Releases: apache/struts
Releases · apache/struts
Struts 6.9.0
1b2f185
This commit was signed with the committer’s verified signature.
lukaszlenart
Lukasz Lenart
What's Changed
- WW-5583 Bump commons-validator:commons-validator from 1.9.0 to 1.10.0 by @dependabot[bot] in #1385
- WW-5581 Bump org.freemarker:freemarker from 2.3.33 to 2.3.34 by @dependabot[bot] in #1386
- WW-5584 Bump asm.version from 9.7.1 to 9.9 by @dependabot[bot] in #1393
- WW-5597 Bump org.apache.commons:commons-lang3 from 3.17.0 to 3.20.0 by @dependabot[bot] in #1455
- Merges changes from older release branch by @lukaszlenart in #1458
- WW-5573 Multipart stream file cleanup by @ryanmurf in #1445
- fix(core): WW-5602 fix StreamResult contentCharSet handling by @lukaszlenart in #1511
- WW-5606 build(deps): bump commons-beanutils:commons-beanutils from 1.9.4 to 1.11.0 by @dependabot[bot] in #1544
- WW-5608 build(deps): bump org.apache.velocity:velocity-engine-core from 2.3 to 2.4.1 by @dependabot[bot] in #1546
- chore(conf): skips scans if PR created by Dependabot by @lukaszlenart in #1554
- WW-4291: Allow Spring bean names for type converters (6.9.x backport) by @lukaszlenart in #1564
- WW-5610 Extend Struts 7 forwards compat to more interceptors by @kusalk in #1565
- WW-5514: Make ProxyUtil cache configurable via struts constants by @lukaszlenart in #1573
- WW-4421 Fix duplicate @action annotation check being skipped (6.x backport) by @lukaszlenart in #1590
- WW-5616 - JakartaStreamMultiPartRequest warns on file delete if the file doesn't exist by @brianandle in #1591
- WW-5535: enforce HTTP method annotations for wildcard actions by @lukaszlenart in #1593
- WW-5549 validate locale parameters against supportedLocale by @lukaszlenart in #1602
- Slim down CLAUDE.md to project-specific guardrails by @lukaszlenart in #1605
- Sets a proper SNAPSHOT version before next release by @lukaszlenart in #1615
- WW-4428 Add java.time support to JSON plugin (6.8.x backport) by @lukaszlenart in #1616
- WW-2963 fix(core): resolve default-action-ref via wildcard matching by @lukaszlenart in #1623
- WW-5618 feat(json): add configurable limits for DoS prevention by @lukaszlenart in #1626
- WW-5537 fix(core): resolve classloader/memory leaks during Tomcat hot deployment by @lukaszlenart in #1631
- ci: fix nightly publishing on release/struts-6-8-x by @lukaszlenart in #1644
- WW-5621 Harden XML parsers against Entity Expansion (Billion Laughs) attacks [S6] by @lukaszlenart in #1643
- WW-5622 Optimize Hibernate proxy detection when Hibernate is absent by @lukaszlenart in #1650
- ci(struts6): adjust workflows to use the new branch names by @lukaszlenart in #1658
- ci(scorecards): score cards analysis are only supported for default branch by @lukaszlenart in #1661
Dependencies
- Bump org.apache.maven.plugins:maven-failsafe-plugin from 3.5.1 to 3.5.4 by @dependabot[bot] in #1356
- Bump org.apache.maven.doxia:doxia-module-markdown from 1.12.0 to 2.0.0 by @dependabot[bot] in #1369
- Bump org.assertj:assertj-core from 3.27.4 to 3.27.6 by @dependabot[bot] in #1387
- Bump com.thoughtworks.xstream:xstream from 1.4.20 to 1.4.21 by @dependabot[bot] in #1408
- Bump org.codehaus.mojo:exec-maven-plugin from 3.4.1 to 3.6.2 by @dependabot[bot] in #1411
- Bump jackson.version from 2.20.0 to 2.20.1 by @dependabot[bot] in #1412
- Bump org.apache.maven.plugins:maven-dependency-plugin from 3.8.0 to 3.9.0 by @dependabot[bot] in #1426
- Bump org.jacoco:jacoco-maven-plugin from 0.8.12 to 0.8.14 by @dependabot[bot] in #1428
- Bump com.sun.xml.bind:jaxb-core from 2.3.0.1 to 4.0.6 by @dependabot[bot] in #1429
- Removes unused jaxb-core dependency by @lukaszlenart in #1434
- Bump log4j2.version from 2.25.1 to 2.25.2 by @dependabot[bot] in #1437
- Bump org.jfree:jfreechart from 1.5.5 to 1.5.6 by @dependabot[bot] in #1440
- Bump org.apache.rat:apache-rat-plugin from 0.15 to 0.17 by @dependabot[bot] in #1436
- Bump maven-surefire-plugin.version from 3.5.1 to 3.5.4 by @dependabot[bot] in #1452
- Bump org.apache.maven.plugins:maven-enforcer-plugin from 3.5.0 to 3.6.2 by @dependabot[bot] in #1453
- Bump org.apache.maven.plugins:maven-release-plugin from 3.1.1 to 3.3.0 by @dependabot[bot] in #1454
- Bump org.awaitility:awaitility from 4.2.2 to 4.3.0 by @dependabot[bot] in #1462
- Bump org.apache.maven.plugins:maven-failsafe-plugin from 3.5.1 to 3.5.4 by @dependabot[bot] in #1466
- build(deps): bump log4j2.version from 2.25.2 to 2.25.3 by @dependabot[bot] in #1486
- build(deps): bump org.apache.maven.plugins:maven-site-plugin from 3.20.0 to 3.21.0 by @dependabot[bot] in #1494
- build(deps): bump asm.version from 9.9 to 9.9.1 by @dependabot[bot] in #1495
- build(deps): bump org.apache.maven.plugins:maven-release-plugin from 3.3.0 to 3.3.1 by @dependabot[bot] in #1499
- build(deps): bump org.owasp:dependency-check-maven from 10.0.4 to 12.1.9 by @dependabot[bot] in #1500
