[jira] [Work logged] (WW-5449) Make Velocity Tools dependency optional for Velocity plugin
[ https://issues.apache.org/jira/browse/WW-5449?focusedWorklogId=927750=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-927750 ] ASF GitHub Bot logged work on WW-5449: -- Author: ASF GitHub Bot Created on: 29/Jul/24 09:32 Start Date: 29/Jul/24 09:32 Worklog Time Spent: 10m Work Description: kusalk merged PR #1005: URL: https://github.com/apache/struts/pull/1005 Issue Time Tracking --- Worklog Id: (was: 927750) Time Spent: 50m (was: 40m) > Make Velocity Tools dependency optional for Velocity plugin > --- > > Key: WW-5449 > URL: https://issues.apache.org/jira/browse/WW-5449 > Project: Struts 2 > Issue Type: Improvement > Components: Plugin - Velocity >Reporter: Kusal Kithul-Godage >Priority: Minor > Fix For: 7.0.0 > > Time Spent: 50m > Remaining Estimate: 0h > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Work logged] (WW-5449) Make Velocity Tools dependency optional for Velocity plugin
[ https://issues.apache.org/jira/browse/WW-5449?focusedWorklogId=927524=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-927524 ] ASF GitHub Bot logged work on WW-5449: -- Author: ASF GitHub Bot Created on: 26/Jul/24 10:27 Start Date: 26/Jul/24 10:27 Worklog Time Spent: 10m Work Description: sonarcloud[bot] commented on PR #1005: URL: https://github.com/apache/struts/pull/1005#issuecomment-2252460251 ## [](https://sonarcloud.io/dashboard?id=apache_struts=1005) **Quality Gate passed** Issues  [6 New issues](https://sonarcloud.io/project/issues?id=apache_struts=1005=OPEN,CONFIRMED=true)  [0 Accepted issues](https://sonarcloud.io/project/issues?id=apache_struts=1005=ACCEPTED) Measures  [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_struts=1005=OPEN,CONFIRMED=true)  [82.5% Coverage on New Code](https://sonarcloud.io/component_measures?id=apache_struts=1005=new_coverage=list)  [0.0% Duplication on New Code](https://sonarcloud.io/component_measures?id=apache_struts=1005=new_duplicated_lines_density=list) [See analysis details on SonarCloud](https://sonarcloud.io/dashboard?id=apache_struts=1005) Issue Time Tracking --- Worklog Id: (was: 927524) Time Spent: 40m (was: 0.5h) > Make Velocity Tools dependency optional for Velocity plugin > --- > > Key: WW-5449 > URL: https://issues.apache.org/jira/browse/WW-5449 > Project: Struts 2 > Issue Type: Improvement > Components: Plugin - Velocity >Reporter: Kusal Kithul-Godage >Priority: Minor > Fix For: 7.0.0 > > Time Spent: 40m > Remaining Estimate: 0h > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Work logged] (WW-5449) Make Velocity Tools dependency optional for Velocity plugin
[ https://issues.apache.org/jira/browse/WW-5449?focusedWorklogId=927522=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-927522 ] ASF GitHub Bot logged work on WW-5449: -- Author: ASF GitHub Bot Created on: 26/Jul/24 10:06 Start Date: 26/Jul/24 10:06 Worklog Time Spent: 10m Work Description: sonarcloud[bot] commented on PR #1005: URL: https://github.com/apache/struts/pull/1005#issuecomment-2252423047 ## [](https://sonarcloud.io/dashboard?id=apache_struts=1005) **Quality Gate failed** Failed conditions  [70.0% Coverage on New Code](https://sonarcloud.io/component_measures?id=apache_struts=1005=new_coverage=list) (required ≥ 80%) [See analysis details on SonarCloud](https://sonarcloud.io/dashboard?id=apache_struts=1005) Issue Time Tracking --- Worklog Id: (was: 927522) Time Spent: 0.5h (was: 20m) > Make Velocity Tools dependency optional for Velocity plugin > --- > > Key: WW-5449 > URL: https://issues.apache.org/jira/browse/WW-5449 > Project: Struts 2 > Issue Type: Improvement > Components: Plugin - Velocity >Reporter: Kusal Kithul-Godage >Priority: Minor > Fix For: 7.0.0 > > Time Spent: 0.5h > Remaining Estimate: 0h > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Work logged] (WW-5449) Make Velocity Tools dependency optional for Velocity plugin
[ https://issues.apache.org/jira/browse/WW-5449?focusedWorklogId=927518=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-927518 ] ASF GitHub Bot logged work on WW-5449: -- Author: ASF GitHub Bot Created on: 26/Jul/24 09:36 Start Date: 26/Jul/24 09:36 Worklog Time Spent: 10m Work Description: sonarcloud[bot] commented on PR #1005: URL: https://github.com/apache/struts/pull/1005#issuecomment-2252355153 ## [](https://sonarcloud.io/dashboard?id=apache_struts=1005) **Quality Gate failed** Failed conditions  [62.5% Coverage on New Code](https://sonarcloud.io/component_measures?id=apache_struts=1005=new_coverage=list) (required ≥ 80%) [See analysis details on SonarCloud](https://sonarcloud.io/dashboard?id=apache_struts=1005) Issue Time Tracking --- Worklog Id: (was: 927518) Time Spent: 20m (was: 10m) > Make Velocity Tools dependency optional for Velocity plugin > --- > > Key: WW-5449 > URL: https://issues.apache.org/jira/browse/WW-5449 > Project: Struts 2 > Issue Type: Improvement > Components: Plugin - Velocity >Reporter: Kusal Kithul-Godage >Priority: Minor > Fix For: 7.0.0 > > Time Spent: 20m > Remaining Estimate: 0h > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Work logged] (WW-5449) Make Velocity Tools dependency optional for Velocity plugin
[ https://issues.apache.org/jira/browse/WW-5449?focusedWorklogId=927517=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-927517 ] ASF GitHub Bot logged work on WW-5449: -- Author: ASF GitHub Bot Created on: 26/Jul/24 09:20 Start Date: 26/Jul/24 09:20 Worklog Time Spent: 10m Work Description: kusalk opened a new pull request, #1005: URL: https://github.com/apache/struts/pull/1005 WW-5449 -- I suspect many applications that use the Velocity plugin don't need Velocity Tools. By extracting the Velocity Tools functionality into a separate class `VelocityTools` we give applications the ability to opt out. This class will only be initialised if `struts.velocity.toolboxlocation` is set. I've also refactored `VelocityManager` to be more readable. Issue Time Tracking --- Worklog Id: (was: 927517) Remaining Estimate: 0h Time Spent: 10m > Make Velocity Tools dependency optional for Velocity plugin > --- > > Key: WW-5449 > URL: https://issues.apache.org/jira/browse/WW-5449 > Project: Struts 2 > Issue Type: Improvement > Components: Plugin - Velocity >Reporter: Kusal Kithul-Godage >Priority: Minor > Fix For: 7.0.0 > > Time Spent: 10m > Remaining Estimate: 0h > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Work logged] (WW-5411) Delete deprecated classes and members
[
https://issues.apache.org/jira/browse/WW-5411?focusedWorklogId=927516=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-927516
]
ASF GitHub Bot logged work on WW-5411:
--
Author: ASF GitHub Bot
Created on: 26/Jul/24 09:14
Start Date: 26/Jul/24 09:14
Worklog Time Spent: 10m
Work Description: kusalk merged PR #1004:
URL: https://github.com/apache/struts/pull/1004
Issue Time Tracking
---
Worklog Id: (was: 927516)
Time Spent: 3h 10m (was: 3h)
> Delete deprecated classes and members
> -
>
> Key: WW-5411
> URL: https://issues.apache.org/jira/browse/WW-5411
> Project: Struts 2
> Issue Type: Task
> Components: Core
>Reporter: Kusal Kithul-Godage
>Priority: Minor
> Fix For: 7.0.0
>
> Time Spent: 3h 10m
> Remaining Estimate: 0h
>
> ToDo:
> {code:java}
> com.opensymphony.xwork2.interceptor.annotations.Allowed
> com.opensymphony.xwork2.interceptor.annotations.BlockByDefault
> com.opensymphony.xwork2.interceptor.annotations.Blocked
> com.opensymphony.xwork2.interceptor.annotations.AnnotationParameterFilterInterceptor
> {code}
> Done:
> {code:java}
> StrutsPrepareAndExecuteFilter#excludedPatterns
> StrutsPrepareFilter#excludedPatterns
> InitOperations#buildExcludedPatternsList
> PrepareOperations#isUrlExcluded(HttpServletRequest, List)
> {code}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Work logged] (WW-5411) Delete deprecated classes and members
[
https://issues.apache.org/jira/browse/WW-5411?focusedWorklogId=927502=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-927502
]
ASF GitHub Bot logged work on WW-5411:
--
Author: ASF GitHub Bot
Created on: 26/Jul/24 07:35
Start Date: 26/Jul/24 07:35
Worklog Time Spent: 10m
Work Description: sonarcloud[bot] commented on PR #1004:
URL: https://github.com/apache/struts/pull/1004#issuecomment-2252151055
## [](https://sonarcloud.io/dashboard?id=apache_struts=1004)
**Quality Gate passed**
Issues
 [0 New
issues](https://sonarcloud.io/project/issues?id=apache_struts=1004=OPEN,CONFIRMED=true)
 [0 Accepted
issues](https://sonarcloud.io/project/issues?id=apache_struts=1004=ACCEPTED)
Measures
 [0 Security
Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_struts=1004=OPEN,CONFIRMED=true)
 [0.0% Coverage on New
Code](https://sonarcloud.io/component_measures?id=apache_struts=1004=new_coverage=list)
 [0.0% Duplication on New
Code](https://sonarcloud.io/component_measures?id=apache_struts=1004=new_duplicated_lines_density=list)
[See analysis details on
SonarCloud](https://sonarcloud.io/dashboard?id=apache_struts=1004)
Issue Time Tracking
---
Worklog Id: (was: 927502)
Time Spent: 3h (was: 2h 50m)
> Delete deprecated classes and members
> -
>
> Key: WW-5411
> URL: https://issues.apache.org/jira/browse/WW-5411
> Project: Struts 2
> Issue Type: Task
> Components: Core
>Reporter: Kusal Kithul-Godage
>Priority: Minor
> Fix For: 7.0.0
>
> Time Spent: 3h
> Remaining Estimate: 0h
>
> ToDo:
> {code:java}
> com.opensymphony.xwork2.interceptor.annotations.Allowed
> com.opensymphony.xwork2.interceptor.annotations.BlockByDefault
> com.opensymphony.xwork2.interceptor.annotations.Blocked
> com.opensymphony.xwork2.interceptor.annotations.AnnotationParameterFilterInterceptor
> {code}
> Done:
> {code:java}
> StrutsPrepareAndExecuteFilter#excludedPatterns
> StrutsPrepareFilter#excludedPatterns
> InitOperations#buildExcludedPatternsList
> PrepareOperations#isUrlExcluded(HttpServletRequest, List)
> {code}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Work logged] (WW-5411) Delete deprecated classes and members
[
https://issues.apache.org/jira/browse/WW-5411?focusedWorklogId=927497=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-927497
]
ASF GitHub Bot logged work on WW-5411:
--
Author: ASF GitHub Bot
Created on: 26/Jul/24 07:22
Start Date: 26/Jul/24 07:22
Worklog Time Spent: 10m
Work Description: sonarcloud[bot] commented on PR #1004:
URL: https://github.com/apache/struts/pull/1004#issuecomment-2252133036
## [](https://sonarcloud.io/dashboard?id=apache_struts=1004)
**Quality Gate passed**
Issues
 [0 New
issues](https://sonarcloud.io/project/issues?id=apache_struts=1004=OPEN,CONFIRMED=true)
 [0 Accepted
issues](https://sonarcloud.io/project/issues?id=apache_struts=1004=ACCEPTED)
Measures
 [0 Security
Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_struts=1004=OPEN,CONFIRMED=true)
 [0.0% Coverage on New
Code](https://sonarcloud.io/component_measures?id=apache_struts=1004=new_coverage=list)
 [0.0% Duplication on New
Code](https://sonarcloud.io/component_measures?id=apache_struts=1004=new_duplicated_lines_density=list)
[See analysis details on
SonarCloud](https://sonarcloud.io/dashboard?id=apache_struts=1004)
Issue Time Tracking
---
Worklog Id: (was: 927497)
Time Spent: 2h 50m (was: 2h 40m)
> Delete deprecated classes and members
> -
>
> Key: WW-5411
> URL: https://issues.apache.org/jira/browse/WW-5411
> Project: Struts 2
> Issue Type: Task
> Components: Core
>Reporter: Kusal Kithul-Godage
>Priority: Minor
> Fix For: 7.0.0
>
> Time Spent: 2h 50m
> Remaining Estimate: 0h
>
> ToDo:
> {code:java}
> com.opensymphony.xwork2.interceptor.annotations.Allowed
> com.opensymphony.xwork2.interceptor.annotations.BlockByDefault
> com.opensymphony.xwork2.interceptor.annotations.Blocked
> com.opensymphony.xwork2.interceptor.annotations.AnnotationParameterFilterInterceptor
> {code}
> Done:
> {code:java}
> StrutsPrepareAndExecuteFilter#excludedPatterns
> StrutsPrepareFilter#excludedPatterns
> InitOperations#buildExcludedPatternsList
> PrepareOperations#isUrlExcluded(HttpServletRequest, List)
> {code}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Work logged] (WW-5411) Delete deprecated classes and members
[
https://issues.apache.org/jira/browse/WW-5411?focusedWorklogId=927494=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-927494
]
ASF GitHub Bot logged work on WW-5411:
--
Author: ASF GitHub Bot
Created on: 26/Jul/24 07:05
Start Date: 26/Jul/24 07:05
Worklog Time Spent: 10m
Work Description: sonarcloud[bot] commented on PR #1004:
URL: https://github.com/apache/struts/pull/1004#issuecomment-2252110174
## [](https://sonarcloud.io/dashboard?id=apache_struts=1004)
**Quality Gate passed**
Issues
 [0 New
issues](https://sonarcloud.io/project/issues?id=apache_struts=1004=OPEN,CONFIRMED=true)
 [0 Accepted
issues](https://sonarcloud.io/project/issues?id=apache_struts=1004=ACCEPTED)
Measures
 [0 Security
Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_struts=1004=OPEN,CONFIRMED=true)
 [0.0% Coverage on New
Code](https://sonarcloud.io/component_measures?id=apache_struts=1004=new_coverage=list)
 [0.0% Duplication on New
Code](https://sonarcloud.io/component_measures?id=apache_struts=1004=new_duplicated_lines_density=list)
[See analysis details on
SonarCloud](https://sonarcloud.io/dashboard?id=apache_struts=1004)
Issue Time Tracking
---
Worklog Id: (was: 927494)
Time Spent: 2h 40m (was: 2.5h)
> Delete deprecated classes and members
> -
>
> Key: WW-5411
> URL: https://issues.apache.org/jira/browse/WW-5411
> Project: Struts 2
> Issue Type: Task
> Components: Core
>Reporter: Kusal Kithul-Godage
>Priority: Minor
> Fix For: 7.0.0
>
> Time Spent: 2h 40m
> Remaining Estimate: 0h
>
> ToDo:
> {code:java}
> com.opensymphony.xwork2.interceptor.annotations.Allowed
> com.opensymphony.xwork2.interceptor.annotations.BlockByDefault
> com.opensymphony.xwork2.interceptor.annotations.Blocked
> com.opensymphony.xwork2.interceptor.annotations.AnnotationParameterFilterInterceptor
> {code}
> Done:
> {code:java}
> StrutsPrepareAndExecuteFilter#excludedPatterns
> StrutsPrepareFilter#excludedPatterns
> InitOperations#buildExcludedPatternsList
> PrepareOperations#isUrlExcluded(HttpServletRequest, List)
> {code}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Work logged] (WW-5411) Delete deprecated classes and members
[
https://issues.apache.org/jira/browse/WW-5411?focusedWorklogId=927492=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-927492
]
ASF GitHub Bot logged work on WW-5411:
--
Author: ASF GitHub Bot
Created on: 26/Jul/24 07:00
Start Date: 26/Jul/24 07:00
Worklog Time Spent: 10m
Work Description: kusalk opened a new pull request, #1004:
URL: https://github.com/apache/struts/pull/1004
WW-5411
--
Issue Time Tracking
---
Worklog Id: (was: 927492)
Time Spent: 2.5h (was: 2h 20m)
> Delete deprecated classes and members
> -
>
> Key: WW-5411
> URL: https://issues.apache.org/jira/browse/WW-5411
> Project: Struts 2
> Issue Type: Task
> Components: Core
>Reporter: Kusal Kithul-Godage
>Priority: Minor
> Fix For: 7.0.0
>
> Time Spent: 2.5h
> Remaining Estimate: 0h
>
> ToDo:
> {code:java}
> com.opensymphony.xwork2.interceptor.annotations.Allowed
> com.opensymphony.xwork2.interceptor.annotations.BlockByDefault
> com.opensymphony.xwork2.interceptor.annotations.Blocked
> com.opensymphony.xwork2.interceptor.annotations.AnnotationParameterFilterInterceptor
> {code}
> Done:
> {code:java}
> StrutsPrepareAndExecuteFilter#excludedPatterns
> StrutsPrepareFilter#excludedPatterns
> InitOperations#buildExcludedPatternsList
> PrepareOperations#isUrlExcluded(HttpServletRequest, List)
> {code}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Work logged] (WW-5411) Delete deprecated classes and members
[
https://issues.apache.org/jira/browse/WW-5411?focusedWorklogId=927478=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-927478
]
ASF GitHub Bot logged work on WW-5411:
--
Author: ASF GitHub Bot
Created on: 26/Jul/24 00:16
Start Date: 26/Jul/24 00:16
Worklog Time Spent: 10m
Work Description: kusalk merged PR #1003:
URL: https://github.com/apache/struts/pull/1003
Issue Time Tracking
---
Worklog Id: (was: 927478)
Time Spent: 2h 20m (was: 2h 10m)
> Delete deprecated classes and members
> -
>
> Key: WW-5411
> URL: https://issues.apache.org/jira/browse/WW-5411
> Project: Struts 2
> Issue Type: Task
> Components: Core
>Reporter: Kusal Kithul-Godage
>Priority: Minor
> Fix For: 7.0.0
>
> Time Spent: 2h 20m
> Remaining Estimate: 0h
>
> ToDo:
> {code:java}
> com.opensymphony.xwork2.interceptor.annotations.Allowed
> com.opensymphony.xwork2.interceptor.annotations.BlockByDefault
> com.opensymphony.xwork2.interceptor.annotations.Blocked
> com.opensymphony.xwork2.interceptor.annotations.AnnotationParameterFilterInterceptor
> {code}
> Done:
> {code:java}
> StrutsPrepareAndExecuteFilter#excludedPatterns
> StrutsPrepareFilter#excludedPatterns
> InitOperations#buildExcludedPatternsList
> PrepareOperations#isUrlExcluded(HttpServletRequest, List)
> {code}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Work logged] (WW-5448) Bump org.apache.commons:commons-lang3 from 3.14.0 to 3.15.0
[ https://issues.apache.org/jira/browse/WW-5448?focusedWorklogId=927452=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-927452 ] ASF GitHub Bot logged work on WW-5448: -- Author: ASF GitHub Bot Created on: 25/Jul/24 18:05 Start Date: 25/Jul/24 18:05 Worklog Time Spent: 10m Work Description: lukaszlenart merged PR #1000: URL: https://github.com/apache/struts/pull/1000 Issue Time Tracking --- Worklog Id: (was: 927452) Remaining Estimate: 0h Time Spent: 10m > Bump org.apache.commons:commons-lang3 from 3.14.0 to 3.15.0 > --- > > Key: WW-5448 > URL: https://issues.apache.org/jira/browse/WW-5448 > Project: Struts 2 > Issue Type: Dependency > Components: Core >Reporter: Lukasz Lenart >Priority: Minor > Fix For: 6.7.0 > > Time Spent: 10m > Remaining Estimate: 0h > > Bump org.apache.commons:commons-lang3 from 3.14.0 to 3.15.0 > [https://github.com/apache/struts/pull/1000] -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Work logged] (WW-5411) Delete deprecated classes and members
[
https://issues.apache.org/jira/browse/WW-5411?focusedWorklogId=927433=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-927433
]
ASF GitHub Bot logged work on WW-5411:
--
Author: ASF GitHub Bot
Created on: 25/Jul/24 15:54
Start Date: 25/Jul/24 15:54
Worklog Time Spent: 10m
Work Description: sonarcloud[bot] commented on PR #1003:
URL: https://github.com/apache/struts/pull/1003#issuecomment-2250771475
## [](https://sonarcloud.io/dashboard?id=apache_struts=1003)
**Quality Gate failed**
Failed conditions
 [74.2% Coverage on New
Code](https://sonarcloud.io/component_measures?id=apache_struts=1003=new_coverage=list)
(required ≥ 80%)
 [3.4% Duplication on New
Code](https://sonarcloud.io/component_measures?id=apache_struts=1003=new_duplicated_lines_density=list)
(required ≤ 3%)
[See analysis details on
SonarCloud](https://sonarcloud.io/dashboard?id=apache_struts=1003)
Issue Time Tracking
---
Worklog Id: (was: 927433)
Time Spent: 2h 10m (was: 2h)
> Delete deprecated classes and members
> -
>
> Key: WW-5411
> URL: https://issues.apache.org/jira/browse/WW-5411
> Project: Struts 2
> Issue Type: Task
> Components: Core
>Reporter: Kusal Kithul-Godage
>Priority: Minor
> Fix For: 7.0.0
>
> Time Spent: 2h 10m
> Remaining Estimate: 0h
>
> ToDo:
> {code:java}
> com.opensymphony.xwork2.interceptor.annotations.Allowed
> com.opensymphony.xwork2.interceptor.annotations.BlockByDefault
> com.opensymphony.xwork2.interceptor.annotations.Blocked
> com.opensymphony.xwork2.interceptor.annotations.AnnotationParameterFilterInterceptor
> {code}
> Done:
> {code:java}
> StrutsPrepareAndExecuteFilter#excludedPatterns
> StrutsPrepareFilter#excludedPatterns
> InitOperations#buildExcludedPatternsList
> PrepareOperations#isUrlExcluded(HttpServletRequest, List)
> {code}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Work logged] (WW-5411) Delete deprecated classes and members
[
https://issues.apache.org/jira/browse/WW-5411?focusedWorklogId=927432=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-927432
]
ASF GitHub Bot logged work on WW-5411:
--
Author: ASF GitHub Bot
Created on: 25/Jul/24 15:48
Start Date: 25/Jul/24 15:48
Worklog Time Spent: 10m
Work Description: sonarcloud[bot] commented on PR #1003:
URL: https://github.com/apache/struts/pull/1003#issuecomment-2250749433
## [](https://sonarcloud.io/dashboard?id=apache_struts=1003)
**Quality Gate failed**
Failed conditions
