We've tested the pre-release with Confluence DC and all looks well
On 2023/06/28 07:22:42 Lukasz Lenart wrote:
> Hello,
>
> This is another minor version of Struts 6.x series. Please take the
> time and test the bits - any help is appreciated. Please report any
> problems you will spot.
>
> Here a
[X] General Availability (GA)
On Wed, 5 Jul 2023 at 20:26, Lukasz Lenart wrote:
>
> The Apache Struts 6.2.0 test build is available. With this release the
> following issues were addressed:
>
> Bug
> [WW-4434] - datetextfield.ftl is missing
> [WW-5199] - StrutsPrepareFilter and StrutsExecuteFilt
No issues integrating with Confluence DC
On Wed, 23 Aug 2023 at 15:47, Lukasz Lenart wrote:
>
> Hello,
>
> This is another minor version of Struts 6.x series. Please take the
> time and test the bits - any help is appreciated. Please report any
> problems you will spot.
>
> Here are the changes f
Whilst not breaking, today I noticed excessive logging by the Velocity
plugin caused by my previous changes.
I've put up a fix for that here: https://github.com/apache/struts/pull/744
*KUSAL KITHUL-GODAGE *
Software Engineer
On Wed, 30 Aug 2023 at 18:49, Lukasz Lenart wrote:
> śr.
No preference here
KUSAL KITHUL-GODAGE
Software Engineer
On Wed, 30 Aug 2023 at 21:01, Lukasz Lenart wrote:
>
> There is a blocker [1] discovered by Kusal, should I merge the PR into
> the master branch and roll a new release -> 6.3.1 or rather clean up
> everything and start
[X] General Availability (GA)
On Fri, 1 Sept 2023 at 16:44, Lukasz Lenart wrote:
>
> The Apache Struts 6.3.0 test build is available. With this release the
> following issues were addressed:
>
> Improvement
> [WW-5233] - Include Apache Tiles code base in the Tiles plugin
> [WW-5321] - notify / do
Hi all,
I am looking for some clarification regarding the maintenance status
of the OGNL library which is currently listed under the 'Orphan OSS'
GitHub org.
I understand this library was previously adopted by Apache Commons
where it received little active development.
What I don't quite underst
Lukasz Lenart wrote:
>
> pon., 18 wrz 2023 o 10:16 Kusal Kithul-Godage
> napisał(a):
> > I am looking for some clarification regarding the maintenance status
> > of the OGNL library which is currently listed under the 'Orphan OSS'
> > GitHub org.
> >
Yes this is a good approach.
As you said, we should periodically merge master into release/7.0. Rebasing
will become cumbersome the longer the branch lives on. We could probably
even automate this with a GitHub action.
On Sun, 8 Oct 2023 at 21:58, Lukasz Lenart wrote:
> Hi,
>
> It's time to sta
Sounds good
On Tue, 10 Oct 2023 at 20:24, Lukasz Lenart wrote:
> niedz., 8 paź 2023 o 13:11 Kusal Kithul-Godage
> napisał(a):
> >
> > Yes this is a good approach.
> >
> > As you said, we should periodically merge master into release/7.0.
> Rebasing
> >
Unsure what the best practice or most elegant solution here is - I
wonder if there are any other projects that have solved a similar
problem?
On Mon, 18 Dec 2023 at 02:09, Lukasz Lenart wrote:
>
> Hi,
>
> The only problem with developing the new Struts is currently missing
> support for transform
can be found in
the Struts
Security doc
<https://struts.apache.org/security/#defining-and-annotating-your-action-parameters>
under the 'Defining and annotating your Action parameters' and 'Allowlist
Capability' headings.
Best regards,
*KUSAL KITHUL-GODAGE*
Software Engineer
his is great news and thanks a lot for your contribution! Also it's
> time to prepare a new release then :D
>
> Cheers
> Lukasz
>
> pt., 9 lut 2024 o 03:31 Kusal Kithul-Godage
> napisał(a):
> >
> > Hi all,
> >
> > Atlassian is very excited to hav
I think my previous response didn't get processed due to some
incompatibility between my normal mail client and the Apache mailing
lists
+1 binding
On Sun, Apr 7, 2024 at 3:16 AM Lukasz Lenart wrote:
>
> The Struts Master 15 test build is now available as a Maven artifact.
