[jira] [Work logged] (WW-5362) Remove type attribute out of tag
[
https://issues.apache.org/jira/browse/WW-5362?focusedWorklogId=896028&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-896028
]
ASF GitHub Bot logged work on WW-5362:
--
Author: ASF GitHub Bot
Created on: 18/Dec/23 09:04
Start Date: 18/Dec/23 09:04
Worklog Time Spent: 10m
Work Description: gregh3269 commented on PR #812:
URL: https://github.com/apache/struts/pull/812#issuecomment-1859848216
Seems now I get
SEVERE: Exception sending context initialized event to listener instance of
class [org.apache.struts2.tiles.StrutsTilesListener]
java.lang.NoClassDefFoundError: org/apache/commons/digester3/Rule
Caused by: java.lang.ClassNotFoundException:
org.apache.commons.digester3.Rule
Deps want commons-digester-2.1.jar think this is v3?
Issue Time Tracking
---
Worklog Id: (was: 896028)
Time Spent: 40m (was: 0.5h)
> Remove type attribute out of tag
>
>
> Key: WW-5362
> URL: https://issues.apache.org/jira/browse/WW-5362
> Project: Struts 2
> Issue Type: Improvement
> Components: Core Tags
>Reporter: Lukasz Lenart
>Priority: Minor
> Fix For: 6.4.0
>
> Time Spent: 40m
> Remaining Estimate: 0h
>
> The {{type}} attribute should not be set if refers to a default value to
> avoid warnings
> https://developer.mozilla.org/en-US/docs/Web/HTML/Element/script/type
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Work logged] (WW-5362) Remove type attribute out of tag
[
https://issues.apache.org/jira/browse/WW-5362?focusedWorklogId=896029&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-896029
]
ASF GitHub Bot logged work on WW-5362:
--
Author: ASF GitHub Bot
Created on: 18/Dec/23 09:12
Start Date: 18/Dec/23 09:12
Worklog Time Spent: 10m
Work Description: lukaszlenart commented on PR #812:
URL: https://github.com/apache/struts/pull/812#issuecomment-1859860656
What app have you used? This change shouldn't affect Digester
Issue Time Tracking
---
Worklog Id: (was: 896029)
Time Spent: 50m (was: 40m)
> Remove type attribute out of tag
>
>
> Key: WW-5362
> URL: https://issues.apache.org/jira/browse/WW-5362
> Project: Struts 2
> Issue Type: Improvement
> Components: Core Tags
>Reporter: Lukasz Lenart
>Priority: Minor
> Fix For: 6.4.0
>
> Time Spent: 50m
> Remaining Estimate: 0h
>
> The {{type}} attribute should not be set if refers to a default value to
> avoid warnings
> https://developer.mozilla.org/en-US/docs/Web/HTML/Element/script/type
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Work logged] (WW-5362) Remove type attribute out of tag
[
https://issues.apache.org/jira/browse/WW-5362?focusedWorklogId=896031&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-896031
]
ASF GitHub Bot logged work on WW-5362:
--
Author: ASF GitHub Bot
Created on: 18/Dec/23 09:13
Start Date: 18/Dec/23 09:13
Worklog Time Spent: 10m
Work Description: gregh3269 commented on PR #812:
URL: https://github.com/apache/struts/pull/812#issuecomment-1859862612
My app.
Issue Time Tracking
---
Worklog Id: (was: 896031)
Time Spent: 1h (was: 50m)
> Remove type attribute out of tag
>
>
> Key: WW-5362
> URL: https://issues.apache.org/jira/browse/WW-5362
> Project: Struts 2
> Issue Type: Improvement
> Components: Core Tags
>Reporter: Lukasz Lenart
>Priority: Minor
> Fix For: 6.4.0
>
> Time Spent: 1h
> Remaining Estimate: 0h
>
> The {{type}} attribute should not be set if refers to a default value to
> avoid warnings
> https://developer.mozilla.org/en-US/docs/Web/HTML/Element/script/type
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Work logged] (WW-5362) Remove type attribute out of tag
[
https://issues.apache.org/jira/browse/WW-5362?focusedWorklogId=896035&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-896035
]
ASF GitHub Bot logged work on WW-5362:
--
Author: ASF GitHub Bot
Created on: 18/Dec/23 09:28
Start Date: 18/Dec/23 09:28
Worklog Time Spent: 10m
Work Description: lukaszlenart commented on PR #812:
URL: https://github.com/apache/struts/pull/812#issuecomment-1859890669
This is related to [WW-5347](https://issues.apache.org/jira/browse/WW-5347)
- and you are using 6.3.0.1 version as far I see, changes in this PR are
unrelated to your problem.