- build(deps): bump org.codehaus.mojo:versions-maven-plugin from 2.17.1 to 2.20.1 by @dependabot[bot] in #1501
- build(deps): bump org.codehaus.mojo:exec-maven-plugin from 3.6.2 to 3.6.3 by @dependabot[bot] in #1509
- build(deps-dev): bump commons-logging:commons-logging from 1.3.4 to 1.3.5 by @dependabot[bot] in #1516
- build(deps): bump org.apache.maven.plugins:maven-war-plugin from 3.4.0 to 3.5.1 by @dependabot[bot] in #1519
- build(deps): bump org.easymock:easymock from 5.4.0 to 5.6.0 by @dependabot[bot] in #1520
- build(deps): bump io.github.x-stream:mxparser from 1.2.1 to 1.2.3 by @dependabot[bot] in #1517
- build(deps-dev): bump commons-validator:commons-validator from 1.10.0 to 1.10.1 by @dependabot[bot] in #1523
- build(deps): bump org.apache.maven.plugins:maven-source-plugin from 3.3.1 to 3.4.0 by @dependabot[bot] in #1532
- build(deps-dev): bump org.codehaus.mojo:versions-maven-plugin from 2.20.1 to 2.21.0 by @dependabot[bot] in #1535
- build(deps-dev): bump org.apache.maven.plugins:maven-wrapper-plugin from 3.3.3 to 3.3.4 by @dependabot[bot] in #1542
- build(deps): bump org.assertj:assertj-core from 3.27.6 to 3.27.7 by @dependabot[bot] in #1560
- build(deps): WW-5611 bump org.apache.commons:commons-text from 1.12.0 to 1.15.0 by @dependabot[bot] in #1549
- build(deps): WW-5612 bump jackson.version from 2.20.1 to 2.21.0 by @dependabot[bot] in #1550
- build(deps): bump org.owasp:dependency-check-maven from 12.1.9 to 12.2.0 by @dependabot[bot] in #1527
- build(deps): bump org.apache.maven.plugins:maven-dependency-plugin from 3.9.0 to 3.10.0 by @dependabot[bot] in #1576
- build(deps): bump jackson.version from 2.21.0 to 2.21.1 by @dependabot[bot] in #1599
- build(deps): bump maven-surefire-plugin.version from 3.5.4 to 3.5.5 by @dependabot[bot] in #1600
- build(deps-dev): bump org.apache.maven.plugins:maven-failsafe-plugin from 3.5.4 to 3.5.5 by @dependabot[bot] in #1601
- build(deps-dev): bump commons-logging:commons-logging from 1.3.5 to 1.3.6 by @dependabot[bot] in #1621
- build(deps): bump jackson.version from 2.21.1 to 2.21.2 by @dependabot[bot] in #1635
- build(deps): bump org.apache.maven.doxia:doxia-core from 2.0.0 to 2.1.0 by @dependabot[bot] in #1636
- build(deps): bump org.apache.maven.doxia:doxia-module-markdown from 2.0.0 to 2.1.0 by @dependabot[bot] in #1638
- build(deps): bump log4j2.version from 2.25.3 to 2.25.4 by @dependabot[bot] in #1647
New Contributors
- @ryanmurf made their first contribu...
Contributors
lukaszlenart, ryanmurf, and 4 other contributors
Assets 2
Struts 7.1.1
08a5edd
This commit was signed with the committer’s verified signature.
lukaszlenart
Lukasz Lenart
What's Changed
- WW-5529 Adds autogenerated files with updated desc by @lukaszlenart in #1224
- WW-5532 Upgrade and align various dependencies by @kusalk in #1232
- WW-5376 Fix BOM leaking unrelated dependencies by @kusalk in #1234
- WW-5533 Add compilation support for Jakarta EE 11 by @kusalk in #1233
- WW-5530 make DateConverter work for LocalDate and LocalTime by @bill-humblcloud in #1223
- Uses proper config to avoid failing a build when generating JavaDocs by @lukaszlenart in #1240
- WW-5527 Sync tag with main ftl template. by @gregh3269 in #1212
- WW-5534 Simplify ProxyUtil, add OgnlCache#computeIfAbsent by @kusalk in #1236
- WW-5534 Allow @StrutsParameter recognition and OGNL allowlist for Spring proxies by @kusalk in #1237
- WW-5538 Add conversion handling for java.time.OffsetDateTime by @bill-humblcloud in #1241
- WW-5455 Defines a new plugin to support Jasper Reports 7 by @lukaszlenart in #1124
- WW-5534 Proper fix ModelDriven parameter injection and allowlisting by @kusalk in #1243
- Uses new url for Maven Badges app by @lukaszlenart in #1252
- WW-5544 Marks ReflectionContextFactory as deprecated and uses ActionContext instead by @lukaszlenart in #1255
- WW-5547 Bump com.github.ben-manes.caffeine:caffeine from 3.1.8 to 3.2.0 by @dependabot[bot] in #1257
- WW-5546 Fixes NPE when uploaded file is empty by @lukaszlenart in #1263
- Adjusts required checks to the new structure by @lukaszlenart in #1264
- Uses proper name of check to pass by @lukaszlenart in #1266
- WW-5548 Defines proper request attributes when forwarding or including final path by @lukaszlenart in #1265
- WW-5550 Bump asm.version from 9.7.1 to 9.8 by @dependabot[bot] in #1274
- WW-5551 Bump commons-beanutils:commons-beanutils from 1.9.4 to 1.11.0 in /parent by @dependabot[bot] in #1277
- WW-5552 Bump weld.version from 5.1.2.Final to 6.0.2.Final by @dependabot[bot] in #1270
- WW-5553 Bump com.fasterxml.jackson:jackson-bom from 2.18.3 to 2.19.1 by @dependabot[bot] in #1281
- WW-5557 Bump org.apache.commons:commons-lang3 from 3.17.0 to 3.18.0 in /parent by @dependabot[bot] in #1289
- Defines basic set of files to work with Claude Code by @lukaszlenart in #1295
