Re: Additional list

:)) welcome back Dave! Me too just found finally some time getting back to Apache to breath in a good quality codes after a while - I've never found such quality in code and communications anywhere yet :) I think it's because that it's a voluntary-based foundation. _

S2-064: CVE-2023-34396: Apache Struts: DoS via OOM owing to no sanity limit on normal form fields in multipart forms

Affected versions: - Apache Struts through 2.5.30 - Apache Struts through 6.1.2 Description: Allocation of Resources Without Limits or Throttling vulnerability in Apache Software Foundation Apache Struts.This issue affects Apache Struts: through 2.5.30, through 6.1.2. Credit: Matthew McClain

S2-063: CVE-2023-34149: Apache Struts: DoS via OOM owing to not properly checking of list bounds

Affected versions: - Apache Struts through 2.5.30 - Apache Struts through 6.1.2 Description: Allocation of Resources Without Limits or Throttling vulnerability in Apache Software Foundation Apache Struts.This issue affects Apache Struts: through 2.5.30, through 6.1.2. Credit: Matthew McClain

Re: looking at roller upgrade again

blish clickById("entry_%{#mainAction}!publish") On 14/04/2023 19:17, Yasser Zamani wrote: > Thank you for the explanation Greg. Yes I agree that previously it was > looking better. Currently am wondering how previous Struts was > generating the id from an evaluated name! Because as

Re: looking at roller upgrade again

pr 2023 at 14:27, Yasser Zamani wrote: Sorry I didn't get what the problem exactly is. 1. Was your app depended to Struts internal behavior of id generation and so your app is broken now? 2. Or no, Struts itself is broken now by my change? On 4/11/2023 10:16 AM, Greg Huber wrote: More ho

Re: looking at roller upgrade again

On 4/3/2023 11:18 AM, Lukasz Lenart wrote: The change has been introduced here [1] and the problem is that it replaces any non-alphanumeric character with "_". Also it works on an unevaluated version of the "name" attribute (in case if the "id" attribute is not defined). I think this is a bug

Re: looking at roller upgrade again

never supported %{..} on the action attribute. ie action="%{#mainAction}!saveDraft" On 10/04/2023 20:37, Yasser Zamani wrote: Hi there, please see inline... On 4/3/2023 11:18 AM, Lukasz Lenart wrote: The change has been introduced here [1] and the problem is that it replaces any n

Re: looking at roller upgrade again

Hi there, please see inline... On 4/3/2023 11:18 AM, Lukasz Lenart wrote: The change has been introduced here [1] and the problem is that it replaces any non-alphanumeric character with "_". Also it works on an unevaluated version of the "name" attribute (in case if the "id" attribute is not def

Re: Fileupload on JakartaEE

Hi, Am I right that even if it was a servlet then it wasn't working too? as per [1]. Anyway in general I think we shouldn't try to keep supporting both. "Java EE is Officially Retired. It’s Now Called Jakarta EE. How Did We Get Here?" [2]. So I think at some day we may have a release that

Re: [VOTE] Apache Struts 6.0.3

[ ] Leave at test build [ ] Alpha [ ] Beta [X] General Availability (GA) +1 (binding) thanks! On 9/12/2022 11:31 AM, Lukasz Lenart wrote: The Apache Struts 6.0.3 test build is available. With this release the following issues were addressed: Bug [WW-5185] - TilesDefinition is not found and th

Re: [TEST] Struts 6.0.2 test build is ready

)     at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)     at java.base/java.lang.Thread.run(Thread.java:833) Am 29.08.22 um 17:39 schrieb Yasser Zamani: Hi Markus, I see corresponding codes in Struts:     if (devMode) {     LOG.error("Could not find action or

Re: [TEST] Struts 6.0.2 test build is ready

Hi Markus, I see corresponding codes in Struts: if (devMode) { LOG.error("Could not find action or result: {}", uri, e); } else if (LOG.isWarnEnabled()) { LOG.warn("Could not find action or result: {}", uri, e); } so it seems you should also have th

Re: [TEST] Struts 6.0.1 test build is ready

Yes please, thanks! On 8/22/2022 1:45 PM, Lukasz Lenart wrote: Hey, I assume no objections and I can call for a vote? Cheers Łukasz pt., 12 sie 2022 o 17:43 Lukasz Lenart napisał(a): Hello, This is the first patch version of Struts 6.x series. Please take the time and test the bits - any