 [74.2% Coverage on New
Code](https://sonarcloud.io/component_measures?id=apache_struts=1003=new_coverage=list)
(required ≥ 80%)
 [3.4% Duplication on New
Code](https://sonarcloud.io/component_measures?id=apache_struts=1003=new_duplicated_lines_density=list)
(required ≤ 3%)
[See analysis details on
SonarCloud](https://sonarcloud.io/dashboard?id=apache_struts=1003)
Issue Time Tracking
---
Worklog Id: (was: 927432)
Time Spent: 2h (was: 1h 50m)
> Delete deprecated classes and members
> -
>
> Key: WW-5411
> URL: https://issues.apache.org/jira/browse/WW-5411
> Project: Struts 2
> Issue Type: Task
> Components: Core
>Reporter: Kusal Kithul-Godage
>Priority: Minor
> Fix For: 7.0.0
>
> Time Spent: 2h
> Remaining Estimate: 0h
>
> ToDo:
> {code:java}
> com.opensymphony.xwork2.interceptor.annotations.Allowed
> com.opensymphony.xwork2.interceptor.annotations.BlockByDefault
> com.opensymphony.xwork2.interceptor.annotations.Blocked
> com.opensymphony.xwork2.interceptor.annotations.AnnotationParameterFilterInterceptor
> {code}
> Done:
> {code:java}
> StrutsPrepareAndExecuteFilter#excludedPatterns
> StrutsPrepareFilter#excludedPatterns
> InitOperations#buildExcludedPatternsList
> PrepareOperations#isUrlExcluded(HttpServletRequest, List)
> {code}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Work logged] (WW-5411) Delete deprecated classes and members
[
https://issues.apache.org/jira/browse/WW-5411?focusedWorklogId=927430=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-927430
]
ASF GitHub Bot logged work on WW-5411:
--
Author: ASF GitHub Bot
Created on: 25/Jul/24 15:30
Start Date: 25/Jul/24 15:30
Worklog Time Spent: 10m
Work Description: kusalk opened a new pull request, #1003:
URL: https://github.com/apache/struts/pull/1003
WW-5411
--
Issue Time Tracking
---
Worklog Id: (was: 927430)
Time Spent: 1h 50m (was: 1h 40m)
> Delete deprecated classes and members
> -
>
> Key: WW-5411
> URL: https://issues.apache.org/jira/browse/WW-5411
> Project: Struts 2
> Issue Type: Task
> Components: Core
>Reporter: Kusal Kithul-Godage
>Priority: Minor
> Fix For: 7.0.0
>
> Time Spent: 1h 50m
> Remaining Estimate: 0h
>
> ToDo:
> {code:java}
> com.opensymphony.xwork2.interceptor.annotations.Allowed
> com.opensymphony.xwork2.interceptor.annotations.BlockByDefault
> com.opensymphony.xwork2.interceptor.annotations.Blocked
> com.opensymphony.xwork2.interceptor.annotations.AnnotationParameterFilterInterceptor
> {code}
> Done:
> {code:java}
> StrutsPrepareAndExecuteFilter#excludedPatterns
> StrutsPrepareFilter#excludedPatterns
> InitOperations#buildExcludedPatternsList
> PrepareOperations#isUrlExcluded(HttpServletRequest, List)
> {code}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Work logged] (WW-5411) Delete deprecated classes and members
[
https://issues.apache.org/jira/browse/WW-5411?focusedWorklogId=927429=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-927429
]
ASF GitHub Bot logged work on WW-5411:
--
Author: ASF GitHub Bot
Created on: 25/Jul/24 15:29
Start Date: 25/Jul/24 15:29
Worklog Time Spent: 10m
Work Description: kusalk merged PR #1002:
URL: https://github.com/apache/struts/pull/1002
Issue Time Tracking
---
Worklog Id: (was: 927429)
Time Spent: 1h 40m (was: 1.5h)
> Delete deprecated classes and members
> -
>
> Key: WW-5411
> URL: https://issues.apache.org/jira/browse/WW-5411
> Project: Struts 2
> Issue Type: Task
> Components: Core
>Reporter: Kusal Kithul-Godage
>Priority: Minor
> Fix For: 7.0.0
>
> Time Spent: 1h 40m
> Remaining Estimate: 0h
>
> ToDo:
> {code:java}
> com.opensymphony.xwork2.interceptor.annotations.Allowed
> com.opensymphony.xwork2.interceptor.annotations.BlockByDefault
> com.opensymphony.xwork2.interceptor.annotations.Blocked
> com.opensymphony.xwork2.interceptor.annotations.AnnotationParameterFilterInterceptor
> {code}
> Done:
> {code:java}
> StrutsPrepareAndExecuteFilter#excludedPatterns
> StrutsPrepareFilter#excludedPatterns
> InitOperations#buildExcludedPatternsList
> PrepareOperations#isUrlExcluded(HttpServletRequest, List)
> {code}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Work logged] (WW-5411) Delete deprecated classes and members
[
https://issues.apache.org/jira/browse/WW-5411?focusedWorklogId=927400=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-927400
]
ASF GitHub Bot logged work on WW-5411:
--
Author: ASF GitHub Bot
Created on: 25/Jul/24 11:22
Start Date: 25/Jul/24 11:22
Worklog Time Spent: 10m
Work Description: sonarcloud[bot] commented on PR #1002:
URL: https://github.com/apache/struts/pull/1002#issuecomment-2250091480
## [](https://sonarcloud.io/dashboard?id=apache_struts=1002)
**Quality Gate failed**
Failed conditions
 [1 Security
Hotspot](https://sonarcloud.io/project/security_hotspots?id=apache_struts=1002=OPEN,CONFIRMED=true)
 [59.6% Coverage on New
Code](https://sonarcloud.io/component_measures?id=apache_struts=1002=new_coverage=list)
(required ≥ 80%)
 [6.1% Duplication on New
Code](https://sonarcloud.io/component_measures?id=apache_struts=1002=new_duplicated_lines_density=list)
(required ≤ 3%)
[See analysis details on
SonarCloud](https://sonarcloud.io/dashboard?id=apache_struts=1002)
Issue Time Tracking
---
Worklog Id: (was: 927400)
Time Spent: 1.5h (was: 1h 20m)
> Delete deprecated classes and members
> -
>
> Key: WW-5411
> URL: https://issues.apache.org/jira/browse/WW-5411
> Project: Struts 2
> Issue Type: Task
> Components: Core
>Reporter: Kusal Kithul-Godage
>Priority: Minor
> Fix For: 7.0.0
>
> Time Spent: 1.5h
> Remaining Estimate: 0h
>
> ToDo:
> {code:java}
> com.opensymphony.xwork2.interceptor.annotations.Allowed
> com.opensymphony.xwork2.interceptor.annotations.BlockByDefault
> com.opensymphony.xwork2.interceptor.annotations.Blocked
> com.opensymphony.xwork2.interceptor.annotations.AnnotationParameterFilterInterceptor
> {code}
> Done:
> {code:java}
> StrutsPrepareAndExecuteFilter#excludedPatterns
> StrutsPrepareFilter#excludedPatterns
> InitOperations#buildExcludedPatternsList
> PrepareOperations#isUrlExcluded(HttpServletRequest, List)
> {code}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Work logged] (WW-5411) Delete deprecated classes and members
[
https://issues.apache.org/jira/browse/WW-5411?focusedWorklogId=927397=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-927397
]
ASF GitHub Bot logged work on WW-5411:
--
Author: ASF GitHub Bot
Created on: 25/Jul/24 10:30
Start Date: 25/Jul/24 10:30
Worklog Time Spent: 10m
Work Description: sonarcloud[bot] commented on PR #1002:
URL: https://github.com/apache/struts/pull/1002#issuecomment-2250003587
## [](https://sonarcloud.io/dashboard?id=apache_struts=1002)
**Quality Gate failed**
Failed conditions
 [69.5% Coverage on New
Code](https://sonarcloud.io/component_measures?id=apache_struts=1002=new_coverage=list)
(required ≥ 80%)
 [10.0% Duplication on New
Code](https://sonarcloud.io/component_measures?id=apache_struts=1002=new_duplicated_lines_density=list)
(required ≤ 3%)
[See analysis details on
SonarCloud](https://sonarcloud.io/dashboard?id=apache_struts=1002)
Issue Time Tracking
---
Worklog Id: (was: 927397)
Time Spent: 1h 20m (was: 1h 10m)
> Delete deprecated classes and members
> -
>
> Key: WW-5411
> URL: https://issues.apache.org/jira/browse/WW-5411
> Project: Struts 2
> Issue Type: Task
> Components: Core
>Reporter: Kusal Kithul-Godage
>Priority: Minor
> Fix For: 7.0.0
>
> Time Spent: 1h 20m
> Remaining Estimate: 0h
>
> ToDo:
> {code:java}
> com.opensymphony.xwork2.interceptor.annotations.Allowed
> com.opensymphony.xwork2.interceptor.annotations.BlockByDefault
> com.opensymphony.xwork2.interceptor.annotations.Blocked
> com.opensymphony.xwork2.interceptor.annotations.AnnotationParameterFilterInterceptor
> {code}
> Done:
> {code:java}
> StrutsPrepareAndExecuteFilter#excludedPatterns
> StrutsPrepareFilter#excludedPatterns
> InitOperations#buildExcludedPatternsList
> PrepareOperations#isUrlExcluded(HttpServletRequest, List)
> {code}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Work logged] (WW-5411) Delete deprecated classes and members
[
https://issues.apache.org/jira/browse/WW-5411?focusedWorklogId=927394=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-927394
]
ASF GitHub Bot logged work on WW-5411:
--
Author: ASF GitHub Bot
Created on: 25/Jul/24 10:18
Start Date: 25/Jul/24 10:18
Worklog Time Spent: 10m
Work Description: sonarcloud[bot] commented on PR #1002:
URL: https://github.com/apache/struts/pull/1002#issuecomment-2249983397
## [](https://sonarcloud.io/dashboard?id=apache_struts=1002)
**Quality Gate failed**
Failed conditions
 [73.7% Coverage on New
Code](https://sonarcloud.io/component_measures?id=apache_struts=1002=new_coverage=list)
(required ≥ 80%)
 [6.5% Duplication on New
Code](https://sonarcloud.io/component_measures?id=apache_struts=1002=new_duplicated_lines_density=list)
(required ≤ 3%)
[See analysis details on
SonarCloud](https://sonarcloud.io/dashboard?id=apache_struts=1002)
Issue Time Tracking
---
Worklog Id: (was: 927394)
Time Spent: 1h 10m (was: 1h)
> Delete deprecated classes and members
> -
>
> Key: WW-5411
> URL: https://issues.apache.org/jira/browse/WW-5411
> Project: Struts 2
> Issue Type: Task
> Components: Core
>Reporter: Kusal Kithul-Godage
>Priority: Minor
> Fix For: 7.0.0
>
> Time Spent: 1h 10m
> Remaining Estimate: 0h
>
> ToDo:
> {code:java}
> com.opensymphony.xwork2.interceptor.annotations.Allowed
> com.opensymphony.xwork2.interceptor.annotations.BlockByDefault
> com.opensymphony.xwork2.interceptor.annotations.Blocked
> com.opensymphony.xwork2.interceptor.annotations.AnnotationParameterFilterInterceptor
> {code}
> Done:
> {code:java}
> StrutsPrepareAndExecuteFilter#excludedPatterns
> StrutsPrepareFilter#excludedPatterns
> InitOperations#buildExcludedPatternsList
> PrepareOperations#isUrlExcluded(HttpServletRequest, List)
> {code}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Work logged] (WW-5411) Delete deprecated classes and members
[
https://issues.apache.org/jira/browse/WW-5411?focusedWorklogId=927393=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-927393
]
ASF GitHub Bot logged work on WW-5411:
--
Author: ASF GitHub Bot
Created on: 25/Jul/24 10:18
Start Date: 25/Jul/24 10:18
Worklog Time Spent: 10m
Work Description: sonarcloud[bot] commented on PR #1002:
URL: https://github.com/apache/struts/pull/1002#issuecomment-2249982599
## [](https://sonarcloud.io/dashboard?id=apache_struts=1002)
**Quality Gate failed**
Failed conditions
 [62.5% Coverage on New
Code](https://sonarcloud.io/component_measures?id=apache_struts=1002=new_coverage=list)
(required ≥ 80%)
 [8.3% Duplication on New
Code](https://sonarcloud.io/component_measures?id=apache_struts=1002=new_duplicated_lines_density=list)
(required ≤ 3%)
[See analysis details on
SonarCloud](https://sonarcloud.io/dashboard?id=apache_struts=1002)
Issue Time Tracking
---
Worklog Id: (was: 927393)
Time Spent: 1h (was: 50m)
> Delete deprecated classes and members
> -
>
> Key: WW-5411
> URL: https://issues.apache.org/jira/browse/WW-5411
> Project: Struts 2
> Issue Type: Task
> Components: Core
>Reporter: Kusal Kithul-Godage
>Priority: Minor
> Fix For: 7.0.0
>
> Time Spent: 1h
> Remaining Estimate: 0h
>
> ToDo:
> {code:java}
> com.opensymphony.xwork2.interceptor.annotations.Allowed
> com.opensymphony.xwork2.interceptor.annotations.BlockByDefault
> com.opensymphony.xwork2.interceptor.annotations.Blocked
> com.opensymphony.xwork2.interceptor.annotations.AnnotationParameterFilterInterceptor
> {code}
> Done:
> {code:java}
> StrutsPrepareAndExecuteFilter#excludedPatterns
> StrutsPrepareFilter#excludedPatterns
> InitOperations#buildExcludedPatternsList
> PrepareOperations#isUrlExcluded(HttpServletRequest, List)
> {code}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Work logged] (WW-5411) Delete deprecated classes and members
[
https://issues.apache.org/jira/browse/WW-5411?focusedWorklogId=927385=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-927385
]
ASF GitHub Bot logged work on WW-5411:
--
Author: ASF GitHub Bot
Created on: 25/Jul/24 09:58
Start Date: 25/Jul/24 09:58
Worklog Time Spent: 10m
Work Description: sonarcloud[bot] commented on PR #1002:
URL: https://github.com/apache/struts/pull/1002#issuecomment-2249943709
## [](https://sonarcloud.io/dashboard?id=apache_struts=1002)
**Quality Gate failed**
Failed conditions
 [62.5% Coverage on New
Code](https://sonarcloud.io/component_measures?id=apache_struts=1002=new_coverage=list)
(required ≥ 80%)
[See analysis details on
SonarCloud](https://sonarcloud.io/dashboard?id=apache_struts=1002)
Issue Time Tracking
---
Worklog Id: (was: 927385)
Time Spent: 50m (was: 40m)
> Delete deprecated classes and members
> -
>
> Key: WW-5411
> URL: https://issues.apache.org/jira/browse/WW-5411
> Project: Struts 2
> Issue Type: Task
> Components: Core
>Reporter: Kusal Kithul-Godage
>Priority: Minor
> Fix For: 7.0.0
>
> Time Spent: 50m
> Remaining Estimate: 0h
>
> ToDo:
> {code:java}
> com.opensymphony.xwork2.interceptor.annotations.Allowed
> com.opensymphony.xwork2.interceptor.annotations.BlockByDefault
> com.opensymphony.xwork2.interceptor.annotations.Blocked
> com.opensymphony.xwork2.interceptor.annotations.AnnotationParameterFilterInterceptor
> {code}
> Done:
> {code:java}
> StrutsPrepareAndExecuteFilter#excludedPatterns
> StrutsPrepareFilter#excludedPatterns
> InitOperations#buildExcludedPatternsList
> PrepareOperations#isUrlExcluded(HttpServletRequest, List)
> {code}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Work logged] (WW-5411) Delete deprecated classes and members
[
https://issues.apache.org/jira/browse/WW-5411?focusedWorklogId=927381=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-927381
]
ASF GitHub Bot logged work on WW-5411:
--
Author: ASF GitHub Bot
Created on: 25/Jul/24 09:52
Start Date: 25/Jul/24 09:52
Worklog Time Spent: 10m
Work Description: kusalk opened a new pull request, #1002:
URL: https://github.com/apache/struts/pull/1002
WW-5411
--
Issue Time Tracking
---
Worklog Id: (was: 927381)
Time Spent: 40m (was: 0.5h)
> Delete deprecated classes and members
> -
>
> Key: WW-5411
> URL: https://issues.apache.org/jira/browse/WW-5411
> Project: Struts 2
> Issue Type: Task
> Components: Core
>Reporter: Kusal Kithul-Godage
>Priority: Minor
> Fix For: 7.0.0
>
> Time Spent: 40m
> Remaining Estimate: 0h
>
> ToDo:
> {code:java}
> com.opensymphony.xwork2.interceptor.annotations.Allowed
> com.opensymphony.xwork2.interceptor.annotations.BlockByDefault
> com.opensymphony.xwork2.interceptor.annotations.Blocked
> com.opensymphony.xwork2.interceptor.annotations.AnnotationParameterFilterInterceptor
> {code}
> Done:
> {code:java}
> StrutsPrepareAndExecuteFilter#excludedPatterns
> StrutsPrepareFilter#excludedPatterns
> InitOperations#buildExcludedPatternsList
> PrepareOperations#isUrlExcluded(HttpServletRequest, List)
> {code}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Work logged] (WW-5445) Unable to add filesets (struts.xml) after installing the plugin
[
https://issues.apache.org/jira/browse/WW-5445?focusedWorklogId=926195=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-926195
]
ASF GitHub Bot logged work on WW-5445:
--
Author: ASF GitHub Bot
Created on: 16/Jul/24 18:40
Start Date: 16/Jul/24 18:40
Worklog Time Spent: 10m
Work Description: lukaszlenart commented on code in PR #2:
URL:
https://github.com/apache/struts-intellij-plugin/pull/2#discussion_r1679897788
##
build.gradle.kts:
##
@@ -44,7 +44,7 @@ tasks {
patchPluginXml {
sinceBuild.set("231")
-untilBuild.set("233.*")
+untilBuild.set("241.*")
Review Comment:
I will revert to the latest 23x. build
Issue Time Tracking
---
Worklog Id: (was: 926195)
Time Spent: 50m (was: 40m)
> Unable to add filesets (struts.xml) after installing the plugin
> ---
>
> Key: WW-5445
> URL: https://issues.apache.org/jira/browse/WW-5445
> Project: Struts 2
> Issue Type: Bug
> Components: IDEA Plugin
> Environment: IntelliJ IDEA 2024.1.4 (Ultimate Edition)
> Build #IU-241.18034.62, built on June 20, 2024
> Windows 11 Pro
>Reporter: Burton Rhodes
>Assignee: Lukasz Lenart
>Priority: Major
> Attachments: Screenshot 2024-07-14 095604.png
>
> Time Spent: 50m
> Remaining Estimate: 0h
>
> After installing the latest IDEA Struts plugin, I am unable to add any
> struts.xml files (filesets) to a module. This effectively makes the plugin
> unusable.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Work logged] (WW-5445) Unable to add filesets (struts.xml) after installing the plugin
[ https://issues.apache.org/jira/browse/WW-5445?focusedWorklogId=926194=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-926194 ] ASF GitHub Bot logged work on WW-5445: -- Author: ASF GitHub Bot Created on: 16/Jul/24 18:39 Start Date: 16/Jul/24 18:39 Worklog Time Spent: 10m Work Description: lukaszlenart commented on PR #2: URL: https://github.com/apache/struts-intellij-plugin/pull/2#issuecomment-2231574539 This can be the case, if I upgrade plugin dependency to this version it won't build, there is a bit of deprecated/missing things Issue Time Tracking --- Worklog Id: (was: 926194) Time Spent: 40m (was: 0.5h) > Unable to add filesets (struts.xml) after installing the plugin > --- > > Key: WW-5445 > URL: https://issues.apache.org/jira/browse/WW-5445 > Project: Struts 2 > Issue Type: Bug > Components: IDEA Plugin > Environment: IntelliJ IDEA 2024.1.4 (Ultimate Edition) > Build #IU-241.18034.62, built on June 20, 2024 > Windows 11 Pro >Reporter: Burton Rhodes >Assignee: Lukasz Lenart >Priority: Major > Attachments: Screenshot 2024-07-14 095604.png > > Time Spent: 40m > Remaining Estimate: 0h > > After installing the latest IDEA Struts plugin, I am unable to add any > struts.xml files (filesets) to a module. This effectively makes the plugin > unusable. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Work logged] (WW-5445) Unable to add filesets (struts.xml) after installing the plugin
[ https://issues.apache.org/jira/browse/WW-5445?focusedWorklogId=926193=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-926193 ] ASF GitHub Bot logged work on WW-5445: -- Author: ASF GitHub Bot Created on: 16/Jul/24 18:35 Start Date: 16/Jul/24 18:35 Worklog Time Spent: 10m Work Description: burtonrhodes commented on PR #2: URL: https://github.com/apache/struts-intellij-plugin/pull/2#issuecomment-2231562033 The latest version: IntelliJ IDEA 2024.1.4 (Ultimate Edition) Build #IU-241.18034.62 Issue Time Tracking --- Worklog Id: (was: 926193) Time Spent: 0.5h (was: 20m) > Unable to add filesets (struts.xml) after installing the plugin > --- > > Key: WW-5445 > URL: https://issues.apache.org/jira/browse/WW-5445 > Project: Struts 2 > Issue Type: Bug > Components: IDEA Plugin > Environment: IntelliJ IDEA 2024.1.4 (Ultimate Edition) > Build #IU-241.18034.62, built on June 20, 2024 > Windows 11 Pro >Reporter: Burton Rhodes >Assignee: Lukasz Lenart >Priority: Major > Attachments: Screenshot 2024-07-14 095604.png > > Time Spent: 0.5h > Remaining Estimate: 0h > > After installing the latest IDEA Struts plugin, I am unable to add any > struts.xml files (filesets) to a module. This effectively makes the plugin > unusable. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Work logged] (WW-5445) Unable to add filesets (struts.xml) after installing the plugin
[ https://issues.apache.org/jira/browse/WW-5445?focusedWorklogId=926191=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-926191 ] ASF GitHub Bot logged work on WW-5445: -- Author: ASF GitHub Bot Created on: 16/Jul/24 18:21 Start Date: 16/Jul/24 18:21 Worklog Time Spent: 10m Work Description: lukaszlenart commented on PR #2: URL: https://github.com/apache/struts-intellij-plugin/pull/2#issuecomment-2231535262 What's the version IDEA you use? Issue Time Tracking --- Worklog Id: (was: 926191) Time Spent: 20m (was: 10m) > Unable to add filesets (struts.xml) after installing the plugin > --- > > Key: WW-5445 > URL: https://issues.apache.org/jira/browse/WW-5445 > Project: Struts 2 > Issue Type: Bug > Components: IDEA Plugin > Environment: IntelliJ IDEA 2024.1.4 (Ultimate Edition) > Build #IU-241.18034.62, built on June 20, 2024 > Windows 11 Pro >Reporter: Burton Rhodes >Assignee: Lukasz Lenart >Priority: Major > Attachments: Screenshot 2024-07-14 095604.png > > Time Spent: 20m > Remaining Estimate: 0h > > After installing the latest IDEA Struts plugin, I am unable to add any > struts.xml files (filesets) to a module. This effectively makes the plugin > unusable. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Work logged] (WW-5445) Unable to add filesets (struts.xml) after installing the plugin
