Repository: struts-site Updated Branches: refs/heads/asf-site db1dc0355 -> 5fe99b224
http://git-wip-us.apache.org/repos/asf/struts-site/blob/5fe99b22/content/docs/version-notes-2513.html ---------------------------------------------------------------------- diff --git a/content/docs/version-notes-2513.html b/content/docs/version-notes-2513.html index cd250b9..1652985 100644 --- a/content/docs/version-notes-2513.html +++ b/content/docs/version-notes-2513.html @@ -156,7 +156,7 @@ under the License. <url>https://repository.apache.org/content/groups/staging/</url> </repository> </repositories></pre> -</div></div><h2 id="VersionNotes2.5.13-InternalChanges">Internal Changes</h2><ul><li><img class="emoticon emoticon-warning" src="https://cwiki.apache.org/confluence/s/en_GB/5997/6f42626d00e36f53fe51440403446ca61552e2a2.1/_/images/icons/emoticons/warning.png" data-emoticon-name="warning" alt="(warning)"> A regular expression Denial of Service when using URLValidator (similar to S2-044 & S2-047), see <a shape="rect" href="s2-050.html">S2-050</a></li><li><img class="emoticon emoticon-warning" src="https://cwiki.apache.org/confluence/s/en_GB/5997/6f42626d00e36f53fe51440403446ca61552e2a2.1/_/images/icons/emoticons/warning.png" data-emoticon-name="warning" alt="(warning)"> A remote attacker may create a DoS attack by sending crafted xml request when using the Struts REST plugin, see <a shape="rect" href="s2-051.html">S2-051</a></li><li><img class="emoticon emoticon-warning" src="https://cwiki.apache.org/confluence/s/en_GB/5997/6f42626d00e36f53fe51440403446ca61552e2 a2.1/_/images/icons/emoticons/warning.png" data-emoticon-name="warning" alt="(warning)"> Possible Remote Code Execution attack when using the Struts REST plugin with XStream handler to handle XML payloads, see <a shape="rect" href="s2-052.html">S2-052</a></li></ul><h2 id="VersionNotes2.5.13-Bug">Bug</h2><ul><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4176">WW-4176</a>] - Struts2 JSON Plugin: Send Map with Strings as Key to JSON Action is ignored, Numeric Keys will work and mapped</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4813">WW-4813</a>] - NP with TextProvider and wildcardmapping</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4817">WW-4817</a>] - Threads get blocked due to unnecessary synchronization in OgnlRuntime</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4818">WW-4818</a>] - Default Multipart validation regex is invalid</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4827">WW-4827</a>] - Not fully initialized ObjectFactory tries to create beans</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4828">WW-4828</a>] - <a shape="rect" class="external-link" href="http://struts.apache.org/dtds/struts-2.5.dtd">http://struts.apache.org/dtds/struts-2.5.dtd</a> missing</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4829">WW-4829</a>] - Set a global resource bundle in class</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4830">WW-4830</a>] - Override TextProvider doesnot work in struts 2.5.12</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4831">WW-4831</a>] - Array-of-null parameters are converted to string "null"</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4839">WW-4839</a>] - JakartaStreamMultiPartRequest Should Honor "struts.multipart.maxSize"</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4840">WW-4840</a>] - Build Fails Due to Unused com.sun Import</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4841">WW-4841</a>] - Struts2.5.12 - NPE in DeligatingValidatorContext</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4842">WW-4842</a>] - Struts 2 Fails to Initialize with JRebel</li></ul><h2 id="VersionNotes2.5.13-Improvement">Improvement</h2><ul><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4808">WW-4808</a>] - Allow define more than one Action suffix</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4823">WW-4823</a>] - Remove jQuery from debugg ing interceptor views</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4824">WW-4824</a>] - update dependencies page on the struts site</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4834">WW-4834</a>] - Improve RegEx used to validate URLs</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4835">WW-4835</a>] - Make REST ContentHandlers configurable</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4838">WW-4838</a>] - expose Freemarker incompatible_improvements into FreemarkerManager and StrutsBeansWrapper</li></ul><h2 id="VersionNotes2.5.13-Dependency">Dependency</h2><ul><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4819">WW-4819</a>] - Upgrade Commons Collections to 3.2.2</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/ WW-4821">WW-4821</a>] - Upgrade Commons IO to 2.5</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4826">WW-4826</a>] - Upgrade to ASM version 5.2</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4833">WW-4833</a>] - Upgrade to OGNL 3.1.15</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4836">WW-4836</a>] - Upgrade xstream to the latest version</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4844">WW-4844</a>] - Upgrade to struts-master 11</li></ul><p> </p><p>Issue Detail</p><ul><li><a shape="rect" class="external-link" href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12311041&version=12341116">JIRA Release Notes 2.5.13</a></li></ul><h2 id="VersionNotes2.5.13-IssueList">Issue List</h2><ul><li><a shape="rect" class="external-link" href="https://issues.apache.org/jira/issues/ ?filter=12341742">Struts 2.5.13 DONE</a></li><li><a shape="rect" class="external-link" href="https://issues.apache.org/jira/issues/?filter=12335667">Struts 2.5.x TODO</a></li></ul><h2 id="VersionNotes2.5.13-Otherresources">Other resources</h2><ul><li><a shape="rect" class="external-link" href="http://www.mail-archive.com/commits%40struts.apache.org/" rel="nofollow">Commit Logs</a></li><li><a shape="rect" class="external-link" href="https://git-wip-us.apache.org/repos/asf?p=struts.git;a=tree;h=refs/heads/develop;hb=develop">Source Code Repository</a></li></ul><div><span style="font-size: 24.0px;line-height: 30.0px;"><br clear="none"></span></div><div><span style="font-size: 24.0px;line-height: 30.0px;background-color: rgb(245,245,245);"><br clear="none"></span></div></div> +</div></div><h2 id="VersionNotes2.5.13-InternalChanges">Internal Changes</h2><ul><li><img class="emoticon emoticon-warning" src="https://cwiki.apache.org/confluence/s/en_GB/5997/6f42626d00e36f53fe51440403446ca61552e2a2.1/_/images/icons/emoticons/warning.png" data-emoticon-name="warning" alt="(warning)"> A regular expression Denial of Service when using URLValidator (similar to S2-044 & S2-047), see <a shape="rect" href="s2-050.html">S2-050</a></li><li><img class="emoticon emoticon-warning" src="https://cwiki.apache.org/confluence/s/en_GB/5997/6f42626d00e36f53fe51440403446ca61552e2a2.1/_/images/icons/emoticons/warning.png" data-emoticon-name="warning" alt="(warning)"> A remote attacker may create a DoS attack by sending crafted xml request when using the Struts REST plugin, see <a shape="rect" href="s2-051.html">S2-051</a></li><li><img class="emoticon emoticon-warning" src="https://cwiki.apache.org/confluence/s/en_GB/5997/6f42626d00e36f53fe51440403446ca61552e2 a2.1/_/images/icons/emoticons/warning.png" data-emoticon-name="warning" alt="(warning)"> Possible Remote Code Execution attack when using the Struts REST plugin with XStream handler to handle XML payloads, see <a shape="rect" href="s2-052.html">S2-052</a></li></ul><h3 id="VersionNotes2.5.13-Bug">Bug</h3><ul><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4176">WW-4176</a>] - Struts2 JSON Plugin: Send Map with Strings as Key to JSON Action is ignored, Numeric Keys will work and mapped</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4813">WW-4813</a>] - NP with TextProvider and wildcardmapping</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4817">WW-4817</a>] - Threads get blocked due to unnecessary synchronization in OgnlRuntime</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4818">WW-4818</a>] - Default Multipart validation regex is invalid</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4827">WW-4827</a>] - Not fully initialized ObjectFactory tries to create beans</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4828">WW-4828</a>] - <a shape="rect" class="external-link" href="http://struts.apache.org/dtds/struts-2.5.dtd">http://struts.apache.org/dtds/struts-2.5.dtd</a> missing</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4829">WW-4829</a>] - Set a global resource bundle in class</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4830">WW-4830</a>] - Override TextProvider doesnot work in struts 2.5.12</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4831">WW-4831</a>] - Array-of-null parameters are converted to string "null"</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4839">WW-4839</a>] - JakartaStreamMultiPartRequest Should Honor "struts.multipart.maxSize"</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4840">WW-4840</a>] - Build Fails Due to Unused com.sun Import</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4841">WW-4841</a>] - Struts2.5.12 - NPE in DeligatingValidatorContext</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4842">WW-4842</a>] - Struts 2 Fails to Initialize with JRebel</li></ul><h3 id="VersionNotes2.5.13-Improvement">Improvement</h3><ul><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4808">WW-4808</a>] - Allow define more than one Action suffix</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4823">WW-4823</a>] - Remove jQuery from debugg ing interceptor views</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4824">WW-4824</a>] - update dependencies page on the struts site</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4834">WW-4834</a>] - Improve RegEx used to validate URLs</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4835">WW-4835</a>] - Make REST ContentHandlers configurable</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4838">WW-4838</a>] - expose Freemarker incompatible_improvements into FreemarkerManager and StrutsBeansWrapper</li></ul><h3 id="VersionNotes2.5.13-Dependency">Dependency</h3><ul><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4819">WW-4819</a>] - Upgrade Commons Collections to 3.2.2</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/ WW-4821">WW-4821</a>] - Upgrade Commons IO to 2.5</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4826">WW-4826</a>] - Upgrade to ASM version 5.2</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4833">WW-4833</a>] - Upgrade to OGNL 3.1.15</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4836">WW-4836</a>] - Upgrade xstream to the latest version</li><li>[<a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/WW-4844">WW-4844</a>] - Upgrade to struts-master 11</li></ul><p> </p><div class="confluence-information-macro confluence-information-macro-note"><span class="aui-icon aui-icon-small aui-iconfont-warning confluence-information-macro-icon"></span><div class="confluence-information-macro-body"><p>This release contains fixes related to <a shape="rect" href="s2-050.html">S2-050</a>, <a shape="rect" href="s2-051.html">S2 -051</a> and <a shape="rect" href="s2-052.html">S2-052</a> - please read them carefully!</p></div></div><p> </p><p>Issue Detail</p><ul><li><a shape="rect" class="external-link" href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12311041&version=12341116">JIRA Release Notes 2.5.13</a></li></ul><h2 id="VersionNotes2.5.13-IssueList">Issue List</h2><ul><li><a shape="rect" class="external-link" href="https://issues.apache.org/jira/issues/?filter=12341742">Struts 2.5.13 DONE</a></li><li><a shape="rect" class="external-link" href="https://issues.apache.org/jira/issues/?filter=12335667">Struts 2.5.x TODO</a></li></ul><h2 id="VersionNotes2.5.13-Otherresources">Other resources</h2><ul><li><a shape="rect" class="external-link" href="http://www.mail-archive.com/commits%40struts.apache.org/" rel="nofollow">Commit Logs</a></li><li><a shape="rect" class="external-link" href="https://git-wip-us.apache.org/repos/asf?p=struts.git;a=tree;h=refs/heads/develop;hb=develo p">Source Code Repository</a></li></ul><div><span style="font-size: 24.0px;line-height: 30.0px;"><br clear="none"></span></div><div><span style="font-size: 24.0px;line-height: 30.0px;background-color: rgb(245,245,245);"><br clear="none"></span></div></div> </div>