Re: tokenSession is null on redeploy app via tomcat manager

On 8/17/2022 10:50 PM, Greg Huber wrote: It is only when I have an active session and then redeploy with the manager app. Thanks for clarifications Greg! So I guess it's an expected behavior due to security reasons [1]. Isn't it? you might ask on Tomcat's user list. They know better. Reg

Re: tokenSession is null on redeploy app via tomcat manager

No it's for a long time ago. I even don't remember exactly where was that option. I guess it was at 'undeploy' where we were able to keep sessions. @Greg could you please google "tomcat manager redeploy sessions" to see if you've configured tomcat correctly, or you haven't disabled session pe

Re: tokenSession is null on redeploy app via tomcat manager

Hi Greg, I remember Tomcat Manager had an option titled "keep session" when you deploy. Have you seen/tried it? Regards On 8/14/2022 11:54 AM, Greg Huber wrote: I have an issue when I redeploy my war via tomcat manager. eg If I have an active session, ie I am using my application, then I r

Re: [VOTE] Apache Struts ver. 6.0.0

Yes exactly. +1 binding for a GA release. thanks! On 6/2/2022 3:55 PM, Johannes Geppert wrote: Wow! That's a long list of improvements and major milestone! Thanks to everyone who contributed to this release! +1 binding [ ] Leave at test build [ ] Alpha [ ] Beta [X] General Availability (GA) B

Re: CVE-2021-31805: Apache Struts: Forced OGNL evaluation, when evaluated on raw not validated user input in tag attributes, may lead to RCE.

2 kwi 2022 o 17:15 Yasser Zamani napisał(a): Description: The fix issued for CVE-2020-17530 was incomplete. So from Apache Struts 2.0.0 to 2.5.29, still some of the tag’s attributes could perform a double evaluation if a developer applied forced OGNL evaluation by using the %{...} syntax. Using f

CVE-2021-31805: Apache Struts: Forced OGNL evaluation, when evaluated on raw not validated user input in tag attributes, may lead to RCE.

Description: The fix issued for CVE-2020-17530 was incomplete. So from Apache Struts 2.0.0 to 2.5.29, still some of the tag’s attributes could perform a double evaluation if a developer applied forced OGNL evaluation by using the %{...} syntax. Using forced OGNL evaluation on untrusted user inp

Re: [VOTE] Struts 2.5.30

On 3/30/2022 2:09 PM, Lukasz Lenart wrote: [ ] Leave at test build [ ] Alpha [ ] Beta [X] General Availability (GA) +1 (binding), thanks! Regards. - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional

Re: [TEST] Struts 2 ver. 6.0.0-RC3 test build is ready

On 3/16/2022 12:33 PM, Greg Huber wrote: Seems a lot in here, what should we look out for in testing? On 15/03/2022 13:33, GitBox wrote: lukaszlenart merged pull request #496: URL: https://github.com/apache/struts/pull/496 Thanks a lot Greg for testing! happy to hear as this means somehow th

Re: [GitHub] [struts] lukaszlenart merged pull request #496: fix double evaluations

On 3/17/2022 9:47 AM, Lukasz Lenart wrote: śr., 16 mar 2022 o 14:02 Yasser Zamani napisał(a): Hi Greg, Thanks for asking and testing! Firstly simply run all your app tests, you shouldn't see any WARN log like "Expression blahblah isn't allowed by pattern blahblah! See Acce

Re: [GitHub] [struts] lukaszlenart merged pull request #496: fix double evaluations

Hi Greg, Thanks for asking and testing! Firstly simply run all your app tests, you shouldn't see any WARN log like "Expression blahblah isn't allowed by pattern blahblah! See Accepted / Excluded patterns at https://struts.apache.org/security/";. Secondly see if your following components are

Re: [VOTE] Struts 2.5.29

[X] General Availability (GA) +1 binding, thanks! On 1/18/2022 5:14 PM, Lukasz Lenart wrote: The Apache Struts 2.5.29 test build is available. With this release the following issues were addressed: Bug [WW-5117] - %{id} evaluates different for data-* and value attribute [WW-5160] - Template no