Issue Time Tracking
---
Worklog Id: (was: 896035)
Time Spent: 1h 10m (was: 1h)
> Remove type attribute out of tag
>
>
> Key: WW-5362
> URL: https://issues.apache.org/jira/browse/WW-5362
> Project: Struts 2
> Issue Type: Improvement
> Components: Core Tags
>Reporter: Lukasz Lenart
>Priority: Minor
> Fix For: 6.4.0
>
> Time Spent: 1h 10m
> Remaining Estimate: 0h
>
> The {{type}} attribute should not be set if refers to a default value to
> avoid warnings
> https://developer.mozilla.org/en-US/docs/Web/HTML/Element/script/type
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Work logged] (WW-5362) Remove type attribute out of tag
[
https://issues.apache.org/jira/browse/WW-5362?focusedWorklogId=896044&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-896044
]
ASF GitHub Bot logged work on WW-5362:
--
Author: ASF GitHub Bot
Created on: 18/Dec/23 10:26
Start Date: 18/Dec/23 10:26
Worklog Time Spent: 10m
Work Description: gregh3269 commented on PR #812:
URL: https://github.com/apache/struts/pull/812#issuecomment-1860045260
OK, why would the jars be missing for
.m2/repository/org/apache/struts/struts2-tiles-plugin/6.4.0-SNAPSHOT
.m2/repository/org/apache/struts/struts2-javatemplates-plugin/6.4.0-SNAPSHOT
whilst
.m2/repository/org/apache/struts/struts2-core/6.4.0-SNAPSHOT are present.
Issue Time Tracking
---
Worklog Id: (was: 896044)
Time Spent: 1h 20m (was: 1h 10m)
> Remove type attribute out of tag
>
>
> Key: WW-5362
> URL: https://issues.apache.org/jira/browse/WW-5362
> Project: Struts 2
> Issue Type: Improvement
> Components: Core Tags
>Reporter: Lukasz Lenart
>Priority: Minor
> Fix For: 6.4.0
>
> Time Spent: 1h 20m
> Remaining Estimate: 0h
>
> The {{type}} attribute should not be set if refers to a default value to
> avoid warnings
> https://developer.mozilla.org/en-US/docs/Web/HTML/Element/script/type
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Closed] (WW-5339) Mitigate against custom class ASTMap node construction
[
https://issues.apache.org/jira/browse/WW-5339?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Kusal Kithul-Godage closed WW-5339.
---
Resolution: Fixed
> Mitigate against custom class ASTMap node construction
> --
>
> Key: WW-5339
> URL: https://issues.apache.org/jira/browse/WW-5339
> Project: Struts 2
> Issue Type: Improvement
> Components: Core
>Reporter: Kusal Kithul-Godage
>Priority: Minor
> Fix For: 6.4.0
>
> Time Spent: 2h 50m
> Remaining Estimate: 0h
>
> i.e. @@{} syntax
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Resolved] (WW-5350) Implement optional strict class/package allowlist for OGNL
[ https://issues.apache.org/jira/browse/WW-5350?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Kusal Kithul-Godage resolved WW-5350. - Resolution: Implemented > Implement optional strict class/package allowlist for OGNL > -- > > Key: WW-5350 > URL: https://issues.apache.org/jira/browse/WW-5350 > Project: Struts 2 > Issue Type: Improvement > Components: Core >Reporter: Kusal Kithul-Godage >Priority: Minor > Fix For: 6.4.0 > > Time Spent: 3h 10m > Remaining Estimate: 0h > > I think this will be more useful than WW-5345 -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (WW-5267) Allow SiteMesh to run on requests that are not Struts actions, but SiteMesh requires ActionContext
[ https://issues.apache.org/jira/browse/WW-5267?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17798118#comment-17798118 ] Kusal Kithul-Godage commented on WW-5267: - Closing as this can be implemented quite trivially for applications that desire it by using an overriding class > Allow SiteMesh to run on requests that are not Struts actions, but SiteMesh > requires ActionContext > -- > > Key: WW-5267 > URL: https://issues.apache.org/jira/browse/WW-5267 > Project: Struts 2 > Issue Type: Improvement > Components: Core >Reporter: Kusal Kithul-Godage >Priority: Minor > Fix For: 7.0.0 > > Time Spent: 2h 10m > Remaining Estimate: 0h > > There are scenarios where you may want to exclude a request from Struts > filtering/processing using `struts.action.excludePattern` as it is not a > Struts action and/or having Struts consume/parse the multipart is undesirable. > However, you may still want that request to undergo filtering such as > SiteMesh, which requires the ActionContext to be present. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Closed] (WW-5267) Allow SiteMesh to run on requests that are not Struts actions, but SiteMesh requires ActionContext