- Fixes build check for Struts 6.x by @lukaszlenart in #1308
- WW-5554 Bump org.apache.struts:struts-annotations from 1.0.8 to 2.0 by @dependabot[bot] in #1311
- WW-5561 Bump org.apache.commons:commons-text from 1.13.1 to 1.14.0 by @dependabot[bot] in #1312
- WW-5366 Rejects empty files during upload by @lukaszlenart in #1307
- WW-5524 Fixup StrutsConverterFactory by @MFAshby in #1309
- WW-5502 Removes deprecated sanitizeNewlines method by @lukaszlenart in #1319
- WW-5511 Adds missing JavaDocs to addCspHeaders method by @lukaszlenart in #1318
- WW-5565 Bump org.apache.commons:commons-collections4 from 4.4 to 4.5.0 by @dependabot[bot] in #1323
- WW-5566 Bump commons-validator:commons-validator from 1.9.0 to 1.10.0 by @dependabot[bot] in #1325
- WW-5567 Bump org.apache.logging.log4j:log4j-bom from 2.24.3 to 2.25.1 by @dependabot[bot] in #1336
- WW-5569 Bump org.apache.commons:commons-compress from 1.27.1 to 1.28.0 by @dependabot[bot] in #1338
- WW-5504 Allows to use request instead of session attribute to store nonce by @lukaszlenart in #1352
- Improves CLAUDE.md and defines specific subagents by @lukaszlenart in #1363
- WW-5572 Bump org.mockito:mockito-core from 5.15.2 to 5.20.0 by @dependabot[bot] in #1362
- Reverse merge changes from release/7.1.0 by @lukaszlenart in #1364
- WW-5575 Upgrades commons-io to version 2.20.0 by @lukaszlenart in #1367
- WW-5574 Upgrades commons-logging to version 1.3.5 by @lukaszlenart in #1366
- Improve Claude Code agents configuration for Apache Struts by @lukaszlenart in #1376
- WW-5573 Avoids false positive warning if file doesn't exist already by @lukaszlenart in #1365
- WW-5577 Bump org.apache.commons:commons-lang3 from 3.18.0 to 3.19.0 by @dependabot[bot] in #1373
Dependencies
- Bump actions/upload-artifact from 4.6.0 to 4.6.1 by @dependabot[bot] in #1227
- Bump github/codeql-action from 3.28.9 to 3.28.10 by @dependabot[bot] in #1228
- Bump ossf/scorecard-action from 2.4.0 to 2.4.1 by @dependabot[bot] in #1229
- Bump com.fasterxml.jackson:jackson-bom from 2.18.2 to 2.18.3 by @dependabot[bot] in #1238
- Bump org.eclipse.transformer:transformer-maven-plugin from 0.5.0 to 1.0.0 by @dependabot[bot] in #1216
- Bump github/codeql-action from 3.28.10 to 3.28.15 by @dependabot[bot] in #1253
- Bump actions/upload-artifact from 4.6.1 to 4.6.2 by @dependabot[bot] in #1247
- Bump org.apache.maven.doxia:doxia-module-markdown from 1.12.0 to 2.0.0 by @dependabot[bot] in #1245
- Bump byte-buddy.version from 1.17.1 to 1.17.2 by @dependabot[bot] in #1244
- Bump org.apache.maven.plugins:maven-site-plugin from 3.20.0 to 3.21.0 by @dependabot[bot] in #1256
- Bump org.owasp:dependency-check-maven from 10.0.4 to 12.1.1 by @dependabot[bot] in #1259
- Bump github/codeql-action from 3.28.15 to 3.28.17 by @dependabot[bot] in #1261
- Bump org.htmlunit:htmlunit from 4.9.0 to 4.11.1 by @dependabot[bot] in #1258
- Bump org.apache.felix:maven-bundle-plugin from 5.1.9 to 6.0.0 by @dependabot[bot] in #1271
- Bump org.apache.maven.plugins:maven-project-info-reports-plugin from 3.8.0 to 3.9.0 by @dependabot[bot] in #1269
- Bump byte-buddy.version from 1.17.2 to 1.17.5 by @dependabot[bot] in #1268
- Bump org.awaitility:awaitility from 4.2.2 to 4.3.0 by @dependabot[bot] in #1276
- Bump github/codeql-action from 3.28.17 to 3.29.0 by @dependabot[bot] in #1280
- Bump jasperreports7.version from 7.0.1 to 7.0.3 by @dependabot[bot] in #1275
- Bump ossf/scorecard-action from 2.4.1 to 2.4.2 by @dependabot[bot] in #1278
- Bump com.github.ben-manes.caffeine:caffeine from 3.2.0 to 3.2.1 by @dependabot[bot] in #1282
- Bump github/codeql-action from 3.29.0 to 3.29.2 by @dependabot[bot] in #1288
- Bump weld.version from 6.0.2.Final to 6.0.3.Final by @dependabot[bot] in #1284
- Bump org.easymock:easymock from 5.4.0 to 5.6.0 by @dependabot[bot] in #1287
- Bump org.owasp:dependency-check-maven from 12.1.1 to 12.1.3 by @dependabot[bot] in #1290
- Bump maven-surefire-plugin.version from 3.5.2 to 3.5.3 by @dependabot[bot] in #1291
- Bump org.apache.maven.plugins:maven-failsafe-plugin from 3.5.2 to 3.5.3 by @dependabot[bot] in #1292
- Bump org.apache.commons:commons-text from 1.13.0 to 1.13.1 by @dependabot[bot] in #1293
- Bump org.apache.maven.plugins:maven-enforcer-plugin from 3.5.0 to 3.6.1 by @dependabot[bot] in #1296
- Bump com.github.ben-manes.caffeine:caffeine from 3.2.1 to 3.2.2 by @dependabot[bot] in #1297
- Bump org.htmlunit:htmlunit from 4.11.1 to 4.13.0 by @dependabot[bot] in #1298
- Bump org.jfree:jfreechart from 1.5.5 to 1.5.6 by @dependabot[bot] in #1299
- Bump org.codehaus.mojo:exec-maven-plugin from 3.5.0 to 3.5.1 by @dependabot[bot] in #1301
- Bump org.springframework:spring-framework-bom from 6.2.3 to 6.2.9 by @dependabot[bot] in #1304
- Bump github/codeql-action from 3.29.2 to 3.29.5 by @dependabot[bot] in https://github.com/a...