Re: [VOTE] [FASTTRACK] Apache Struts 2.5.28.3

Hi James, Yes I also experienced same behavior for a while but recently it's started to work! Regards. On 1/1/2022 8:17 PM, James Chaplin wrote: p.s. For some reason it appears that I did not receive the original vote email from the dev list, only the "reply" emails when others replied to

Re: [VOTE] [FASTTRACK] Apache Struts 2.5.28.3

+1 binding GA please, thanks! Regards. On 12/31/2021 8:17 PM, Lukasz Lenart wrote: Hey, We are missing one vote to push this out! Regards Łukasz czw., 30 gru 2021 o 07:49 Lukasz Lenart napisał(a): The Apache Struts 2.5.28.3 test build is now available. It includes the latest security patc

Re: [TEST] Struts 2 ver. 6.0.0-RC1 test build is ready

could you please retry with devMode true, and scrutinize WARN logs? Regards. On 12/23/2021 1:23 PM, Greg Huber wrote: Sorry also action messages on a chain don't work any more, although for a redirectAction they do. These are subtle differences so harder to spot! On 23/12/2021 08:22, Luk

Re: [VOTE] [FASTTRACK] Apache Struts 2.5.28.2

+1 binding, thanks! On 12/22/2021 10:23 AM, Lukasz Lenart wrote: The Apache Struts 2.5.28.2 test build is now available. It includes the latest security patch which fixes security vulnerability: - Log4j has been upgraded to version 2.12.3 to address security vulnerability CVE-2021-45105 Releas

Re: [VOTE] [FASTTRACK] Apache Struts 2.5.28.1

[ ] Leave at test build [ ] Alpha [ ] Beta [*] General Availability (GA) +1 (binding) GA please, thanks! Regards On 12/16/2021 7:15 PM, Lukasz Lenart wrote: The Apache Struts 2.5.28.1 test build is now available. It includes the latest security patch which fixes security vulnerability: - Log

Re: Versioning: Struts 2.6 -> Struts 2 ver. 6.xx

🙌 hooray! thanks! Let make Struts great again ;) On 12/12/2021 8:27 PM, Lukasz Lenart wrote: I'm almost ready to release a new major release aka Struts 2 ver. 6.x https://issues.apache.org/jira/projects/WW/versions/12340222 It will include over 200 changes :D Cheers -- Łukasz + 48 606 323 122

Re: [VOTE] Struts 2.5.28

[ ] Leave at test build [ ] Alpha [ ] Beta [*] General Availability (GA) +1 (binding) GA please, thanks! On 12/7/2021 11:10 PM, Lukasz Lenart wrote: The Apache Struts 2.5.28 test build is available. With this release the following issues were addressed: Bug [WW-5149] - labelposition and 2.5.2

Re: Deprecating plugins

No, thanks! +1 On 11/16/2021 10:48 PM, Lukasz Lenart wrote: Hi, With incoming Struts 2.6 (aka Struts 2 6.x) I would like to deprecated the following plugins: - OVal - Portlet (+mocks +tiles) - GXP - OSGi - Plexus - Sitemesh Do you have anything against that? Regards --

Re: [VOTE] Struts 2.5.27

> [*] General Availability (GA) Thanks! +1 binding On 11/2/2021 9:37 AM, Lukasz Lenart wrote: The Apache Struts 2.5.27 test build is available. With this release the following issues were addressed: Bug [WW-5116] - PostbackResult uses wrong regex range [WW-5117] - %{id} evaluates different for

Re: [TEST] Struts 2.5.27 test build is ready

Hi James, Unfortunately couldn't find a chance to look into, maybe I'm wrong but as far as I remember, there are pages in the showcase app that are opening directly without an action in behind which is the source of those warnings in the new Struts 2.5.27 I think. Thanks for looking into it!

