Bump struts2.version from 6.3.0.2 to 6.4.0

[dependabot[bot]]

Bumps struts2.version from 6.3.0.2 to 6.4.0. Updates org.apache.struts:struts2-core from 6.3.0.2 to 6.4.0

Release notes

Sourced from org.apache.struts:struts2-core's releases.

Struts 6.4.0

What's Changed

• WW-5341 Ensure exclusion list applies to objects from all ClassLoaders by @​kusalk in apache/struts#741
• WW-5342 Add option to block use of default package by @​kusalk in apache/struts#742
• WW-5339 Misc clean up in CompoundRootAccessor and OgnlValueStackTest by @​kusalk in apache/struts#745
• WW-5340 Preliminary refactor of OgnlUtil by @​kusalk in apache/struts#746
• [WW-5346] replace BeanManager::createInjectionTarget by @​hepptho in apache/struts#754
• WW-5340 Introducing OGNL Guard by @​kusalk in apache/struts#747
• WW-5348 Allow overriding of logging behaviour in DefaultAcceptedPatternsChecker by @​kusalk in apache/struts#757
• [WW-5338] Removes deprecated OgnlTool by @​lukaszlenart in apache/struts#758
• [WW-5344] Un-deprecates Sitemesh plugin and upgrades Sitmesh to ver 2.5.0 by @​lukaszlenart in apache/struts#759
• WW-5340 Mild refactor StrutsOgnlGuard for easier subclassing by @​kusalk in apache/struts#760
• WW-5349 Remove Struts core dependency on OGNL VarRefs by @​kusalk in apache/struts#763
• WW-5354 Ensure ActionSupport fields are not parameter injectable by @​kusalk in apache/struts#765
• WW-5355 Integrate W-TinyLfu cache and use by default by @​kusalk in apache/struts#766
• Improved the StrutsUrlDecoder so that charset retrieval is performed only once. by @​mygreen in apache/struts#773
• WW-5358 Expand exclusion lists by @​kusalk in apache/struts#774
• WW-5350 Refactor SecurityMemberAccess by @​kusalk in apache/struts#780
• [WW-5333] Refactors AttributeMap by @​lukaszlenart in apache/struts#779
• WW-5363 Velocity: read chained contexts before ValueStack by @​kusalk in apache/struts#789
• WW-5350 Implement OGNL Allowlist capability by @​kusalk in apache/struts#781
• WW-5363 Remove redundant method from VelocityManager by @​kusalk in apache/struts#793
• WW-5343 Make SecurityMemberAccess an extensible bean by @​kusalk in apache/struts#791
• WW-5364 Automatically populate OGNL allowlist by @​kusalk in apache/struts#800
• WW-5339 Add option to block custom OGNL maps by @​kusalk in apache/struts#806
• [WW-5370] Makes HttpParameters case-insensitive by @​lukaszlenart in apache/struts#807
• [WW-5371] Modern upload by @​lukaszlenart in apache/struts#808
• WW-5364 Add missing system allowlist classes by @​kusalk in apache/struts#815
• [WW-5373] Update JavaDoc CspReportAction.java by @​assachs in apache/struts#814
• [WW-5328] Removes deprecated setters by @​lukaszlenart in apache/struts#811
• [WW-5362] Removes type attribute out of tag by @​lukaszlenart in apache/struts#812
• WW-5378 Add option to NOT fallback to context lookup when finding value on OgnlValueStack by @​kusalk in apache/struts#821
• WW-5364 Add String.class to system allowlist by @​kusalk in apache/struts#828
• WW-5381 Introduce RootAccessor interface for extension point by @​kusalk in apache/struts#823
• WW-5379 Implement alternative mechanism for Velocity directives to obtain ValueStack by @​kusalk in apache/struts#822
• WW-5352 Repackage ParametersInterceptor and related classes by @​kusalk in apache/struts#829
• WW-5381 Introduce extension point for CompoundRootAccessor by @​kusalk in apache/struts#824
• [WW-5383] Updates RegEx to excludes JARs by default by @​lukaszlenart in apache/struts#830
• WW-5382 Fix stale injections in Dispatcher by @​kusalk in apache/struts#826
• WW-5381 Introduce extension point for MethodAccessor by @​kusalk in apache/struts#825
• WW-5352 Refactor ParametersInterceptor by @​kusalk in apache/struts#831
• [WW-5365] Reverts changes introduced in WW-5192 to allow evaluate the value attribute of Radio tag by @​lukaszlenart in apache/struts#835
• WW-5352 Clean up OgnlValueStackTest by @​kusalk in apache/struts#841
• [WW-5387] Fixes remove() signature by @​lukaszlenart in apache/struts#844
• [WW-5369] Re-define minimal library set by @​lukaszlenart in apache/struts#847
• [WW-5374] Allows to prepend reportUri with Servlet context by @​lukaszlenart in apache/struts#845
• [WW-5357] Adds support for disabled attribute to anchor tag by @​lukaszlenart in apache/struts#848
• WW-5352 Introducing the StrutsParameter annotation by @​kusalk in apache/struts#832
• [WW-5360] Introduces additional countStr & indexStr to allow to ignore conversion by @​lukaszlenart in apache/struts#852
• WW-5391 Add interface for VelocityManager extension point by @​kusalk in apache/struts#867

... (truncated)

Commits

• See full diff in compare view

Updates org.apache.struts:struts2-config-browser-plugin from 6.3.0.2 to 6.4.0

Updates org.apache.struts:struts2-convention-plugin from 6.3.0.2 to 6.4.0

Updates org.apache.struts:struts2-bean-validation-plugin from 6.3.0.2 to 6.4.0

Updates org.apache.struts:struts2-junit-plugin from 6.3.0.2 to 6.4.0

Updates org.apache.struts:struts2-jfreechart-plugin from 6.3.0.2 to 6.4.0

Updates org.apache.struts:struts2-json-plugin from 6.3.0.2 to 6.4.0

Updates org.apache.struts:struts2-spring-plugin from 6.3.0.2 to 6.4.0

Updates org.apache.struts:struts2-portlet-plugin from 6.3.0.2 to 6.4.0

Updates org.apache.struts:struts2-dwr-plugin from 6.3.0.2 to 6.4.0

Updates org.apache.struts:struts2-portlet-tiles-plugin from 6.3.0.2 to 6.4.0

Updates org.apache.struts:struts2-rest-plugin from 6.3.0.2 to 6.4.0

Updates org.apache.struts:struts2-tiles-plugin from 6.3.0.2 to 6.4.0

Updates org.apache.struts:struts2-jasperreports-plugin from 6.3.0.2 to 6.4.0

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)