Contributors
lukaszlenart, MFAshby, and 4 other contributors
Assets 2
Struts 6.8.0
80225c7
This commit was signed with the committer’s verified signature.
lukaszlenart
Lukasz Lenart
What's Changed
- WW-5544 Marks ReflectionContextFactory as deprecated and uses ActionContext instead by @lukaszlenart in #1254
- WW-5546 Fixes NPE when uploaded file is empty by @lukaszlenart in #1262
- Cleans up all uploaded files by @lukaszlenart in #1306
- WW-5524 Fixup StrutsConverterFactory - Struts 6 by @lukaszlenart in #1316
- WW-5511 Removes deprecated addCspHeaders method by @lukaszlenart in #1317
- WW-5564 Upgrades commons-fileupload to version 1.6.0 by @lukaszlenart in #1328
- WW-5567 Bump log4j2.version from 2.24.1 to 2.25.1 by @dependabot[bot] in #1330
#1337 - WW-5568 Bump jackson.version from 2.18.0 to 2.20.0 by @dependabot[bot] in #1334
- WW-5570 Bump org.apache.commons:commons-collections4 from 4.4 to 4.5.0 by @dependabot[bot] in #1342
- WW-5571 Bump org.apache.commons:commons-compress from 1.27.1 to 1.28.0 by @dependabot[bot] in #1344
- WW-5504 Allows to use request instead of session attribute to store nonce by @lukaszlenart in #1174
Dependencies
- Bump slf4j.version from 2.0.16 to 2.0.17 by @dependabot[bot] in #1335
- Bump org.apache.maven.plugins:maven-wrapper-plugin from 3.3.2 to 3.3.3 by @dependabot[bot] in
- Bump org.apache.maven.plugins:maven-project-info-reports-plugin from 3.7.0 to 3.9.0 by @dependabot[bot] in #1343
- Bump org.assertj:assertj-core from 3.26.3 to 3.27.4 by @dependabot[bot] in #1345
Full Changelog: STRUTS_6_7_4...STRUTS_6_8_0
Contributors
lukaszlenart and dependabot
Assets 2
Struts 6.7.4
8fb9aba
This commit was signed with the committer’s verified signature.
lukaszlenart
Lukasz Lenart
What's Changed
- WW-5493 Restores parameters and uses getAttributes() by @lukaszlenart in #1141
- Sets version to 6.7.1-SNAPSHOT to prepare for another development cycle by @lukaszlenart in #1150
- WW-5501 Exclude malicious names by @lukaszlenart in #1156
- Updates .asf.yaml to match main by @lukaszlenart in #1158
- Excludes new & old packages by @lukaszlenart in #1167
- WW-5498 Adds devMode errors as action messages to avoid breaking validation logic by @lukaszlenart in #1168
- WW-5500 Extends pattern to validate multipart uploads by @lukaszlenart in #1169
- WW-5501 Only exclude malicious file names by @lukaszlenart in #1181
- WW-5512 Extends the container to support injecting optional parameters into constructor by @lukaszlenart in #1175
- Fixes nightlies builds by @lukaszlenart in #1192
- WW-5516 Fix TemplateDir and Theme fallback to Request/Session/Application attributes by @kusalk in #1190
- Simplifies Jenkinsfile to build Struts 6.x by @lukaszlenart in #1194
- Defines proper snapshot version by @lukaszlenart in #1195
- Defines proper snapshot version for BOM by @lukaszlenart in #1202
- 6.7: WW-5526 Fix AttributeMap NPE when PageContext has no request by @kusalk in #1210
- WW-5501 Ignores DMI related action field by @lukaszlenart in #1211
- 6.7: WW-5528 Ensure multipart upload illegal characters reported as error by @kusalk in #1215
- WW-5501 Reverts all changes related to WW-5501 by @lukaszlenart in #1218
- 6.7: WW-5525 Fix NPE in ProxyUtil for SecurityMemberAccess originating static members by @kusalk in #1220
- Drops unused misleading setter setMaxLength in favour of setMaxlength by @lukaszlenart in #1222
- WW-5531 Enforce JRE8 compatibility (when compiled on JDK9+) by @kusalk in #1225
- WW-5529 Adds autogenerated files with updated desc by @lukaszlenart in #1226
Full Changelog: STRUTS_6_7_0...STRUTS_6_7_4
Contributors
lukaszlenart and kusalk
Assets 2
Struts 7.0.3
4603706
This commit was signed with the committer’s verified signature.