Re: New Struts 2.5.x release

Thanks! yes my PR is missing and in my opinion still it's not clear and there's no proof for me that why we shouldn't include those improvements! Regards. On 10/3/2021 11:41 AM, Lukasz Lenart wrote: > I'm ready to prepare a test build for 2.5.27, here is the list of changes: > https://issues.apac

Re: lazy consensus state for PR#483,496

4/30/2021 6:10 PM, Yasser Zamani wrote: > Hi, > > I will merge these PRs (483 to 485) in 72 hours based on ASF lazy > consensus definition [1] unless someone objects. > > Regards. > > [1] https://community.apache.org/commi

Re: [GitHub] [struts] yasserzamani opened a new pull request #496: fix double evaluations

Hi Greg, thanks for reaching out! On ۱۴۰۰/۴/۱۸ ۱۲:۰۷, Greg Huber wrote: UIBean. escape(String name) // escape any possible values that can make the ID painful to work with i

Re: ParametersInterceptor notifyDeveloperParameterException

I remember if I'm not wrong Struts won't execute action when it has validation errors. Maybe that's the case here where Struts doesn't want to block action execution and merely wants to inform developer? But anyway personally I think you're right, we should either change LOG.error to LOG.warn or u

lazy consensus state for PR#483,4,5

Hi, I will merge these PRs (483 to 485) in 72 hours based on ASF lazy consensus definition [1] unless someone objects. Regards. [1] https://community.apache.org/committers/lazyConsensus.html - To unsubscribe, e-mail: dev-uns

Re: ParametersInterceptor:isAccepted warning with DMI

Hi Greg, To me it looks like an app config problem because I'm wondering why it tries to set a value to action name?! i.e. considers the action name an an http parameter?! Regards. On 1/20/2021 12:22 PM, Greg Huber wrote: > Seems the regex is passing, but fails on : > > Error setting expression

Re: java 11 error

I remember we fixed similar issues but against ognl (https://issues.apache.org/jira/browse/WW-5031) I think this is a new one about `clearMap(ResourceBundle.class, null, "cacheList");` inside "AbstractLocalizedTextProvider" (as error message also mentions). Maybe it's a good idea to set `--illega

Re: [VOTE] Struts 2.5.25

+1 (binding) thanks! On 9/24/2020 2:22 PM, Lukasz Lenart wrote: > czw., 24 wrz 2020 o 07:07 Lukasz Lenart napisał(a): >> [ ] Leave at test build >> [ ] Alpha >> [ ] Beta >> [X] General Availability (GA) > > +1 (binding) > > > Regards >

Re: Modification to speed up s:text from StrutsLocalizedTextProvider

thub.com/apache/struts-examples/ text-provider example >> provides a starting point), the Struts 2 Core should probably only >> need to cover the most common usage patterns.  There is already a >> GlobalLocalizedTextProvider implemented, but it only looks at the >>

Re: Modification to speed up s:text from StrutsLocalizedTextProvider

to current valueStack and cannot be cached (?) Regards. On 9/15/2020 10:25 AM, Lukasz Lenart wrote: > wt., 15 wrz 2020 o 07:49 Yasser Zamani napisał(a): >> So generally I think we can have a Map as a cache, if not found in cache >> then searching and if found after search, saving in

Re: Modification to speed up s:text from StrutsLocalizedTextProvider

Maybe this functionality was needed to allow user to override higher layers defined values (?) Or maybe another user for any reason claim that current behavior is wanted. So generally I think we can have a Map as a cache, if not found in cache then searching and if found after search, saving in ca

Re: [TEST] Struts 2.5.24 test build is ready

Yes looks good. Thanks! Also there is a trivial issue (https://issues.apache.org/jira/browse/WW-5087) which I can bring to 2.5.x. Regards. On 9/13/2020 3:38 PM, Lukasz Lenart wrote: > I notice a few important fixes have pushed into struts-2-5-x branch - > OSGi and empty files upload. Maybe I will

Re: New Jenkins

I'll take a look, I hope it's also possible via (export->manual transform->import) :) Or you had to type manually inside GUI? Have fun! :) On 7/17/2020 3:35 PM, Lukasz Lenart wrote: > Hi, > > Infra is moving to a new Jenkins [1] and requested to migrate all the > jobs manually. I'm just doing so

Re: The Benchmarker

Cool! Do they provide profiling analysis to find out how and where to improve? On 7/6/2020 6:30 PM, Lukasz Lenart wrote: > Hi, > > I was asked to add Struts2 to the set of available frameworks [1]. I > prepared a simple demo which is using JSPs to emulate requested > behaviour. This gave me an in

