the example given and the 2.2.1 code base, the pattern will be compiled as {{"action/([^/]+)"}}. However, if the pattern includes characters that have special meaning to Java's regular expression engine, they are currently not being escaped. For example, the pattern "action.{format}" is being compiled to {{"action.([^/]+)"}} which correctly matches {{"action.html"}} but also {{"actionK.html"}} or any other character because the {{'.'}} is not escaped. The bug really bites when a pattern like {{"{name}.{format}"}} is used. This will be compiled to {{"([^/]+).([^/]+)"}} which will match {{"cars.html"}} but not the way you expect. Because of greediness, it will set {{name = "cars.ht"}} and {{format = "l"}}. I will submit a patch to fix this behavior on the next screen. > NamedVariablePatternMatcher does not properly escape characters > --- > > Key: WW-3529 > URL: https://issues.apache.org/jira/browse/WW-3529 > Project: Struts 2 > Issue Type: Bug > Components: Other >Affects Versions: 2.2.1 >Reporter: Richard Vermillion >Priority: Major > Fix For: 6.1.0 > > Attachments: NamedVariablePatternMatcher.patch > > > The com.opensymphony.xwork2.util.NamedVariablePatternMatcher class has a bug > in the {{compilePattern(String)}} method. The purpose of the method is to > compile patterns such as {{"action/\{foo}"}} to a regular expression Pattern > and extract the variable names that match each group in the regex. In the > example given and the 2.2.1 code base, the pattern will be compiled as > {{"action/([^/]+)"}}. However, if the pattern includes characters that have > special meaning to Java's regular expression engine, they are currently not > being escaped. > For example, the pattern {{"action.\{format}"}} is being compiled to > {{"action.([^/]+)"}} which correctly matches {{"action.html"}} but also > {{"actionK.html"}} or any other character because the {{'.'}} is not escaped. > The bug really bites when a pattern like {{"\{name}.\{format}"}} is used. > This will be compiled to {{"([^/]+).([^/]+)"}} which will match > {{"cars.html"}} but not the way you expect. Because of greediness, it will > set {{name = "cars.ht"}} and {{format = "l"}}. > I will submit a patch to fix this behavior on the next screen. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Work logged] (WW-5230) Upgrade OGNL to version 3.3.4
[ https://issues.apache.org/jira/browse/WW-5230?focusedWorklogId=818398&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-818398 ] ASF GitHub Bot logged work on WW-5230: -- Author: ASF GitHub Bot Created on: 19/Oct/22 09:47 Start Date: 19/Oct/22 09:47 Worklog Time Spent: 10m Work Description: sonarcloud[bot] commented on PR #619: URL: https://github.com/apache/struts/pull/619#issuecomment-1283726980 Kudos, SonarCloud Quality Gate passed! [![Quality Gate passed](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/QualityGateBadge/passed-16px.png 'Quality Gate passed')](https://sonarcloud.io/dashboard?id=apache_struts&pullRequest=619) [![Bug](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/bug-16px.png 'Bug')](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=619&resolved=false&types=BUG) [![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png 'A')](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=619&resolved=false&types=BUG) [0 Bugs](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=619&resolved=false&types=BUG) [![Vulnerability](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/vulnerability-16px.png 'Vulnerability')](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=619&resolved=false&types=VULNERABILITY) [![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png 'A')](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=619&resolved=false&types=VULNERABILITY) [0 Vulnerabilities](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=619&resolved=false&types=VULNERABILITY) [![Security Hotspot](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/security_hotspot-16px.png 'Security Hotspot')](https://sonarcloud.io/project/security_hotspots?id=apache_struts&pullRequest=619&resolved=false&types=SECURITY_HOTSPOT) [![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png 'A')](https://sonarcloud.io/project/security_hotspots?id=apache_struts&pullRequest=619&resolved=false&types=SECURITY_HOTSPOT) [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_struts&pullRequest=619&resolved=false&types=SECURITY_HOTSPOT) [![Code Smell](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/code_smell-16px.png 'Code Smell')](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=619&resolved=false&types=CODE_SMELL) [![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png 'A')](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=619&resolved=false&types=CODE_SMELL) [0 Code Smells](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=619&resolved=false&types=CODE_SMELL) [![No Coverage information](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/CoverageChart/NoCoverageInfo-16px.png 'No Coverage information')](https://sonarcloud.io/component_measures?id=apache_struts&pullRequest=619&metric=coverage&view=list) No Coverage information [![0.0%](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/Duplications/3-16px.png '0.0%')](https://sonarcloud.io/component_measures?id=apache_struts&pullRequest=619&metric=new_duplicated_lines_density&view=list) [0.0% Duplication](https://sonarcloud.io/component_measures?id=apache_struts&pullRequest=619&metric=new_duplicated_lines_density&view=list) Issue Time Tracking --- Worklog Id: (was: 818398) Time Spent: 20m (was: 10m) > Upgrade OGNL to version 3.3.4 > - > > Key: WW-5230 > URL: https://issues.apache.org/jira/browse/WW-5230 > Project: Struts 2 > Issue Type: Dependency > Components: Core >Reporter: Lukasz Lenart >Priority: Major > Fix For: 6.1.0 > > Time Spent: 20m > Remaining Estimate: 0h > > Version notes > https://github.com/orphan-oss/ognl/releases/tag/OGNL_3_3_4 -- This message was sent by Atlassian Jira (v8.20.10#820010)