[ https://issues.apache.org/jira/browse/WW-5445?focusedWorklogId=926074=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-926074 ] ASF GitHub Bot logged work on WW-5445: -- Author: ASF GitHub Bot Created on: 16/Jul/24 08:36 Start Date: 16/Jul/24 08:36 Worklog Time Spent: 10m Work Description: lukaszlenart commented on PR #2: URL: https://github.com/apache/struts-intellij-plugin/pull/2#issuecomment-2230334601 > Lastly, it appears none of the jsp file entries are clickable (red) in my custom struts.xml file. I'm not sure why this is not working for me (could be a intellij setting?), but perhaps I'll file a separate Jira ticket. I see the same problem yet some of the JSP files are clickable Issue Time Tracking --- Worklog Id: (was: 926074) Remaining Estimate: 0h Time Spent: 10m > Unable to add filesets (struts.xml) after installing the plugin > --- > > Key: WW-5445 > URL: https://issues.apache.org/jira/browse/WW-5445 > Project: Struts 2 > Issue Type: Bug > Components: IDEA Plugin > Environment: IntelliJ IDEA 2024.1.4 (Ultimate Edition) > Build #IU-241.18034.62, built on June 20, 2024 > Windows 11 Pro >Reporter: Burton Rhodes >Assignee: Lukasz Lenart >Priority: Major > Attachments: Screenshot 2024-07-14 095604.png > > Time Spent: 10m > Remaining Estimate: 0h > > After installing the latest IDEA Struts plugin, I am unable to add any > struts.xml files (filesets) to a module. This effectively makes the plugin > unusable. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Work logged] (WW-5440) Fix OGNL allowlist compatibility with Convention plugin
[ https://issues.apache.org/jira/browse/WW-5440?focusedWorklogId=925867=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-925867 ] ASF GitHub Bot logged work on WW-5440: -- Author: ASF GitHub Bot Created on: 15/Jul/24 06:27 Start Date: 15/Jul/24 06:27 Worklog Time Spent: 10m Work Description: kusalk merged PR #986: URL: https://github.com/apache/struts/pull/986 Issue Time Tracking --- Worklog Id: (was: 925867) Time Spent: 2.5h (was: 2h 20m) > Fix OGNL allowlist compatibility with Convention plugin > --- > > Key: WW-5440 > URL: https://issues.apache.org/jira/browse/WW-5440 > Project: Struts 2 > Issue Type: Bug > Components: Plugin - Convention >Affects Versions: 6.4.0 >Reporter: Kusal Kithul-Godage >Priority: Minor > Fix For: 6.6.0, 7.0.0 > > Time Spent: 2.5h > Remaining Estimate: 0h > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Work logged] (WW-5440) Fix OGNL allowlist compatibility with Convention plugin
[ https://issues.apache.org/jira/browse/WW-5440?focusedWorklogId=925864=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-925864 ] ASF GitHub Bot logged work on WW-5440: -- Author: ASF GitHub Bot Created on: 15/Jul/24 03:24 Start Date: 15/Jul/24 03:24 Worklog Time Spent: 10m Work Description: sonarcloud[bot] commented on PR #986: URL: https://github.com/apache/struts/pull/986#issuecomment-2227640486 ## [](https://sonarcloud.io/dashboard?id=apache_struts=986) **Quality Gate failed** Failed conditions  [30.0% Coverage on New Code](https://sonarcloud.io/component_measures?id=apache_struts=986=new_coverage=list) (required ≥ 80%) [See analysis details on SonarCloud](https://sonarcloud.io/dashboard?id=apache_struts=986) Issue Time Tracking --- Worklog Id: (was: 925864) Time Spent: 2h 20m (was: 2h 10m) > Fix OGNL allowlist compatibility with Convention plugin > --- > > Key: WW-5440 > URL: https://issues.apache.org/jira/browse/WW-5440 > Project: Struts 2 > Issue Type: Bug > Components: Plugin - Convention >Affects Versions: 6.4.0 >Reporter: Kusal Kithul-Godage >Priority: Minor > Fix For: 6.6.0, 7.0.0 > > Time Spent: 2h 20m > Remaining Estimate: 0h > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Work logged] (WW-5440) Fix OGNL allowlist compatibility with Convention plugin
[ https://issues.apache.org/jira/browse/WW-5440?focusedWorklogId=925863=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-925863 ] ASF GitHub Bot logged work on WW-5440: -- Author: ASF GitHub Bot Created on: 15/Jul/24 03:23 Start Date: 15/Jul/24 03:23 Worklog Time Spent: 10m Work Description: kusalk commented on PR #986: URL: https://github.com/apache/struts/pull/986#issuecomment-2227640364 Resolved! Issue Time Tracking --- Worklog Id: (was: 925863) Time Spent: 2h 10m (was: 2h) > Fix OGNL allowlist compatibility with Convention plugin > --- > > Key: WW-5440 > URL: https://issues.apache.org/jira/browse/WW-5440 > Project: Struts 2 > Issue Type: Bug > Components: Plugin - Convention >Affects Versions: 6.4.0 >Reporter: Kusal Kithul-Godage >Priority: Minor > Fix For: 6.6.0, 7.0.0 > > Time Spent: 2h 10m > Remaining Estimate: 0h > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Work logged] (WW-5440) Fix OGNL allowlist compatibility with Convention plugin
[ https://issues.apache.org/jira/browse/WW-5440?focusedWorklogId=925834=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-925834 ] ASF GitHub Bot logged work on WW-5440: -- Author: ASF GitHub Bot Created on: 14/Jul/24 13:31 Start Date: 14/Jul/24 13:31 Worklog Time Spent: 10m Work Description: lukaszlenart commented on PR #986: URL: https://github.com/apache/struts/pull/986#issuecomment-2227350352 _conflict_ Issue Time Tracking --- Worklog Id: (was: 925834) Time Spent: 2h (was: 1h 50m) > Fix OGNL allowlist compatibility with Convention plugin > --- > > Key: WW-5440 > URL: https://issues.apache.org/jira/browse/WW-5440 > Project: Struts 2 > Issue Type: Bug > Components: Plugin - Convention >Affects Versions: 6.4.0 >Reporter: Kusal Kithul-Godage >Priority: Minor > Fix For: 6.6.0, 7.0.0 > > Time Spent: 2h > Remaining Estimate: 0h > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Work logged] (WW-5440) Fix OGNL allowlist compatibility with Convention plugin
[
https://issues.apache.org/jira/browse/WW-5440?focusedWorklogId=925833=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-925833
]
ASF GitHub Bot logged work on WW-5440:
--
Author: ASF GitHub Bot
Created on: 14/Jul/24 13:31
Start Date: 14/Jul/24 13:31
Worklog Time Spent: 10m
Work Description: lukaszlenart commented on code in PR #986:
URL: https://github.com/apache/struts/pull/986#discussion_r1677136348
##
plugins/config-browser/src/main/java/org/apache/struts2/config_browser/ShowConfigAction.java:
##
@@ -98,16 +104,17 @@ public PropertyDescriptor[] getProperties() {
return properties;
}
+@Override
public String execute() throws Exception {
super.execute();
config = configHelper.getActionConfig(namespace, actionName);
-actionNames = new
TreeSet(configHelper.getActionNames(namespace));
+actionNames = new TreeSet<>(configHelper.getActionNames(namespace));
try {
Object action = objectFactory.buildAction(actionName, namespace,
config, null);
properties = reflectionProvider.getPropertyDescriptors(action);
} catch (Exception e) {
-LOG.error("Unable to get properties for action " + actionName, e);
-addActionError("Unable to retrieve action properties: " +
e.toString());
+LOG.error("Unable to get properties for action {}", actionName, e);
Review Comment:
Ah, nice! I were always using `ParameterizedMessage` in such case, good to
know!
Issue Time Tracking
---
Worklog Id: (was: 925833)
Time Spent: 1h 50m (was: 1h 40m)
> Fix OGNL allowlist compatibility with Convention plugin
> ---
>
> Key: WW-5440
> URL: https://issues.apache.org/jira/browse/WW-5440
> Project: Struts 2
> Issue Type: Bug
> Components: Plugin - Convention
>Affects Versions: 6.4.0
>Reporter: Kusal Kithul-Godage
>Priority: Minor
> Fix For: 6.6.0, 7.0.0
>
> Time Spent: 1h 50m
> Remaining Estimate: 0h
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Work logged] (WW-5440) Fix OGNL allowlist compatibility with Convention plugin
[
https://issues.apache.org/jira/browse/WW-5440?focusedWorklogId=925832=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-925832
]
ASF GitHub Bot logged work on WW-5440:
--
Author: ASF GitHub Bot
Created on: 14/Jul/24 13:30
Start Date: 14/Jul/24 13:30
Worklog Time Spent: 10m
Work Description: lukaszlenart commented on code in PR #986:
URL: https://github.com/apache/struts/pull/986#discussion_r1677136230
##
core/src/main/java/com/opensymphony/xwork2/interceptor/annotations/AnnotationParameterFilterInterceptor.java:
##
@@ -46,7 +46,10 @@
*
*
* @author martin.gilday
+ * @deprecated since 6.6.0, integrated into {@link ParametersInterceptor} with
{@link StrutsParameter} using
Review Comment:
That's fine, just to not forget about this :)
Issue Time Tracking
---
Worklog Id: (was: 925832)
Time Spent: 1h 40m (was: 1.5h)
> Fix OGNL allowlist compatibility with Convention plugin
> ---
>
> Key: WW-5440
> URL: https://issues.apache.org/jira/browse/WW-5440
> Project: Struts 2
> Issue Type: Bug
> Components: Plugin - Convention
>Affects Versions: 6.4.0
>Reporter: Kusal Kithul-Godage
>Priority: Minor
> Fix For: 6.6.0, 7.0.0
>
> Time Spent: 1h 40m
> Remaining Estimate: 0h
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Work logged] (WW-5440) Fix OGNL allowlist compatibility with Convention plugin
[
https://issues.apache.org/jira/browse/WW-5440?focusedWorklogId=925820=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-925820
]
ASF GitHub Bot logged work on WW-5440:
--
Author: ASF GitHub Bot
Created on: 14/Jul/24 12:20
Start Date: 14/Jul/24 12:20
Worklog Time Spent: 10m
Work Description: kusalk commented on code in PR #986:
URL: https://github.com/apache/struts/pull/986#discussion_r1677121558
##
plugins/config-browser/src/main/java/org/apache/struts2/config_browser/ShowConfigAction.java:
##
@@ -98,16 +104,17 @@ public PropertyDescriptor[] getProperties() {
return properties;
}
+@Override
public String execute() throws Exception {
super.execute();
config = configHelper.getActionConfig(namespace, actionName);
-actionNames = new
TreeSet(configHelper.getActionNames(namespace));
+actionNames = new TreeSet<>(configHelper.getActionNames(namespace));
try {
Object action = objectFactory.buildAction(actionName, namespace,
config, null);
properties = reflectionProvider.getPropertyDescriptors(action);
} catch (Exception e) {
-LOG.error("Unable to get properties for action " + actionName, e);
-addActionError("Unable to retrieve action properties: " +
e.toString());
+LOG.error("Unable to get properties for action {}", actionName, e);
Review Comment:
So I double checked this because IntelliJ insisted this was correct despite
the JavaDoc for the method suggesting it was incorrect. Turns out Log4J 2 will
actually log this correctly as it will identify that the last argument is an
exception (also tested locally). Here is the relevant Log4J 2 code -
https://github.com/apache/logging-log4j2/blob/rel/2.23.1/log4j-api/src/main/java/org/apache/logging/log4j/message/ReusableParameterizedMessage.java#L128
And the relevant documentation -
https://logging.apache.org/log4j/2.x/manual/api.html#substituting-parameters
Issue Time Tracking
---
Worklog Id: (was: 925820)
Time Spent: 1.5h (was: 1h 20m)
> Fix OGNL allowlist compatibility with Convention plugin
> ---
>
> Key: WW-5440
> URL: https://issues.apache.org/jira/browse/WW-5440
> Project: Struts 2
> Issue Type: Bug
> Components: Plugin - Convention
>Affects Versions: 6.4.0
>Reporter: Kusal Kithul-Godage
>Priority: Minor
> Fix For: 6.6.0, 7.0.0
>
> Time Spent: 1.5h
> Remaining Estimate: 0h
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Work logged] (WW-5440) Fix OGNL allowlist compatibility with Convention plugin
[
https://issues.apache.org/jira/browse/WW-5440?focusedWorklogId=925819=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-925819
]
ASF GitHub Bot logged work on WW-5440:
--
Author: ASF GitHub Bot
Created on: 14/Jul/24 12:08
Start Date: 14/Jul/24 12:08
Worklog Time Spent: 10m
Work Description: kusalk commented on code in PR #986:
URL: https://github.com/apache/struts/pull/986#discussion_r1677121558
##
plugins/config-browser/src/main/java/org/apache/struts2/config_browser/ShowConfigAction.java:
##
@@ -98,16 +104,17 @@ public PropertyDescriptor[] getProperties() {
return properties;
}
+@Override
public String execute() throws Exception {
super.execute();
config = configHelper.getActionConfig(namespace, actionName);
-actionNames = new
TreeSet(configHelper.getActionNames(namespace));
+actionNames = new TreeSet<>(configHelper.getActionNames(namespace));
try {
Object action = objectFactory.buildAction(actionName, namespace,
config, null);
properties = reflectionProvider.getPropertyDescriptors(action);
} catch (Exception e) {
-LOG.error("Unable to get properties for action " + actionName, e);
-addActionError("Unable to retrieve action properties: " +
e.toString());
+LOG.error("Unable to get properties for action {}", actionName, e);
Review Comment:
So I double checked this because IntelliJ insisted this was correct despite
the JavaDoc for the method suggesting it was incorrect. Turns out Log4J 2 will
actually log this correctly as it will identify that the last argument is an
exception (also tested locally). Here is the relevant Log4J 2 code -
https://github.com/apache/logging-log4j2/blob/rel/2.23.1/log4j-api/src/main/java/org/apache/logging/log4j/message/ReusableParameterizedMessage.java#L128
Issue Time Tracking
---
Worklog Id: (was: 925819)
Time Spent: 1h 20m (was: 1h 10m)
> Fix OGNL allowlist compatibility with Convention plugin
> ---
>
> Key: WW-5440
> URL: https://issues.apache.org/jira/browse/WW-5440
> Project: Struts 2
> Issue Type: Bug
> Components: Plugin - Convention
>Affects Versions: 6.4.0
>Reporter: Kusal Kithul-Godage
>Priority: Minor
> Fix For: 6.6.0, 7.0.0
>
> Time Spent: 1h 20m
> Remaining Estimate: 0h
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Work logged] (WW-5440) Fix OGNL allowlist compatibility with Convention plugin
[
https://issues.apache.org/jira/browse/WW-5440?focusedWorklogId=925818=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-925818
]
ASF GitHub Bot logged work on WW-5440:
--
Author: ASF GitHub Bot
Created on: 14/Jul/24 11:46
Start Date: 14/Jul/24 11:46
Worklog Time Spent: 10m
Work Description: kusalk commented on code in PR #986:
URL: https://github.com/apache/struts/pull/986#discussion_r1677117369
##
core/src/main/java/com/opensymphony/xwork2/interceptor/annotations/AnnotationParameterFilterInterceptor.java:
##
@@ -46,7 +46,10 @@
*
*
* @author martin.gilday
+ * @deprecated since 6.6.0, integrated into {@link ParametersInterceptor} with
{@link StrutsParameter} using
Review Comment:
I've just updated the description of
[WW-5411](https://issues.apache.org/jira/browse/WW-5411) - if you'd prefer a
separate card I can create one too
Issue Time Tracking
---
Worklog Id: (was: 925818)
Time Spent: 1h 10m (was: 1h)
> Fix OGNL allowlist compatibility with Convention plugin
> ---
>
> Key: WW-5440
> URL: https://issues.apache.org/jira/browse/WW-5440
> Project: Struts 2
> Issue Type: Bug
> Components: Plugin - Convention
>Affects Versions: 6.4.0
>Reporter: Kusal Kithul-Godage
>Priority: Minor
> Fix For: 6.6.0, 7.0.0
>
> Time Spent: 1h 10m
> Remaining Estimate: 0h
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Work logged] (WW-5442) Enforce allowlist for OgnlReflectionProvider
[ https://issues.apache.org/jira/browse/WW-5442?focusedWorklogId=925817=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-925817 ] ASF GitHub Bot logged work on WW-5442: -- Author: ASF GitHub Bot Created on: 14/Jul/24 11:44 Start Date: 14/Jul/24 11:44 Worklog Time Spent: 10m Work Description: kusalk merged PR #988: URL: https://github.com/apache/struts/pull/988 Issue Time Tracking --- Worklog Id: (was: 925817) Time Spent: 20m (was: 10m) > Enforce allowlist for OgnlReflectionProvider > > > Key: WW-5442 > URL: https://issues.apache.org/jira/browse/WW-5442 > Project: Struts 2 > Issue Type: Improvement > Components: Core >Reporter: Kusal Kithul-Godage >Priority: Minor > Fix For: 6.6.0 > > Time Spent: 20m > Remaining Estimate: 0h > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Work logged] (WW-5443) Bump Spring dependencies from 5.3.31 to 5.3.37
[ https://issues.apache.org/jira/browse/WW-5443?focusedWorklogId=925816=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-925816 ] ASF GitHub Bot logged work on WW-5443: -- Author: ASF GitHub Bot Created on: 14/Jul/24 11:44 Start Date: 14/Jul/24 11:44 Worklog Time Spent: 10m Work Description: kusalk merged PR #990: URL: https://github.com/apache/struts/pull/990 Issue Time Tracking --- Worklog Id: (was: 925816) Time Spent: 0.5h (was: 20m) > Bump Spring dependencies from 5.3.31 to 5.3.37 > -- > > Key: WW-5443 > URL: https://issues.apache.org/jira/browse/WW-5443 > Project: Struts 2 > Issue Type: Dependency > Components: Plugin - Spring >Reporter: Kusal Kithul-Godage >Priority: Minor > Fix For: 6.6.0 > > Time Spent: 0.5h > Remaining Estimate: 0h > > Bump net.sf.jasperreports:jasperreports from 6.21.0 to 6.21.3 -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Work logged] (WW-5440) Fix OGNL allowlist compatibility with Convention plugin
[ https://issues.apache.org/jira/browse/WW-5440?focusedWorklogId=925811=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-925811 ] ASF GitHub Bot logged work on WW-5440: -- Author: ASF GitHub Bot Created on: 14/Jul/24 06:51 Start Date: 14/Jul/24 06:51 Worklog Time Spent: 10m Work Description: lukaszlenart commented on PR #986: URL: https://github.com/apache/struts/pull/986#issuecomment-2227217031 Thanks a lot for all your work, this is huge! One small thing and I'm good Issue Time Tracking --- Worklog Id: (was: 925811) Time Spent: 1h (was: 50m) > Fix OGNL allowlist compatibility with Convention plugin > --- > > Key: WW-5440 > URL: https://issues.apache.org/jira/browse/WW-5440 > Project: Struts 2 > Issue Type: Bug > Components: Plugin - Convention >Affects Versions: 6.4.0 >Reporter: Kusal Kithul-Godage >Priority: Minor > Fix For: 6.6.0, 7.0.0 > > Time Spent: 1h > Remaining Estimate: 0h > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Work logged] (WW-5440) Fix OGNL allowlist compatibility with Convention plugin
[
https://issues.apache.org/jira/browse/WW-5440?focusedWorklogId=925810=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-925810
]
ASF GitHub Bot logged work on WW-5440:
--
Author: ASF GitHub Bot
Created on: 14/Jul/24 06:50
Start Date: 14/Jul/24 06:50
Worklog Time Spent: 10m
Work Description: lukaszlenart commented on code in PR #986:
URL: https://github.com/apache/struts/pull/986#discussion_r1677041654
##
core/src/main/java/com/opensymphony/xwork2/interceptor/annotations/Allowed.java:
##
@@ -28,9 +28,11 @@
* a HttpRequest parameter.
*
* @author martin.gilday
+ * @deprecated since 6.6.0, use {@link
org.apache.struts2.interceptor.parameter.StrutsParameter}.
Review Comment:
❤️
##
core/src/test/java/org/apache/struts2/ExecutionCountTestAction.java:
##
@@ -41,9 +41,10 @@ public int getExecutionCount() {
return executionCount;
}
+@Override
public String execute() throws Exception {
executionCount++;
-LOG.info("executing ExecutionCountTestAction. Current count is " +
executionCount);
+LOG.info("executing ExecutionCountTestAction. Current count is {}",
executionCount);
Review Comment:
❤️
##
plugins/config-browser/src/main/java/org/apache/struts2/config_browser/ShowConfigAction.java:
##
@@ -98,16 +104,17 @@ public PropertyDescriptor[] getProperties() {
return properties;
}
+@Override
public String execute() throws Exception {
super.execute();
config = configHelper.getActionConfig(namespace, actionName);
-actionNames = new
TreeSet(configHelper.getActionNames(namespace));
+actionNames = new TreeSet<>(configHelper.getActionNames(namespace));
try {
Object action = objectFactory.buildAction(actionName, namespace,
config, null);
properties = reflectionProvider.getPropertyDescriptors(action);
} catch (Exception e) {
-LOG.error("Unable to get properties for action " + actionName, e);
-addActionError("Unable to retrieve action properties: " +
e.toString());
+LOG.error("Unable to get properties for action {}", actionName, e);
Review Comment:
This won't work, you must use `ParameterizedMessage` like this
```java
LOG.error(new ParameterizedMessage("Unable to get properties for action {}",
actionName), e);
```
##
core/src/main/java/com/opensymphony/xwork2/interceptor/annotations/AnnotationParameterFilterInterceptor.java:
##
@@ -46,7 +46,10 @@
*
*
* @author martin.gilday
+ * @deprecated since 6.6.0, integrated into {@link ParametersInterceptor} with
{@link StrutsParameter} using
Review Comment:
Do we have a task to remove this interceptor in Struts 7?