lukaszlenart
Lukasz Lenart
What's Changed
- Adds info about homepage and descritpion to Github repo by @lukaszlenart in #1151
- [readme] add link to struts site commercial support page by @ljharb in #1160
- Adds additional test cases to match Struts packages by @lukaszlenart in #1161
- WW-5503 Removes unused dependencies by @lukaszlenart in #1159
- Uses exact branch name instead of wildcard by @lukaszlenart in #1162
- Add YourKit thank you section by @lukaszlenart in #1165
- Removes checking branch ref and removes branch name as not needed by @lukaszlenart in #1166
- Updates SECURITY.md by @lukaszlenart in #1172
- Updates dependabot.yml by @lukaszlenart in #1173
- WW-5498 Adds devMode errors as action messages to avoid breaking validation logic by @lukaszlenart in #1170
- WW-5500 Extends pattern to validate multipart uploads by @lukaszlenart in #1171
- Add jakarta package to exclusion list by @kusalk in #1179
- WW-5510 Marks support for tooltips as deprecated by @lukaszlenart in #1185
- Adds 6.7.x branch to nigthlies step by @lukaszlenart in #1186
- WW-5517 Fixes <s:debug/> to be compatible with allowlist capability by @lukaszlenart in #1187
- 7.0: WW-5516 Fix TemplateDir and Theme fallback to Request/Session/Application attributes by @kusalk in #1193
- WW-5512 Extends the container to support injecting optional parameters into constructor by @lukaszlenart in #1191
- Improves code quality by @lukaszlenart in #1204
- WW-5526 Fix AttributeMap NPE when PageContext has no request by @kusalk in #1209
- WW-5501 Reverts changes related to WW-5501 by @lukaszlenart in #1219
- WW-5525 Fix NPE in ProxyUtil for SecurityMemberAccess originating static members by @kusalk in #1214
- WW-5525 Fixes NPE when checking if expressions is acceptable by @lukaszlenart in #1201
- WW-5529 Drops unused misleading setter setMaxLength in favor of setMaxlength by @lukaszlenart in #1221
Dependencies
- Bump org.apache.maven.plugins:maven-failsafe-plugin from 3.5.1 to 3.5.2 by @dependabot in #1147
- Bump org.codehaus.mojo:exec-maven-plugin from 3.4.1 to 3.5.0 by @dependabot in #1148
- Bump github/codeql-action from 3.27.7 to 3.27.9 by @dependabot in #1149
- Bump actions/upload-artifact from 4.4.3 to 4.5.0 by @dependabot in #1155
- Bump github/codeql-action from 3.27.9 to 3.28.0 by @dependabot in #1154
- Bump org.codehaus.mojo:versions-maven-plugin from 2.17.1 to 2.18.0 by @dependabot in #1152
- Bump org.freemarker:freemarker from 2.3.33 to 2.3.34 by @dependabot in #1163
- Bump org.apache.velocity:velocity-engine-core from 2.3 to 2.4.1 by @dependabot in #1164
- Bump commons-io:commons-io from 2.15.1 to 2.18.0 by @dependabot in #1133
- Bump log4j2.version from 2.24.2 to 2.24.3 by @dependabot in #1178
- Bump github/codeql-action from 3.28.0 to 3.28.1 by @dependabot in #1182
- Bump actions/upload-artifact from 4.5.0 to 4.6.0 by @dependabot in #1183
- Bump byte-buddy.version from 1.14.11 to 1.15.11 by @dependabot in #1176
- Bump org.sitemesh:sitemesh from 3.2.1 to 3.2.2 by @dependabot in #1189
- Bump github/codeql-action from 3.28.1 to 3.28.5 by @dependabot in #1196
- Bump byte-buddy.version from 1.15.11 to 1.16.1 by @dependabot in #1198
- Bump org.apache.commons:commons-text from 1.12.0 to 1.13.0 by @dependabot in #1199
- Bump github/codeql-action from 3.28.5 to 3.28.8 by @dependabot in #1205
- Bump org.htmlunit:htmlunit from 4.2.0 to 4.9.0 by @dependabot in #1207
- Bump github/codeql-action from 3.28.8 to 3.28.9 by @dependabot in #1217
New Contributors
Full Changelog: STRUTS_7_0_0...STRUTS_7_0_3
Contributors
ljharb, lukaszlenart, and 2 other contributors
Assets 2
Struts 7.0.0
1d95543
This commit was signed with the committer’s verified signature.
lukaszlenart
Lukasz Lenart
What's Changed
- WW-5486 Fixes exposing params added by ServletDispatcherResult by @lukaszlenart in #1123
- WW-5484 Marks the DWR plugin as deprecated by @lukaszlenart in #1126
- WW-5463 Exposes final location as request attribute FORWARD_SERVLET_PATH by @lukaszlenart in #1127
- Always run Sonar scan against the master branch by @lukaszlenart in #921
- Skip Sonar scan on PRs created by Dependabot by @lukaszlenart in #1130
- Uses AND instead of OR to check Sonar prerequisites by @lukaszlenart in #1131
- Merge master into 7.x.x 2024-11-29 by @lukaszlenart in #1134
- Struts 7.0.x by @lukaszlenart in #792
- WW-5405 Prepares to rename master branch into main by @lukaszlenart in #1136
- Bump github/codeql-action from 3.27.5 to 3.27.7 by @dependabot in #1145
- NOJIRA Uses proper filed declarations and fixes generics by @lukaszlenart in #1137
- WW-5405 Uses proper links to build statuses by @lukaszlenart in #1146
Dependencies
- Bump github/codeql-action from 3.27.0 to 3.27.1 by @dependabot in #1125
- Upgrade maven to 3.9.9 and wrapper to 3.3.2 by @sepe81 in #1129
- Bump github/codeql-action from 3.27.1 to 3.27.4 by @dependabot in #1128
- Bump maven-surefire-plugin.version from 3.5.1 to 3.5.2 by @dependabot in #1121
- Bump github/codeql-action from 3.27.4 to 3.27.5 by @dependabot in #1132
- Bump jackson.version from 2.18.0 to 2.18.2 by @dependabot in #1135
- Bump org.apache.maven.plugins:maven-project-info-reports-plugin from 3.7.0 to 3.8.0 by @dependabot in #1122
- Bump org.apache.maven.plugins:maven-dependency-plugin from 3.8.0 to 3.8.1 by @dependabot in #1138
- Bump actions/setup-java from 3 to 4 by @dependabot in #1143
- Bump com.thoughtworks.xstream:xstream from 1.4.20 to 1.4.21 by @dependabot in #1144
- Bump log4j2.version from 2.24.1 to 2.24.2 by @dependabot in #1139
Full Changelog: STRUTS_7_0_0_M10...STRUTS_7_0_0
Contributors
sepe81, lukaszlenart, and dependabot
Assets 2
Struts 6.7.0
1f5305c
This commit was signed with the committer’s verified signature.