[ https://issues.apache.org/jira/browse/WW-5267?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Kusal Kithul-Godage closed WW-5267. --- Fix Version/s: (was: 7.0.0) Resolution: Won't Fix > Allow SiteMesh to run on requests that are not Struts actions, but SiteMesh > requires ActionContext > -- > > Key: WW-5267 > URL: https://issues.apache.org/jira/browse/WW-5267 > Project: Struts 2 > Issue Type: Improvement > Components: Core >Reporter: Kusal Kithul-Godage >Priority: Minor > Time Spent: 2h 10m > Remaining Estimate: 0h > > There are scenarios where you may want to exclude a request from Struts > filtering/processing using `struts.action.excludePattern` as it is not a > Struts action and/or having Struts consume/parse the multipart is undesirable. > However, you may still want that request to undergo filtering such as > SiteMesh, which requires the ActionContext to be present. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Closed] (WW-5286) Allow XWork configuration reloading at any time
[
https://issues.apache.org/jira/browse/WW-5286?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Kusal Kithul-Godage closed WW-5286.
---
Fix Version/s: (was: 7.0.0)
Resolution: Won't Fix
> Allow XWork configuration reloading at any time
> ---
>
> Key: WW-5286
> URL: https://issues.apache.org/jira/browse/WW-5286
> Project: Struts 2
> Issue Type: Improvement
> Components: Core
>Affects Versions: 6.1.1
>Reporter: Kusal Kithul-Godage
>Priority: Minor
>
> Currently, if a
> {{com.opensymphony.xwork2.config.ConfigurationManager#reload}}
> or
> {{com.opensymphony.xwork2.config.ConfigurationManager#reloadProviders}}
> are triggered, any Struts requests that are in the process of being served,
> or commence serving during the reload, will malfunction.
> To make reloading the container configuration safe at any time, the reload
> should wait until any commenced requests are finished serving, and should not
> commence serving any new requests until the container reload is complete.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Commented] (WW-5286) Allow XWork configuration reloading at any time
[
https://issues.apache.org/jira/browse/WW-5286?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17798121#comment-17798121
]
Kusal Kithul-Godage commented on WW-5286:
-
I'm closing this card as this change would likely introduce unnecessary
complexity to the Struts codebase.
I've instead found a simple workaround that allows beans to survive the Guice
reload.
In our case, we specifically needed the VelocityManager to survive - by using
the existing extension point and using a lazy-load delegating pattern we were
able to achieve this without issue. It of course comes with the caveat that
stale configuration may persist in the VelocityManager even after a reload().
> Allow XWork configuration reloading at any time
> ---
>
> Key: WW-5286
> URL: https://issues.apache.org/jira/browse/WW-5286
> Project: Struts 2
> Issue Type: Improvement
> Components: Core
>Affects Versions: 6.1.1
>Reporter: Kusal Kithul-Godage
>Priority: Minor
> Fix For: 7.0.0
>
>
> Currently, if a
> {{com.opensymphony.xwork2.config.ConfigurationManager#reload}}
> or
> {{com.opensymphony.xwork2.config.ConfigurationManager#reloadProviders}}
> are triggered, any Struts requests that are in the process of being served,
> or commence serving during the reload, will malfunction.