> https://repository.a
Thanks Lukasz
I will run this build through the Confluence test suite before the end
of the week and report back.
Also, I wanted to check whether this is the final Struts 6.x release
or if there is a 6.5 planned?
On Sun, Apr 7, 2024 at 7:50 PM Lukasz Lenart wrote:
>
> Hello,
>
> This is another
Thanks Lukasz
I will run this build through the Confluence test suite before the end
of the week and report back.
Also, I wanted to check whether this is the final Struts 6.x release
or if there is a 6.5 planned?
On Sun, 7 Apr 2024 at 19:50, Lukasz Lenart wrote:
>
> Hello,
>
> This is another m
n Mon, Apr 8, 2024 at 9:44 PM Lukasz Lenart wrote:
>
> pon., 8 kwi 2024 o 13:34 Kusal Kithul-Godage
> napisał(a):
> >
> > Thanks Lukasz
> >
> > I will run this build through the Confluence test suite before the end
> > of the week and report back.
>
>
+1 binding
On Sun, 7 Apr 2024 at 03:16, Lukasz Lenart wrote:
>
> The Struts Master 15 test build is now available as a Maven artifact.
> https://repository.apache.org/content/groups/staging/org/apache/struts/struts-master/15/
>
> Release notes:
> * uses the latest version of the Apache Parent PO
Maybe block this guy - looks like he's known to spout nonsense:
https://www.mail-archive.com/dev@tomcat.apache.org/msg172900.html
On Tue, Apr 9, 2024 at 4:30 PM koteswara Rao Gundapaneni
wrote:
>
> On Sun, 7 Apr 2024, 20:29 koteswara Rao Gundapaneni, <
> koti.gundapan...@gmail.com> wrote:
>
> >
>
Following up on this - I've run the Struts 6.4 staging build through
our test suite and I've no issues or regressions to report!
On Mon, Apr 8, 2024 at 9:34 PM Kusal Kithul-Godage
wrote:
>
> Thanks Lukasz
>
> I will run this build through the Confluence test suite before
+1 GA binding
On Thu, Apr 18, 2024 at 3:23 PM Lukasz Lenart wrote:
>
> The Apache Struts 6.4.0 test build is available. With this release the
> following issues were addressed:
>
> Bug
> [WW-5192] - Radio tag not setting enum key values
> [WW-5319] - StrutsUtils is not defined in validation.js
>
All of the mentioned options should log issues at warn level or
greater, except for 'struts.parameters.requireAnnotations' which will
log at debug level.
Using the following PR as a reference, you can revert settings to
their previous value one by one, to isolate which option may be
causing your a
there are many repetitive ones
On Sun, Jun 16, 2024 at 7:10 PM Greg Huber wrote:
>
> Sorry checked the wrong log file, it was this one, needed to be false.
>
>
>
> Is there any docs on this? ie and example of what would go in the list,
> as its excluding struts default stuff.
&
2024-06-16 10:15:12,587 WARN
> com.opensymphony.xwork2.ognl.SecurityMemberAccess
> SecurityMemberAccess:isAccessible - Access to proxy is blocked! Target [][
>
> Where the target is my pojo, which I have alot of.
>
> On 16/06/2024 10:15, Kusal Kithul-Godage wrote:
> > I d
yMemberAccess
> SecurityMemberAccess:isAccessible - Access to non-public [private
> java.lang.String my.pojo.Pojo.userName] is blocked!
>
> public class Pojo {
>
> private String userName;
>
> public String getUserName() {
> return userName;
> }
>
>
don't give any hints on what the list should be.
>
>
>
>
>
> my.pojo.Pojo$HibernateProxy$tEzkTVrG]
>
> This is an inquiry screen.
>
> On 16/06/2024 10:51, Kusal Kithul-Godage wrote:
> > So you've got 2 separate issues here:
> > * Pojos that are not allowlisted
> &
Folder$HibernateProxy$OVniT9Ol]
>
> struts.xml
>
> value="false"/>
>
>
>
> -- Original Message --
> From "Kusal Kithul-Godage"
> To "Struts Developers List"
> Date 6/16/2024 9:51:36 AM
> Subject Re: [TEST] Apache Struts 7.0.0-M7
When you say release officially do you mean as the final Struts 7.0.0?