lukaszlenart
Lukasz Lenart
What's Changed
- WW-5470 Bump log4j2.version from 2.23.1 to 2.24.1 by @dependabot in #1064
- WW-5469 Bump jackson.version from 2.17.2 to 2.18.0 by @dependabot in #1062
- WW-5471 Marks Sitemesh plugin as deprecated by @lukaszlenart in #1075
- Potential mitigation for WW-5466 by @JCgH4164838Gh792C124B5 in #1068
- WW-3714 Deprecate and repackage common APIs part 1 by @kusalk in #1079
- WW-3714 Deprecate and repackage common APIs part 2 by @kusalk in #1081
- WW-3714 Deprecate and repackage common APIs part 2.5 by @kusalk in #1087
- WW-3714 Deprecate and repackage common APIs part 3 by @kusalk in #1082
- WW-3714 Deprecate and repackage common APIs part 4 by @kusalk in #1083
- WW-3714 Deprecate and repackage common APIs part 5 by @kusalk in #1084
- WW-3714 Deprecate and repackage common APIs part 6 by @kusalk in #1085
- WW-5477 Bump org.apache.commons:commons-lang3 from 3.15.0 to 3.17.0 by @dependabot in #1094
- WW-5476 Deprecates tag's parameters as replaced with attributes by @lukaszlenart in #1096
- WW-5468 Backport @StrutsParameter fix for ModelDriven Actions by @kusalk in #1104
- WW-5478 Deprecate DefaultResultFactory by @kusalk in #1105
- WW-5480 Warn against potential templating bug by @kusalk in #1108
- WW-3714 Move new Result class into result package by @kusalk in #1109
- WW-5459 Move new Action class into action package by @kusalk in #1115
- WW-5459 Deprecate and repackage ActionChainResult by @kusalk in #1116
- WW-3714 Ensure correct delegation of deprecated API methods by @kusalk in #1117
- WW-5484 Marks the DWR plugin as deprecated by @lukaszlenart in #1126
Dependencies
- Bump github/codeql-action from 3.26.8 to 3.26.12 by @dependabot in #1073
- Bump actions/upload-artifact from 4.4.0 to 4.4.3 by @dependabot in #1074
- Bump commons-logging:commons-logging from 1.3.3 to 1.3.4 by @dependabot in #1061
- Bump org.apache.maven.plugins:maven-project-info-reports-plugin from 3.6.2 to 3.7.0 by @dependabot in #1065
- Bump github/codeql-action from 3.26.12 to 3.26.13 by @dependabot in #1090
- Bump maven-surefire-plugin.version from 3.5.0 to 3.5.1 by @dependabot in #1092
- Bump org.apache.maven.plugins:maven-failsafe-plugin from 3.3.1 to 3.5.1 by @dependabot in #1095
- Bump org.apache.maven.doxia:doxia-core from 1.12.0 to 2.0.0 by @dependabot in #1093
- Bump github/codeql-action from 3.26.13 to 3.27.0 by @dependabot in #1102
- Bump asm.version from 9.7 to 9.7.1 by @dependabot in #1098
- Bump github/codeql-action from 3.27.0 to 3.27.1 by @dependabot in #1125
Full Changelog: STRUTS_6_6_1...STRUTS_6_7_0
Contributors
lukaszlenart, dependabot, and 2 other contributors
Assets 2
Struts 7.0.0-M10
5760d45
This commit was signed with the committer’s verified signature.
lukaszlenart
Lukasz Lenart
What's Changed
- WW-5411 Delete more deprecated code by @kusalk in #1002
- WW-5448 Bump org.apache.commons:commons-lang3 from 3.14.0 to 3.15.0 by @dependabot in #1000
- WW-5411 General code clean up using modern language features by @kusalk in #1003
- WW-5411 WW-5386 Delete final deprecated code by @kusalk in #1004
- WW-5449 Make Velocity Tools dependency optional for Velocity plugin by @kusalk in #1005
- WW-5451 Fixes NPE when iterator starts with null by @lukaszlenart in #1008
- WW-5454 Log warnings on startup for disabled critical security features by @kusalk in #1010
- WW-5453 Rename VelocityManager interface and default implementation by @kusalk in #1009
- WW-4062 Cache OgnlException thrown on compilation by @kusalk in #1013
- WW-4062 Further optimisation of OgnlException caching by @kusalk in #1021
- WW-5450 Uses existing Jakarta constants instead of free hand strings by @lukaszlenart in #1034
- WW-5461 Extends UploadedFile with inputName field by @lukaszlenart in #1040
- WW-5461 Extends UploadedFile with inputName field by @lukaszlenart in #1041
- WW-5458 Replaces e.printStackTrace() with proper logger by @lukaszlenart in #1043
- WW-5297 Fixes checking nonce of invalidated session by @lukaszlenart in #1060
- WW-5470 Bump log4j2.version from 2.23.1 to 2.24.1 by @dependabot in #1064
- WW-5469 Bump jackson.version from 2.17.2 to 2.18.0 by @dependabot in #1062
- WW-5468 Exempt ModelDriven Actions from @StrutsParameter requirement by @kusalk in #1072
- WW-5471 Marks Sitemesh plugin as deprecated by @lukaszlenart in #1075
- WW-5473 Fixes examining multiple HttpServletWrappers to find MultiPartRequestWrapper by @lukaszlenart in #1078
- WW-5465 Renames tag parameters to attributes by @lukaszlenart in #1067
- Potential mitigation for WW-5466 by @JCgH4164838Gh792C124B5 in #1068
- WW-5472 Removes Struts Sitemesh plugin by @lukaszlenart in #1077
- WW-5209 Upgrade to Jakarta Bean Validation 3.1.0 by @lukaszlenart in #1089
- WW-5427 Upgrades Freemarker incompatible_improvements to version 2.3.33 by @lukaszlenart in #1088