Issue Time Tracking
---
Worklog Id: (was: 925810)
Time Spent: 50m (was: 40m)
> Fix OGNL allowlist compatibility with Convention plugin
> ---
>
> Key: WW-5440
> URL: https://issues.apache.org/jira/browse/WW-5440
> Project: Struts 2
> Issue Type: Bug
> Components: Plugin - Convention
>Affects Versions: 6.4.0
>Reporter: Kusal Kithul-Godage
>Priority: Minor
> Fix For: 6.6.0, 7.0.0
>
> Time Spent: 50m
> Remaining Estimate: 0h
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Work logged] (WW-5443) Bump Spring dependencies from 5.3.31 to 5.3.37
[ https://issues.apache.org/jira/browse/WW-5443?focusedWorklogId=925804=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-925804 ] ASF GitHub Bot logged work on WW-5443: -- Author: ASF GitHub Bot Created on: 14/Jul/24 04:23 Start Date: 14/Jul/24 04:23 Worklog Time Spent: 10m Work Description: sonarcloud[bot] commented on PR #990: URL: https://github.com/apache/struts/pull/990#issuecomment-2227190854 ## [](https://sonarcloud.io/dashboard?id=apache_struts=990) **Quality Gate passed** Issues  [0 New issues](https://sonarcloud.io/project/issues?id=apache_struts=990=false=true)  [0 Accepted issues](https://sonarcloud.io/project/issues?id=apache_struts=990=WONTFIX) Measures  [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_struts=990=false=true)  [0.0% Coverage on New Code](https://sonarcloud.io/component_measures?id=apache_struts=990=new_coverage=list)  [0.0% Duplication on New Code](https://sonarcloud.io/component_measures?id=apache_struts=990=new_duplicated_lines_density=list) [See analysis details on SonarCloud](https://sonarcloud.io/dashboard?id=apache_struts=990) Issue Time Tracking --- Worklog Id: (was: 925804) Time Spent: 20m (was: 10m) > Bump Spring dependencies from 5.3.31 to 5.3.37 > -- > > Key: WW-5443 > URL: https://issues.apache.org/jira/browse/WW-5443 > Project: Struts 2 > Issue Type: Dependency > Components: Plugin - Spring >Reporter: Kusal Kithul-Godage >Priority: Minor > Fix For: 6.6.0 > > Time Spent: 20m > Remaining Estimate: 0h > > Bump net.sf.jasperreports:jasperreports from 6.21.0 to 6.21.3 -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Work logged] (WW-5443) Bump Spring dependencies from 5.3.31 to 5.3.37
[ https://issues.apache.org/jira/browse/WW-5443?focusedWorklogId=925803=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-925803 ] ASF GitHub Bot logged work on WW-5443: -- Author: ASF GitHub Bot Created on: 14/Jul/24 04:17 Start Date: 14/Jul/24 04:17 Worklog Time Spent: 10m Work Description: kusalk opened a new pull request, #990: URL: https://github.com/apache/struts/pull/990 WW-5443 -- Seeing lots of security warnings in IntelliJ about this dependency Issue Time Tracking --- Worklog Id: (was: 925803) Remaining Estimate: 0h Time Spent: 10m > Bump Spring dependencies from 5.3.31 to 5.3.37 > -- > > Key: WW-5443 > URL: https://issues.apache.org/jira/browse/WW-5443 > Project: Struts 2 > Issue Type: Dependency > Components: Plugin - Spring >Reporter: Kusal Kithul-Godage >Priority: Minor > Fix For: 6.6.0 > > Time Spent: 10m > Remaining Estimate: 0h > > Bump net.sf.jasperreports:jasperreports from 6.21.0 to 6.21.3 -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Work logged] (WW-5440) Fix OGNL allowlist compatibility with Convention plugin
[ https://issues.apache.org/jira/browse/WW-5440?focusedWorklogId=925772=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-925772 ] ASF GitHub Bot logged work on WW-5440: -- Author: ASF GitHub Bot Created on: 13/Jul/24 14:58 Start Date: 13/Jul/24 14:58 Worklog Time Spent: 10m Work Description: kusalk commented on PR #986: URL: https://github.com/apache/struts/pull/986#issuecomment-2226942124 @lukaszlenart Sorry about the massive diff on this one - it should be a bit easier to review commit by commit. Otherwise, let me know and I'll try split it up into smaller PRs Issue Time Tracking --- Worklog Id: (was: 925772) Time Spent: 40m (was: 0.5h) > Fix OGNL allowlist compatibility with Convention plugin > --- > > Key: WW-5440 > URL: https://issues.apache.org/jira/browse/WW-5440 > Project: Struts 2 > Issue Type: Bug > Components: Plugin - Convention >Affects Versions: 6.4.0 >Reporter: Kusal Kithul-Godage >Priority: Minor > Fix For: 6.6.0, 7.0.0 > > Time Spent: 40m > Remaining Estimate: 0h > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Work logged] (WW-5428) Allowlist capability should resolve Hibernate proxies when disableProxyObjects is not set
[ https://issues.apache.org/jira/browse/WW-5428?focusedWorklogId=925769=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-925769 ] ASF GitHub Bot logged work on WW-5428: -- Author: ASF GitHub Bot Created on: 13/Jul/24 14:53 Start Date: 13/Jul/24 14:53 Worklog Time Spent: 10m Work Description: kusalk merged PR #987: URL: https://github.com/apache/struts/pull/987 Issue Time Tracking --- Worklog Id: (was: 925769) Time Spent: 3.5h (was: 3h 20m) > Allowlist capability should resolve Hibernate proxies when > disableProxyObjects is not set > - > > Key: WW-5428 > URL: https://issues.apache.org/jira/browse/WW-5428 > Project: Struts 2 > Issue Type: Improvement > Components: Core >Reporter: Kusal Kithul-Godage >Priority: Minor > Fix For: 6.5.0, 7.0.0 > > Time Spent: 3.5h > Remaining Estimate: 0h > > Refer to PR description for further details -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Work logged] (WW-5442) Enforce allowlist for OgnlReflectionProvider
[ https://issues.apache.org/jira/browse/WW-5442?focusedWorklogId=925770=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-925770 ] ASF GitHub Bot logged work on WW-5442: -- Author: ASF GitHub Bot Created on: 13/Jul/24 14:53 Start Date: 13/Jul/24 14:53 Worklog Time Spent: 10m Work Description: sonarcloud[bot] commented on PR #988: URL: https://github.com/apache/struts/pull/988#issuecomment-2226939528 ## [](https://sonarcloud.io/dashboard?id=apache_struts=988) **Quality Gate passed** Issues  [0 New issues](https://sonarcloud.io/project/issues?id=apache_struts=988=false=true)  [0 Accepted issues](https://sonarcloud.io/project/issues?id=apache_struts=988=WONTFIX) Measures  [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_struts=988=false=true)  [100.0% Coverage on New Code](https://sonarcloud.io/component_measures?id=apache_struts=988=new_coverage=list)  [0.0% Duplication on New Code](https://sonarcloud.io/component_measures?id=apache_struts=988=new_duplicated_lines_density=list) [See analysis details on SonarCloud](https://sonarcloud.io/dashboard?id=apache_struts=988) Issue Time Tracking --- Worklog Id: (was: 925770) Remaining Estimate: 0h Time Spent: 10m > Enforce allowlist for OgnlReflectionProvider > > > Key: WW-5442 > URL: https://issues.apache.org/jira/browse/WW-5442 > Project: Struts 2 > Issue Type: Improvement > Components: Core >Reporter: Kusal Kithul-Godage >Priority: Minor > Fix For: 6.6.0 > > Time Spent: 10m > Remaining Estimate: 0h > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Work logged] (WW-5440) Fix OGNL allowlist compatibility with Convention plugin
[ https://issues.apache.org/jira/browse/WW-5440?focusedWorklogId=925768=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-925768 ] ASF GitHub Bot logged work on WW-5440: -- Author: ASF GitHub Bot Created on: 13/Jul/24 14:40 Start Date: 13/Jul/24 14:40 Worklog Time Spent: 10m Work Description: sonarcloud[bot] commented on PR #986: URL: https://github.com/apache/struts/pull/986#issuecomment-2226934211 ## [](https://sonarcloud.io/dashboard?id=apache_struts=986) **Quality Gate failed** Failed conditions  [30.0% Coverage on New Code](https://sonarcloud.io/component_measures?id=apache_struts=986=new_coverage=list) (required ≥ 80%) [See analysis details on SonarCloud](https://sonarcloud.io/dashboard?id=apache_struts=986) Issue Time Tracking --- Worklog Id: (was: 925768) Time Spent: 0.5h (was: 20m) > Fix OGNL allowlist compatibility with Convention plugin > --- > > Key: WW-5440 > URL: https://issues.apache.org/jira/browse/WW-5440 > Project: Struts 2 > Issue Type: Bug > Components: Plugin - Convention >Affects Versions: 6.4.0 >Reporter: Kusal Kithul-Godage >Priority: Minor > Fix For: 6.6.0, 7.0.0 > > Time Spent: 0.5h > Remaining Estimate: 0h > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Work logged] (WW-5428) Allowlist capability should resolve Hibernate proxies when disableProxyObjects is not set
[ https://issues.apache.org/jira/browse/WW-5428?focusedWorklogId=925765=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-925765 ] ASF GitHub Bot logged work on WW-5428: -- Author: ASF GitHub Bot Created on: 13/Jul/24 13:48 Start Date: 13/Jul/24 13:48 Worklog Time Spent: 10m Work Description: sonarcloud[bot] commented on PR #987: URL: https://github.com/apache/struts/pull/987#issuecomment-2226911055 ## [](https://sonarcloud.io/dashboard?id=apache_struts=987) **Quality Gate failed** Failed conditions  [C Maintainability Rating on New Code](https://sonarcloud.io/dashboard?id=apache_struts=987) (required ≥ A) [See analysis details on SonarCloud](https://sonarcloud.io/dashboard?id=apache_struts=987) ##  Catch issues before they fail your Quality Gate with our IDE extension  [SonarLint](https://www.sonarsource.com/products/sonarlint/features/connected-mode/?referrer=pull-request) Issue Time Tracking --- Worklog Id: (was: 925765) Time Spent: 3h 20m (was: 3h 10m) > Allowlist capability should resolve Hibernate proxies when > disableProxyObjects is not set > - > > Key: WW-5428 > URL: https://issues.apache.org/jira/browse/WW-5428 > Project: Struts 2 > Issue Type: Improvement > Components: Core >Reporter: Kusal Kithul-Godage >Priority: Minor > Fix For: 6.5.0, 7.0.0 > > Time Spent: 3h 20m > Remaining Estimate: 0h > > Refer to PR description for further details -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Work logged] (WW-5428) Allowlist capability should resolve Hibernate proxies when disableProxyObjects is not set
[ https://issues.apache.org/jira/browse/WW-5428?focusedWorklogId=925764=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-925764 ] ASF GitHub Bot logged work on WW-5428: -- Author: ASF GitHub Bot Created on: 13/Jul/24 13:42 Start Date: 13/Jul/24 13:42 Worklog Time Spent: 10m Work Description: kusalk opened a new pull request, #987: URL: https://github.com/apache/struts/pull/987 WW-5428 -- Issue Time Tracking --- Worklog Id: (was: 925764) Time Spent: 3h 10m (was: 3h) > Allowlist capability should resolve Hibernate proxies when > disableProxyObjects is not set > - > > Key: WW-5428 > URL: https://issues.apache.org/jira/browse/WW-5428 > Project: Struts 2 > Issue Type: Improvement > Components: Core >Reporter: Kusal Kithul-Godage >Priority: Minor > Fix For: 6.5.0, 7.0.0 > > Time Spent: 3h 10m > Remaining Estimate: 0h > > Refer to PR description for further details -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Work logged] (WW-5440) Fix OGNL allowlist compatibility with Convention plugin
[ https://issues.apache.org/jira/browse/WW-5440?focusedWorklogId=925763=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-925763 ] ASF GitHub Bot logged work on WW-5440: -- Author: ASF GitHub Bot Created on: 13/Jul/24 13:31 Start Date: 13/Jul/24 13:31 Worklog Time Spent: 10m Work Description: sonarcloud[bot] commented on PR #986: URL: https://github.com/apache/struts/pull/986#issuecomment-2226904286 ## [](https://sonarcloud.io/dashboard?id=apache_struts=986) **Quality Gate failed** Failed conditions  [30.0% Coverage on New Code](https://sonarcloud.io/component_measures?id=apache_struts=986=new_coverage=list) (required ≥ 80%) [See analysis details on SonarCloud](https://sonarcloud.io/dashboard?id=apache_struts=986) Issue Time Tracking --- Worklog Id: (was: 925763) Time Spent: 20m (was: 10m) > Fix OGNL allowlist compatibility with Convention plugin > --- > > Key: WW-5440 > URL: https://issues.apache.org/jira/browse/WW-5440 > Project: Struts 2 > Issue Type: Bug > Components: Plugin - Convention >Affects Versions: 6.4.0 >Reporter: Kusal Kithul-Godage >Priority: Minor > Fix For: 6.6.0, 7.0.0 > > Time Spent: 20m > Remaining Estimate: 0h > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Work logged] (WW-5440) Fix OGNL allowlist compatibility with Convention plugin
[ https://issues.apache.org/jira/browse/WW-5440?focusedWorklogId=925760=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-925760 ] ASF GitHub Bot logged work on WW-5440: -- Author: ASF GitHub Bot Created on: 13/Jul/24 13:16 Start Date: 13/Jul/24 13:16 Worklog Time Spent: 10m Work Description: kusalk opened a new pull request, #986: URL: https://github.com/apache/struts/pull/986 WW-5440 -- * Fixed `struts2-convention-plugin` compatibility with OGNL allowlist, Actions are now auto-allowlisted as expected * Fixed `struts2-config-browser-plugin` compatibility with `struts.parameters.requireAnnotations=true` * Fixed Showcase App Hangman Action by adding appropriate classes to OGNL allowlist configuration * Fixed a number of other Showcase App Actions which required further annotating/allowlisting * Deprecated `AnnotationParameterFilterInterceptor` which is superseded by `@StrutsParameter` capability I also went through and did a batch application of `@StrutsParameter` even in unit test Actions in which they may not be strictly required. Did this as a precautionary measure against any other regressions or unintended test behaviour. Issue Time Tracking --- Worklog Id: (was: 925760) Remaining Estimate: 0h Time Spent: 10m > Fix OGNL allowlist compatibility with Convention plugin > --- > > Key: WW-5440 > URL: https://issues.apache.org/jira/browse/WW-5440 > Project: Struts 2 > Issue Type: Bug > Components: Plugin - Convention >Affects Versions: 6.4.0 >Reporter: Kusal Kithul-Godage >Priority: Minor > Fix For: 6.6.0, 7.0.0 > > Time Spent: 10m > Remaining Estimate: 0h > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Work logged] (WW-5441) Bump net.sf.jasperreports:jasperreports from 6.21.0 to 6.21.3
[ https://issues.apache.org/jira/browse/WW-5441?focusedWorklogId=925759=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-925759 ] ASF GitHub Bot logged work on WW-5441: -- Author: ASF GitHub Bot Created on: 13/Jul/24 13:09 Start Date: 13/Jul/24 13:09 Worklog Time Spent: 10m Work Description: kusalk merged PR #985: URL: https://github.com/apache/struts/pull/985 Issue Time Tracking --- Worklog Id: (was: 925759) Time Spent: 0.5h (was: 20m) > Bump net.sf.jasperreports:jasperreports from 6.21.0 to 6.21.3 > - > > Key: WW-5441 > URL: https://issues.apache.org/jira/browse/WW-5441 > Project: Struts 2 > Issue Type: Dependency > Components: Plugin - JasperReports >Reporter: Kusal Kithul-Godage >Priority: Minor > Fix For: 6.6.0 > > Time Spent: 0.5h > Remaining Estimate: 0h > > Bump net.sf.jasperreports:jasperreports from 6.21.0 to 6.21.3 -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Work logged] (WW-5441) Bump net.sf.jasperreports:jasperreports from 6.21.0 to 6.21.3
[ https://issues.apache.org/jira/browse/WW-5441?focusedWorklogId=925752=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-925752 ] ASF GitHub Bot logged work on WW-5441: -- Author: ASF GitHub Bot Created on: 13/Jul/24 08:59 Start Date: 13/Jul/24 08:59 Worklog Time Spent: 10m Work Description: sonarcloud[bot] commented on PR #985: URL: https://github.com/apache/struts/pull/985#issuecomment-2226828414 ## [](https://sonarcloud.io/dashboard?id=apache_struts=985) **Quality Gate passed** Issues  [0 New issues](https://sonarcloud.io/project/issues?id=apache_struts=985=false=true)  [0 Accepted issues](https://sonarcloud.io/project/issues?id=apache_struts=985=WONTFIX) Measures  [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_struts=985=false=true)  [0.0% Coverage on New Code](https://sonarcloud.io/component_measures?id=apache_struts=985=new_coverage=list)  [0.0% Duplication on New Code](https://sonarcloud.io/component_measures?id=apache_struts=985=new_duplicated_lines_density=list) [See analysis details on SonarCloud](https://sonarcloud.io/dashboard?id=apache_struts=985) Issue Time Tracking --- Worklog Id: (was: 925752) Time Spent: 20m (was: 10m) > Bump net.sf.jasperreports:jasperreports from 6.21.0 to 6.21.3 > - > > Key: WW-5441 > URL: https://issues.apache.org/jira/browse/WW-5441 > Project: Struts 2 > Issue Type: Dependency > Components: Plugin - JasperReports >Reporter: Kusal Kithul-Godage >Priority: Minor > Fix For: 6.5.0 > > Time Spent: 20m > Remaining Estimate: 0h > > Bump org.apache.felix:org.apache.felix.main from 6.0.3 to 7.0.5 -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Work logged] (WW-5441) Bump net.sf.jasperreports:jasperreports from 6.21.0 to 6.21.3
[ https://issues.apache.org/jira/browse/WW-5441?focusedWorklogId=925751=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-925751 ] ASF GitHub Bot logged work on WW-5441: -- Author: ASF GitHub Bot Created on: 13/Jul/24 08:53 Start Date: 13/Jul/24 08:53 Worklog Time Spent: 10m Work Description: kusalk opened a new pull request, #985: URL: https://github.com/apache/struts/pull/985 WW-5441 -- Issue Time Tracking --- Worklog Id: (was: 925751) Remaining Estimate: 0h Time Spent: 10m > Bump net.sf.jasperreports:jasperreports from 6.21.0 to 6.21.3 > - > > Key: WW-5441 > URL: https://issues.apache.org/jira/browse/WW-5441 > Project: Struts 2 > Issue Type: Dependency > Components: Plugin - JasperReports >Reporter: Kusal Kithul-Godage >Priority: Minor > Fix For: 6.5.0 > > Time Spent: 10m > Remaining Estimate: 0h > > Bump org.apache.felix:org.apache.felix.main from 6.0.3 to 7.0.5 -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Work logged] (WW-5438) Wrong scope on weld dependencies
[ https://issues.apache.org/jira/browse/WW-5438?focusedWorklogId=925368=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-925368 ] ASF GitHub Bot logged work on WW-5438: -- Author: ASF GitHub Bot Created on: 11/Jul/24 06:26 Start Date: 11/Jul/24 06:26 Worklog Time Spent: 10m Work Description: lukaszlenart merged PR #984: URL: https://github.com/apache/struts/pull/984 Issue Time Tracking --- Worklog Id: (was: 925368) Time Spent: 40m (was: 0.5h) > Wrong scope on weld dependencies > > > Key: WW-5438 > URL: https://issues.apache.org/jira/browse/WW-5438 > Project: Struts 2 > Issue Type: Bug > Components: Plugin - CDI >Affects Versions: 7.0.0 >Reporter: Jens Viebig >Priority: Major > Fix For: 7.0.0 > > Time Spent: 40m > Remaining Estimate: 0h > > We started to migrate our application to jakartaee10 with the M7 build and > all is going quite well so far. > One thing we came across is the removal of the "provided" and "test" scope > from the weld dependencies in the pom of the struts-cdi-plugin. By default, > this now adds a lot of weld and jakartaee standards dependencies to the > WEB-INF/lib directory which are normally provided by the application server. > For now we worked around this by adding exclusions to the weld dependencies > but wondering: > Was the removal of the scopes intentional ? > This is the commit where the scopes were removed: > [https://github.com/apache/struts/commit/8fecaa2c3008ec6a9f9653b991e017caa84423ed] -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Work logged] (WW-5438) Wrong scope on weld dependencies
[ https://issues.apache.org/jira/browse/WW-5438?focusedWorklogId=924963=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-924963 ] ASF GitHub Bot logged work on WW-5438: -- Author: ASF GitHub Bot Created on: 09/Jul/24 06:11 Start Date: 09/Jul/24 06:11 Worklog Time Spent: 10m Work Description: sonarcloud[bot] commented on PR #984: URL: https://github.com/apache/struts/pull/984#issuecomment-2216657076 ## [](https://sonarcloud.io/dashboard?id=apache_struts=984) **Quality Gate passed** Issues  [0 New issues](https://sonarcloud.io/project/issues?id=apache_struts=984=false=true)  [0 Accepted issues](https://sonarcloud.io/project/issues?id=apache_struts=984=WONTFIX) Measures  [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_struts=984=false=true)  [0.0% Coverage on New Code](https://sonarcloud.io/component_measures?id=apache_struts=984=new_coverage=list)  [0.0% Duplication on New Code](https://sonarcloud.io/component_measures?id=apache_struts=984=new_duplicated_lines_density=list) [See analysis details on SonarCloud](https://sonarcloud.io/dashboard?id=apache_struts=984) Issue Time Tracking --- Worklog Id: (was: 924963) Time Spent: 0.5h (was: 20m) > Wrong scope on weld dependencies > > > Key: WW-5438 > URL: https://issues.apache.org/jira/browse/WW-5438 > Project: Struts 2 > Issue Type: Bug > Components: Plugin - CDI >Affects Versions: 7.0.0 >Reporter: Jens Viebig >Priority: Major > Fix For: 7.0.0 > > Time Spent: 0.5h > Remaining Estimate: 0h > > We started to migrate our application to jakartaee10 with the M7 build and > all is going quite well so far. > One thing we came across is the removal of the "provided" and "test" scope > from the weld dependencies in the pom of the struts-cdi-plugin. By default, > this now adds a lot of weld and jakartaee standards dependencies to the > WEB-INF/lib directory which are normally provided by the application server. > For now we worked around this by adding exclusions to the weld dependencies > but wondering: > Was the removal of the scopes intentional ? > This is the commit where the scopes were removed: > [https://github.com/apache/struts/commit/8fecaa2c3008ec6a9f9653b991e017caa84423ed] -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Work logged] (WW-5438) Wrong scope on weld dependencies