On Mon, Jun 17, 2024 at 6:57 PM Lukasz Lenart wrote:
>
> Should I call for a vote to release M7 officially?
>
> Cheers
> Lukasz
>
> -
> To unsubscribe, e-mail
ell as the
updated documentation
On Mon, Jun 17, 2024 at 8:07 PM Lukasz Lenart wrote:
>
> pon., 17 cze 2024 o 11:00 Kusal Kithul-Godage
> napisał(a):
> >
> > When you say release officially do you mean as the final Struts 7.0.0?
>
> I meant release -> publish as M7 in the
I've fleshed out the Security section of the migration guide. Open to
any feedback on anything that is still unclear.
https://cwiki.apache.org/confluence/x/wYp3EQ
On Mon, Jun 17, 2024 at 8:14 PM Kusal Kithul-Godage
wrote:
>
> Ah right - yep no objections here
>
> Based on the
;
> It also says Action class, what if I have a bean in the action class, do
> I need to do these also?
>
> If I add them to every field/bean is this the same as setting it false?
> ie what does @StrutsParameter do?
>
> On 18/06/2024 07:44, Kusal Kithul-Godage wrote:
>
g.apache.struts2.components.Date Date:end
> - Developer Notification (set struts.devMode to false to disable this
> message):
>
> Expression [bean.created] passed to tag which was evaluated to
> [null](null) isn't supported!
>
> On 18/06/2024 08:34, Kusal Kithul-Godage wr
ng getPath() {
> return path;
> }
>
> public String getFilter() {
> return filter;
> }
>
> Just an idea.
>
> On 18/06/2024 08:57, Kusal Kithul-Godage wrote:
> > Yeah good call I'll look into it
> >
> > On Tue, Jun 18, 2024 at 5:54 P
Thanks Lukasz
Confirming that this milestone includes an enhancement which allows
the OGNL allowlist capability to continue functioning in the presence
of Hibernate entities. Simply set
`struts.disallowProxyObjectAccess=false` and the OGNL allowlist will
automatically exempt Hibernate entities. As
Ah that'll be my last change - I'll check this, thanks! The 6.5.0 test
build will have the same issue
On Fri, Jul 12, 2024 at 10:17 PM Burton Rhodes wrote:
>
> I'm not sure if this is unique to M8, but I just turned on devMode and
> loading a single page in my app floods the console with these en
Let me take a look, I think I overlooked testing the OGNL allowlist
with the Convention plugin - created WW-5440 to track.
On Sat, Jul 13, 2024 at 3:04 PM Lukasz Lenart wrote:
>
> Hi,
>
> I'm playing a bit with our Showcase App and noticed a few issues
> related to the latest security changes. He
;
> pt., 12 lip 2024 o 15:25 Kusal Kithul-Godage
> napisał(a):
> >
> > Ah that'll be my last change - I'll check this, thanks! The 6.5.0 test
> > build will have the same issue
> >
> > On Fri, Jul 12, 2024 at 10:17 PM Burton Rhodes
> > wro
On Sat, Jul 13, 2024 at 6:17 PM Lukasz Lenart wrote:
>
> sob., 13 lip 2024 o 08:05 Kusal Kithul-Godage
> napisał(a):>
> > Let me take a look, I think I overlooked testing the OGNL allowlist
> > with the Convention plugin - created WW-5440 to track.
>
> BTW. I thought the
lip 2024 o 10:23 Kusal Kithul-Godage
> napisał(a):
> > That's correct, it's only enabled by default from 7.0, but I enabled
> > it manually for the Showcase App so we can ensure its functionality
> > and catch regressions. It seems in this case, we have an Action th
No issues integrating with Confluence
On Sat, Jul 20, 2024 at 4:52 PM Lukasz Lenart wrote:
>
> Hello,
>
> This is another minor version of Struts 6.x series. Please take the
> time and test the bits - any help is appreciated. Please report any
> problems you will spot.