[GitHub] [struts] sonarcloud[bot] commented on pull request #619: [WW-5230] Upgrades OGNL to version 3.3.4
sonarcloud[bot] commented on PR #619: URL: https://github.com/apache/struts/pull/619#issuecomment-1283726980 Kudos, SonarCloud Quality Gate passed! [![Quality Gate passed](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/QualityGateBadge/passed-16px.png 'Quality Gate passed')](https://sonarcloud.io/dashboard?id=apache_struts&pullRequest=619) [![Bug](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/bug-16px.png 'Bug')](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=619&resolved=false&types=BUG) [![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png 'A')](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=619&resolved=false&types=BUG) [0 Bugs](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=619&resolved=false&types=BUG) [![Vulnerability](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/vulnerability-16px.png 'Vulnerability')](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=619&resolved=false&types=VULNERABILITY) [![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png 'A')](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=619&resolved=false&types=VULNERABILITY) [0 Vulnerabilities](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=619&resolved=false&types=VULNERABILITY) [![Security Hotspot](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/security_hotspot-16px.png 'Security Hotspot')](https://sonarcloud.io/project/security_hotspots?id=apache_struts&pullRequest=619&resolved=false&types=SECURITY_HOTSPOT) [![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png 'A')](https://sonarcloud.io/project/security_hotspots?id=apache_struts&pullRequest=619&resolved=false&types=SECURITY_HOTSPOT) [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_struts&pullRequest=619&resolved=false&types=SECURITY_HOTSPOT) [![Code Smell](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/code_smell-16px.png 'Code Smell')](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=619&resolved=false&types=CODE_SMELL) [![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png 'A')](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=619&resolved=false&types=CODE_SMELL) [0 Code Smells](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=619&resolved=false&types=CODE_SMELL) [![No Coverage information](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/CoverageChart/NoCoverageInfo-16px.png 'No Coverage information')](https://sonarcloud.io/component_measures?id=apache_struts&pullRequest=619&metric=coverage&view=list) No Coverage information [![0.0%](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/Duplications/3-16px.png '0.0%')](https://sonarcloud.io/component_measures?id=apache_struts&pullRequest=619&metric=new_duplicated_lines_density&view=list) [0.0% Duplication](https://sonarcloud.io/component_measures?id=apache_struts&pullRequest=619&metric=new_duplicated_lines_density&view=list) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@struts.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Updated] (WW-3529) NamedVariablePatternMatcher does not properly escape characters
[ https://issues.apache.org/jira/browse/WW-3529?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Lukasz Lenart updated WW-3529: -- Description: The com.opensymphony.xwork2.util.NamedVariablePatternMatcher class has a bug in the {{compilePattern(String)}} method. The purpose of the method is to compile patterns such as {{"action/{foo}"}} to a regular expression Pattern and extract the variable names that match each group in the regex. In the example given and the 2.2.1 code base, the pattern will be compiled as {{"action/([^/]+)"}}. However, if the pattern includes characters that have special meaning to Java's regular expression engine, they are currently not being escaped. For example, the pattern "action.{format}" is being compiled to {{"action.([^/]+)"}} which correctly matches {{"action.html"}} but also {{"actionK.html"}} or any other character because the {{'.'}} is not escaped. The bug really bites when a pattern like {{"{name}.{format}"}} is used. This will be compiled to {{"([^/]+).([^/]+)"}} which will match {{"cars.html"}} but not the way you expect. Because of greediness, it will set {{name = "cars.ht"}} and {{format = "l"}}. I will submit a patch to fix this behavior on the next screen. was: The com.opensymphony.xwork2.util.NamedVariablePatternMatcher class has a bug in the compilePattern(String) method. The purpose of the method is to compile patterns such as "action/{foo}" to a regular expression Pattern and extract the variable names that match each group in the regex. In the example given and the 2.2.1 code base, the pattern will be compiled as "action/([^/]+)". However, if the pattern includes characters that have special meaning to Java's regular expression engine, they are currently not being escaped. For example, the pattern "action.{format}" is being compiled to "action.([^/]+)" which correctly matches "action.html" but also "actionK.html" or any other character because the '.' is not escaped. The bug really bites when a pattern like "{name}.