Re: StrutsBoot

Yes it's awesome and I've also been thought for long time to add boot and auto-config (because I've seen people have concerns about Struts flexibility) but can't find enough time :( wdyt? Looks a huge workload for me. Basically we should get rid off XMLs to annotations, add auto-configs, make plugi

Re: New messages

Than you so much! It's nice and current setting sounds good to me. The only issue is, for each event I get 3 to 4 duplicate emails. For example, for a commit event, I get it from commits@ then ASF bot comments this commit on the corresponding jira ticket and I get it again from issues@ and dev@,

RE: [VOTE] Struts Annotations 1.0.7

>> [ ] Leave at test build >> [ ] Alpha >> [ ] Beta >> [X] General Availability (GA) +1 (binding), thanks! Regards. >-Original Message- >From: Lukasz Lenart >Sent: Thursday, February 20, 2020 10:31 PM >To: Struts Developers List >Subject: Re: [VOTE] Struts Annotations 1.0.7 > >pon., 17

Re: Builds

t;-Xmx1024m" maven:3-jdk-11 mvn test >> >> which is exactly the same setup as on Jenkins >> >> czw., 13 lut 2020 o 07:23 Lukasz Lenart napisał(a): >>> >>> I think this is not the case, I just notice that Jenkins maps >>> container path to the

Re: Builds

Thank you! Yeah it seems that ClassLoader.getResources("") might return URIs in format "classpath?filePosition" [1]. I think we should decouple from underlying JDK via using uri.openConnection instead of new File(uri) at our ClassPathFinder. Regards. [1] https://github.com/junit-team/junit5/blo

RE: Builds

Hi Łukasz, It seems in that environment, our ClassPathFinder#185 returns URLs whose have Query component which emanates "java.lang.IllegalArgumentException: URI has a query component" [1]. I've tried to debug what that query string is [2] however GitHub's Struts-CI user needs to be a collaborat

RE: [VOTE] Struts Master 14

[X] General Availability (GA) +1 (binding), Thanks! -- I merely was wondering how to test. Regards. >-Original Message- >From: christoph.nenn...@bmw.de >Sent: Monday, February 3, 2020 11:20 AM >To: dev@struts.apache.org >Subject: AW: [VOTE] Struts Master 14 > >Changes seem to be quite

RE: Standard Accepted Patterns in DefaultAcceptedPatternsChecker

Hi, AFAIK Ognl compiles myMap['myKey'] to the string myMap.myKey so yes I think you don't want to use complex strings as keys; for instance conceive `myKey-1` as key that will be translated to myMap.myKey-1 which likely won't work properly. Regards. >-Original Message- >From: Ing. Andr

RE: Build failed in Jenkins: Struts-examples-JDK8-dependency-check #6

>-Original Message- >From: Lukasz Lenart >Sent: Monday, December 9, 2019 10:28 AM >To: Struts Developers List >Subject: Re: Build failed in Jenkins: Struts-examples-JDK8-dependency-check #6 > >sob., 7 gru 2019 o 09:11 Yasser Zamani napisał(a): >> >>

RE: Build failed in Jenkins: Struts-examples-JDK8-dependency-check #6

Hi Łukasz, I'm not sure but another option is to keep Struts-examples free from dependency check - they're just examples. Regards. >-Original Message- >From: Lukasz Lenart >Sent: Monday, December 2, 2019 12:13 PM >To: Struts Developers List >Subject: Re: Build failed in Jenkins: Strut

RE: Closing https://github.com/strutsathon

LGTM. It seems it's not needed as it's not updated since long time ago. Regards. >-Original Message- >From: Lukasz Lenart >Sent: Tuesday, November 19, 2019 11:58 PM >To: Struts Developers List >Subject: Closing https://github.com/strutsathon > >Hi, > >I want to close this organisation,

RE: [TEST] Struts Maven Archetypes 2.5.20

Hi Łukasz, >-Original Message- >From: J C >Sent: Tuesday, November 19, 2019 5:18 AM >To: Struts Developers List >Subject: Re: [TEST] Struts Maven Archetypes 2.5.20 > > Hi Łukasz. > >Not much experience with Maven archetypes Neither do I. Do anyone know if any best practice to automatica

RE: Struts 2.5.21 test build is ready

Hi JC, Right now I concede that I think Markus is right. According to my vision on security reports, setting that to a number 200-400 gradually decimates any security benefit. According to his app, setting it to a lower value will likely bother users. So he correctly said: "I suspect it will ne

Re: Struts 2.5.21 test build is ready

Hi Markus, Sorry for inconvenience - yes that was my genius idea ;) ensued from my vision on our security reports and in the first place, it didn't look bad to me because I'd seen similar practices in variety of places for example in http, tomcat, nginx and etc. However, I also shared and disc

Re: Struts 2.5.21

On 10/31/2019 10:24 PM, Lukasz Lenart wrote: > I think we are ready to release a new version, if no objections I will > start the process in a week or so. I think so. Thanks! Regards.