>
> Here are the changes fr
+1 GA
On Tue, Aug 6, 2024 at 2:47 PM Lukasz Lenart wrote:
>
> The Apache Struts 6.6.0 test build is available. With this release the
> following issues were addressed:
>
> Bug
> [WW-5060] - Struts 2 Rest Plugin Conversion Issue
> [WW-5310] - s:url does not handle equal sign correctly
> [WW-5406]
No issues here!
On Sun, Oct 6, 2024 at 12:21 AM Lukasz Lenart wrote:
>
> Hello,
>
> This is a patch release of Struts 6.x series. Please take the time and
> test the bits - any help is appreciated. Please report any problems
> you will spot.
>
> Here are the changes from the previous version:
> h
So in Struts 7.0, the com.opensymphony.xwork2 package is being renamed
and merged with org.apache.struts2.
For many applications this will be a straightforward find and replace
when upgrading to 7.0. However, I was doing some investigation into
whether we can provide a small deprecation/transition
+1 GA binding
On Sun, Oct 13, 2024 at 7:22 PM Lukasz Lenart wrote:
>
> The Apache Struts 6.6.1 test build is available. With this release the
> following issues were addressed:
>
> Bug
> [WW-5297] - Decorator not working after invalidating session
> [WW-5446] - file paths are broken (not clickab
Also, I'm going to create 1 more deprecation PR for Struts 6.7 to
provide a couple more replacement APIs.
On Mon, Nov 4, 2024 at 12:48 AM Lukasz Lenart wrote:
>
> I'm going to release a new milestone - M10, hopefully the last one.
> Also I want to create a dedicated branch "release/struts-6-7-x"
Actually, nevermind that last message, it's more complicated than I anticipated
On Mon, Nov 4, 2024 at 11:35 AM Kusal Kithul-Godage
wrote:
>
> Also, I'm going to create 1 more deprecation PR for Struts 6.7 to
> provide a couple more replacement APIs.
>
> On Mon, Nov 4
Sounds good. Hmm maybe merge [1] then recreate 'release/struts-7-0-x'
during the final 7.0 release? And then increment master to
7.1.0-SNAPSHOT
On Mon, Nov 4, 2024 at 12:48 AM Lukasz Lenart wrote:
>
> I'm going to release a new milestone - M10, hopefully the last one.
> Also I want to create a de
FreeMarker version 2.3.33 is required
On Thu, Oct 31, 2024 at 7:56 PM Greg Huber wrote:
>
> I now get this error
>
> java.lang.NoClassDefFoundError:
> freemarker/ext/jakarta/servlet/WebappTemplateLoader
>
> in core pom.xml differences from m7 last time
>
> m9
>
>
> org.freemarker
>
Bizarre - looks like a clash between the org.apache.struts2.Result
class and the org.apache.struts2.result package. How about we just
sidestep the issue by moving the Result class into the result package?
Would make it consistent with
org.apache.struts2.interceptor.Interceptor too.
On Sat, Nov 2,
> action class :
>
> private List uploadedFilesz = null;
>
> 2024-11-11 08:05:18,083 WARN
> com.opensymphony.xwork2.ognl.SecurityMemberAccess
> SecurityMemberAccess:isAccessible - Access to non-public [private
> java.util.List my.Upload.uploadedFilesz] is blocked!
>
> Is this what is ex
These changes are all merged to master/6.x now - thanks Lukasz for reviewing
I'll sort out the merge conflicts with the 7.0 branch in a few days
On Mon, Oct 21, 2024 at 5:52 PM Kusal Kithul-Godage
wrote:
>
> So in Struts 7.0, the com.opensymphony.xwork2 package is being renamed
> a
tation,
> and just the annotation class, be backported to 6 as well? It could/should be
> a no-op in 6.x but would let people start adding the annotation ahead of the
> 7 upgrade?
>
> -- Forwarded message -----
> From: Kusal Kithul-Godage
> Date: Thu, Oct 24,
If you're able to dump a stack trace for the log warning using the
debugger I can probably check further.