{format}" is used. This will be compiled to "([^/]+).([^/]+)" which will match "cars.html" but not the way you expect. Because of greediness, it will set name = "cars.ht" and format = "l". I will submit a patch to fix this behavior on the next screen. > NamedVariablePatternMatcher does not properly escape characters > --- > > Key: WW-3529 > URL: https://issues.apache.org/jira/browse/WW-3529 > Project: Struts 2 > Issue Type: Bug > Components: Other >Affects Versions: 2.2.1 >Reporter: Richard Vermillion >Priority: Major > Fix For: 6.1.0 > > Attachments: NamedVariablePatternMatcher.patch > > > The com.opensymphony.xwork2.util.NamedVariablePatternMatcher class has a bug > in the {{compilePattern(String)}} method. The purpose of the method is to > compile patterns such as {{"action/{foo}"}} to a regular expression Pattern > and extract the variable names that match each group in the regex. In the > example given and the 2.2.1 code base, the pattern will be compiled as > {{"action/([^/]+)"}}. However, if the pattern includes characters that have > special meaning to Java's regular expression engine, they are currently not > being escaped. > For example, the pattern "action.{format}" is being compiled to > {{"action.([^/]+)"}} which correctly matches {{"action.html"}} but also > {{"actionK.html"}} or any other character because the {{'.'}} is not escaped. > The bug really bites when a pattern like {{"{name}.{format}"}} is used. > This will be compiled to {{"([^/]+).([^/]+)"}} which will match > {{"cars.html"}} but not the way you expect. Because of greediness, it will > set {{name = "cars.ht"}} and {{format = "l"}}. > I will submit a patch to fix this behavior on the next screen. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (WW-3529) NamedVariablePatternMatcher does not properly escape characters
[ https://issues.apache.org/jira/browse/WW-3529?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Lukasz Lenart updated WW-3529: -- Description: The com.opensymphony.xwork2.util.NamedVariablePatternMatcher class has a bug in the {{compilePattern(String)}} method. The purpose of the method is to compile patterns such as {{"action/\{foo}"}} to a regular expression Pattern and extract the variable names that match each group in the regex. In the example given and the 2.2.1 code base, the pattern will be compiled as {{"action/([^/]+)"}}. However, if the pattern includes characters that have special meaning to Java's regular expression engine, they are currently not being escaped. For example, the pattern "action.{format}" is being compiled to {{"action.([^/]+)"}} which correctly matches {{"action.html"}} but also {{"actionK.html"}} or any other character because the {{'.'}} is not escaped. The bug really bites when a pattern like {{"{name}.{format}"}} is used. This will be compiled to {{"([^/]+).([^/]+)"}} which will match {{"cars.html"}} but not the way you expect. Because of greediness, it will set {{name = "cars.ht"}} and {{format = "l"}}. I will submit a patch to fix this behavior on the next screen. was: The com.opensymphony.xwork2.util.NamedVariablePatternMatcher class has a bug in the {{compilePattern(String)}} method. The purpose of the method is to compile patterns such as {{"action/{foo}"}} to a regular expression Pattern and extract the variable names that match each group in the regex. In the example given and the 2.2.1 code base, the pattern will be compiled as {{"action/([^/]+)"}}. However, if the pattern includes characters that have special meaning to Java's regular expression engine, they are currently not being escaped. For example, the pattern "action.{format}" is being compiled to {{"action.([^/]+)"}} which correctly matches {{"action.html"}} but also {{"actionK.html"}} or any other character because the {{'.'}} is not escaped. The bug really bites when a pattern like {{"{name}.{format}"}} is used. This will be compiled to {{"([^/]+).([^/]+)"}} which will match {{"cars.html"}} but not the way you expect. Because of greediness, it will set {{name = "cars.ht"}} and {{format = "l"}}. I will submit a patch to fix this behavior on the next screen. > NamedVariablePatternMatcher does not properly escape characters > --- > > Key: WW-3529 > URL: https://issues.apache.org/jira/browse/WW-3529 > Project: Struts 2 > Issue Type: Bug > Components: Other >Affects Versions: 2.2.1 >Reporter: Richard Vermillion >Priority: Major > Fix For: 6.1.0 > > Attachments: NamedVariablePatternMatcher.patch > > > The com.opensymphony.xwork2.util.NamedVariablePatternMatcher class has a bug > in the {{compilePattern(String)}} method. The purpose of the method is to > compile patterns such as {{"action/\{foo}"}} to a regular expression Pattern > and extract the variable names that match each group in the regex. In the > example given and the 2.2.1 code base, the pattern will be compiled as > {{"action/([^/]+)"}}. However, if the pattern includes characters that have > special meaning to Java's regular expression engine, they are currently not > being escaped. > For example, the pattern "action.{format}" is being compiled to > {{"action.([^/]+)"}} which correctly matches {{"action.html"}} but also > {{"actionK.html"}} or any other character because the {{'.'}} is not escaped. > The bug really bites when a pattern like {{"{name}.{format}"}} is used. > This will be compiled to {{"([^/]+).([^/]+)"}} which will match > {{"cars.html"}} but not the way you expect. Because of greediness, it will > set {{name = "cars.ht"}} and {{format = "l"}}. > I will submit a patch to fix this behavior on the next screen. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (WW-3529) NamedVariablePatternMatcher does not properly escape characters