[ https://issues.apache.org/jira/browse/WW-5438?focusedWorklogId=924960=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-924960 ] ASF GitHub Bot logged work on WW-5438: -- Author: ASF GitHub Bot Created on: 09/Jul/24 06:09 Start Date: 09/Jul/24 06:09 Worklog Time Spent: 10m Work Description: lukaszlenart commented on PR #984: URL: https://github.com/apache/struts/pull/984#issuecomment-2216653552 /cc: @jdyer1 Issue Time Tracking --- Worklog Id: (was: 924960) Time Spent: 20m (was: 10m) > Wrong scope on weld dependencies > > > Key: WW-5438 > URL: https://issues.apache.org/jira/browse/WW-5438 > Project: Struts 2 > Issue Type: Bug > Components: Plugin - CDI >Affects Versions: 7.0.0 >Reporter: Jens Viebig >Priority: Major > Fix For: 7.0.0 > > Time Spent: 20m > Remaining Estimate: 0h > > We started to migrate our application to jakartaee10 with the M7 build and > all is going quite well so far. > One thing we came across is the removal of the "provided" and "test" scope > from the weld dependencies in the pom of the struts-cdi-plugin. By default, > this now adds a lot of weld and jakartaee standards dependencies to the > WEB-INF/lib directory which are normally provided by the application server. > For now we worked around this by adding exclusions to the weld dependencies > but wondering: > Was the removal of the scopes intentional ? > This is the commit where the scopes were removed: > [https://github.com/apache/struts/commit/8fecaa2c3008ec6a9f9653b991e017caa84423ed] -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Work logged] (WW-5438) Wrong scope on weld dependencies
[ https://issues.apache.org/jira/browse/WW-5438?focusedWorklogId=924958=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-924958 ] ASF GitHub Bot logged work on WW-5438: -- Author: ASF GitHub Bot Created on: 09/Jul/24 06:05 Start Date: 09/Jul/24 06:05 Worklog Time Spent: 10m Work Description: lukaszlenart opened a new pull request, #984: URL: https://github.com/apache/struts/pull/984 Closes [WW-5438](https://issues.apache.org/jira/browse/WW-5438) Issue Time Tracking --- Worklog Id: (was: 924958) Remaining Estimate: 0h Time Spent: 10m > Wrong scope on weld dependencies > > > Key: WW-5438 > URL: https://issues.apache.org/jira/browse/WW-5438 > Project: Struts 2 > Issue Type: Bug > Components: Plugin - CDI >Affects Versions: 7.0.0 >Reporter: Jens Viebig >Priority: Major > Fix For: 7.0.0 > > Time Spent: 10m > Remaining Estimate: 0h > > We started to migrate our application to jakartaee10 with the M7 build and > all is going quite well so far. > One thing we came across is the removal of the "provided" and "test" scope > from the weld dependencies in the pom of the struts-cdi-plugin. By default, > this now adds a lot of weld and jakartaee standards dependencies to the > WEB-INF/lib directory which are normally provided by the application server. > For now we worked around this by adding exclusions to the weld dependencies > but wondering: > Was the removal of the scopes intentional ? > This is the commit where the scopes were removed: > [https://github.com/apache/struts/commit/8fecaa2c3008ec6a9f9653b991e017caa84423ed] -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Work logged] (WW-5428) Allowlist capability should resolve Hibernate proxies when disableProxyObjects is not set
[ https://issues.apache.org/jira/browse/WW-5428?focusedWorklogId=924887=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-924887 ] ASF GitHub Bot logged work on WW-5428: -- Author: ASF GitHub Bot Created on: 08/Jul/24 19:44 Start Date: 08/Jul/24 19:44 Worklog Time Spent: 10m Work Description: kusalk merged PR #982: URL: https://github.com/apache/struts/pull/982 Issue Time Tracking --- Worklog Id: (was: 924887) Time Spent: 3h (was: 2h 50m) > Allowlist capability should resolve Hibernate proxies when > disableProxyObjects is not set > - > > Key: WW-5428 > URL: https://issues.apache.org/jira/browse/WW-5428 > Project: Struts 2 > Issue Type: Improvement > Components: Core >Reporter: Kusal Kithul-Godage >Priority: Minor > Fix For: 6.5.0, 7.0.0 > > Time Spent: 3h > Remaining Estimate: 0h > > Refer to PR description for further details -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Work logged] (WW-5428) Allowlist capability should resolve Hibernate proxies when disableProxyObjects is not set
[ https://issues.apache.org/jira/browse/WW-5428?focusedWorklogId=924883=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-924883 ] ASF GitHub Bot logged work on WW-5428: -- Author: ASF GitHub Bot Created on: 08/Jul/24 19:08 Start Date: 08/Jul/24 19:08 Worklog Time Spent: 10m Work Description: sonarcloud[bot] commented on PR #982: URL: https://github.com/apache/struts/pull/982#issuecomment-2214971599 ## [](https://sonarcloud.io/dashboard?id=apache_struts=982) **Quality Gate passed** Issues  [0 New issues](https://sonarcloud.io/project/issues?id=apache_struts=982=false=true)  [0 Accepted issues](https://sonarcloud.io/project/issues?id=apache_struts=982=WONTFIX) Measures  [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_struts=982=false=true)  [0.0% Coverage on New Code](https://sonarcloud.io/component_measures?id=apache_struts=982=new_coverage=list)  [0.0% Duplication on New Code](https://sonarcloud.io/component_measures?id=apache_struts=982=new_duplicated_lines_density=list) [See analysis details on SonarCloud](https://sonarcloud.io/dashboard?id=apache_struts=982) Issue Time Tracking --- Worklog Id: (was: 924883) Time Spent: 2h 50m (was: 2h 40m) > Allowlist capability should resolve Hibernate proxies when > disableProxyObjects is not set > - > > Key: WW-5428 > URL: https://issues.apache.org/jira/browse/WW-5428 > Project: Struts 2 > Issue Type: Improvement > Components: Core >Reporter: Kusal Kithul-Godage >Priority: Minor > Fix For: 6.5.0, 7.0.0 > > Time Spent: 2h 50m > Remaining Estimate: 0h > > Refer to PR description for further details -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Work logged] (WW-5428) Allowlist capability should resolve Hibernate proxies when disableProxyObjects is not set
[ https://issues.apache.org/jira/browse/WW-5428?focusedWorklogId=924875=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-924875 ] ASF GitHub Bot logged work on WW-5428: -- Author: ASF GitHub Bot Created on: 08/Jul/24 18:02 Start Date: 08/Jul/24 18:02 Worklog Time Spent: 10m Work Description: sonarcloud[bot] commented on PR #982: URL: https://github.com/apache/struts/pull/982#issuecomment-2214846606 ## [](https://sonarcloud.io/dashboard?id=apache_struts=982) **Quality Gate passed** Issues  [0 New issues](https://sonarcloud.io/project/issues?id=apache_struts=982=false=true)  [0 Accepted issues](https://sonarcloud.io/project/issues?id=apache_struts=982=WONTFIX) Measures  [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_struts=982=false=true)  [100.0% Coverage on New Code](https://sonarcloud.io/component_measures?id=apache_struts=982=new_coverage=list)  [0.0% Duplication on New Code](https://sonarcloud.io/component_measures?id=apache_struts=982=new_duplicated_lines_density=list) [See analysis details on SonarCloud](https://sonarcloud.io/dashboard?id=apache_struts=982) Issue Time Tracking --- Worklog Id: (was: 924875) Time Spent: 2h 40m (was: 2.5h) > Allowlist capability should resolve Hibernate proxies when > disableProxyObjects is not set > - > > Key: WW-5428 > URL: https://issues.apache.org/jira/browse/WW-5428 > Project: Struts 2 > Issue Type: Improvement > Components: Core >Reporter: Kusal Kithul-Godage >Priority: Minor > Fix For: 6.5.0, 7.0.0 > > Time Spent: 2h 40m > Remaining Estimate: 0h > > Refer to PR description for further details -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Work logged] (WW-5428) Allowlist capability should resolve Hibernate proxies when disableProxyObjects is not set
[ https://issues.apache.org/jira/browse/WW-5428?focusedWorklogId=924873=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-924873 ] ASF GitHub Bot logged work on WW-5428: -- Author: ASF GitHub Bot Created on: 08/Jul/24 17:57 Start Date: 08/Jul/24 17:57 Worklog Time Spent: 10m Work Description: kusalk opened a new pull request, #982: URL: https://github.com/apache/struts/pull/982 WW-5428 -- As per title, this is too much logging, even in DevMode! Issue Time Tracking --- Worklog Id: (was: 924873) Time Spent: 2.5h (was: 2h 20m) > Allowlist capability should resolve Hibernate proxies when > disableProxyObjects is not set > - > > Key: WW-5428 > URL: https://issues.apache.org/jira/browse/WW-5428 > Project: Struts 2 > Issue Type: Improvement > Components: Core >Reporter: Kusal Kithul-Godage >Priority: Minor > Fix For: 6.5.0, 7.0.0 > > Time Spent: 2.5h > Remaining Estimate: 0h > > Refer to PR description for further details -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Work logged] (WW-5411) Delete deprecated classes and members
[
https://issues.apache.org/jira/browse/WW-5411?focusedWorklogId=924819=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-924819
]
ASF GitHub Bot logged work on WW-5411:
--
Author: ASF GitHub Bot
Created on: 08/Jul/24 11:29
Start Date: 08/Jul/24 11:29
Worklog Time Spent: 10m
Work Description: kusalk merged PR #981:
URL: https://github.com/apache/struts/pull/981
Issue Time Tracking
---
Worklog Id: (was: 924819)
Time Spent: 0.5h (was: 20m)
> Delete deprecated classes and members
> -
>
> Key: WW-5411
> URL: https://issues.apache.org/jira/browse/WW-5411
> Project: Struts 2
> Issue Type: Task
> Components: Core
>Reporter: Kusal Kithul-Godage
>Priority: Minor
> Fix For: 7.0.0
>
> Time Spent: 0.5h
> Remaining Estimate: 0h
>
> {code:java}
> StrutsPrepareAndExecuteFilter#excludedPatterns
> StrutsPrepareFilter#excludedPatterns
> InitOperations#buildExcludedPatternsList
> PrepareOperations#isUrlExcluded(HttpServletRequest, List)
> {code}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Work logged] (WW-5411) Delete deprecated classes and members
[
https://issues.apache.org/jira/browse/WW-5411?focusedWorklogId=924799=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-924799
]
ASF GitHub Bot logged work on WW-5411:
--
Author: ASF GitHub Bot
Created on: 08/Jul/24 10:49
Start Date: 08/Jul/24 10:49
Worklog Time Spent: 10m
Work Description: sonarcloud[bot] commented on PR #981:
URL: https://github.com/apache/struts/pull/981#issuecomment-2213672788
## [](https://sonarcloud.io/dashboard?id=apache_struts=981)
**Quality Gate failed**
Failed conditions
 [70.6% Coverage on New
Code](https://sonarcloud.io/component_measures?id=apache_struts=981=new_coverage=list)
(required ≥ 80%)
[See analysis details on
SonarCloud](https://sonarcloud.io/dashboard?id=apache_struts=981)
Issue Time Tracking
---
Worklog Id: (was: 924799)
Time Spent: 20m (was: 10m)
> Delete deprecated classes and members
> -
>
> Key: WW-5411
> URL: https://issues.apache.org/jira/browse/WW-5411
> Project: Struts 2
> Issue Type: Task
> Components: Core
>Reporter: Kusal Kithul-Godage
>Priority: Minor
> Fix For: 7.0.0
>
> Time Spent: 20m
> Remaining Estimate: 0h
>
> {code:java}
> StrutsPrepareAndExecuteFilter#excludedPatterns
> StrutsPrepareFilter#excludedPatterns
> InitOperations#buildExcludedPatternsList
> PrepareOperations#isUrlExcluded(HttpServletRequest, List)
> {code}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Work logged] (WW-5411) Delete deprecated classes and members
[
https://issues.apache.org/jira/browse/WW-5411?focusedWorklogId=924797=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-924797
]
ASF GitHub Bot logged work on WW-5411:
--
Author: ASF GitHub Bot
Created on: 08/Jul/24 10:43
Start Date: 08/Jul/24 10:43
Worklog Time Spent: 10m
Work Description: kusalk opened a new pull request, #981:
URL: https://github.com/apache/struts/pull/981
WW-5411
--
Issue Time Tracking
---
Worklog Id: (was: 924797)
Remaining Estimate: 0h
Time Spent: 10m
> Delete deprecated classes and members
> -
>
> Key: WW-5411
> URL: https://issues.apache.org/jira/browse/WW-5411
> Project: Struts 2
> Issue Type: Task
> Components: Core
>Reporter: Kusal Kithul-Godage
>Priority: Minor
> Fix For: 7.0.0
>
> Time Spent: 10m
> Remaining Estimate: 0h
>
> {code:java}
> StrutsPrepareAndExecuteFilter#excludedPatterns
> StrutsPrepareFilter#excludedPatterns
> InitOperations#buildExcludedPatternsList
> PrepareOperations#isUrlExcluded(HttpServletRequest, List)
> {code}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Work logged] (WW-5439) Fix and clean up devMode excluded classes
[ https://issues.apache.org/jira/browse/WW-5439?focusedWorklogId=924786=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-924786 ] ASF GitHub Bot logged work on WW-5439: -- Author: ASF GitHub Bot Created on: 08/Jul/24 10:18 Start Date: 08/Jul/24 10:18 Worklog Time Spent: 10m Work Description: kusalk merged PR #979: URL: https://github.com/apache/struts/pull/979 Issue Time Tracking --- Worklog Id: (was: 924786) Time Spent: 1h 10m (was: 1h) > Fix and clean up devMode excluded classes > - > > Key: WW-5439 > URL: https://issues.apache.org/jira/browse/WW-5439 > Project: Struts 2 > Issue Type: Improvement > Components: Core >Reporter: Kusal Kithul-Godage >Priority: Minor > Fix For: 6.5.0 > > Time Spent: 1h 10m > Remaining Estimate: 0h > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Work logged] (WW-5428) Allowlist capability should resolve Hibernate proxies when disableProxyObjects is not set
[ https://issues.apache.org/jira/browse/WW-5428?focusedWorklogId=924784=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-924784 ] ASF GitHub Bot logged work on WW-5428: -- Author: ASF GitHub Bot Created on: 08/Jul/24 10:15 Start Date: 08/Jul/24 10:15 Worklog Time Spent: 10m Work Description: kusalk merged PR #967: URL: https://github.com/apache/struts/pull/967 Issue Time Tracking --- Worklog Id: (was: 924784) Time Spent: 2h 20m (was: 2h 10m) > Allowlist capability should resolve Hibernate proxies when > disableProxyObjects is not set > - > > Key: WW-5428 > URL: https://issues.apache.org/jira/browse/WW-5428 > Project: Struts 2 > Issue Type: Improvement > Components: Core >Reporter: Kusal Kithul-Godage >Priority: Minor > Fix For: 6.5.0, 7.0.0 > > Time Spent: 2h 20m > Remaining Estimate: 0h > > Refer to PR description for further details -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Work logged] (WW-5439) Fix and clean up devMode excluded classes
[ https://issues.apache.org/jira/browse/WW-5439?focusedWorklogId=924776=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-924776 ] ASF GitHub Bot logged work on WW-5439: -- Author: ASF GitHub Bot Created on: 08/Jul/24 10:09 Start Date: 08/Jul/24 10:09 Worklog Time Spent: 10m Work Description: sonarcloud[bot] commented on PR #979: URL: https://github.com/apache/struts/pull/979#issuecomment-2213599439 ## [](https://sonarcloud.io/dashboard?id=apache_struts=979) **Quality Gate failed** Failed conditions  [8 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_struts=979=false=true)  [28.7% Coverage on New Code](https://sonarcloud.io/component_measures?id=apache_struts=979=new_coverage=list) (required ≥ 80%)  [4.0% Duplication on New Code](https://sonarcloud.io/component_measures?id=apache_struts=979=new_duplicated_lines_density=list) (required ≤ 3%)  [E Security Rating on New Code](https://sonarcloud.io/dashboard?id=apache_struts=979) (required ≥ A)  [E Reliability Rating on New Code](https://sonarcloud.io/dashboard?id=apache_struts=979) (required ≥ A) [See analysis details on SonarCloud](https://sonarcloud.io/dashboard?id=apache_struts=979) ##  Catch issues before they fail your Quality Gate with our IDE extension  [SonarLint](https://www.sonarsource.com/products/sonarlint/features/connected-mode/?referrer=pull-request) Issue Time Tracking --- Worklog Id: (was: 924776) Time Spent: 1h (was: 50m) > Fix and clean up devMode excluded classes > - > > Key: WW-5439 > URL: https://issues.apache.org/jira/browse/WW-5439 > Project: Struts 2 > Issue Type: Improvement > Components: Core >Reporter: Kusal Kithul-Godage >Priority: Minor > Fix For: 6.5.0 > > Time Spent: 1h > Remaining Estimate: 0h > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Work logged] (WW-5428) Allowlist capability should resolve Hibernate proxies when disableProxyObjects is not set
[ https://issues.apache.org/jira/browse/WW-5428?focusedWorklogId=924774=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-924774 ] ASF GitHub Bot logged work on WW-5428: -- Author: ASF GitHub Bot Created on: 08/Jul/24 10:04 Start Date: 08/Jul/24 10:04 Worklog Time Spent: 10m Work Description: sonarcloud[bot] commented on PR #967: URL: https://github.com/apache/struts/pull/967#issuecomment-2213587750 ## [](https://sonarcloud.io/dashboard?id=apache_struts=967) **Quality Gate failed** Failed conditions  [8 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_struts=967=false=true)  [28.7% Coverage on New Code](https://sonarcloud.io/component_measures?id=apache_struts=967=new_coverage=list) (required ≥ 80%)  [4.0% Duplication on New Code](https://sonarcloud.io/component_measures?id=apache_struts=967=new_duplicated_lines_density=list) (required ≤ 3%)  [E Security Rating on New Code](https://sonarcloud.io/dashboard?id=apache_struts=967) (required ≥ A)  [E Reliability Rating on New Code](https://sonarcloud.io/dashboard?id=apache_struts=967) (required ≥ A) [See analysis details on SonarCloud](https://sonarcloud.io/dashboard?id=apache_struts=967) ##  Catch issues before they fail your Quality Gate with our IDE extension  [SonarLint](https://www.sonarsource.com/products/sonarlint/features/connected-mode/?referrer=pull-request) Issue Time Tracking --- Worklog Id: (was: 924774) Time Spent: 2h 10m (was: 2h) > Allowlist capability should resolve Hibernate proxies when > disableProxyObjects is not set > - > > Key: WW-5428 > URL: https://issues.apache.org/jira/browse/WW-5428 > Project: Struts 2 > Issue Type: Improvement > Components: Core >Reporter: Kusal Kithul-Godage >Priority: Minor > Fix For: 6.5.0, 7.0.0 > > Time Spent: 2h 10m > Remaining Estimate: 0h > > Refer to PR description for further details -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Work logged] (WW-5428) Allowlist capability should resolve Hibernate proxies when disableProxyObjects is not set
[
https://issues.apache.org/jira/browse/WW-5428?focusedWorklogId=924771=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-924771
]
ASF GitHub Bot logged work on WW-5428:
--
Author: ASF GitHub Bot
Created on: 08/Jul/24 10:00
Start Date: 08/Jul/24 10:00
Worklog Time Spent: 10m
Work Description: kusalk commented on code in PR #967:
URL: https://github.com/apache/struts/pull/967#discussion_r1668348985
##
core/src/main/java/com/opensymphony/xwork2/ognl/SecurityMemberAccess.java:
##
@@ -209,10 +209,23 @@ public boolean isAccessible(Map context, Object target,
Member member, String pr
* @return {@code true} if member access is allowed
*/
protected boolean checkAllowlist(Object target, Member member) {
-Class memberClass = member.getDeclaringClass();
if (!enforceAllowlistEnabled) {
return true;
}
+
+if (!disallowProxyObjectAccess && target != null &&
ProxyUtil.isProxy(target)) {
+// If `disallowProxyObjectAccess` is not set, allow resolving
Hibernate entities to their underlying
+// classes/members. This allows the allowlist capability to
continue working and offer some level of
+// protection in applications where the developer has accepted the
risk of allowing OGNL access to Hibernate
+// entities. This is preferred to having to disable the allowlist
capability entirely.