But if I had to guess (and I may very well be wrong here) you're using
one of the default interceptor stacks that includes both the old and
new file upload interceptors and you've also got s:f
Yep sounds good to me
On Wed, Nov 6, 2024 at 7:56 PM Lukasz Lenart wrote:
>
> Thanks, I think we are good to release Struts 6.7 as there is a lot of
> changes which should help in migration into Struts 7
>
> pon., 4 lis 2024 o 02:07 Kusal Kithul-Godage
> napisał(a):
> >
If you're extending a class in the com.opensymphony.xwork2 package you
may not be able to migrate across deprecated imports. In this case
you're extending
com.opensymphony.xwork2.validator.ValidationInterceptor and so you
will need to retain the deprecated imports. It's not that something
was misse
No issues here!
On Mon, Nov 18, 2024 at 3:06 AM Lukasz Lenart wrote:
>
> Hello,
>
> This is a minor release of Struts 6.x series mostly because of
> depreciating a lot of classes.
> Please take the time and test the bits - any help is appreciated.
> Please report any problems you will spot.
>
> H
op the '2' from org.apache.struts2
but if the benefit is only really aesthetic then I'm not sure it's
worth the cost (significant upgrade friction).
On Mon, Nov 18, 2024 at 3:11 AM Lukasz Lenart wrote:
>
> niedz., 17 lis 2024 o 12:00 Kusal Kithul-Godage
> napisał(a):
> >
&g
Thanks for noting that - it was probably auto-generated based on the
Jira issue title. I've updated that bullet point to reflect that only
selected APIs were deprecated with replacements provided
On Mon, Nov 18, 2024 at 7:20 PM Greg Huber wrote:
>
> Are the release notes correct?
>
> It says
>
>
e for Struts 7
> to allow two versions of the framework to coexist in one war archive.
> Does that make sense?
>
> śr., 6 lis 2024 o 11:10 Kusal Kithul-Godage
> napisał(a):
> >
> > Yep sounds good to me
> >
> > On Wed, Nov 6, 2024 at 7:56 PM Lukasz Lenart
>
+1 GA binding
On Tue, Nov 26, 2024 at 5:06 PM Lukasz Lenart wrote:
>
> The Apache Struts 6.7.0 test build is available. With this release the
> following issues were addressed:
>
> Internal changes
> A lot of classes have been marked as deprecated because of relocation
> of them into a new packag
> Thanks Kusal, you are right!
> >
> > pon., 18 lis 2024 o 02:00 Kusal Kithul-Godage
> > napisał(a):
> > >
> > > I'm concerned it will do more harm than good. With the release of
> > > Struts 6.7 we have a decent upgrade path as most
> > >
Agree
On Mon, Dec 2, 2024 at 3:45 AM Lukasz Lenart wrote:
>
> Hi,
>
> Looks like I need to get agreement [1] on renaming the master branch
> into main, so please vote:
> [ ] agree, rename the master branch
> [ ] disagree
>
> [1]
> https://github.com/apache/infrastructure-asfyaml?tab=readme-ov-fi
Hi Dipak,
I don't believe the mailing lists support image attachments. Could you
try externally hosting them and linking them instead?
It would also be useful if you could additionally test with Struts
6.7.0 to further isolate when this potential regression may have been
introduced.
Kind regards
Thanks for reporting - I believe this should fix the issue
https://github.com/apache/struts/pull/1209
On Mon, Feb 3, 2025 at 10:19 PM wrote:
>
> Hello,
>
> it will happen, if you have an include tag before a closing tag - because the
> release method of the PageContext will set the members like
I've just tested this with the Confluence Data Center application.
The file name filtering is actually causing a user experience regression for us.
Previously, we were able to validate the filename manually and display
the user an error - "Unsupported characters in file name". Now that
the file i
+1 GA binding
On Tue, Dec 17, 2024 at 3:40 AM Lukasz Lenart wrote:
>
> The Apache Struts 7.0.0 test build is available. This is the first and
> major release of Struts 7.x series which uses Java 17 and JakartaEE.
> With this release the following issues were addressed:
>
> Internal Changes
>
> Ja
Tested with Atlassian's Confluence Data Center along with the
struts2-velocity-plugin.
Observed one minor peculiarity with
struts.messages.upload.error.FileUploadByteCountLimitException where
the reported 'actual size' isn't consistent with Struts 6.x, however
this may be an underlying change in c
Looks like I overlooked that specific method. And yes the old type can
be cast directly to the new type. ActionInvocation#adapt will allow
you to go the other way.