[ https://issues.apache.org/jira/browse/WW-3529?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Lukasz Lenart updated WW-3529: -- Summary: NamedVariablePatternMatcher does not properly escape characters (was: In xwork-core, NamedVariablePatternMatcher does not properly escape characters) > NamedVariablePatternMatcher does not properly escape characters > --- > > Key: WW-3529 > URL: https://issues.apache.org/jira/browse/WW-3529 > Project: Struts 2 > Issue Type: Bug > Components: Other >Affects Versions: 2.2.1 >Reporter: Richard Vermillion >Priority: Major > Fix For: 6.1.0 > > Attachments: NamedVariablePatternMatcher.patch > > > The com.opensymphony.xwork2.util.NamedVariablePatternMatcher class has a bug > in the compilePattern(String) method. The purpose of the method is to > compile patterns such as "action/{foo}" to a regular expression Pattern and > extract the variable names that match each group in the regex. In the > example given and the 2.2.1 code base, the pattern will be compiled as > "action/([^/]+)". However, if the pattern includes characters that have > special meaning to Java's regular expression engine, they are currently not > being escaped. > For example, the pattern "action.{format}" is being compiled to > "action.([^/]+)" which correctly matches "action.html" but also > "actionK.html" or any other character because the '.' is not escaped. The > bug really bites when a pattern like "{name}.{format}" is used. This will be > compiled to "([^/]+).([^/]+)" which will match "cars.html" but not the way > you expect. Because of greediness, it will set name = "cars.ht" and format = > "l". > I will submit a patch to fix this behavior on the next screen. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (WW-3717) Http Method as part of action mapping
[ https://issues.apache.org/jira/browse/WW-3717?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Lukasz Lenart updated WW-3717: -- Description: Struts action configuration (and dispatcher) should allow discrimination of actions based on the HTTP method. This would allow generic REST style interfaces (in excess of the rest plugin). e.g. {code:xml} ... ... {code} This is helpful when combined with regex patternmatcher for custom restful urls e.g. {code:xml} {code} was: Struts action configuration (and dispatcher) should allow discrimination of actions based on the HTTP method. This would allow generic REST style interfaces (in excess of the rest plugin). e.g. ... ... This is helpful when combined with regex patternmatcher for custom restful urls e.g. > Http Method as part of action mapping > - > > Key: WW-3717 > URL: https://issues.apache.org/jira/browse/WW-3717 > Project: Struts 2 > Issue Type: New Feature > Components: Dispatch Filter, XML Configuration > Environment: All >Reporter: Jeremy Norman >Priority: Major > Labels: restful > Fix For: 6.1.0 > > > Struts action configuration (and dispatcher) should allow discrimination of > actions based on the HTTP method. This would allow generic REST style > interfaces (in excess of the rest plugin). > e.g. > {code:xml} > ... > ... > {code} > This is helpful when combined with regex patternmatcher for custom restful > urls > e.g. > {code:xml} > > {code} -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Work logged] (WW-5230) Upgrade OGNL to version 3.3.4
[ https://issues.apache.org/jira/browse/WW-5230?focusedWorklogId=818392&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-818392 ] ASF GitHub Bot logged work on WW-5230: -- Author: ASF GitHub Bot Created on: 19/Oct/22 09:39 Start Date: 19/Oct/22 09:39 Worklog Time Spent: 10m Work Description: lukaszlenart opened a new pull request, #619: URL: https://github.com/apache/struts/pull/619 Closes [WW-5230](https://issues.apache.org/jira/browse/WW-5230) Issue Time Tracking --- Worklog Id: (was: 818392) Remaining Estimate: 0h Time Spent: 10m > Upgrade OGNL to version 3.3.4 > - > > Key: WW-5230 > URL: https://issues.apache.org/jira/browse/WW-5230 > Project: Struts 2 > Issue Type: Dependency > Components: Core >Reporter: Lukasz Lenart >Priority: Major > Fix For: 6.1.0 > > Time Spent: 10m > Remaining Estimate: 0h > > Version notes > https://github.com/orphan-oss/ognl/releases/tag/OGNL_3_3_4 -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (WW-5230) Upgrade OGNL to version 3.3.4
[ https://issues.apache.org/jira/browse/WW-5230?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17620149#comment-17620149 ] ASF subversion and git services commented on WW-5230: - Commit 01164c4d7461d4b42b49aec84762f7b8562638fe in struts's branch refs/heads/WW-5230-ognl from Lukasz Lenart [ https://gitbox.apache.org/repos/asf?p=struts.git;h=01164c4d7 ] WW-5230 Upgrades OGNL to version 3.3.4 > Upgrade OGNL to version 3.3.4 > - > > Key: WW-5230 > URL: https://issues.apache.org/jira/browse/WW-5230 > Project: Struts 2 > Issue Type: Dependency > Components: Core >Reporter: Lukasz Lenart >Priority: Major > Fix For: 6.1.0 > > > Version notes > https://github.com/orphan-oss/ognl/releases/tag/OGNL_3_3_4 -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (WW-4323) Ability to accept params purely by implementing ParamNameAware is broken