- WW-3714 Deprecate and repackage common APIs part 1 by @kusalk in #1079
- WW-3714 Deprecate and repackage common APIs part 2 by @kusalk in #1081
- WW-3714 Deprecate and repackage common APIs part 2.5 by @kusalk in #1087
- WW-3714 Deprecate and repackage common APIs part 3 by @kusalk in #1082
- WW-3714 Deprecate and repackage common APIs part 4 by @kusalk in #1083
- WW-3714 Deprecate and repackage common APIs part 5 by @kusalk in #1084
- WW-3714 Deprecate and repackage common APIs part 6 by @kusalk in #1085
- WW-5476 Deprecates tag's parameters as replaced with attributes by @lukaszlenart in #1096
- WW-5468 Backport @StrutsParameter fix for ModelDriven Actions by @kusalk in #1104
- WW-3714 Moves all classes from com.opensymphony.xwork2 into org.apache.struts2 by @lukaszlenart in #1036
- WW-5478 Deprecate DefaultResultFactory by @kusalk in #1105
- WW-5480 Warn against potential templating bug by @kusalk in #1108
- WW-5479 Delete deprecated DefaultResultFactory by @kusalk in #1107
- WW-3714 Move new Result class into result package by @kusalk in #1111
- WW-3714 Move new Result class into result package by @kusalk in #1109
- WW-5459 Moves Action & ActionChainResult into proper packages by @lukaszlenart in #1112
- WW-5459 Move new Action class into action package by @kusalk in #1115
- WW-5459 Deprecate and repackage ActionChainResult by @kusalk in #1116
- WW-3714 Ensure correct delegation of deprecated API methods by @kusalk in #1117
- WW-5481 Extract text related classes into org.apache.struts2.text by @lukaszlenart in #1113
- WW-5482 Extract locale related classes into org.apache.struts2.locale by @lukaszlenart in #1114
Dependencies
- Bump github/codeql-action from 2.22.11 to 3.25.15 by @dependabot in #1011
- Bump actions/upload-artifact from 4.3.4 to 4.3.5 by @dependabot in #1012
- Bump org.apache.maven.plugins:maven-project-info-reports-plugin from 3.5.0 to 3.6.2 by @dependabot in #997
- Bump org.owasp:dependency-check-maven from 9.2.0 to 10.0.3 by @dependabot in #998
- Bump ossf/scorecard-action from 2.3.3 to 2.4.0 by @dependabot in #1006
- Bump actions/upload-artifact from 4.3.5 to 4.3.6 by @dependabot in #1014
- Bump github/codeql-action from 3.25.15 to 3.26.0 by @dependabot in #1015
- Bump commons-logging:commons-logging from 1.3.0 to 1.3.3 by @dependabot in #1016
- Bump org.apache.maven.plugins:maven-wrapper-plugin from 3.2.0 to 3.3.2 by @dependabot in #1017
- Bump org.codehaus.mojo:versions-maven-plugin from 2.16.2 to 2.17.1 by @dependabot in #1018
- Bump org.apache.maven.plugins:maven-failsafe-plugin from 3.3.0 to 3.3.1 by @dependabot in #1019
- Bump github/codeql-action from 3.26.0 to 3.26.2 by @dependabot in #1026
- Bump maven-surefire-plugin.version from 3.3.1 to 3.4.0 by @dependabot in #1022
- Bump org.easymock:easymock from 5.2.0 to 5.4.0 by @dependabot in #1020
- Bump org.apache.maven.plugins:maven-release-plugin from 3.0.1 to 3.1.1 by @dependabot in #1025
- Bump slf4j.version from 2.0.13 to 2.0.16 by @dependabot in #1028
- Bump org.apache.commons:commons-compress from 1.26.2 to 1.27.1 by @dependabot in #1031
- Bump actions/upload-artifact from 4.3.6 to 4.4.0 by @dependabot in #1037
- Bump github/codeql-action from 3.26.2 to 3.26.6 by @dependabot in #1038
- Bump spring.platformVersion from 5.3.37 to 5.3.39 by @dependabot in #1030
- Bump org.jfree:jfreechart from 1.5.4 to 1.5.5 by @dependabot in #1049
- Bump maven-surefire-plugin.version from 3.4.0 to 3.5.0 by @dependabot in #1046
- Bump org.assertj:assertj-core from 3.25.3 to 3.26.3 by @dependabot in #1047
- Bump org.apache.maven.plugins:maven-dependency-plugin from 3.6.1 to 3.8.0 by @dependabot in #1048
- Bump org.awaitility:awaitility from 4.2.1 to 4.2.2 by @dependabot in #1050
- Bump org.apache.maven.plugins:maven-site-plugin from 3.12.1 to 3.20.0 by @dependabot in #1053
- Bump org.owasp:dependency-check-maven from 10.0.3 to 10.0.4 by @dependabot in #1054
- Bump org.codehaus.mojo:exec-maven-plugin from 3.3.0 to 3.4.1 by @dependabot in #1057
- Bump github/codeql-action from 3.26.6 to 3.26.8 by @dependabot in #1058
- Bump github/codeql-action from 3.26.8 to 3.26.12 by @dependabot in #1073
- Bump actions/upload-artifact from 4.4.0 to 4.4.3 by @dependabot in #1074
- Bump commons-logging:commons-logging from 1.3.3 to 1.3.4 by @dependabot in #1061
- Bump org.apache.maven.plugins:maven-project-info-reports-plugin from 3.6.2 to 3.7.0 by @dependabot in #1065
- Bump github/codeql-action from 3.26.12 to 3.26.13 by @dependabot in #1090
- Bump maven-surefire-plugin.version from 3.5.0 to 3.5.1 by @dependabot in #1092
- Bump org.apache.maven.plugins:maven-failsafe-plugin from 3.3.1 to 3.5.1 by @dependabot in #1095
- Bump org.apache.maven.doxia:doxia-core from 1.12.0 to 2.0.0 by @dependabot in #1093
- Bump github/codeql-action from 3.26.13 t...