On Wed, Dec 11, 2024 at 7:48 PM i...@flyingfischer.ch
wrote:
>
> When upgrading from 6.6.1 to 6.7.0, I run into an issue with an
> ov
Unless you've got a fix ready, I'd argue WW-5496 is not required for
7.0.1 given the bug is specific to Tomcat 11.0 and Jakarta EE 11,
neither of which are GA.
On Mon, Jan 27, 2025 at 6:24 PM Günter Paul wrote:
>
> Hi Lukas,
>
> for me WW-5496 is open and WW-5495 is not solved. See my comments.
>
All good by me for both 6.7.1 and 7.0.1
On Sun, Jan 26, 2025 at 6:23 PM Lukasz Lenart wrote:
>
> I'm going to prepare a first patch version of Struts 7, do you miss anything?
> https://issues.apache.org/jira/projects/WW/versions/12355521
>
>
> Cheers
> Łukasz
>
> -
Hi Lukasz,
Thank you for your work on this.
It seems the surface area of changes is large and has an API breaking
impact on multiple extension points. I expect the OGNL upgrade itself
could also cause breaking behavioural changes. If we're to abide by
SemVer here, we should probably release this
reaking changes, that
can also be overcome.
On Thu, Apr 3, 2025 at 11:38 PM Lukasz Lenart wrote:
>
> śr., 2 kwi 2025 o 02:12 Kusal Kithul-Godage
> napisał(a):
> > It seems the surface area of changes is large and has an API breaking
> > impact on multiple extension points. I expe
Could you share the full stacktrace, including the exception thrown
and caused by hierarchy?
On Wed, Feb 19, 2025 at 9:14 PM 戸田 栞太(HARP) wrote:
>
> Hello,
>
> When using the tag in a JSP with the Struts tags
> library,
> the included page does not appear. The following error is displayed:
>
> S
+1 GA
On Thu, Feb 27, 2025 at 5:13 PM Lukasz Lenart wrote:
>
> The Apache Struts 6.7.4 test build is available. With this release the
> following issues were addressed:
>
> Bug
> [WW-5493] - Removing parameters broke custom components
> [WW-5497] - Access to non-static members of class objects fa
Ah that's right - the MultiPartRequestWrapper augments the regular
request parameters with multipart form fields.
Yes I think in that case it's sensible to revert the new validation
changes in AbstractMultiPartRequest (and subclasses) and get the other
patches released first.
And then we can devi
at.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191)
> [tomcat-util.jar:9.0.71]
> at
> org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659)
> [tomcat-util.jar:9.0.71]
> at
> org.apache.tomcat.util.threads.Ta
+1 GA
On Mon, Feb 24, 2025 at 11:15 PM Lukasz Lenart wrote:
>
> The Apache Struts 7.0.3 test build is available. This is the first
> patch release of Struts 7.x series. With this release the following
> issues were addressed:
>
> Bug
> [WW-5495] - Tomcat 11 and ".action" send empty page
> [WW-549
I started using
> JDK17 as a default JDK on my computer and missed that :( Re-installed
> JDK8 and should be fine now :)
>
> czw., 20 lut 2025 o 06:30 Kusal Kithul-Godage
> napisał(a):
> >
> > Thanks for sharing the full stacktrace.
> >
> > So
+1 GA
On Sun, 29 Jun 2025 at 00:24, Lukasz Lenart wrote:
>
> The Struts Annotations 2.0 test build is now available as a Maven artifact.
> This version uses Java 17 as a minimal version of JDK.
> All the changes:
> https://github.com/apache/struts-annotations/releases/tag/STRUTS_ANNOTATIONS_2_0
I've the same logging issue. It's occurring within both
#cleanUpDiskFileItems and #cleanUpTemporaryFiles. The method
Files#deleteIfExists returns false if the file did not exist, so I
don't believe there's any need to check the return value and log
anything in these cases.
On Wed, 24 Sept 2025 at
Just completed testing - no issues to report!
On Mon, 15 Sept 2025 at 16:43, Lukasz Lenart wrote:
>
> Hello,
>
> This is a patch release of Struts 6.x which contains only non-breaking
> changes.
> Please take your time and test the bits - any help is appreciated.
> Please report any problems yo
81 matches
Mail list logo