[ https://issues.apache.org/jira/browse/WW-4323?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Lukasz Lenart updated WW-4323: -- Fix Version/s: 6.2.0 (was: 6.1.0) > Ability to accept params purely by implementing ParamNameAware is broken > > > Key: WW-4323 > URL: https://issues.apache.org/jira/browse/WW-4323 > Project: Struts 2 > Issue Type: Bug >Affects Versions: 2.3.16.1 > Environment: struts2 version 2.3.16.1 >Reporter: Kyle Braak >Priority: Major > Fix For: 6.2.0 > > > The ability to accept params purely by implementing ParamNameAware is broken. > Relates to WW-3866 which is when this feature was added for version 2.3.5 > The commit that breaks this feature is: > https://github.com/apache/struts/commit/4e981b08cc37374d06e77cf78000d98c5ff0 > Description: > Prior to this change/2.3.16.1 it was quite convenient to define what > parameters my action should accept, by implementing > ParameterNameAware#acceptableParameterName. With this change, there is the > additional requirement that the parameter names must also satisfy > acceptableName(name). > In the ParametersInterceptor javadoc, it says: "if you wish to apply a global > rule that isn't implemented in your action, then you could extend this > interceptor and override the {@link #acceptableName(String)} method." So this > isn't suitable for customizing a single action. > Looking more carefully at the code, another alternative to defining what > parameters my action can accept, looks to be via populating the > ParametersInterceptor's field acceptParams. Apparently this could be done in > the interceptor stack from what I have read here: > http://struts.apache.org/release/2.3.x/docs/parameters-interceptor.html > By forcing one to populate acceptParams, and also implement > ParameterNameAware#acceptableParameterName it becomes quite difficult to add > custom behavior. I understand people should fully understand what they are > doing due to the security risks involved, but it is probably safer to define > the behavior in a single place. > I'd greatly appreciate your help understanding how to adapt to this change. > In the meantime, I'll have to continue using 2.3.15.3 > Thanks -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (WW-5230) Upgrade OGNL to version 3.3.4
[ https://issues.apache.org/jira/browse/WW-5230?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Lukasz Lenart updated WW-5230: -- Fix Version/s: 6.1.0 > Upgrade OGNL to version 3.3.4 > - > > Key: WW-5230 > URL: https://issues.apache.org/jira/browse/WW-5230 > Project: Struts 2 > Issue Type: Dependency > Components: Core >Reporter: Lukasz Lenart >Priority: Major > Fix For: 6.1.0 > > > Version notes > https://github.com/orphan-oss/ognl/releases/tag/OGNL_3_3_4 -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (WW-5233) Include Apache Tiles code base in the Tiles plugin
[ https://issues.apache.org/jira/browse/WW-5233?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Lukasz Lenart updated WW-5233: -- Fix Version/s: 6.2.0 (was: 6.1.0) > Include Apache Tiles code base in the Tiles plugin > -- > > Key: WW-5233 > URL: https://issues.apache.org/jira/browse/WW-5233 > Project: Struts 2 > Issue Type: Improvement > Components: Plugin - Tiles >Reporter: Lukasz Lenart >Priority: Major > Fix For: 6.2.0 > > Time Spent: 3h > Remaining Estimate: 0h > > Apache Tiles has retired and it isn't maintained anymore. There are some > outstanding security issues that can be addressed right now. It will be > easier to maintain the code base as a part of the Tiles plugin instead of > taking the project back from attick. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Work logged] (WW-5233) Include Apache Tiles code base in the Tiles plugin
[ https://issues.apache.org/jira/browse/WW-5233?focusedWorklogId=818340&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-818340 ] ASF GitHub Bot logged work on WW-5233: -- Author: ASF GitHub Bot Created on: 19/Oct/22 07:15 Start Date: 19/Oct/22 07:15 Worklog Time Spent: 10m Work Description: sonarcloud[bot] commented on PR #608: URL: https://github.com/apache/struts/pull/608#issuecomment-1283541842 SonarCloud Quality Gate failed. [![Quality Gate failed](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/QualityGateBadge/failed-16px.png 'Quality Gate failed')](https://sonarcloud.io/dashboard?id=apache_struts&pullRequest=608) [![Bug](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/bug-16px.png 'Bug')](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=608&resolved=false&types=BUG) [![B](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/B-16px.png 'B')](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=608&resolved=false&types=BUG) [2 Bugs](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=608&resolved=false&types=BUG) [![Vulnerability](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/vulnerability-16px.png 'Vulnerability')](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=608&resolved=false&types=VULNERABILITY) [![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png 'A')](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=608&resolved=false&types=VULNERABILITY) [0 Vulnerabilities](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=608&resolved=false&types=VULNERABILITY) [![Security Hotspot](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/security_hotspot-16px.png 'Security Hotspot')](https://sonarcloud.io/project/security_hotspots?id=apache_struts&pullRequest=608&resolved=false&types=SECURITY_HOTSPOT) [![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png 'A')](https://sonarcloud.io/project/security_hotspots?id=apache_struts&pullRequest=608&resolved=false&types=SECURITY_HOTSPOT) [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_struts&pullRequest=608&resolved=false&types=SECURITY_HOTSPOT) [![Code Smell](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/code_smell-16px.png 