Review Comment:
Done
Issue Time Tracking
---
Worklog Id: (was: 924771)
Time Spent: 2h (was: 1h 50m)
> Allowlist capability should resolve Hibernate proxies when
> disableProxyObjects is not set
> -
>
> Key: WW-5428
> URL: https://issues.apache.org/jira/browse/WW-5428
> Project: Struts 2
> Issue Type: Improvement
> Components: Core
>Reporter: Kusal Kithul-Godage
>Priority: Minor
> Fix For: 6.5.0, 7.0.0
>
> Time Spent: 2h
> Remaining Estimate: 0h
>
> Refer to PR description for further details
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Work logged] (WW-5428) Allowlist capability should resolve Hibernate proxies when disableProxyObjects is not set
[ https://issues.apache.org/jira/browse/WW-5428?focusedWorklogId=924770=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-924770 ] ASF GitHub Bot logged work on WW-5428: -- Author: ASF GitHub Bot Created on: 08/Jul/24 09:59 Start Date: 08/Jul/24 09:59 Worklog Time Spent: 10m Work Description: sonarcloud[bot] commented on PR #967: URL: https://github.com/apache/struts/pull/967#issuecomment-2213577485 ## [](https://sonarcloud.io/dashboard?id=apache_struts=967) **Quality Gate failed** Failed conditions  [8 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_struts=967=false=true)  [28.7% Coverage on New Code](https://sonarcloud.io/component_measures?id=apache_struts=967=new_coverage=list) (required ≥ 80%)  [4.0% Duplication on New Code](https://sonarcloud.io/component_measures?id=apache_struts=967=new_duplicated_lines_density=list) (required ≤ 3%)  [E Reliability Rating on New Code](https://sonarcloud.io/dashboard?id=apache_struts=967) (required ≥ A)  [E Security Rating on New Code](https://sonarcloud.io/dashboard?id=apache_struts=967) (required ≥ A) [See analysis details on SonarCloud](https://sonarcloud.io/dashboard?id=apache_struts=967) ##  Catch issues before they fail your Quality Gate with our IDE extension  [SonarLint](https://www.sonarsource.com/products/sonarlint/features/connected-mode/?referrer=pull-request) Issue Time Tracking --- Worklog Id: (was: 924770) Time Spent: 1h 50m (was: 1h 40m) > Allowlist capability should resolve Hibernate proxies when > disableProxyObjects is not set > - > > Key: WW-5428 > URL: https://issues.apache.org/jira/browse/WW-5428 > Project: Struts 2 > Issue Type: Improvement > Components: Core >Reporter: Kusal Kithul-Godage >Priority: Minor > Fix For: 6.5.0, 7.0.0 > > Time Spent: 1h 50m > Remaining Estimate: 0h > > Refer to PR description for further details -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Work logged] (WW-5428) Allowlist capability should resolve Hibernate proxies when disableProxyObjects is not set
[ https://issues.apache.org/jira/browse/WW-5428?focusedWorklogId=924768=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-924768 ] ASF GitHub Bot logged work on WW-5428: -- Author: ASF GitHub Bot Created on: 08/Jul/24 09:51 Start Date: 08/Jul/24 09:51 Worklog Time Spent: 10m Work Description: sonarcloud[bot] commented on PR #967: URL: https://github.com/apache/struts/pull/967#issuecomment-2213559112 ## [](https://sonarcloud.io/dashboard?id=apache_struts=967) **Quality Gate failed** Failed conditions  [8 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_struts=967=false=true)  [28.7% Coverage on New Code](https://sonarcloud.io/component_measures?id=apache_struts=967=new_coverage=list) (required ≥ 80%)  [4.0% Duplication on New Code](https://sonarcloud.io/component_measures?id=apache_struts=967=new_duplicated_lines_density=list) (required ≤ 3%)  [E Security Rating on New Code](https://sonarcloud.io/dashboard?id=apache_struts=967) (required ≥ A)  [E Reliability Rating on New Code](https://sonarcloud.io/dashboard?id=apache_struts=967) (required ≥ A) [See analysis details on SonarCloud](https://sonarcloud.io/dashboard?id=apache_struts=967) ##  Catch issues before they fail your Quality Gate with our IDE extension  [SonarLint](https://www.sonarsource.com/products/sonarlint/features/connected-mode/?referrer=pull-request) Issue Time Tracking --- Worklog Id: (was: 924768) Time Spent: 1h 40m (was: 1.5h) > Allowlist capability should resolve Hibernate proxies when > disableProxyObjects is not set > - > > Key: WW-5428 > URL: https://issues.apache.org/jira/browse/WW-5428 > Project: Struts 2 > Issue Type: Improvement > Components: Core >Reporter: Kusal Kithul-Godage >Priority: Minor > Fix For: 6.5.0, 7.0.0 > > Time Spent: 1h 40m > Remaining Estimate: 0h > > Refer to PR description for further details -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Work logged] (WW-5439) Fix and clean up devMode excluded classes
[ https://issues.apache.org/jira/browse/WW-5439?focusedWorklogId=924767=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-924767 ] ASF GitHub Bot logged work on WW-5439: -- Author: ASF GitHub Bot Created on: 08/Jul/24 09:34 Start Date: 08/Jul/24 09:34 Worklog Time Spent: 10m Work Description: sonarcloud[bot] commented on PR #979: URL: https://github.com/apache/struts/pull/979#issuecomment-2213523881 ## [](https://sonarcloud.io/dashboard?id=apache_struts=979) **Quality Gate failed** Failed conditions  [8 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_struts=979=false=true)  [28.7% Coverage on New Code](https://sonarcloud.io/component_measures?id=apache_struts=979=new_coverage=list) (required ≥ 80%)  [4.0% Duplication on New Code](https://sonarcloud.io/component_measures?id=apache_struts=979=new_duplicated_lines_density=list) (required ≤ 3%)  [E Security Rating on New Code](https://sonarcloud.io/dashboard?id=apache_struts=979) (required ≥ A)  [E Reliability Rating on New Code](https://sonarcloud.io/dashboard?id=apache_struts=979) (required ≥ A) [See analysis details on SonarCloud](https://sonarcloud.io/dashboard?id=apache_struts=979) ##  Catch issues before they fail your Quality Gate with our IDE extension  [SonarLint](https://www.sonarsource.com/products/sonarlint/features/connected-mode/?referrer=pull-request) Issue Time Tracking --- Worklog Id: (was: 924767) Time Spent: 50m (was: 40m) > Fix and clean up devMode excluded classes > - > > Key: WW-5439 > URL: https://issues.apache.org/jira/browse/WW-5439 > Project: Struts 2 > Issue Type: Improvement > Components: Core >Reporter: Kusal Kithul-Godage >Priority: Minor > Fix For: 6.5.0 > > Time Spent: 50m > Remaining Estimate: 0h > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Work logged] (WW-5439) Fix and clean up devMode excluded classes
[ https://issues.apache.org/jira/browse/WW-5439?focusedWorklogId=924766=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-924766 ] ASF GitHub Bot logged work on WW-5439: -- Author: ASF GitHub Bot Created on: 08/Jul/24 09:24 Start Date: 08/Jul/24 09:24 Worklog Time Spent: 10m Work Description: sonarcloud[bot] commented on PR #979: URL: https://github.com/apache/struts/pull/979#issuecomment-2213502282 ## [](https://sonarcloud.io/dashboard?id=apache_struts=979) **Quality Gate failed** Failed conditions  [8 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_struts=979=false=true)  [28.7% Coverage on New Code](https://sonarcloud.io/component_measures?id=apache_struts=979=new_coverage=list) (required ≥ 80%)  [4.0% Duplication on New Code](https://sonarcloud.io/component_measures?id=apache_struts=979=new_duplicated_lines_density=list) (required ≤ 3%)  [E Security Rating on New Code](https://sonarcloud.io/dashboard?id=apache_struts=979) (required ≥ A)  [E Reliability Rating on New Code](https://sonarcloud.io/dashboard?id=apache_struts=979) (required ≥ A) [See analysis details on SonarCloud](https://sonarcloud.io/dashboard?id=apache_struts=979) ##  Catch issues before they fail your Quality Gate with our IDE extension  [SonarLint](https://www.sonarsource.com/products/sonarlint/features/connected-mode/?referrer=pull-request) Issue Time Tracking --- Worklog Id: (was: 924766) Time Spent: 40m (was: 0.5h) > Fix and clean up devMode excluded classes > - > > Key: WW-5439 > URL: https://issues.apache.org/jira/browse/WW-5439 > Project: Struts 2 > Issue Type: Improvement > Components: Core >Reporter: Kusal Kithul-Godage >Priority: Minor > Fix For: 6.5.0 > > Time Spent: 40m > Remaining Estimate: 0h > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Work logged] (WW-5439) Fix and clean up devMode excluded classes
[
https://issues.apache.org/jira/browse/WW-5439?focusedWorklogId=924765=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-924765
]
ASF GitHub Bot logged work on WW-5439:
--
Author: ASF GitHub Bot
Created on: 08/Jul/24 09:19
Start Date: 08/Jul/24 09:19
Worklog Time Spent: 10m
Work Description: kusalk commented on code in PR #979:
URL: https://github.com/apache/struts/pull/979#discussion_r1668291315
##
core/src/test/java/com/opensymphony/xwork2/ognl/OgnlUtilTest.java:
##
@@ -1284,12 +1295,11 @@ public void testAvoidCallingMethodsWithBraces() {
assertEquals(expected.getMessage(), "Inappropriate OGNL expression:
toString()");
}
-public void testAvoidCallingSomeClasses() {
+public void testStaticMethodBlocked() {
Foo foo = new Foo();
Exception expected = null;
try {
-ognlUtil.setExcludedClasses(Runtime.class.getName());
Review Comment:
The exclusion list isn't checked here as it's already blocked by the static
method check
##
core/src/test/java/com/opensymphony/xwork2/ognl/OgnlUtilTest.java:
##
@@ -1166,9 +1171,11 @@ public void testAvoidCallingMethodsOnObjectClass() {
public void testAllowCallingMethodsOnObjectClassInDevModeTrue() {
Exception expected = null;
try {
-ognlUtil.setExcludedClasses(Foo.class.getName());
Review Comment:
These methods don't do anything, so we inject the configuration instead
Issue Time Tracking
---
Worklog Id: (was: 924765)
Time Spent: 0.5h (was: 20m)
> Fix and clean up devMode excluded classes
> -
>
> Key: WW-5439
> URL: https://issues.apache.org/jira/browse/WW-5439
> Project: Struts 2
> Issue Type: Improvement
> Components: Core
>Reporter: Kusal Kithul-Godage
>Priority: Minor
> Fix For: 6.5.0
>
> Time Spent: 0.5h
> Remaining Estimate: 0h
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Work logged] (WW-5439) Fix and clean up devMode excluded classes
[
https://issues.apache.org/jira/browse/WW-5439?focusedWorklogId=924764=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-924764
]
ASF GitHub Bot logged work on WW-5439:
--
Author: ASF GitHub Bot
Created on: 08/Jul/24 09:18
Start Date: 08/Jul/24 09:18
Worklog Time Spent: 10m
Work Description: kusalk commented on code in PR #979:
URL: https://github.com/apache/struts/pull/979#discussion_r1668289815
##
core/src/main/java/com/opensymphony/xwork2/ognl/SecurityMemberAccess.java:
##
@@ -460,4 +473,41 @@ public void useDisallowProxyMemberAccess(String
disallowProxyMemberAccess) {
public void useDisallowDefaultPackageAccess(String
disallowDefaultPackageAccess) {
this.disallowDefaultPackageAccess =
BooleanUtils.toBoolean(disallowDefaultPackageAccess);
}
+
+@Inject(StrutsConstants.STRUTS_DEVMODE)
+protected void useDevMode(String devMode) {
+this.isDevMode = BooleanUtils.toBoolean(devMode);
+}
+
+@Inject(value = StrutsConstants.STRUTS_DEV_MODE_EXCLUDED_CLASSES, required
= false)
+public void useDevModeExcludedClasses(String commaDelimitedClasses) {
+this.devModeExcludedClasses = toNewClassesSet(devModeExcludedClasses,
commaDelimitedClasses);
+}
+
+@Inject(value =
StrutsConstants.STRUTS_DEV_MODE_EXCLUDED_PACKAGE_NAME_PATTERNS, required =
false)
+public void useDevModeExcludedPackageNamePatterns(String
commaDelimitedPackagePatterns) {
+this.devModeExcludedPackageNamePatterns =
toNewPatternsSet(devModeExcludedPackageNamePatterns,
commaDelimitedPackagePatterns);
+}
+
+@Inject(value = StrutsConstants.STRUTS_DEV_MODE_EXCLUDED_PACKAGE_NAMES,
required = false)
+public void useDevModeExcludedPackageNames(String
commaDelimitedPackageNames) {
+this.devModeExcludedPackageNames =
toNewPackageNamesSet(devModeExcludedPackageNames, commaDelimitedPackageNames);
+}
+
+@Inject(value =
StrutsConstants.STRUTS_DEV_MODE_EXCLUDED_PACKAGE_EXEMPT_CLASSES, required =
false)
+public void useDevModeExcludedPackageExemptClasses(String
commaDelimitedClasses) {
+this.devModeExcludedPackageExemptClasses =
toClassesSet(commaDelimitedClasses);
+}
+
+private void useDevModeConfiguration() {
+if (!isDevMode || isDevModeInit) {
Review Comment:
The `isDevModeInit` check isn't thread-safe but it doesn't need to be as
there's no negative consequence of running this method more than once when
DevMode is enabled.
Issue Time Tracking
---
Worklog Id: (was: 924764)
Time Spent: 20m (was: 10m)
> Fix and clean up devMode excluded classes
> -
>
> Key: WW-5439
> URL: https://issues.apache.org/jira/browse/WW-5439
> Project: Struts 2
> Issue Type: Improvement
> Components: Core
>Reporter: Kusal Kithul-Godage
>Priority: Minor
> Fix For: 6.5.0
>
> Time Spent: 20m
> Remaining Estimate: 0h
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Work logged] (WW-5439) Fix and clean up devMode excluded classes
[ https://issues.apache.org/jira/browse/WW-5439?focusedWorklogId=924760=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-924760 ] ASF GitHub Bot logged work on WW-5439: -- Author: ASF GitHub Bot Created on: 08/Jul/24 08:47 Start Date: 08/Jul/24 08:47 Worklog Time Spent: 10m Work Description: kusalk opened a new pull request, #979: URL: https://github.com/apache/struts/pull/979 WW-5439 -- I noticed that after a previous refactor of `SecurityMemberAccess` - the devMode security configuration stopped working. To be fair, this capability is probably not too useful anymore from 7.0, given the allowlist is enabled by default and that has no devMode allowances. Best we still fix it for now and can consider a better mechanism later. Issue Time Tracking --- Worklog Id: (was: 924760) Remaining Estimate: 0h Time Spent: 10m > Fix and clean up devMode excluded classes > - > > Key: WW-5439 > URL: https://issues.apache.org/jira/browse/WW-5439 > Project: Struts 2 > Issue Type: Improvement > Components: Core >Reporter: Kusal Kithul-Godage >Priority: Minor > Fix For: 6.5.0 > > Time Spent: 10m > Remaining Estimate: 0h > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Work logged] (WW-5428) Allowlist capability should resolve Hibernate proxies when disableProxyObjects is not set
[
https://issues.apache.org/jira/browse/WW-5428?focusedWorklogId=924759=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-924759
]
ASF GitHub Bot logged work on WW-5428:
--
Author: ASF GitHub Bot
Created on: 08/Jul/24 08:44
Start Date: 08/Jul/24 08:44
Worklog Time Spent: 10m
Work Description: kusalk commented on code in PR #967:
URL: https://github.com/apache/struts/pull/967#discussion_r1668234840
##
core/src/main/java/com/opensymphony/xwork2/ognl/SecurityMemberAccess.java:
##
@@ -209,10 +209,23 @@ public boolean isAccessible(Map context, Object target,
Member member, String pr
* @return {@code true} if member access is allowed
*/
protected boolean checkAllowlist(Object target, Member member) {
-Class memberClass = member.getDeclaringClass();
if (!enforceAllowlistEnabled) {
return true;
}
+
+if (!disallowProxyObjectAccess && target != null &&
ProxyUtil.isProxy(target)) {
+// If `disallowProxyObjectAccess` is not set, allow resolving
Hibernate entities to their underlying
+// classes/members. This allows the allowlist capability to
continue working and offer some level of
+// protection in applications where the developer has accepted the
risk of allowing OGNL access to Hibernate
+// entities. This is preferred to having to disable the allowlist
capability entirely.
Review Comment:
Hmm yeah doesn't hurt to add some logging - will do
Issue Time Tracking
---
Worklog Id: (was: 924759)
Time Spent: 1.5h (was: 1h 20m)
> Allowlist capability should resolve Hibernate proxies when
> disableProxyObjects is not set
> -
>
> Key: WW-5428
> URL: https://issues.apache.org/jira/browse/WW-5428
> Project: Struts 2
> Issue Type: Improvement
> Components: Core
>Reporter: Kusal Kithul-Godage
>Priority: Minor
> Fix For: 6.5.0, 7.0.0
>
> Time Spent: 1.5h
> Remaining Estimate: 0h
>
> Refer to PR description for further details
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Work logged] (WW-5428) Allowlist capability should resolve Hibernate proxies when disableProxyObjects is not set
[
https://issues.apache.org/jira/browse/WW-5428?focusedWorklogId=924758=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-924758
]
ASF GitHub Bot logged work on WW-5428:
--
Author: ASF GitHub Bot
Created on: 08/Jul/24 08:39
Start Date: 08/Jul/24 08:39
Worklog Time Spent: 10m
Work Description: lukaszlenart commented on code in PR #967:
URL: https://github.com/apache/struts/pull/967#discussion_r1668221565
##
core/src/main/java/com/opensymphony/xwork2/ognl/SecurityMemberAccess.java:
##
@@ -209,10 +209,23 @@ public boolean isAccessible(Map context, Object target,
Member member, String pr
* @return {@code true} if member access is allowed
*/
protected boolean checkAllowlist(Object target, Member member) {
-Class memberClass = member.getDeclaringClass();
if (!enforceAllowlistEnabled) {
return true;
}
+
+if (!disallowProxyObjectAccess && target != null &&
ProxyUtil.isProxy(target)) {
+// If `disallowProxyObjectAccess` is not set, allow resolving
Hibernate entities to their underlying
+// classes/members. This allows the allowlist capability to
continue working and offer some level of
+// protection in applications where the developer has accepted the
risk of allowing OGNL access to Hibernate
+// entities. This is preferred to having to disable the allowlist
capability entirely.
Review Comment:
Wouldn't be good to log this info? Maybe even in WARN level if
`struts.devMode` is enabled, wdyt?
Issue Time Tracking
---
Worklog Id: (was: 924758)
Time Spent: 1h 20m (was: 1h 10m)
> Allowlist capability should resolve Hibernate proxies when
> disableProxyObjects is not set
> -
>
> Key: WW-5428
> URL: https://issues.apache.org/jira/browse/WW-5428
> Project: Struts 2
> Issue Type: Improvement
> Components: Core
>Reporter: Kusal Kithul-Godage
>Priority: Minor
> Fix For: 6.5.0, 7.0.0
>
> Time Spent: 1h 20m
> Remaining Estimate: 0h
>
> Refer to PR description for further details
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Work logged] (WW-5428) Allowlist capability should resolve Hibernate proxies when disableProxyObjects is not set
[ https://issues.apache.org/jira/browse/WW-5428?focusedWorklogId=924754=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-924754 ] ASF GitHub Bot logged work on WW-5428: -- Author: ASF GitHub Bot Created on: 08/Jul/24 07:06 Start Date: 08/Jul/24 07:06 Worklog Time Spent: 10m Work Description: sonarcloud[bot] commented on PR #967: URL: https://github.com/apache/struts/pull/967#issuecomment-2213200242 ## [](https://sonarcloud.io/dashboard?id=apache_struts=967) **Quality Gate failed** Failed conditions  [8 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_struts=967=false=true)  [28.7% Coverage on New Code](https://sonarcloud.io/component_measures?id=apache_struts=967=new_coverage=list) (required ≥ 80%)  [4.0% Duplication on New Code](https://sonarcloud.io/component_measures?id=apache_struts=967=new_duplicated_lines_density=list) (required ≤ 3%)  [E Security Rating on New Code](https://sonarcloud.io/dashboard?id=apache_struts=967) (required ≥ A)  [E Reliability Rating on New Code](https://sonarcloud.io/dashboard?id=apache_struts=967) (required ≥ A) [See analysis details on SonarCloud](https://sonarcloud.io/dashboard?id=apache_struts=967) ##  Catch issues before they fail your Quality Gate with our IDE extension  [SonarLint](https://www.sonarsource.com/products/sonarlint/features/connected-mode/?referrer=pull-request) Issue Time Tracking --- Worklog Id: (was: 924754) Time Spent: 1h 10m (was: 1h) > Allowlist capability should resolve Hibernate proxies when > disableProxyObjects is not set > - > > Key: WW-5428 > URL: https://issues.apache.org/jira/browse/WW-5428 > Project: Struts 2 > Issue Type: Improvement > Components: Core >Reporter: Kusal Kithul-Godage >Priority: Minor > Fix For: 6.5.0, 7.0.0 > > Time Spent: 1h 10m > Remaining Estimate: 0h > > Refer to PR description for further details -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Work logged] (WW-5428) Allowlist capability should resolve Hibernate proxies when disableProxyObjects is not set
[ https://issues.apache.org/jira/browse/WW-5428?focusedWorklogId=924751=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-924751 ] ASF GitHub Bot logged work on WW-5428: -- Author: ASF GitHub Bot Created on: 08/Jul/24 06:54 Start Date: 08/Jul/24 06:54 Worklog Time Spent: 10m Work Description: sonarcloud[bot] commented on PR #967: URL: https://github.com/apache/struts/pull/967#issuecomment-2213182669 ## [](https://sonarcloud.io/dashboard?id=apache_struts=967) **Quality Gate failed** Failed conditions  [8 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_struts=967=false=true)  [28.7% Coverage on New Code](https://sonarcloud.io/component_measures?id=apache_struts=967=new_coverage=list) (required ≥ 80%)  [4.0% Duplication on New Code](https://sonarcloud.io/component_measures?id=apache_struts=967=new_duplicated_lines_density=list) (required ≤ 3%)  [E Reliability Rating on New Code](https://sonarcloud.io/dashboard?id=apache_struts=967) (required ≥ A)  [E Security Rating on New Code](https://sonarcloud.io/dashboard?id=apache_struts=967) (required ≥ A) [See analysis details on SonarCloud](https://sonarcloud.io/dashboard?id=apache_struts=967) ##  Catch issues before they fail your Quality Gate with our IDE extension  [SonarLint](https://www.sonarsource.com/products/sonarlint/features/connected-mode/?referrer=pull-request) Issue Time Tracking --- Worklog Id: (was: 924751) Time Spent: 1h (was: 50m) > Allowlist capability should resolve Hibernate proxies when > disableProxyObjects is not set > - > > Key: WW-5428 > URL: https://issues.apache.org/jira/browse/WW-5428 > Project: Struts 2 > Issue Type: Improvement > Components: Core >Reporter: Kusal Kithul-Godage >Priority: Minor > Fix For: 6.5.0, 7.0.0 > > Time Spent: 1h > Remaining Estimate: 0h > > Refer to PR description for further details -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Work logged] (WW-5428) Allowlist capability should resolve Hibernate proxies when disableProxyObjects is not set
[
https://issues.apache.org/jira/browse/WW-5428?focusedWorklogId=924750=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-924750
]
ASF GitHub Bot logged work on WW-5428:
--
Author: ASF GitHub Bot
Created on: 08/Jul/24 06:54
Start Date: 08/Jul/24 06:54
Worklog Time Spent: 10m
Work Description: kusalk commented on code in PR #967:
URL: https://github.com/apache/struts/pull/967#discussion_r1668086483
##
core/src/test/java/com/opensymphony/xwork2/ognl/SecurityMemberAccessTest.java:
##
@@ -931,6 +981,15 @@ public void packageInclusion_subclass_both() throws
Exception {
private static String formGetterName(String propertyName) {
return "get" + propertyName.substring(0, 1).toUpperCase() +
propertyName.substring(1);
}
+
+@SuppressWarnings("unchecked")
+private static T mockHibernateProxy(T originalObject, Class
proxyInterface) {
Review Comment:
Mocking a Hibernate proxy isn't perfect - integration/acceptance tests would
offer better protection against regressions but I'd prefer not to complicate
the tests further by introducing a Hibernate session factory etc
Issue Time Tracking
---
Worklog Id: (was: 924750)
Time Spent: 50m (was: 40m)
> Allowlist capability should resolve Hibernate proxies when
> disableProxyObjects is not set
> -
>
> Key: WW-5428
> URL: https://issues.apache.org/jira/browse/WW-5428
> Project: Struts 2
> Issue Type: Improvement
> Components: Core
>Reporter: Kusal Kithul-Godage
>Priority: Minor
> Fix For: 6.5.0, 7.0.0
>
> Time Spent: 50m
> Remaining Estimate: 0h
>
> Refer to PR description for further details
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Work logged] (WW-5428) Allowlist capability should resolve Hibernate proxies when disableProxyObjects is not set
[ https://issues.apache.org/jira/browse/WW-5428?focusedWorklogId=924749=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-924749 ] ASF GitHub Bot logged work on WW-5428: -- Author: ASF GitHub Bot Created on: 08/Jul/24 06:50 Start Date: 08/Jul/24 06:50 Worklog Time Spent: 10m Work Description: kusalk commented on code in PR #967: URL: https://github.com/apache/struts/pull/967#discussion_r1668082043 ## plugins/spring/src/test/java/com/opensymphony/xwork2/ognl/SecurityMemberAccessProxyTest.java: ## Review Comment: No functional changes in here, I upgraded it to JUnit4 and cleaned it up Issue Time Tracking --- Worklog Id: (was: 924749) Time Spent: 40m (was: 0.5h) > Allowlist capability should resolve Hibernate proxies when > disableProxyObjects is not set > - > > Key: WW-5428 > URL: https://issues.apache.org/jira/browse/WW-5428 > Project: Struts 2 > Issue Type: Improvement > Components: Core >Reporter: Kusal Kithul-Godage >Priority: Minor > Fix For: 6.5.0, 7.0.0 > > Time Spent: 40m > Remaining Estimate: 0h > > Refer to PR description for further details -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Work logged] (WW-5437) EnvsValueSubstitutor ignores Environment variables if default value is present
[
https://issues.apache.org/jira/browse/WW-5437?focusedWorklogId=924605=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-924605
]
ASF GitHub Bot logged work on WW-5437:
--
Author: ASF GitHub Bot
Created on: 05/Jul/24 04:52
Start Date: 05/Jul/24 04:52
Worklog Time Spent: 10m
Work Description: lukaszlenart merged PR #977:
URL: https://github.com/apache/struts/pull/977
Issue Time Tracking
---
Worklog Id: (was: 924605)
Remaining Estimate: 0h
Time Spent: 10m
> EnvsValueSubstitutor ignores Environment variables if default value is present
> --
>
> Key: WW-5437
> URL: https://issues.apache.org/jira/browse/WW-5437
> Project: Struts 2
> Issue Type: Bug
> Components: XML Configuration
>Affects Versions: 6.4.0
>Reporter: Stefan Sielaff
>Priority: Major
> Fix For: 6.5.0
>
> Time Spent: 10m
> Remaining Estimate: 0h
>
> According to the documentation at
> [https://struts.apache.org/core-developers/constant-configuration] it should
> be possible to use both system and environment variables in the constants
> section. Currently environment variables are ignored if a default value is
> defined.