RE: Struts 2.5.21

Cool! I've likely finished WW-5041 at my local branch. Please hinder train for it probably for a few days :) -- albeit it needs [1] to be merged into OGNL and released then I'll push my local branch as a PR. Kind Regards. [1] https://github.com/jkuhnert/ognl/pull/82 >-Original Message-

RE: Max length for OGNL expression

han us. So this is going to make it harder to actually exploit such unknown vulnerabilities. Kind Regards. > >However, as long as we have an option to disable this, it should work out. > >Markus > > >Am 16.09.19 um 14:09 schrieb Yasser Zamani: >> Thanks Markus and Chris

RE: Max length for OGNL expression

config would definitively need an option to be disabled totally. I >> expect very unexpected and hard to trace side effects, depending on >> the application in place. Yes I have already thought that users might have long expressions e.g. > >> Markus >> >> Am 1

Max length for OGNL expression

Hi, I thought it might be nice to add a config element which confines the length of OGNL expression that Struts is going to evaluate. It is going to make hackers life harder :) How do you see it? Best. - To unsubscribe, e-mail

ApacheCon Europe 2019: Join Struts Hackathon!

Dear Struts Community (@user, @dev, @pmc), There will be a hackathon space at ApacheCon Europe 2019 in Berlin reserved for Struts. It will be available on 23rd/24th October from 1:00 PM for 2/4 hours. We want to invite everybody to participate on the hackathon where we are collaboratively researc

RE: Struts 2.5.20 and tiles 2.0.6 with JSF 1.2

>1) Whether struts 2.5.20 + Tiles 2.0.6 + JSF 1.2 will work? or is it possible? Struts 2.5.20 has Tiles 3.0.8 dependency so it seems it won't work with Tiles 2.0.6. I think JSF is completely separate and not related to Struts + Tiles so it will work I think. >2) I definitly want to updgrade str

RE: RE: Developers - Thoughts on the next 2.5.x release

>Hello Yasser (and developers). Hello James, FYI it seems we at Struts team also want to fix issues reported at https://lgtm.com/blog/apache_struts_double_evaluations Please also see inline below regarding Jira issues: >4999 - Lukasz indicated he was able to reproduce it. Can anyone else repr

RE: Developers - Thoughts on the next 2.5.x release

Hi James, >Are any developers aware of functionality issues with Struts 2.5.20 that have >not >been addressed yet, but should be ? Yes. Jira link: https://issues.apache.org/jira/issues/?jql=project%20%3D%20WW%20AND%20status%20in%20(Open%2C%20%22In%20Progress%22%2C%20Reopened)%20AND%20fixVersion

RE: needs tidying up

Thanks for your time to report! Fixed :) Regards. >-Original Message- >From: Greg Huber >Sent: Tuesday, April 30, 2019 7:12 PM >To: Struts >Subject: needs tidying up > >Next time when modifying the docs, these pages need tidying. > >https://struts.apache.org/core-developers/token-interc

RE: Build failed in Jenkins: Struts-master-JDK8-dependency-check #142

+1 . Why not. Let's have more clean code :) >-Original Message- >From: Lukasz Lenart >Sent: Tuesday, February 5, 2019 1:55 PM >To: Struts Developers List >Subject: Re: Build failed in Jenkins: Struts-master-JDK8-dependency-check #142 > >Looks like it's about the time to drop this plugin

RE: Build failed in Jenkins: Struts-master-JDK8-dependency-check #141

But it works fine now when I manipulated it to use java 8 - it has found new CVEs. Actually I think we should drop current `Struts-master-JDK8` job and rename and manipulate current ` Struts-master-JDK7` to use java 8 because we want to keep uploading to snapshot - current `Struts-master-JDK8`