'Code Smell')](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=608&resolved=false&types=CODE_SMELL) [![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png 'A')](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=608&resolved=false&types=CODE_SMELL) [200 Code Smells](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=608&resolved=false&types=CODE_SMELL) [![62.6%](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/CoverageChart/60-16px.png '62.6%')](https://sonarcloud.io/component_measures?id=apache_struts&pullRequest=608&metric=new_coverage&view=list) [62.6% Coverage](https://sonarcloud.io/component_measures?id=apache_struts&pullRequest=608&metric=new_coverage&view=list) [![3.8%](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/Duplications/5-16px.png '3.8%')](https://sonarcloud.io/component_measures?id=apache_struts&pullRequest=608&metric=new_duplicated_lines_density&view=list) [3.8% Duplication](https://sonarcloud.io/component_measures?id=apache_struts&pullRequest=608&metric=new_duplicated_lines_density&view=list) Issue Time Tracking --- Worklog Id: (was: 818340) Time Spent: 3h (was: 2h 50m) > Include Apache Tiles code base in the Tiles plugin > -- > > Key: WW-5233 > URL: https://issues.apache.org/jira/browse/WW-5233 > Project: Struts 2 > Issue Type: Improvement > Components: Plugin - Tiles >Reporter: Lukasz Lenart >Priority: Major > Fix For: 6.1.0 > > Time Spent: 3h > Remaining Estimate: 0h > > Apache Tiles has retired and it isn't maintained anymore. There are some > outstanding security issues that can be addressed right now. It will be > easier to maintain the code base as a part of the Tiles plugin instead of > taking the project back from attick. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[GitHub] [struts] sonarcloud[bot] commented on pull request #608: [WW-5233] Include Apache Tiles code base in the Tiles plugin
sonarcloud[bot] commented on PR #608: URL: https://github.com/apache/struts/pull/608#issuecomment-1283541842 SonarCloud Quality Gate failed. [![Quality Gate failed](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/QualityGateBadge/failed-16px.png 'Quality Gate failed')](https://sonarcloud.io/dashboard?id=apache_struts&pullRequest=608) [![Bug](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/bug-16px.png 'Bug')](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=608&resolved=false&types=BUG) [![B](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/B-16px.png 'B')](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=608&resolved=false&types=BUG) [2 Bugs](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=608&resolved=false&types=BUG) [![Vulnerability](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/vulnerability-16px.png 'Vulnerability')](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=608&resolved=false&types=VULNERABILITY) [![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png 'A')](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=608&resolved=false&types=VULNERABILITY) [0 Vulnerabilities](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=608&resolved=false&types=VULNERABILITY) [![Security Hotspot](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/security_hotspot-16px.png 'Security Hotspot')](https://sonarcloud.io/project/security_hotspots?id=apache_struts&pullRequest=608&resolved=false&types=SECURITY_HOTSPOT) [![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png 'A')](https://sonarcloud.io/project/security_hotspots?id=apache_struts&pullRequest=608&resolved=false&types=SECURITY_HOTSPOT) [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_struts&pullRequest=608&resolved=false&types=SECURITY_HOTSPOT) [![Code Smell](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/code_smell-16px.png 'Code Smell')](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=608&resolved=false&types=CODE_SMELL) [![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png 'A')](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=608&resolved=false&types=CODE_SMELL) [200 Code Smells](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=608&resolved=false&types=CODE_SMELL) [![62.6%](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/CoverageChart/60-16px.png '62.6%')](https://sonarcloud.io/component_measures?id=apache_struts&pullRequest=608&metric=new_coverage&view=list) [62.6% Coverage](https://sonarcloud.io/component_measures?id=apache_struts&pullRequest=608&metric=new_coverage&view=list) [![3.8%](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/Duplications/5-16px.png '3.8%')](https://sonarcloud.io/component_measures?id=apache_struts&pullRequest=608&metric=new_duplicated_lines_density&view=list) [3.8% Duplication](https://sonarcloud.io/component_measures?id=apache_struts&pullRequest=608&metric=new_duplicated_lines_density&view=list) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@struts.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Commented] (WW-5245) Upgrade jackson-databind to version 2.13.4.1
[ https://issues.apache.org/jira/browse/WW-5245?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17620049#comment-17620049 ] ASF subversion and git services commented on WW-5245: - Commit 738d27952f3c9fe89d6c2161e7ae8d6145e44bbb in struts's branch refs/heads/master from Lukasz Lenart [ https://gitbox.apache.org/repos/asf?p=struts.git;h=738d27952 ] Merge pull request #618 from apache/WW-5245-jackson-databind [WW-5245] Upgrades Jackson Databind to version 2.13.4.2 > Upgrade jackson-databind to version 2.13.4.1 > > > Key: WW-5245 > URL: https://issues.apache.org/jira/browse/WW-5245 > Project: Struts 2 > Issue Type: Dependency >Reporter: Lukasz Lenart >Priority: Trivial > Fix For: 6.1.0 > > Time Spent: 0.5h > Remaining Estimate: 0h > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Resolved] (WW-5245) Upgrade jackson-databind to version 2.13.4.1