> The sysStrSubstitutor has a less specific prefix which also includes and
> replaces those, which should be passed to the envStrSubstitutor later.
> Given
> System.getenv('STRUTS_DEV_MODE') is "true"
> {code:java}
>
> {code}
> The code:
> {code:java}
> String substituted = sysStrSubstitutor.replace(value);
> return envStrSubstitutor.replace(substituted);
> {code}
> The sysStrSubstitutor checks, if there is a system property with the key
> "env.STRUTS_DEV_MODE" which is unset. It then replaces the expression with
> its default. substituted is "false" now. Afterwards the envStrSubstitutor
> doesn't find any expression to substitute, because the string is "false".
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Work logged] (WW-5431) Mark as deprecated unused constants in FreemarkerManager
[
https://issues.apache.org/jira/browse/WW-5431?focusedWorklogId=924053=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-924053
]
ASF GitHub Bot logged work on WW-5431:
--
Author: ASF GitHub Bot
Created on: 24/Jun/24 05:40
Start Date: 24/Jun/24 05:40
Worklog Time Spent: 10m
Work Description: lukaszlenart merged PR #971:
URL: https://github.com/apache/struts/pull/971
Issue Time Tracking
---
Worklog Id: (was: 924053)
Time Spent: 0.5h (was: 20m)
> Mark as deprecated unused constants in FreemarkerManager
>
>
> Key: WW-5431
> URL: https://issues.apache.org/jira/browse/WW-5431
> Project: Struts 2
> Issue Type: Improvement
> Components: Core
>Reporter: Lukasz Lenart
>Assignee: Lukasz Lenart
>Priority: Minor
> Fix For: 6.5.0
>
> Time Spent: 0.5h
> Remaining Estimate: 0h
>
> Mark as @Deprecated
> {code:java}
> @Deprecated(since = "Struts 6.5.0", forRemoval = true)
> public static final String KEY_INCLUDE = "include_page";
> @Deprecated(since = "Struts 6.5.0", forRemoval = true)
> public static final String KEY_REQUEST_PRIVATE =
> "__FreeMarkerServlet.Request__";
> @Deprecated(since = "Struts 6.5.0", forRemoval = true)
> public static final String KEY_REQUEST_PARAMETERS = "RequestParameters";
> @Deprecated(since = "Struts 6.5.0", forRemoval = true)
> public static final String KEY_HASHMODEL_PRIVATE =
> "__FreeMarkerManager.Request__";
> {code}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Work logged] (WW-5430) Struts 7.0.0-M6 - Runtime Error freemarker.cache.WebappTemplateLoader
[
https://issues.apache.org/jira/browse/WW-5430?focusedWorklogId=924052=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-924052
]
ASF GitHub Bot logged work on WW-5430:
--
Author: ASF GitHub Bot
Created on: 24/Jun/24 05:39
Start Date: 24/Jun/24 05:39
Worklog Time Spent: 10m
Work Description: lukaszlenart merged PR #970:
URL: https://github.com/apache/struts/pull/970
Issue Time Tracking
---
Worklog Id: (was: 924052)
Time Spent: 40m (was: 0.5h)
> Struts 7.0.0-M6 - Runtime Error freemarker.cache.WebappTemplateLoader
> -
>
> Key: WW-5430
> URL: https://issues.apache.org/jira/browse/WW-5430
> Project: Struts 2
> Issue Type: Bug
> Components: Core
>Affects Versions: 7.0.0
>Reporter: Rubens Gomes
>Priority: Major
> Time Spent: 40m
> Remaining Estimate: 0h
>
> Getting runtime error below with 7.0.0-M6. It appears that method
>
> {{org.apache.struts2.views.freemarker.FreemarkerManager.createTemplateLoader}}
> is using {{freemarker.cache.WebappTemplateLoader}} which is based on legacy
> {{{}javax.servlet{}}}?
> {noformat}
> Note that this is for the legacy "javax" Servlet API; for Jakarta (that
> is, in modern Servlet containers), use
> freemarker.ext.jakarta.servlet.WebappTemplateLoader instead (since 2.3.33).
> ..."
> java.lang.NoSuchMethodError: 'void
> freemarker.cache.WebappTemplateLoader.(jakarta.servlet.ServletContext)'
> at
> org.apache.struts2.views.freemarker.FreemarkerManager.createTemplateLoader(FreemarkerManager.java:468)
> ~[struts2-core-7.0.0-M6.jar:7.0.0-M6]
> at
> org.apache.struts2.views.freemarker.FreemarkerManager.init(FreemarkerManager.java:293)
> ~[struts2-core-7.0.0-M6.jar:7.0.0-M6]
> at
> org.apache.struts2.views.freemarker.FreemarkerManager.getConfiguration(FreemarkerManager.java:265)
> ~[struts2-core-7.0.0-M6.jar:7.0.0-M6]
> at
> org.apache.struts2.dispatcher.DefaultDispatcherErrorHandler.init(DefaultDispatcherErrorHandler.java:66)
> ~[struts2-core-7.0.0-M6.jar:7.0.0-M6]
> at org.apache.struts2.dispatcher.Dispatcher.init(Dispatcher.java:632)
> ~[struts2-core-7.0.0-M6.jar:7.0.0-M6]
> at
> org.apache.struts2.dispatcher.InitOperations.initDispatcher(InitOperations.java:48)
> ~[struts2-core-7.0.0-M6.jar:7.0.0-M6]
> at
> org.apache.struts2.dispatcher.filter.StrutsPrepareAndExecuteFilter.init(StrutsPrepareAndExecuteFilter.java:60)
> ~[struts2-core-7.0.0-M6.jar:7.0.0-M6]
> at
> org.apache.catalina.core.ApplicationFilterConfig.initFilter(ApplicationFilterConfig.java:245)
> ~[tomcat-embed-core-10.1.24.jar:10.1.24]
> at
> org.apache.catalina.core.ApplicationFilterConfig.(ApplicationFilterConfig.java:102)
> ~[tomcat-embed-core-10.1.24.jar:10.1.24]
> at
> org.apache.catalina.core.StandardContext.filterStart(StandardContext.java:3846)
> ~[tomcat-embed-core-10.1.24.jar:10.1.24]
> at
> org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:4450)
> ~[tomcat-embed-core-10.1.24.jar:10.1.24]
> at
> org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:171)
> ~[tomcat-embed-core-10.1.24.jar:10.1.24]
> at
> org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1203)
> ~[tomcat-embed-core-10.1.24.jar:10.1.24]
> at
> org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1193)
> ~[tomcat-embed-core-10.1.24.jar:10.1.24]
> at
> java.base/java.util.concurrent.FutureTask.run$$$capture(FutureTask.java:317)
> ~[na:na]
> {noformat}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Work logged] (WW-5431) Mark as deprecated unused constants in FreemarkerManager
[
https://issues.apache.org/jira/browse/WW-5431?focusedWorklogId=924010=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-924010
]
ASF GitHub Bot logged work on WW-5431:
--
Author: ASF GitHub Bot
Created on: 21/Jun/24 14:29
Start Date: 21/Jun/24 14:29
Worklog Time Spent: 10m
Work Description: lukaszlenart opened a new pull request, #971:
URL: https://github.com/apache/struts/pull/971
To be removed in Struts 7
Closes [WW-5431](https://issues.apache.org/jira/browse/WW-5431)
Issue Time Tracking
---
Worklog Id: (was: 924010)
Remaining Estimate: 0h
Time Spent: 10m
> Mark as deprecated unused constants in FreemarkerManager
>
>
> Key: WW-5431
> URL: https://issues.apache.org/jira/browse/WW-5431
> Project: Struts 2
> Issue Type: Improvement
> Components: Core
>Reporter: Lukasz Lenart
>Assignee: Lukasz Lenart
>Priority: Minor
> Fix For: 6.5.0
>
> Time Spent: 10m
> Remaining Estimate: 0h
>
> Mark as @Deprecated
> {code:java}
> @Deprecated(since = "Struts 6.5.0", forRemoval = true)
> public static final String KEY_INCLUDE = "include_page";
> @Deprecated(since = "Struts 6.5.0", forRemoval = true)
> public static final String KEY_REQUEST_PRIVATE =
> "__FreeMarkerServlet.Request__";
> @Deprecated(since = "Struts 6.5.0", forRemoval = true)
> public static final String KEY_REQUEST_PARAMETERS = "RequestParameters";
> @Deprecated(since = "Struts 6.5.0", forRemoval = true)
> public static final String KEY_HASHMODEL_PRIVATE =
> "__FreeMarkerManager.Request__";
> {code}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Work logged] (WW-5430) Struts 7.0.0-M6 - Runtime Error freemarker.cache.WebappTemplateLoader
[
https://issues.apache.org/jira/browse/WW-5430?focusedWorklogId=924009=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-924009
]
ASF GitHub Bot logged work on WW-5430:
--
Author: ASF GitHub Bot
Created on: 21/Jun/24 14:29
Start Date: 21/Jun/24 14:29
Worklog Time Spent: 10m
Work Description: sonarcloud[bot] commented on PR #970:
URL: https://github.com/apache/struts/pull/970#issuecomment-2182081889
## [](https://sonarcloud.io/dashboard?id=apache_struts=970)
**Quality Gate passed**
Issues
 [0 New
issues](https://sonarcloud.io/project/issues?id=apache_struts=970=false=true)
 [0 Accepted
issues](https://sonarcloud.io/project/issues?id=apache_struts=970=WONTFIX)
Measures
 [0 Security
Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_struts=970=false=true)
 [0.0% Coverage on New
Code](https://sonarcloud.io/component_measures?id=apache_struts=970=new_coverage=list)
 [0.0% Duplication on New
Code](https://sonarcloud.io/component_measures?id=apache_struts=970=new_duplicated_lines_density=list)
[See analysis details on
SonarCloud](https://sonarcloud.io/dashboard?id=apache_struts=970)
Issue Time Tracking
---
Worklog Id: (was: 924009)
Time Spent: 0.5h (was: 20m)
> Struts 7.0.0-M6 - Runtime Error freemarker.cache.WebappTemplateLoader
> -
>
> Key: WW-5430
> URL: https://issues.apache.org/jira/browse/WW-5430
> Project: Struts 2
> Issue Type: Bug
> Components: Core
>Affects Versions: 7.0.0
>Reporter: Rubens Gomes
>Priority: Major
> Time Spent: 0.5h
> Remaining Estimate: 0h
>
> Getting runtime error below with 7.0.0-M6. It appears that method
>
> {{org.apache.struts2.views.freemarker.FreemarkerManager.createTemplateLoader}}
> is using {{freemarker.cache.WebappTemplateLoader}} which is based on legacy
> {{{}javax.servlet{}}}?
> {noformat}
> Note that this is for the legacy "javax" Servlet API; for Jakarta (that
> is, in modern Servlet containers), use
> freemarker.ext.jakarta.servlet.WebappTemplateLoader instead (since 2.3.33).
> ..."
> java.lang.NoSuchMethodError: 'void
> freemarker.cache.WebappTemplateLoader.(jakarta.servlet.ServletContext)'
> at
> org.apache.struts2.views.freemarker.FreemarkerManager.createTemplateLoader(FreemarkerManager.java:468)
> ~[struts2-core-7.0.0-M6.jar:7.0.0-M6]
> at
> org.apache.struts2.views.freemarker.FreemarkerManager.init(FreemarkerManager.java:293)
> ~[struts2-core-7.0.0-M6.jar:7.0.0-M6]
> at
> org.apache.struts2.views.freemarker.FreemarkerManager.getConfiguration(FreemarkerManager.java:265)
> ~[struts2-core-7.0.0-M6.jar:7.0.0-M6]
> at
> org.apache.struts2.dispatcher.DefaultDispatcherErrorHandler.init(DefaultDispatcherErrorHandler.java:66)
> ~[struts2-core-7.0.0-M6.jar:7.0.0-M6]
> at org.apache.struts2.dispatcher.Dispatcher.init(Dispatcher.java:632)
> ~[struts2-core-7.0.0-M6.jar:7.0.0-M6]
> at
> org.apache.struts2.dispatcher.InitOperations.initDispatcher(InitOperations.java:48)
> ~[struts2-core-7.0.0-M6.jar:7.0.0-M6]
> at
> org.apache.struts2.dispatcher.filter.StrutsPrepareAndExecuteFilter.init(StrutsPrepareAndExecuteFilter.java:60)
> ~[struts2-core-7.0.0-M6.jar:7.0.0-M6]
> at
> org.apache.catalina.core.ApplicationFilterConfig.initFilter(ApplicationFilterConfig.java:245)
> ~[tomcat-embed-core-10.1.24.jar:10.1.24]
> at
> org.apache.catalina.core.ApplicationFilterConfig.(ApplicationFilterConfig.java:102)
> ~[tomcat-embed-core-10.1.24.jar:10.1.24]
> at
> org.apache.catalina.core.StandardContext.filterStart(StandardContext.java:3846)
> ~[tomcat-embed-core-10.1.24.jar:10.1.24]
> at
> org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:4450)
> ~[tomcat-embed-core-10.1.24.jar:10.1.24]
> at
> org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:171)
> ~[tomcat-embed-core-10.1.24.jar:10.1.24]
> at
>
[jira] [Work logged] (WW-5431) Mark as deprecated unused constants in FreemarkerManager
[
https://issues.apache.org/jira/browse/WW-5431?focusedWorklogId=924011=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-924011
]
ASF GitHub Bot logged work on WW-5431:
--
Author: ASF GitHub Bot
Created on: 21/Jun/24 14:29
Start Date: 21/Jun/24 14:29
Worklog Time Spent: 10m
Work Description: sonarcloud[bot] commented on PR #971:
URL: https://github.com/apache/struts/pull/971#issuecomment-2182094378
## [](https://sonarcloud.io/dashboard?id=apache_struts=971)
**Quality Gate failed**
Failed conditions
 [C Maintainability Rating on New
Code](https://sonarcloud.io/dashboard?id=apache_struts=971)
(required ≥ A)
[See analysis details on
SonarCloud](https://sonarcloud.io/dashboard?id=apache_struts=971)
##
 Catch issues before they fail your Quality Gate with our IDE extension
[SonarLint](https://www.sonarsource.com/products/sonarlint/features/connected-mode/?referrer=pull-request)
Issue Time Tracking
---
Worklog Id: (was: 924011)
Time Spent: 20m (was: 10m)
> Mark as deprecated unused constants in FreemarkerManager
>
>
> Key: WW-5431
> URL: https://issues.apache.org/jira/browse/WW-5431
> Project: Struts 2
> Issue Type: Improvement
> Components: Core
>Reporter: Lukasz Lenart
>Assignee: Lukasz Lenart
>Priority: Minor
> Fix For: 6.5.0
>
> Time Spent: 20m
> Remaining Estimate: 0h
>
> Mark as @Deprecated
> {code:java}
> @Deprecated(since = "Struts 6.5.0", forRemoval = true)
> public static final String KEY_INCLUDE = "include_page";
> @Deprecated(since = "Struts 6.5.0", forRemoval = true)
> public static final String KEY_REQUEST_PRIVATE =
> "__FreeMarkerServlet.Request__";
> @Deprecated(since = "Struts 6.5.0", forRemoval = true)
> public static final String KEY_REQUEST_PARAMETERS = "RequestParameters";
> @Deprecated(since = "Struts 6.5.0", forRemoval = true)
> public static final String KEY_HASHMODEL_PRIVATE =
> "__FreeMarkerManager.Request__";
> {code}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Work logged] (WW-5430) Struts 7.0.0-M6 - Runtime Error freemarker.cache.WebappTemplateLoader
[
https://issues.apache.org/jira/browse/WW-5430?focusedWorklogId=924007=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-924007
]
ASF GitHub Bot logged work on WW-5430:
--
Author: ASF GitHub Bot
Created on: 21/Jun/24 14:28
Start Date: 21/Jun/24 14:28
Worklog Time Spent: 10m
Work Description: lukaszlenart opened a new pull request, #970:
URL: https://github.com/apache/struts/pull/970
Closes [WW-5430](https://issues.apache.org/jira/browse/WW-5430)
Issue Time Tracking
---
Worklog Id: (was: 924007)
Remaining Estimate: 0h
Time Spent: 10m
> Struts 7.0.0-M6 - Runtime Error freemarker.cache.WebappTemplateLoader
> -
>
> Key: WW-5430
> URL: https://issues.apache.org/jira/browse/WW-5430
> Project: Struts 2
> Issue Type: Bug
> Components: Core
>Affects Versions: 7.0.0
>Reporter: Rubens Gomes
>Priority: Major
> Time Spent: 10m
> Remaining Estimate: 0h
>
> Getting runtime error below with 7.0.0-M6. It appears that method
>
> {{org.apache.struts2.views.freemarker.FreemarkerManager.createTemplateLoader}}
> is using {{freemarker.cache.WebappTemplateLoader}} which is based on legacy
> {{{}javax.servlet{}}}?
> {noformat}
> Note that this is for the legacy "javax" Servlet API; for Jakarta (that
> is, in modern Servlet containers), use
> freemarker.ext.jakarta.servlet.WebappTemplateLoader instead (since 2.3.33).
> ..."
> java.lang.NoSuchMethodError: 'void
> freemarker.cache.WebappTemplateLoader.(jakarta.servlet.ServletContext)'
> at
> org.apache.struts2.views.freemarker.FreemarkerManager.createTemplateLoader(FreemarkerManager.java:468)
> ~[struts2-core-7.0.0-M6.jar:7.0.0-M6]
> at
> org.apache.struts2.views.freemarker.FreemarkerManager.init(FreemarkerManager.java:293)
> ~[struts2-core-7.0.0-M6.jar:7.0.0-M6]
> at
> org.apache.struts2.views.freemarker.FreemarkerManager.getConfiguration(FreemarkerManager.java:265)
> ~[struts2-core-7.0.0-M6.jar:7.0.0-M6]
> at
> org.apache.struts2.dispatcher.DefaultDispatcherErrorHandler.init(DefaultDispatcherErrorHandler.java:66)
> ~[struts2-core-7.0.0-M6.jar:7.0.0-M6]
> at org.apache.struts2.dispatcher.Dispatcher.init(Dispatcher.java:632)
> ~[struts2-core-7.0.0-M6.jar:7.0.0-M6]
> at
> org.apache.struts2.dispatcher.InitOperations.initDispatcher(InitOperations.java:48)
> ~[struts2-core-7.0.0-M6.jar:7.0.0-M6]
> at
> org.apache.struts2.dispatcher.filter.StrutsPrepareAndExecuteFilter.init(StrutsPrepareAndExecuteFilter.java:60)
> ~[struts2-core-7.0.0-M6.jar:7.0.0-M6]
> at
> org.apache.catalina.core.ApplicationFilterConfig.initFilter(ApplicationFilterConfig.java:245)
> ~[tomcat-embed-core-10.1.24.jar:10.1.24]
> at
> org.apache.catalina.core.ApplicationFilterConfig.(ApplicationFilterConfig.java:102)
> ~[tomcat-embed-core-10.1.24.jar:10.1.24]
> at
> org.apache.catalina.core.StandardContext.filterStart(StandardContext.java:3846)
> ~[tomcat-embed-core-10.1.24.jar:10.1.24]
> at
> org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:4450)
> ~[tomcat-embed-core-10.1.24.jar:10.1.24]
> at
> org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:171)
> ~[tomcat-embed-core-10.1.24.jar:10.1.24]
> at
> org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1203)
> ~[tomcat-embed-core-10.1.24.jar:10.1.24]
> at
> org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1193)
> ~[tomcat-embed-core-10.1.24.jar:10.1.24]
> at
> java.base/java.util.concurrent.FutureTask.run$$$capture(FutureTask.java:317)
> ~[na:na]
> {noformat}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Work logged] (WW-5310) s:url does not handle equal sign correctly
[ https://issues.apache.org/jira/browse/WW-5310?focusedWorklogId=924004=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-924004 ] ASF GitHub Bot logged work on WW-5310: -- Author: ASF GitHub Bot Created on: 21/Jun/24 14:28 Start Date: 21/Jun/24 14:28 Worklog Time Spent: 10m Work Description: lukaszlenart merged PR #968: URL: https://github.com/apache/struts/pull/968 Issue Time Tracking --- Worklog Id: (was: 924004) Time Spent: 3h (was: 2h 50m) > s:url does not handle equal sign correctly > -- > > Key: WW-5310 > URL: https://issues.apache.org/jira/browse/WW-5310 > Project: Struts 2 > Issue Type: Bug > Components: Core Tags >Affects Versions: 2.5.30, 6.1.2 >Reporter: nikos dimitrakas >Assignee: Lukasz Lenart >Priority: Major > Fix For: 6.5.0 > > Time Spent: 3h > Remaining Estimate: 0h > > We discovered a strange case when a URL is passed to s:url. The URL contains > an equal sign as part of a parameter value. Example: > [https://www.scitepress.org/PublicationsDetail.aspx?ID=GjTu91suYQI==1] > This URL works in the browser even though the equal sign that is part of the > value of the parameter ID has not been replaced with %3D. > When this URL is passed to an s:url as value then the equal sign disappears. > When I put a break point in ComponentTagSupport.doStartTag() I can see that > the query string has been split and the component.parameters contains the two > parameters (ID and t), but the equal sign is missing. > The problem seems to be in ServletUrlRenderer.mergeRequestParameters called > from beforeRenderUrl. The way the StrutsQueryStringParser.parse splits each > param of the queryString on equal sign causes all the equal signs to be used, > not just the first. Shouldn't that split be only on the first equal sign so > that any remaining equal signs can be considered as part of the value? Just > by adding a limit of one to the split should fix this. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Work logged] (WW-5430) Struts 7.0.0-M6 - Runtime Error freemarker.cache.WebappTemplateLoader
[
https://issues.apache.org/jira/browse/WW-5430?focusedWorklogId=924008=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-924008
]
ASF GitHub Bot logged work on WW-5430:
--
Author: ASF GitHub Bot
Created on: 21/Jun/24 14:28
Start Date: 21/Jun/24 14:28
Worklog Time Spent: 10m
Work Description: lukaszlenart commented on PR #970:
URL: https://github.com/apache/struts/pull/970#issuecomment-2182076577
cc: @rubensgomes (hope the right one :D )
Issue Time Tracking
---
Worklog Id: (was: 924008)
Time Spent: 20m (was: 10m)
> Struts 7.0.0-M6 - Runtime Error freemarker.cache.WebappTemplateLoader
> -
>
> Key: WW-5430
> URL: https://issues.apache.org/jira/browse/WW-5430
> Project: Struts 2
> Issue Type: Bug
> Components: Core
>Affects Versions: 7.0.0
>Reporter: Rubens Gomes
>Priority: Major
> Time Spent: 20m
> Remaining Estimate: 0h
>
> Getting runtime error below with 7.0.0-M6. It appears that method
>
> {{org.apache.struts2.views.freemarker.FreemarkerManager.createTemplateLoader}}
> is using {{freemarker.cache.WebappTemplateLoader}} which is based on legacy
> {{{}javax.servlet{}}}?
