[jira] [Work logged] (WW-5371) Use action based callback to transfer information about uploaded files
[ https://issues.apache.org/jira/browse/WW-5371?focusedWorklogId=895796&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-895796 ] ASF GitHub Bot logged work on WW-5371: -- Author: ASF GitHub Bot Created on: 15/Dec/23 08:44 Start Date: 15/Dec/23 08:44 Worklog Time Spent: 10m Work Description: sonarcloud[bot] commented on PR #808: URL: https://github.com/apache/struts/pull/808#issuecomment-1857496376 ## [](https://sonarcloud.io/dashboard?id=apache_struts&pullRequest=808) **Quality Gate failed** Failed conditions [72.8% Coverage on New Code](https://sonarcloud.io/component_measures?id=apache_struts&pullRequest=808&metric=new_coverage&view=list) (required ≥ 80%) [See analysis details on SonarCloud](https://sonarcloud.io/dashboard?id=apache_struts&pullRequest=808) Issue Time Tracking --- Worklog Id: (was: 895796) Time Spent: 50m (was: 40m) > Use action based callback to transfer information about uploaded files > -- > > Key: WW-5371 > URL: https://issues.apache.org/jira/browse/WW-5371 > Project: Struts 2 > Issue Type: Improvement > Components: Core Interceptors >Reporter: Lukasz Lenart >Assignee: Lukasz Lenart >Priority: Major > Fix For: 6.4.0 > > Time Spent: 50m > Remaining Estimate: 0h > > Based on experience of the latest security vulnerability (CVE-2023-50164) it > would be better to keep uploaded files out of scope of passed parameters. > The idea is to have a dedicated interceptor and *Aware interface instead of > using parameter injection as it happens currently. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Work logged] (WW-5371) Use action based callback to transfer information about uploaded files
[ https://issues.apache.org/jira/browse/WW-5371?focusedWorklogId=895802&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-895802 ] ASF GitHub Bot logged work on WW-5371: -- Author: ASF GitHub Bot Created on: 15/Dec/23 09:06 Start Date: 15/Dec/23 09:06 Worklog Time Spent: 10m Work Description: lukaszlenart merged PR #808: URL: https://github.com/apache/struts/pull/808 Issue Time Tracking --- Worklog Id: (was: 895802) Time Spent: 1h (was: 50m) > Use action based callback to transfer information about uploaded files > -- > > Key: WW-5371 > URL: https://issues.apache.org/jira/browse/WW-5371 > Project: Struts 2 > Issue Type: Improvement > Components: Core Interceptors >Reporter: Lukasz Lenart >Assignee: Lukasz Lenart >Priority: Major > Fix For: 6.4.0 > > Time Spent: 1h > Remaining Estimate: 0h > > Based on experience of the latest security vulnerability (CVE-2023-50164) it > would be better to keep uploaded files out of scope of passed parameters. > The idea is to have a dedicated interceptor and *Aware interface instead of > using parameter injection as it happens currently. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Resolved] (WW-5371) Use action based callback to transfer information about uploaded files
[ https://issues.apache.org/jira/browse/WW-5371?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Lukasz Lenart resolved WW-5371. --- Resolution: Fixed > Use action based callback to transfer information about uploaded files > -- > > Key: WW-5371 > URL: https://issues.apache.org/jira/browse/WW-5371 > Project: Struts 2 > Issue Type: Improvement > Components: Core Interceptors >Reporter: Lukasz Lenart >Assignee: Lukasz Lenart >Priority: Major > Fix For: 6.4.0 > > Time Spent: 1h > Remaining Estimate: 0h > > Based on experience of the latest security vulnerability (CVE-2023-50164) it > would be better to keep uploaded files out of scope of passed parameters. > The idea is to have a dedicated interceptor and *Aware interface instead of > using parameter injection as it happens currently. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Work logged] (WW-5141) Support for JEE 9+
[ https://issues.apache.org/jira/browse/WW-5141?focusedWorklogId=895882&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-895882 ] ASF GitHub Bot logged work on WW-5141: -- Author: ASF GitHub Bot Created on: 15/Dec/23 17:00 Start Date: 15/Dec/23 17:00 Worklog Time Spent: 10m Work Description: jdyer1 commented on PR #778: URL: https://github.com/apache/struts/pull/778#issuecomment-1858197528 Thank you @sepe81 for your review. I pushed fixes for each of the problems you identified. Issue Time Tracking --- Worklog Id: (was: 895882) Time Spent: 8.5h (was: 8h 20m) > Support for JEE 9+ > --- > > Key: WW-5141 > URL: https://issues.apache.org/jira/browse/WW-5141 > Project: Struts 2 > Issue Type: New Feature > Components: Core >Reporter: Daniel Le Berre >Priority: Major > Labels: M1 > Fix For: 7.0.0 > > Attachments: pom.xml > > Time Spent: 8.5h > Remaining Estimate: 0h > > JEE 9 breaks the JEE API by replacing javax domain by jakarta. > Tomcat 10 implements some specifications of JEE 9. > Struts 2.5 has some dependencies with the javax servlet API. > Struts would require some changes to run on Tomcat 10+. > Is there any plan to support JEE 9+ in the future? > -- This message was sent by Atlassian Jira (v8.20.10#820010)