Re: jdk8 in 2.6

On 1/13/2019 4:14 PM, Aleksandr Mashchenko wrote: >> If we are fine with supporting 2.5.x branch for a bit longer than a > year > > I'm fine with that. Me too. Security and bug fixes don't look like a burden for me even for several years. And I found Struts, mature, so any structural breaking h

RE: jdk8 in 2.6

Hi Nathan, thanks for using Struts! By `support`, did you mean security and bug fixes? If so, AFAIK, it's obvious that 2.5.x will receive them in a long term - several years as long as technically possible (@dev please correct me if it's not true). But if you meant new features, despite the jav

RE: jdk8 in 2.6

++1 Kind Regards. >-Original Message- >From: Aleksandr Mashchenko >Sent: Saturday, January 12, 2019 12:06 AM >To: dev@struts.apache.org >Subject: jdk8 in 2.6 > >We discussed it before but it was quite some time ago. How about upgrading to >jdk8 in 2.6 version? > >- Java versions are now

Re: Jenkins build is back to normal : Struts-master-JDK7-dependency-check #133

On 1/11/2019 10:24 AM, Lukasz Lenart wrote: > czw., 10 sty 2019 o 23:39 Apache Jenkins Server > napisał(a): >> >> See >> > > This is a great news!!! Yes :) we're grateful to James for this [1

Re: [VOTE] Struts 2.5.20

On 1/11/2019 7:11 PM, Lukasz Lenart wrote: > pt., 11 sty 2019 o 16:33 Lukasz Lenart napisał(a): >> [ ] Leave at test build >> [ ] Alpha >> [ ] Beta >> [X] General Availability (GA) +1 (binding) and thank you! Regards. - To un

Re: AW: [VOTE] Struts 2.3.37

On 1/11/2019 6:02 PM, christoph.nenn...@bmw.de wrote: >> [ ] Leave at test build >> [ ] Alpha >> [ ] Beta >> [X] General Availability (GA) > > +1, binding Thank you! Vote passed with three +1s (binding) :) Kind Regards.

RE: [VOTE] Struts 2.3.37

>> [ ] Leave at test build >> [ ] Alpha >> [ ] Beta >> [X] General Availability (GA) +1 (binding) - works here. Kind regards. - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...

RE: Struts 2.3.37 test build is ready

>I think we are ready to call for vote, right? Thank you, done :) I just wondered if I should exclude new year holidays from the test week. Kind Regards.

[VOTE] Struts 2.3.37

The Apache Struts 2.3.37 test build is now available. With this release the following issues were addressed: Bug [WW-4970] - Struts 2.3.36 - InvalidPathException: Illegal char <:> on JDK 9,10,11 on windows [WW-4994] - Error when upgrading to struts2.3.35 Dependency [WW-4975] - Upgraded commons-

RE: I18nInterceptor session creation

Yes I remember I had same dilemma. Finally I concluded with this assumption: Users themselves should use "Create Session Interceptor" [1] when needed. I'm not sure if it was a good assumption, let's wait for WW-4741's reporter answer on Aleksandr's comment. By the way, Aleksandr, did you mean t

Struts 2.3.37 test build is ready

Hi, Please take a time and test the bits - any help is appreciated. Please report back any problems. I'll call for a vote in a week if no problems will be spotted. Staging Maven repo https://repository.apache.org/content/groups/staging/ Standalone artifacts https://dist.apache.org/repos/dist/d

Re: Struts showcase integration tests

On 2018/12/20 17:06:39, Yasser Zamani wrote: > > > On 2018/11/21 07:57:09, Yasser Zamani wrote: > > Hi there, > > > > Do you know or could you recall please how those tests at > > it.org.apache.struts2.showcase could be run? I wonder if we can develop a

Re: Testing Results

Hi Louis, Thanks for your log! Yes Struts already has manipulated to work with java 9 and 11. Struts 2.5.19 and 2.6 are anticipated to work without any user further configuration [1]. Thanks for using Struts. Regards. [1] https://travis-ci.org/apache/struts/branches On 12/27/2018 7:30 PM, Loui

