Re: Struts 2.5.21 test build is ready

Or maybe even use some very large number and reduce it to 256 in Struts 2.6 :thinking: pt., 8 lis 2019 o 08:02 Lukasz Lenart napisał(a): > > pt., 8 lis 2019 o 02:02 J C napisał(a): > > If you have expressions in your application longer than the default limit > > in 2.5.21 (200), that may be cau

Re: Struts 2.5.21 test build is ready

pt., 8 lis 2019 o 00:06 Dave napisał(a): > I just did a build of Apache Roller 6 (not yet released) using Struts > 2.5.21 test bits (pulled from the staging repo) and so far, things seem to > be working fine. Roller 6 requires Java 11 and with Struts 2.5.20 I was > getting an irritating ERROR abou

Re: Struts 2.5.21 test build is ready

czw., 7 lis 2019 o 23:12 i...@flyingfischer.ch napisał(a): > > See new errors like this: > > Caused by: java.lang.SecurityException: This expression exceeded maximum > allowed length:.. > > followed by a longer OGNL expression in JSP. Thanks a lot Markus, this is due to a new max expression lengt

Re: Struts 2.5.21 test build is ready

pt., 8 lis 2019 o 02:02 J C napisał(a): > If you have expressions in your application longer than the default limit in > 2.5.21 (200), that may be causing the exception (and hopefully also the WARN > output). > > Please try applying a configuration change for your application (replace 1024 > wi

Re: Struts 2.5.21 test build is ready

Hello JC thanks for replying. There are several flaws with the idea to limit the length of a OGNL expression string due to secutity reasons: First: the parsing of the expression will be BLOCKED, as intended, and an exception is being thrown: ognl.OgnlException: Parsing blocked due to security re

Build failed in Jenkins: Struts-master-JDK8-dependency-check #222

See Changes: [lukaszlenart] Adds info about commercial support -- [...truncated 1.75 KB...] [locks-and-latches] Checking to see if we really have the lo

Re: Struts 2.5.21 test build is ready

Sorry - theree is a typo I missed in copy/paste. That should have been: (if using struts.xml) - James. On Thursday, November 7, 2019, 8:02:13 p.m. EST, J C wrote: (Sorry about the separate thread for reply) Hello Markus. If you have expressions in your application longer than the d

Re: Struts 2.5.21 test build is ready

(Sorry about the separate thread for reply) Hello Markus. If you have expressions in your application longer than the default limit in 2.5.21 (200), that may be causing the exception (and hopefully also the WARN output). Please try applying a configuration change for your application (replace

Re: Struts 2.5.21 test build is ready

I just did a build of Apache Roller 6 (not yet released) using Struts 2.5.21 test bits (pulled from the staging repo) and so far, things seem to be working fine. Roller 6 requires Java 11 and with Struts 2.5.20 I was getting an irritating ERROR about "requires ASM7" but everything seemed to work fi

Re: Struts 2.5.21 test build is ready

It is reported in WARN level: WARN com.opensymphony.xwork2.ognl.OgnlValueStack - Could not evaluate this expression due to security constraints: Markus Am 07.11.19 um 23:12 schrieb i...@flyingfischer.ch: > See new errors like this: > > Caused by: java.lang.SecurityException: This expression exce

Re: Struts 2.5.21 test build is ready

See new errors like this: Caused by: java.lang.SecurityException: This expression exceeded maximum allowed length:.. followed by a longer OGNL expression in JSP. Markus Am 07.11.19 um 20:57 schrieb Lukasz Lenart: > Hi, > > Please take a time and test the bits - any help is appreciated. Please >

Struts 2.5.21 test build is ready

Hi, Please take a time and test the bits - any help is appreciated. Please report any problems. I'll call for a vote in a few days if no problems will be spotted. Staging Maven repo https://repository.apache.org/content/groups/staging/ Standalone artifacts https://dist.apache.org/repos/dist/dev/

[TEST] Struts Maven Archetypes 2.5.20

Hi, I have prepared a test build [1] of the Maven Archetypes but there is one issue which I don't know how to resolve. A maven-archetype.xml catalog is empty so it isn't possible to use the command [2] to test the archetypes. When installed locally, there is no problem with them. [1] https://repo