Build failed in Jenkins: Struts-JDK9-master #84

See Changes: [Lukasz Lenart] Converts into a bean [Lukasz Lenart] Defines LocalizedTextUtil as a bean [Lukasz Lenart] Adds LocalizedTextUtil as a bean [Lukasz Lenart] Marks static methods as deprecated [Lukas

Re: S2 makes Hacker News :/

> On Mar 14, 2017, at 12:17 PM, Lukasz Lenart wrote: > > 2017-03-14 15:57 GMT+01:00 Doug Erickson : >> What is the proper server setup to prevent this? > > Upgrade to the latest Struts version ... and run server on a dedicated > account, block access to the world (sever should be only allowed

[GitHub] struts pull request #121: WW-4714: Localized bean

Github user asfgit closed the pull request at: https://github.com/apache/struts/pull/121 --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enab

Re: Localized bean

2017-03-14 16:13 GMT+01:00 Greg Huber : > I replace: > > // search up class hierarchy > String msg = findMessage(aClass, aTextName, indexedTextName, > locale, args, null, valueStack); > > with: > > GetDefaultMessageReturnArg result = null; > if (indexedTextName == null) { >

Re: S2 makes Hacker News :/

2017-03-14 15:57 GMT+01:00 Doug Erickson : > What is the proper server setup to prevent this? Upgrade to the latest Struts version ... and run server on a dedicated account, block access to the world (sever should be only allowed to connect to localhost) and few other things Regards -- Łukasz +

Re: Localized bean

I replace: // search up class hierarchy String msg = findMessage(aClass, aTextName, indexedTextName, locale, args, null, valueStack); with: GetDefaultMessageReturnArg result = null; if (indexedTextName == null) { // Use a null for the defaultMessage to ensure

Re: S2 makes Hacker News :/

What is the proper server setup to prevent this? > On Mar 14, 2017, at 7:08 AM, Louis Smith wrote: > > Sad, but what should have been the story is how rapidly the fixes were made > available, and how a properly setup server would not be vulnerable > > Louis > > >> On Tue, Mar 14, 2017 at 8:09

Re: Localized bean

2017-03-14 15:24 GMT+01:00 Greg Huber : > Initial tests look good. > > LocalizedTextUtil.java is now the only bespoke mod I do (to check the > default ApplicationResources.properties first and then do the package nifty > thing). > > I have looked in > > Struts-JDK7-pull-request/core/src/main/java/c

Re: Localized bean

Initial tests look good. LocalizedTextUtil.java is now the only bespoke mod I do (to check the default ApplicationResources.properties first and then do the package nifty thing). I have looked in Struts-JDK7-pull-request/core/src/main/java/com/opensymphony/xwork2/util but seems not to be there

Re: Localized bean

2017-03-14 15:03 GMT+01:00 Greg Huber : > So I would only need to replace the struts2-core.x.x.jar? Yes, you are right :) Regards -- Łukasz + 48 606 323 122 http://www.lenart.org.pl/ - To unsubscribe, e-mail: dev-unsubscr...@s

Re: Localized bean

So I would only need to replace the struts2-core.x.x.jar? On 14 March 2017 at 10:14, Lukasz Lenart wrote: > 2017-03-14 10:32 GMT+01:00 Greg Huber : > > I remember there was a snapshot build from the trunk that I used to use > to > > monitor progress, is that still being built here? > > Yeah but

Re: S2 makes Hacker News :/

Sad, but what should have been the story is how rapidly the fixes were made available, and how a properly setup server would not be vulnerable Louis On Tue, Mar 14, 2017 at 8:09 AM, Rene Gielen wrote: > More of that... > http://www.reuters.com/article/us-canada-cyber-idUSKBN16K2BC > > Am 09.03

Re: S2 makes Hacker News :/

More of that... http://www.reuters.com/article/us-canada-cyber-idUSKBN16K2BC Am 09.03.17 um 16:04 schrieb Lukasz Lenart: > 2017-03-09 15:45 GMT+01:00 Dave Newton : >> https://arstechnica.com/security/2017/03/critical-vulnerability-under-massive-attack-imperils-high-impact-sites > > Yeah... this i

Re: Localized bean

2017-03-14 10:32 GMT+01:00 Greg Huber : > I remember there was a snapshot build from the trunk that I used to use to > monitor progress, is that still being built here? Yeah but only for the master branch, we don't publish SNAPSHOT artifacts for PRs - to not override SNAPSHOTS based on the master

Re: Localized bean

I remember there was a snapshot build from the trunk that I used to use to monitor progress, is that still being built here? On 14 March 2017 at 09:30, Lukasz Lenart wrote: > Hi, > > If you have time please take a look on this [1], it isn't the final > stage but at least it allows to have differ

Localized bean

Hi, If you have time please take a look on this [1], it isn't the final stage but at least it allows to have different implementations if needed and I think that's the last static util in Struts codebase ;-) https://github.com/apache/struts/pull/121 Regards -- Łukasz + 48 606 323 122 http://ww