RE: struts.configuration.xml.reload=true always reloads files

Hi Greg, Thank you! Yes this is an unforeseen bug emerged in 2.5.18 and already has fixed waiting for 2.5.19 release [1]. Regards [1] https://issues.apache.org/jira/browse/WW-4974 >-Original Message- >From: Greg Huber >Sent: Wednesday, December 26, 2018 12:02 PM >To: Struts >Subject:

Re: Struts showcase integration tests

On 2018/11/21 07:57:09, Yasser Zamani wrote: > Hi there, > > Do you know or could you recall please how those tests at > it.org.apache.struts2.showcase could be run? I wonder if we can develop and > then include those in our build to gain huge improvement in our overall t

RE: Jenkinsfile

With a glance at a few googled pages, it seems now I'm able to play with my new toy, the docker :) thank you and Apache, very much :) Kind Regards, Yasser. >-Original Message- >From: Lukasz Lenart >Sent: Monday, December 17, 2018 1:29 PM >To: Struts Developers List >Subject: Jenkinsfil

RE: Would we need to achieve better place in trends ranking?

>-Original Message- >From: Dave Newton >Sent: Thursday, December 6, 2018 11:24 PM >To: Struts Developers List >Subject: Re: Would we need to achieve better place in trends ranking? > >On Thu, Dec 6, 2018 at 2:44 PM Yasser Zamani >wrote: > >> Instead

RE: Would we need to achieve better place in trends ranking?

>MG>remembering days of barosso-wannamacher regime the JS library du-jour >was 'sitemesh' >MG>has struts2 deprecated support for sitemesh? Hi Martin, No not yet AFAIK. However maybe we will have to because Sitemesh seems has been abolished in 2015 [1] Regards. [1] https://github.com/sitemesh/s

Re: Would we need to achieve better place in trends ranking?

On 12/5/2018 5:58 PM, Dave Newton wrote: > On Wed, Dec 5, 2018 at 4:37 AM Yasser Zamani > wrote: > >> I found dagger2 best when there are limited resources and we need an >> urgent performance e.g. in mobile devices. But Struts unfortunately is not >> able to be used

RE: Would we need to achieve better place in trends ranking?

>From: Ken McWilliams >Sent: Wednesday, July 19, 2017 5:55 AM >To: Struts Developers List >Subject: Re: Would we need to achieve better place in trends ranking? > >Lukasz it's good to hear the JSON plugin is on the horizon. For my own work I >created a new JSON Result type using FlexJson, for som

Re: struts2-portlet-plugin dependency issue

ything using Spring 5 would be at risk or at least questionable. As > Spring moves on 5+ the risk goes up and the unit testing confidence goes > down. For now I'll have to stick with Spring 4 until I find a longer > term solution. > Thanks for the suggestion - John B > > >

Re: struts2-portlet-plugin dependency issue

Hi John, I think it's possible to keep spring updated to 5 and in same time, to have needed old dependencies in scope `test` to save unit tests, e.g: org.springframework spring-test test org.springframework

Struts showcase integration tests

Hi there, Do you know or could you recall please how those tests at it.org.apache.struts2.showcase could be run? I wonder if we can develop and then include those in our build to gain huge improvement in our overall test coverage. Thanks in advance! ---

Re: Jenkins build is back to normal : Struts-master-JDK9 #13

Sometimes our Jenkins jobs need a "workspace wipe out" to back to normal. It sounds like something like a concurrency issue with other builds, I guess. We should see. Regards. On Nov 19, 2018, at 6:36 PM, Apache Jenkins Server mailto:jenk...@builds.apache.org>> wrote: See

Re: Jenkins build is back to normal : Struts-master-JDK9 #5

You're welcome :) My pleasure, thanks, very glad that you liked it :) On 11/16/2018 5:40 PM, Lukasz Lenart wrote: > Hipp hurra! Thanks a lot Yasser :) > > pt., 16 lis 2018 o 14:36 Apache Jenkins Server > napisał(a): >> >> See >>

RE: Date format change

>-Original Message- >From: Lukasz Lenart >Sent: Monday, November 12, 2018 12:44 PM >To: Struts Developers List >Subject: Re: Date format change > >Ok, found it >https://bugs.openjdk.java.net/browse/JDK-8206961 > >tldr; some date formats have changed since JDK9 as a result of using the

  1   2   3   >