Re: Disable file uploads
is there a global setting that can be added to web.xml ? or to struts.properties ? e.g. set a global non existing upload folder set max file size to 0 e.t.c. Regards On Fri, Apr 14, 2017 at 8:33 AM, Lukasz Lenartwrote: > 2017-04-13 17:43 GMT+02:00 Adam Brin : > > One step is to modify the struts.xml to create a custom stack that > doesn’t include the file-upload interceptor. > > Parsing of multipart request happens early, in Dispatcher so to be > 100% sure you must implement a NoOpMultipartParser or define your own > Dispatcher and override the wrapRequest() method or or the > isMultipartRequest() method (new in 2.5.11) > > > Regards > -- > Łukasz > + 48 606 323 122 http://www.lenart.org.pl/ > > - > To unsubscribe, e-mail: user-unsubscr...@struts.apache.org > For additional commands, e-mail: user-h...@struts.apache.org > >
Re: download links issue
np. just wanted to inform. Thx for your continuous efforts and contribution On Tue, Jun 21, 2016 at 4:02 PM, Lukasz Lenart <lukaszlen...@apache.org> wrote: > 2016-06-21 14:57 GMT+02:00 Jim Macalister <jimmacalis...@gmail.com>: > > Hi Lukasz, > > > > the issue is caused when following the link > > http://struts.apache.org/download.html#struts-ga (mentioned in [ANN] > Struts > > 2.5.1 General Availability email). > > Sorry fot that :( > > > Btw, is there an EOL roadmap for 2.3.x version ? > > No exact plans just to keep this version stable and secure. You > supposed to consider migration to 2.5 - it isn't that hard :) > > > Regards > -- > Łukasz > + 48 606 323 122 http://www.lenart.org.pl/ > > - > To unsubscribe, e-mail: user-unsubscr...@struts.apache.org > For additional commands, e-mail: user-h...@struts.apache.org > >
Re: download links issue
Hi Lukasz, the issue is caused when following the link http://struts.apache.org/download.html#struts-ga (mentioned in [ANN] Struts 2.5.1 General Availability email). Going through the index page of struts is fine. Btw, is there an EOL roadmap for 2.3.x version ? Regards On Tue, Jun 21, 2016 at 3:33 PM, Lukasz Lenart <lukaszlen...@apache.org> wrote: > 2016-06-21 14:16 GMT+02:00 Jim Macalister <jimmacalis...@gmail.com>: > > Hi there, > > > > i am trying to download the latest version but i receive 404 error : > > > > Not Found > > > > The requested URL /[location] was not found on this server. > > > > even when trying to change mirror. > > Strange, no issue on my side. Do you use this page > http://struts.apache.org/download.cgi#struts251 ? > > > Regards > -- > Łukasz > + 48 606 323 122 http://www.lenart.org.pl/ > > - > To unsubscribe, e-mail: user-unsubscr...@struts.apache.org > For additional commands, e-mail: user-h...@struts.apache.org > >
download links issue
Hi there, i am trying to download the latest version but i receive 404 error : Not Found The requested URL /[location] was not found on this server. even when trying to change mirror. Regards, Jim
Re: Apple sec breach.. Struts?
Hi to all, there is no flawless software. Big companies spend millions if not billions for their software and still get issues. How many cases of proven hacks or worst sensitive info leaks have you read ? I think quite a lot. Big companies do use various platforms and especially open source. It is surely cost-effective and stable that reinventing the wheel. If i remember correctly microsoft ran and probably runs even now many of their servers under BSD. To get to my point. Struts2 is a great framework and we do use it for production systems. I think we should all contribute at least by donating directly to the struts2 developers. This will ensure the life of the project as well. I suggest that the core developers should be compensated for their efforts and i am willing to donate with no contract. I am sure this will free the developers from other tasks. Please set up a mechanism for us to donate. Regards On Wed, Jul 31, 2013 at 5:30 PM, Paul Benedict pbened...@apache.org wrote: I'll voice my personal opinion. No matter what framework you choose (Struts, MyFaces, Tapestry, etc.), it is the responsibility of all IT shops to do a security vulnerability assessment before first releasing to production and after each update. That is Security 101 because there are multitude of attack vectors that can be exploited through any inadvertent mistake here and there. Sometimes the mistake will be in your code, sometimes it will be in third party dependencies, but you own the final product so you must take responsibility for the entire product. Did a company like Apple, who sits on billions of cash, do that? I don't know. I hope they did because that would be performing due diligence. They are not poor by any means. I'll hope for the best here. Lastly, it cannot be ignored that Struts is a free product built by volunteers. The work done here is long, arduous, and passionate -- and on a budget of $0. There is no money coming in to fund anything expensive. Unlike some other Apache projects where corporations (like IBM) are funding development, no one is funding Struts. You get the best that volunteers can do without them receiving a dime. The obvious implication is that you, who consume volunteer work for free, must take the product as is and do your part of making sure your application is secure. PS: If you find a security vulnerability in Struts, please privately report it to secur...@apache.org so it can be fixed. Cheers, Paul
suppress freemarker stack trace from showing up
Hi there, i would appreciate if anyone could let me know how to suppress freemarker stack trace from showing up i.e. like freemarker.template.TemplateException: Error reading included file ... or syntax expression ... Is there a quick setting at struts or freemarker property file ? The required behavior would be to display a simple error message to the user. I appreciate your replies. Kind Regards, Jim