> To make reloading the container configuration safe at any time, the reload
> should wait until any commenced requests are finished serving, and should not
> commence serving any new requests until the container reload is complete.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Updated] (WW-5353) Implement stronger security defaults in Struts 7.0
[
https://issues.apache.org/jira/browse/WW-5353?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Kusal Kithul-Godage updated WW-5353:
Description:
{{struts.ognl.allowStaticFieldAccess=false}}
{{struts.ognl.excludedNodeTypes=}}
{{struts.ognl.expressionMaxLength=150}}
{{struts.disallowDefaultPackageAccess=true}}
{{struts.disallowProxyMemberAccess=true}}
{{struts.parameters.requireAnnotations=true}}
{{struts.parameters.maxTraversalDepth=3}}
{{struts.ognl.disallowCustomOgnlMap=true}}
{{struts.allowlist.enable=true}}
was:
{{struts.ognl.allowStaticFieldAccess=false}}
{{struts.ognl.excludedNodeTypes=}}
{{struts.ognl.expressionMaxLength=150}}
{{struts.disallowDefaultPackageAccess=true}}
{{struts.disallowProxyMemberAccess=true}}
{{struts.parameters.requireAnnotations=true}}
{{struts.parameters.maxTraversalDepth=3}}
> Implement stronger security defaults in Struts 7.0
> --
>
> Key: WW-5353
> URL: https://issues.apache.org/jira/browse/WW-5353
> Project: Struts 2
> Issue Type: Improvement
>Reporter: Kusal Kithul-Godage
>Priority: Major
> Fix For: 7.0.0
>
>
> {{struts.ognl.allowStaticFieldAccess=false}}
> {{struts.ognl.excludedNodeTypes=}}
> {{struts.ognl.expressionMaxLength=150}}
> {{struts.disallowDefaultPackageAccess=true}}
> {{struts.disallowProxyMemberAccess=true}}
> {{struts.parameters.requireAnnotations=true}}
> {{struts.parameters.maxTraversalDepth=3}}
> {{struts.ognl.disallowCustomOgnlMap=true}}
> {{struts.allowlist.enable=true}}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Work logged] (WW-5362) Remove type attribute out of tag
[
https://issues.apache.org/jira/browse/WW-5362?focusedWorklogId=896050&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-896050
]
ASF GitHub Bot logged work on WW-5362:
--
Author: ASF GitHub Bot
Created on: 18/Dec/23 10:58
Start Date: 18/Dec/23 10:58
Worklog Time Spent: 10m
Work Description: lukaszlenart commented on PR #812:
URL: https://github.com/apache/struts/pull/812#issuecomment-1860152906
@gregh3269 can we discuss this in the dev@ email list?
Issue Time Tracking
---
Worklog Id: (was: 896050)
Time Spent: 1.5h (was: 1h 20m)
> Remove type attribute out of tag
>
>
> Key: WW-5362
> URL: https://issues.apache.org/jira/browse/WW-5362
> Project: Struts 2
> Issue Type: Improvement
> Components: Core Tags
>Reporter: Lukasz Lenart
>Priority: Minor
> Fix For: 6.4.0
>
> Time Spent: 1.5h
> Remaining Estimate: 0h
>
> The {{type}} attribute should not be set if refers to a default value to
> avoid warnings
> https://developer.mozilla.org/en-US/docs/Web/HTML/Element/script/type
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Work logged] (WW-5362) Remove type attribute out of tag
[
https://issues.apache.org/jira/browse/WW-5362?focusedWorklogId=896055&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-896055
]
ASF GitHub Bot logged work on WW-5362:
--
Author: ASF GitHub Bot
Created on: 18/Dec/23 11:12
Start Date: 18/Dec/23 11:12
Worklog Time Spent: 10m
Work Description: gregh3269 commented on PR #812:
URL: https://github.com/apache/struts/pull/812#issuecomment-1860183977
OK, mailing list.
...although I got it working and it seems good.
Issue Time Tracking
---
Worklog Id: (was: 896055)
Time Spent: 1h 40m (was: 1.5h)
> Remove type attribute out of tag
>
>
> Key: WW-5362
> URL: https://issues.apache.org/jira/browse/WW-5362
> Project: Struts 2
> Issue Type: Improvement
> Components: Core Tags
>Reporter: Lukasz Lenart
>Priority: Minor
> Fix For: 6.4.0
>
> Time Spent: 1h 40m
> Remaining Estimate: 0h
>
> The {{type}} attribute should not be set if refers to a default value to
> avoid warnings
> https://developer.mozilla.org/en-US/docs/Web/HTML/Element/script/type
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Work logged] (WW-5362) Remove type attribute out of tag
[ https://issues.apache.org/jira/browse/WW-5362?focusedWorklogId=896066&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-896066 ] ASF GitHub Bot logged work on WW-5362: -- Author: ASF GitHub Bot Created on: 18/Dec/23 12:55 Start Date: 18/Dec/23 12:55 Worklog Time Spent: 10m Work Description: sepe81 commented on code in PR #812: URL: https://github.com/apache/struts/pull/812#discussion_r143014 ## assembly/src/main/resources/template.vm: ## @@ -43,12 +43,12 @@ under the License. #end - +