[ https://issues.apache.org/jira/browse/WW-5245?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Lukasz Lenart resolved WW-5245. --- Resolution: Fixed > Upgrade jackson-databind to version 2.13.4.1 > > > Key: WW-5245 > URL: https://issues.apache.org/jira/browse/WW-5245 > Project: Struts 2 > Issue Type: Dependency >Reporter: Lukasz Lenart >Priority: Trivial > Fix For: 6.1.0 > > Time Spent: 0.5h > Remaining Estimate: 0h > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Work logged] (WW-5245) Upgrade jackson-databind to version 2.13.4.1
[ https://issues.apache.org/jira/browse/WW-5245?focusedWorklogId=818337&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-818337 ] ASF GitHub Bot logged work on WW-5245: -- Author: ASF GitHub Bot Created on: 19/Oct/22 07:08 Start Date: 19/Oct/22 07:08 Worklog Time Spent: 10m Work Description: lukaszlenart merged PR #618: URL: https://github.com/apache/struts/pull/618 Issue Time Tracking --- Worklog Id: (was: 818337) Time Spent: 0.5h (was: 20m) > Upgrade jackson-databind to version 2.13.4.1 > > > Key: WW-5245 > URL: https://issues.apache.org/jira/browse/WW-5245 > Project: Struts 2 > Issue Type: Dependency >Reporter: Lukasz Lenart >Priority: Trivial > Fix For: 6.1.0 > > Time Spent: 0.5h > Remaining Estimate: 0h > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (WW-5245) Upgrade jackson-databind to version 2.13.4.1
[ https://issues.apache.org/jira/browse/WW-5245?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17620048#comment-17620048 ] ASF subversion and git services commented on WW-5245: - Commit 984f8eff2e0f02c74b36f531d45518d58dd4a56e in struts's branch refs/heads/master from Lukasz Lenart [ https://gitbox.apache.org/repos/asf?p=struts.git;h=984f8eff2 ] WW-5245 Upgrades Jackson Databind to version 2.13.4.2 > Upgrade jackson-databind to version 2.13.4.1 > > > Key: WW-5245 > URL: https://issues.apache.org/jira/browse/WW-5245 > Project: Struts 2 > Issue Type: Dependency >Reporter: Lukasz Lenart >Priority: Trivial > Fix For: 6.1.0 > > Time Spent: 0.5h > Remaining Estimate: 0h > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[GitHub] [struts] dependabot[bot] commented on pull request #617: Bump jackson-databind from 2.13.2.1 to 2.13.4.1
dependabot[bot] commented on PR #617: URL: https://github.com/apache/struts/pull/617#issuecomment-1283534514 Looks like com.fasterxml.jackson.core:jackson-databind is up-to-date now, so this is no longer needed. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@struts.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Commented] (WW-5233) Include Apache Tiles code base in the Tiles plugin
[ https://issues.apache.org/jira/browse/WW-5233?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17620047#comment-17620047 ] ASF subversion and git services commented on WW-5233: - Commit 34f30be749ca2a976d17f01363b3b28a18004010 in struts's branch refs/heads/WW-5233-tiles from Lukasz Lenart [ https://gitbox.apache.org/repos/asf?p=struts.git;h=34f30be74 ] WW-5233 Marks Velocity dependencies as optional > Include Apache Tiles code base in the Tiles plugin > -- > > Key: WW-5233 > URL: https://issues.apache.org/jira/browse/WW-5233 > Project: Struts 2 > Issue Type: Improvement > Components: Plugin - Tiles >Reporter: Lukasz Lenart >Priority: Major > Fix For: 6.1.0 > > Time Spent: 2h 50m > Remaining Estimate: 0h > > Apache Tiles has retired and it isn't maintained anymore. There are some > outstanding security issues that can be addressed right now. It will be > easier to maintain the code base as a part of the Tiles plugin instead of > taking the project back from attick. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Work logged] (WW-5233) Include Apache Tiles code base in the Tiles plugin
[ https://issues.apache.org/jira/browse/WW-5233?focusedWorklogId=818336&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-818336 ] ASF GitHub Bot logged work on WW-5233: -- Author: ASF GitHub Bot Created on: 19/Oct/22 07:01 Start Date: 19/Oct/22 07:01 Worklog Time Spent: 10m Work Description: sonarcloud[bot] commented on PR #608: URL: https://github.com/apache/struts/pull/608#issuecomment-1283527535 SonarCloud Quality Gate failed. [![Quality Gate failed](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/QualityGateBadge/failed-16px.png 'Quality Gate failed')](https://sonarcloud.io/dashboard?id=apache_struts&pullRequest=608) [![Bug](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/bug-16px.png 'Bug')](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=608&resolved=false&types=BUG) [![B](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/B-16px.png 'B')](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=608&resolved=false&types=BUG) [2 Bugs](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=608&resolved=false&types=BUG) [![Vulnerability](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/vulnerability-16px.png 'Vulnerability')](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=608&resolved=false&types=VULNERABILITY) [![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png 'A')](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=608&resolved=false&types=VULNERABILITY) [0 Vulnerabilities](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=608&resolved=false&types=VULNERABILITY) [![Security