> {noformat}
> Note that this is for the legacy "javax" Servlet API; for Jakarta (that
> is, in modern Servlet containers), use
> freemarker.ext.jakarta.servlet.WebappTemplateLoader instead (since 2.3.33).
> ..."
> java.lang.NoSuchMethodError: 'void
> freemarker.cache.WebappTemplateLoader.(jakarta.servlet.ServletContext)'
> at
> org.apache.struts2.views.freemarker.FreemarkerManager.createTemplateLoader(FreemarkerManager.java:468)
> ~[struts2-core-7.0.0-M6.jar:7.0.0-M6]
> at
> org.apache.struts2.views.freemarker.FreemarkerManager.init(FreemarkerManager.java:293)
> ~[struts2-core-7.0.0-M6.jar:7.0.0-M6]
> at
> org.apache.struts2.views.freemarker.FreemarkerManager.getConfiguration(FreemarkerManager.java:265)
> ~[struts2-core-7.0.0-M6.jar:7.0.0-M6]
> at
> org.apache.struts2.dispatcher.DefaultDispatcherErrorHandler.init(DefaultDispatcherErrorHandler.java:66)
> ~[struts2-core-7.0.0-M6.jar:7.0.0-M6]
> at org.apache.struts2.dispatcher.Dispatcher.init(Dispatcher.java:632)
> ~[struts2-core-7.0.0-M6.jar:7.0.0-M6]
> at
> org.apache.struts2.dispatcher.InitOperations.initDispatcher(InitOperations.java:48)
> ~[struts2-core-7.0.0-M6.jar:7.0.0-M6]
> at
> org.apache.struts2.dispatcher.filter.StrutsPrepareAndExecuteFilter.init(StrutsPrepareAndExecuteFilter.java:60)
> ~[struts2-core-7.0.0-M6.jar:7.0.0-M6]
> at
> org.apache.catalina.core.ApplicationFilterConfig.initFilter(ApplicationFilterConfig.java:245)
> ~[tomcat-embed-core-10.1.24.jar:10.1.24]
> at
> org.apache.catalina.core.ApplicationFilterConfig.(ApplicationFilterConfig.java:102)
> ~[tomcat-embed-core-10.1.24.jar:10.1.24]
> at
> org.apache.catalina.core.StandardContext.filterStart(StandardContext.java:3846)
> ~[tomcat-embed-core-10.1.24.jar:10.1.24]
> at
> org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:4450)
> ~[tomcat-embed-core-10.1.24.jar:10.1.24]
> at
> org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:171)
> ~[tomcat-embed-core-10.1.24.jar:10.1.24]
> at
> org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1203)
> ~[tomcat-embed-core-10.1.24.jar:10.1.24]
> at
> org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1193)
> ~[tomcat-embed-core-10.1.24.jar:10.1.24]
> at
> java.base/java.util.concurrent.FutureTask.run$$$capture(FutureTask.java:317)
> ~[na:na]
> {noformat}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Work logged] (WW-5429) Log parameter annotation issues at ERROR level when in DevMode
[ https://issues.apache.org/jira/browse/WW-5429?focusedWorklogId=923855=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-923855 ] ASF GitHub Bot logged work on WW-5429: -- Author: ASF GitHub Bot Created on: 18/Jun/24 09:44 Start Date: 18/Jun/24 09:44 Worklog Time Spent: 10m Work Description: sonarcloud[bot] commented on PR #969: URL: https://github.com/apache/struts/pull/969#issuecomment-2175670709 ## [](https://sonarcloud.io/dashboard?id=apache_struts=969) **Quality Gate failed** Failed conditions  [65.8% Coverage on New Code](https://sonarcloud.io/component_measures?id=apache_struts=969=new_coverage=list) (required ≥ 80%) [See analysis details on SonarCloud](https://sonarcloud.io/dashboard?id=apache_struts=969) Issue Time Tracking --- Worklog Id: (was: 923855) Time Spent: 40m (was: 0.5h) > Log parameter annotation issues at ERROR level when in DevMode > -- > > Key: WW-5429 > URL: https://issues.apache.org/jira/browse/WW-5429 > Project: Struts 2 > Issue Type: Improvement > Components: Core, Core Interceptors >Reporter: Kusal Kithul-Godage >Priority: Trivial > Fix For: 6.5.0, 7.0.0 > > Time Spent: 40m > Remaining Estimate: 0h > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Work logged] (WW-5429) Log parameter annotation issues at ERROR level when in DevMode
[
https://issues.apache.org/jira/browse/WW-5429?focusedWorklogId=923854=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-923854
]
ASF GitHub Bot logged work on WW-5429:
--
Author: ASF GitHub Bot
Created on: 18/Jun/24 09:42
Start Date: 18/Jun/24 09:42
Worklog Time Spent: 10m
Work Description: kusalk commented on code in PR #969:
URL: https://github.com/apache/struts/pull/969#discussion_r1644161012
##
core/src/main/java/com/opensymphony/xwork2/interceptor/ValidationAware.java:
##
@@ -119,7 +119,9 @@ public interface ValidationAware {
*
* @return (hasActionErrors() || hasFieldErrors())
*/
-boolean hasErrors();
+default boolean hasErrors() {
Review Comment:
Added default implementation which matches the JavaDoc, makes implementing
this class simpler
##
core/src/main/java/com/opensymphony/xwork2/util/DebugUtils.java:
##
@@ -0,0 +1,42 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package com.opensymphony.xwork2.util;
+
+import com.opensymphony.xwork2.TextProvider;
+import com.opensymphony.xwork2.interceptor.ValidationAware;
+import org.apache.logging.log4j.Logger;
+
+/**
+ * @since 6.5.0
+ */
+public class DebugUtils {
+
+public static void notifyDeveloperOfError(Logger log, Object action,
String message) {
Review Comment:
Extracted this method out of `ParametersInterceptor` for reuse
##
core/src/test/java/org/apache/struts2/interceptor/parameter/ParametersInterceptorTest.java:
##
@@ -116,15 +116,17 @@ public void testInsecureParameters() throws Exception {
pi.setParameters(action, vs, HttpParameters.create(params).build());
// then
-assertEquals(3, action.getActionMessages().size());
+assertEquals(3, action.getActionErrors().size());
-String msg1 = action.getActionMessage(0);
-String msg2 = action.getActionMessage(1);
-String msg3 = action.getActionMessage(2);
+List actionErrors = new ArrayList<>(action.getActionErrors());
-assertEquals("Error setting expression 'expression' with value
'#f=#_memberAccess.getClass().getDeclaredField('allowStaticMethodAccess'),#f.setAccessible(true),#f.set(#_memberAccess,true),#req=@org.apache.struts2.ServletActionContext@getRequest(),#resp=@org.apache.struts2.ServletActionContext@getResponse().getWriter(),#resp.println(#req.getRealPath('/')),#resp.close()'",
msg1);
-assertEquals("Error setting expression 'name' with value
'(#context[\"xwork.MethodAccessor.denyMethodExecution\"]= new
java.lang.Boolean(false), #_memberAccess[\"allowStaticMethodAccess\"]= new
java.lang.Boolean(true), @java.lang.Runtime@getRuntime().exec('mkdir
/tmp/PWNAGE'))(meh)'", msg2);
-assertEquals("Error setting expression 'top['name'](0)' with value
'true'", msg3);
+String msg1 = actionErrors.get(0);
+String msg2 = actionErrors.get(1);
+String msg3 = actionErrors.get(2);
+
+assertEquals("Unexpected Exception caught setting 'expression' on
'class org.apache.struts2.interceptor.parameter.ValidateAction: Error setting
expression 'expression' with value
'#f=#_memberAccess.getClass().getDeclaredField('allowStaticMethodAccess'),#f.setAccessible(true),#f.set(#_memberAccess,true),#req=@org.apache.struts2.ServletActionContext@getRequest(),#resp=@org.apache.struts2.ServletActionContext@getResponse().getWriter(),#resp.println(#req.getRealPath('/')),#resp.close()'",
msg1);
Review Comment:
These messages now include both the context message as well as the exception
message. Whilst they are very similar in this test example, it's not guaranteed
to be the case
##
core/src/main/java/com/opensymphony/xwork2/ognl/ErrorMessageBuilder.java:
##
@@ -42,7 +42,7 @@ public ErrorMessageBuilder
errorSettingExpressionWithValue(String expr, Object v
return this;
}
-private void appenExpression(String expr) {
+private void appendExpression(String expr) {
Review Comment:
Fixed typo
##
[jira] [Work logged] (WW-5429) Log parameter annotation issues at ERROR level when in DevMode
[ https://issues.apache.org/jira/browse/WW-5429?focusedWorklogId=923852=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-923852 ] ASF GitHub Bot logged work on WW-5429: -- Author: ASF GitHub Bot Created on: 18/Jun/24 09:29 Start Date: 18/Jun/24 09:29 Worklog Time Spent: 10m Work Description: sonarcloud[bot] commented on PR #969: URL: https://github.com/apache/struts/pull/969#issuecomment-2175638628 ## [](https://sonarcloud.io/dashboard?id=apache_struts=969) **Quality Gate failed** Failed conditions  [8 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_struts=969=false=true)  [28.6% Coverage on New Code](https://sonarcloud.io/component_measures?id=apache_struts=969=new_coverage=list) (required ≥ 80%)  [4.0% Duplication on New Code](https://sonarcloud.io/component_measures?id=apache_struts=969=new_duplicated_lines_density=list) (required ≤ 3%)  [E Reliability Rating on New Code](https://sonarcloud.io/dashboard?id=apache_struts=969) (required ≥ A)  [E Security Rating on New Code](https://sonarcloud.io/dashboard?id=apache_struts=969) (required ≥ A) [See analysis details on SonarCloud](https://sonarcloud.io/dashboard?id=apache_struts=969) ##  Catch issues before they fail your Quality Gate with our IDE extension  [SonarLint](https://www.sonarsource.com/products/sonarlint/features/connected-mode/?referrer=pull-request) Issue Time Tracking --- Worklog Id: (was: 923852) Time Spent: 20m (was: 10m) > Log parameter annotation issues at ERROR level when in DevMode > -- > > Key: WW-5429 > URL: https://issues.apache.org/jira/browse/WW-5429 > Project: Struts 2 > Issue Type: Improvement > Components: Core, Core Interceptors >Reporter: Kusal Kithul-Godage >Priority: Trivial > Fix For: 6.5.0, 7.0.0 > > Time Spent: 20m > Remaining Estimate: 0h > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Work logged] (WW-5429) Log parameter annotation issues at ERROR level when in DevMode
[ https://issues.apache.org/jira/browse/WW-5429?focusedWorklogId=923850=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-923850 ] ASF GitHub Bot logged work on WW-5429: -- Author: ASF GitHub Bot Created on: 18/Jun/24 09:08 Start Date: 18/Jun/24 09:08 Worklog Time Spent: 10m Work Description: kusalk opened a new pull request, #969: URL: https://github.com/apache/struts/pull/969 WW-5429 -- Issue Time Tracking --- Worklog Id: (was: 923850) Remaining Estimate: 0h Time Spent: 10m > Log parameter annotation issues at ERROR level when in DevMode > -- > > Key: WW-5429 > URL: https://issues.apache.org/jira/browse/WW-5429 > Project: Struts 2 > Issue Type: Improvement > Components: Core, Core Interceptors >Reporter: Kusal Kithul-Godage >Priority: Trivial > Fix For: 6.5.0, 7.0.0 > > Time Spent: 10m > Remaining Estimate: 0h > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Work logged] (WW-5310) s:url does not handle equal sign correctly
[ https://issues.apache.org/jira/browse/WW-5310?focusedWorklogId=923838=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-923838 ] ASF GitHub Bot logged work on WW-5310: -- Author: ASF GitHub Bot Created on: 18/Jun/24 07:47 Start Date: 18/Jun/24 07:47 Worklog Time Spent: 10m Work Description: sonarcloud[bot] commented on PR #968: URL: https://github.com/apache/struts/pull/968#issuecomment-2175427339 ## [](https://sonarcloud.io/dashboard?id=apache_struts=968) **Quality Gate failed** Failed conditions  [8 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_struts=968=false=true)  [28.6% Coverage on New Code](https://sonarcloud.io/component_measures?id=apache_struts=968=new_coverage=list) (required ≥ 80%)  [4.0% Duplication on New Code](https://sonarcloud.io/component_measures?id=apache_struts=968=new_duplicated_lines_density=list) (required ≤ 3%)  [E Reliability Rating on New Code](https://sonarcloud.io/dashboard?id=apache_struts=968) (required ≥ A)  [E Security Rating on New Code](https://sonarcloud.io/dashboard?id=apache_struts=968) (required ≥ A) [See analysis details on SonarCloud](https://sonarcloud.io/dashboard?id=apache_struts=968) ##  Catch issues before they fail your Quality Gate with our IDE extension  [SonarLint](https://www.sonarsource.com/products/sonarlint/features/connected-mode/?referrer=pull-request) Issue Time Tracking --- Worklog Id: (was: 923838) Time Spent: 2h 50m (was: 2h 40m) > s:url does not handle equal sign correctly > -- > > Key: WW-5310 > URL: https://issues.apache.org/jira/browse/WW-5310 > Project: Struts 2 > Issue Type: Bug > Components: Core Tags >Affects Versions: 2.5.30, 6.1.2 >Reporter: nikos dimitrakas >Assignee: Lukasz Lenart >Priority: Major > Fix For: 6.5.0 > > Time Spent: 2h 50m > Remaining Estimate: 0h > > We discovered a strange case when a URL is passed to s:url. The URL contains > an equal sign as part of a parameter value. Example: > [https://www.scitepress.org/PublicationsDetail.aspx?ID=GjTu91suYQI==1] > This URL works in the browser even though the equal sign that is part of the > value of the parameter ID has not been replaced with %3D. > When this URL is passed to an s:url as value then the equal sign disappears. > When I put a break point in ComponentTagSupport.doStartTag() I can see that > the query string has been split and the component.parameters contains the two > parameters (ID and t), but the equal sign is missing. > The problem seems to be in ServletUrlRenderer.mergeRequestParameters called > from beforeRenderUrl. The way the StrutsQueryStringParser.parse splits each > param of the queryString on equal sign causes all the equal signs to be used, > not just the first. Shouldn't that split be only on the first equal sign so > that any remaining equal signs can be considered as part of the value? Just > by adding a limit of one to the split should fix this. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Work logged] (WW-5310) s:url does not handle equal sign correctly
[ https://issues.apache.org/jira/browse/WW-5310?focusedWorklogId=923837=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-923837 ] ASF GitHub Bot logged work on WW-5310: -- Author: ASF GitHub Bot Created on: 18/Jun/24 07:39 Start Date: 18/Jun/24 07:39 Worklog Time Spent: 10m Work Description: lukaszlenart opened a new pull request, #968: URL: https://github.com/apache/struts/pull/968 Closes [WW-5310](https://issues.apache.org/jira/browse/WW-5310) Issue Time Tracking --- Worklog Id: (was: 923837) Time Spent: 2h 40m (was: 2.5h) > s:url does not handle equal sign correctly > -- > > Key: WW-5310 > URL: https://issues.apache.org/jira/browse/WW-5310 > Project: Struts 2 > Issue Type: Bug > Components: Core Tags >Affects Versions: 2.5.30, 6.1.2 >Reporter: nikos dimitrakas >Priority: Major > Fix For: 6.5.0 > > Time Spent: 2h 40m > Remaining Estimate: 0h > > We discovered a strange case when a URL is passed to s:url. The URL contains > an equal sign as part of a parameter value. Example: > [https://www.scitepress.org/PublicationsDetail.aspx?ID=GjTu91suYQI==1] > This URL works in the browser even though the equal sign that is part of the > value of the parameter ID has not been replaced with %3D. > When this URL is passed to an s:url as value then the equal sign disappears. > When I put a break point in ComponentTagSupport.doStartTag() I can see that > the query string has been split and the component.parameters contains the two > parameters (ID and t), but the equal sign is missing. > The problem seems to be in ServletUrlRenderer.mergeRequestParameters called > from beforeRenderUrl. The way the StrutsQueryStringParser.parse splits each > param of the queryString on equal sign causes all the equal signs to be used, > not just the first. Shouldn't that split be only on the first equal sign so > that any remaining equal signs can be considered as part of the value? Just > by adding a limit of one to the split should fix this. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Work logged] (WW-5428) Allowlist capability should resolve Hibernate proxies when disableProxyObjects is not set
[ https://issues.apache.org/jira/browse/WW-5428?focusedWorklogId=923671=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-923671 ] ASF GitHub Bot logged work on WW-5428: -- Author: ASF GitHub Bot Created on: 17/Jun/24 11:28 Start Date: 17/Jun/24 11:28 Worklog Time Spent: 10m Work Description: sonarcloud[bot] commented on PR #967: URL: https://github.com/apache/struts/pull/967#issuecomment-2173137443 ## [](https://sonarcloud.io/dashboard?id=apache_struts=967) **Quality Gate failed** Failed conditions  [8 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_struts=967=false=true)  [28.6% Coverage on New Code](https://sonarcloud.io/component_measures?id=apache_struts=967=new_coverage=list) (required ≥ 80%)  [4.0% Duplication on New Code](https://sonarcloud.io/component_measures?id=apache_struts=967=new_duplicated_lines_density=list) (required ≤ 3%)  [E Reliability Rating on New Code](https://sonarcloud.io/dashboard?id=apache_struts=967) (required ≥ A)  [E Security Rating on New Code](https://sonarcloud.io/dashboard?id=apache_struts=967) (required ≥ A) [See analysis details on SonarCloud](https://sonarcloud.io/dashboard?id=apache_struts=967) ##  Catch issues before they fail your Quality Gate with our IDE extension  [SonarLint](https://www.sonarsource.com/products/sonarlint/features/connected-mode/?referrer=pull-request) Issue Time Tracking --- Worklog Id: (was: 923671) Time Spent: 0.5h (was: 20m) > Allowlist capability should resolve Hibernate proxies when > disableProxyObjects is not set > - > > Key: WW-5428 > URL: https://issues.apache.org/jira/browse/WW-5428 > Project: Struts 2 > Issue Type: Improvement > Components: Core >Reporter: Kusal Kithul-Godage >Priority: Minor > Fix For: 6.5.0, 7.0.0 > > Time Spent: 0.5h > Remaining Estimate: 0h > > Refer to PR description for further details -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Work logged] (WW-5428) Allowlist capability should resolve Hibernate proxies when disableProxyObjects is not set
[ https://issues.apache.org/jira/browse/WW-5428?focusedWorklogId=923668=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-923668 ] ASF GitHub Bot logged work on WW-5428: -- Author: ASF GitHub Bot Created on: 17/Jun/24 11:18 Start Date: 17/Jun/24 11:18 Worklog Time Spent: 10m Work Description: sonarcloud[bot] commented on PR #967: URL: https://github.com/apache/struts/pull/967#issuecomment-2173119414 ## [](https://sonarcloud.io/dashboard?id=apache_struts=967) **Quality Gate failed** Failed conditions  [8 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_struts=967=false=true)  [28.6% Coverage on New Code](https://sonarcloud.io/component_measures?id=apache_struts=967=new_coverage=list) (required ≥ 80%)  [4.0% Duplication on New Code](https://sonarcloud.io/component_measures?id=apache_struts=967=new_duplicated_lines_density=list) (required ≤ 3%)  [E Reliability Rating on New Code](https://sonarcloud.io/dashboard?id=apache_struts=967) (required ≥ A)  [E Security Rating on New Code](https://sonarcloud.io/dashboard?id=apache_struts=967) (required ≥ A) [See analysis details on SonarCloud](https://sonarcloud.io/dashboard?id=apache_struts=967) ##  Catch issues before they fail your Quality Gate with our IDE extension  [SonarLint](https://www.sonarsource.com/products/sonarlint/features/connected-mode/?referrer=pull-request) Issue Time Tracking --- Worklog Id: (was: 923668) Time Spent: 20m (was: 10m) > Allowlist capability should resolve Hibernate proxies when > disableProxyObjects is not set > - > > Key: WW-5428 > URL: https://issues.apache.org/jira/browse/WW-5428 > Project: Struts 2 > Issue Type: Improvement > Components: Core >Reporter: Kusal Kithul-Godage >Priority: Minor > Fix For: 6.5.0, 7.0.0 > > Time Spent: 20m > Remaining Estimate: 0h > > Refer to PR description for further details -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Work logged] (WW-5428) Allowlist capability should resolve Hibernate proxies when disableProxyObjects is not set
[ https://issues.apache.org/jira/browse/WW-5428?focusedWorklogId=923666=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-923666 ] ASF GitHub Bot logged work on WW-5428: -- Author: ASF GitHub Bot Created on: 17/Jun/24 11:03 Start Date: 17/Jun/24 11:03 Worklog Time Spent: 10m Work Description: kusalk opened a new pull request, #967: URL: https://github.com/apache/struts/pull/967 WW-5428 -- Issue Time Tracking --- Worklog Id: (was: 923666) Remaining Estimate: 0h Time Spent: 10m > Allowlist capability should resolve Hibernate proxies when > disableProxyObjects is not set > - > > Key: WW-5428 > URL: https://issues.apache.org/jira/browse/WW-5428 > Project: Struts 2 > Issue Type: Improvement > Components: Core >Reporter: Kusal Kithul-Godage >Priority: Minor > Fix For: 6.5.0, 7.0.0 > > Time Spent: 10m > Remaining Estimate: 0h > > Refer to PR description for further details -- This message was sent by Atlassian Jira (v8.20.10#820010)