Contributors
lukaszlenart, dependabot, and 2 other contributors
Assets 2
Struts 6.6.1
c812450
This commit was signed with the committer’s verified signature.
lukaszlenart
Lukasz Lenart
What's Changed
- WW-5448 Bump org.apache.commons:commons-lang3 from 3.14.0 to 3.15.0 by @dependabot in #1000
- WW-5451 Fixes NPE when iterator starts with null by @lukaszlenart in #1008
- WW-4062 Cache OgnlException thrown on compilation by @kusalk in #1013
- WW-4062 Further optimisation of OgnlException caching by @kusalk in #1021
- WW-5461 Extends UploadedFile with inputName field by @lukaszlenart in #1040
- WW-5297 Fixes checking nonce of invalidated session by @lukaszlenart in #1060
Dependecies
- Bump github/codeql-action from 2.22.11 to 3.25.15 by @dependabot in #1011
- Bump actions/upload-artifact from 4.3.4 to 4.3.5 by @dependabot in #1012
- Bump org.apache.maven.plugins:maven-project-info-reports-plugin from 3.5.0 to 3.6.2 by @dependabot in #997
- Bump org.owasp:dependency-check-maven from 9.2.0 to 10.0.3 by @dependabot in #998
- Bump ossf/scorecard-action from 2.3.3 to 2.4.0 by @dependabot in #1006
- Bump actions/upload-artifact from 4.3.5 to 4.3.6 by @dependabot in #1014
- Bump github/codeql-action from 3.25.15 to 3.26.0 by @dependabot in #1015
- Bump commons-logging:commons-logging from 1.3.0 to 1.3.3 by @dependabot in #1016
- Bump org.apache.maven.plugins:maven-wrapper-plugin from 3.2.0 to 3.3.2 by @dependabot in #1017
- Bump org.codehaus.mojo:versions-maven-plugin from 2.16.2 to 2.17.1 by @dependabot in #1018
- Bump org.apache.maven.plugins:maven-failsafe-plugin from 3.3.0 to 3.3.1 by @dependabot in #1019
- Bump github/codeql-action from 3.26.0 to 3.26.2 by @dependabot in #1026
- Bump maven-surefire-plugin.version from 3.3.1 to 3.4.0 by @dependabot in #1022
- Bump org.easymock:easymock from 5.2.0 to 5.4.0 by @dependabot in #1020
- Bump org.apache.maven.plugins:maven-release-plugin from 3.0.1 to 3.1.1 by @dependabot in #1025
- Bump slf4j.version from 2.0.13 to 2.0.16 by @dependabot in #1028
- Bump org.apache.commons:commons-compress from 1.26.2 to 1.27.1 by @dependabot in #1031
- Bump actions/upload-artifact from 4.3.6 to 4.4.0 by @dependabot in #1037
- Bump github/codeql-action from 3.26.2 to 3.26.6 by @dependabot in #1038
- Bump spring.platformVersion from 5.3.37 to 5.3.39 by @dependabot in #1030
- Bump org.jfree:jfreechart from 1.5.4 to 1.5.5 by @dependabot in #1049
- Bump maven-surefire-plugin.version from 3.4.0 to 3.5.0 by @dependabot in #1046
- Bump org.assertj:assertj-core from 3.25.3 to 3.26.3 by @dependabot in #1047
- Bump org.apache.maven.plugins:maven-dependency-plugin from 3.6.1 to 3.8.0 by @dependabot in #1048
- Bump org.awaitility:awaitility from 4.2.1 to 4.2.2 by @dependabot in #1050
- Bump org.apache.maven.plugins:maven-site-plugin from 3.12.1 to 3.20.0 by @dependabot in #1053
- Bump org.owasp:dependency-check-maven from 10.0.3 to 10.0.4 by @dependabot in #1054
- Bump org.codehaus.mojo:exec-maven-plugin from 3.3.0 to 3.4.1 by @dependabot in #1057
- Bump github/codeql-action from 3.26.6 to 3.26.8 by @dependabot in #1058
Full Changelog: STRUTS_6_6_0...STRUTS_6_6_1
Contributors
lukaszlenart, dependabot, and kusalk
Assets 2
Struts 7.0.0-M9
571c7ef
This commit was signed with the committer’s verified signature.
lukaszlenart
Lukasz Lenart
What's Changed
- WW-5441 Bump net.sf.jasperreports:jasperreports to 6.21.3 by @kusalk in #985
- WW-5428 Stop further excessive logging in DevMode by @kusalk in #987
- WW-5443 Bump Spring dependencies to 5.3.37 by @kusalk in #990
- WW-5442 Enforce allowlist for OgnlReflectionProvider by @kusalk in #988
- WW-5440 Fix OGNL allowlist compat with Convention plugin by @kusalk in #986
Dependencies
- Bump jackson.version from 2.17.1 to 2.17.2 by @dependabot in #993
- Bump maven-surefire-plugin.version from 3.2.5 to 3.3.1 by @dependabot in #994
Full Changelog: STRUTS_7_0_0_M8...STRUTS_7_0_0_M9
Contributors
dependabot and kusalk