Fri. Aug 14th, 2020

Apache Struts 2.5.22 releases

2 min read

Struts, an open-source project sponsored by the Apache Software Foundation (ASF), was originally a subproject of the Jakarta project that became ASF’s premier project in March 2004. By adopting Java Servlet / JSP technology, it realizes the application framework of MVC design pattern based on Java EE Web application and is a classic product in MVC classic design pattern.

https://meterpreter.org/wp-content/uploads/2017/08/Apache-Struts.jpg

Apache Struts 2.5.22 has been released.

Changelog

Bug

  • [WW-4958] – File upload fails from certain clients
  • [WW-4991] – Not existing property in listValueKey throws exception
  • [WW-4999] – Can’t get OgnlValueStack log even if enable logMissingProperties
  • [WW-5004] – No more calling of a static variable in Struts 2.8.20 available
  • [WW-5006] – NullPointerException in ProxyUtil class when accessing static member
  • [WW-5009] – EmptyStackException in JSON plugin due to concurrency
  • [WW-5011] – Tiles bug when parsing file:// URLs including # as part of the URL
  • [WW-5013] – Accessing static variable via OGNL returns nothing
  • [WW-5024] – HttpParameters.Builder can wrap objects in two layers of Parameters
  • [WW-5025] – Binding Integer Array upon form submission
  • [WW-5026] – Double-submit of TokenSessionStoreInterceptor broken since 2.5.16
  • [WW-5027] – xerces tries to load resources from the internet
  • [WW-5028] – Dispatcher prints stacktraces directly to the console
  • [WW-5029] – The content allowed-methods tag of the XML configuration is sometimes truncated
  • [WW-5031] – OGNL: An illegal reflective access operation has occurred
  • [WW-5040] – java.lang.reflect.InvocationTargetException – Class: com.opensymphony.xwork2.inject.ContainerImpl$ConstructorInjector

New Feature

  • [WW-5005] – Struts2 convention plugin lacks Java 11 support

Improvement

  • [WW-5023] – Upgrade SLF4J to latest 1.7.x version
  • [WW-5034] – Minor enhancement/fix to AbstractLocalizedTextProvider
  • [WW-5035] – Provide mechanism to clear OgnlUtil caches

Task

  • [WW-5015] – Struts 2 unit testing using StrutTestCase class

Dependency

  • [WW-5007] – Upgrade Jackson library to the latest version
  • [WW-5008] – Upgrade to OGNL version 3.1.22
  • [WW-5033] – Update a few Struts 2.5.x libraries to more recent versions
  • [WW-5037] – Upgrade commons-beanutils to version 1.9.4
  • [WW-5038] – Upgrade jackson-databind to version 2.9.9.3
  • [WW-5041] – Upgrade to OGNL 3.1.26 and adapt to its new features

Download