Hotspot](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/security_hotspot-16px.png 'Security Hotspot')](https://sonarcloud.io/project/security_hotspots?id=apache_struts&pullRequest=608&resolved=false&types=SECURITY_HOTSPOT) [![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png 'A')](https://sonarcloud.io/project/security_hotspots?id=apache_struts&pullRequest=608&resolved=false&types=SECURITY_HOTSPOT) [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_struts&pullRequest=608&resolved=false&types=SECURITY_HOTSPOT) [![Code Smell](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/code_smell-16px.png 'Code Smell')](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=608&resolved=false&types=CODE_SMELL) [![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png 'A')](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=608&resolved=false&types=CODE_SMELL) [200 Code Smells](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=608&resolved=false&types=CODE_SMELL) [![62.6%](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/CoverageChart/60-16px.png '62.6%')](https://sonarcloud.io/component_measures?id=apache_struts&pullRequest=608&metric=new_coverage&view=list) [62.6% Coverage](https://sonarcloud.io/component_measures?id=apache_struts&pullRequest=608&metric=new_coverage&view=list) [![3.8%](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/Duplications/5-16px.png '3.8%')](https://sonarcloud.io/component_measures?id=apache_struts&pullRequest=608&metric=new_duplicated_lines_density&view=list) [3.8% Duplication](https://sonarcloud.io/component_measures?id=apache_struts&pullRequest=608&metric=new_duplicated_lines_density&view=list) Issue Time Tracking --- Worklog Id: (was: 818336) Time Spent: 2h 50m (was: 2h 40m) > Include Apache Tiles code base in the Tiles plugin > -- > > Key: WW-5233 > URL: https://issues.apache.org/jira/browse/WW-5233 > Project: Struts 2 > Issue Type: Improvement > Components: Plugin - Tiles >Reporter: Lukasz Lenart >Priority: Major > Fix For: 6.1.0 > > Time Spent: 2h 50m > Remaining Estimate: 0h > > Apache Tiles has retired and it isn't maintained anymore. There are some > outstanding security issues that can be addressed right now. It will be > easier to maintain the code base as a part of the Tiles plugin instead of > taking the project back from attick. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[GitHub] [struts] sonarcloud[bot] commented on pull request #608: [WW-5233] Include Apache Tiles code base in the Tiles plugin
sonarcloud[bot] commented on PR #608: URL: https://github.com/apache/struts/pull/608#issuecomment-1283527535 SonarCloud Quality Gate failed. [![Quality Gate failed](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/QualityGateBadge/failed-16px.png 'Quality Gate failed')](https://sonarcloud.io/dashboard?id=apache_struts&pullRequest=608) [![Bug](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/bug-16px.png 'Bug')](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=608&resolved=false&types=BUG) [![B](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/B-16px.png 'B')](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=608&resolved=false&types=BUG) [2 Bugs](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=608&resolved=false&types=BUG) [![Vulnerability](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/vulnerability-16px.png 'Vulnerability')](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=608&resolved=false&types=VULNERABILITY) [![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png 'A')](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=608&resolved=false&types=VULNERABILITY) [0 Vulnerabilities](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=608&resolved=false&types=VULNERABILITY) [![Security Hotspot](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/security_hotspot-16px.png 'Security Hotspot')](https://sonarcloud.io/project/security_hotspots?id=apache_struts&pullRequest=608&resolved=false&types=SECURITY_HOTSPOT) [![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png 'A')](https://sonarcloud.io/project/security_hotspots?id=apache_struts&pullRequest=608&resolved=false&types=SECURITY_HOTSPOT) [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_struts&pullRequest=608&resolved=false&types=SECURITY_HOTSPOT) [![Code Smell](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/code_smell-16px.png 'Code Smell')](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=608&resolved=false&types=CODE_SMELL) [![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png 'A')](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=608&resolved=false&types=CODE_SMELL) [200 Code Smells](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=608&resolved=false&types=CODE_SMELL) [![62.6%](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/CoverageChart/60-16px.png '62.6%')](https://sonarcloud.io/component_measures?id=apache_struts&pullRequest=608&metric=new_coverage&view=list) [62.6% Coverage](https://sonarcloud.io/component_measures?id=apache_struts&pullRequest=608&metric=new_coverage&view=list) [![3.8%](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/Duplications/5-16px.png '3.8%')](https://sonarcloud.io/component_measures?id=apache_struts&pullRequest=608&metric=new_duplicated_lines_density&view=list) [3.8% Duplication](https://sonarcloud.io/component_measures?id=apache_struts&pullRequest=608&metric=new_duplicated_lines_density&view=list) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@struts.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org