struts
struts copied to clipboard
apache
Mirror of Apache Struts
Assumption: - keys will always be Strings Extracted abstract class for similar logic for entries Resolves [WW-5196](https://issues.apache.org/jira/browse/WW-5196)
Hello Apache Struts Team. This is an initial attempt to fix the dependency-injection behaviour for the custom expression and BeanInfo cache factory mechanism introduced in 6.0.0 (was 2.6). It took...
Implements [WW-5184](https://issues.apache.org/jira/browse/WW-5184) * Add optional parameter value check to ParametersInterceptor * Add Unit Tests
block unknow exp to clean excludedPackageNames and excludedClasses if attacker use 'excluded'+'PackageNames' likes blow, this patch can protect structs ``` %{ (#request.a=#@org.apache.commons.collections.BeanMap@{}) + (#request.a.setBean(#request.get('struts.valueStack')) == true) + (#request.b=#@org.apache.commons.collections.BeanMap@{}) + (#request.b.setBean(#request.get('a').get('context')))...
Implements [WW-4520](https://issues.apache.org/jira/browse/WW-4520)
We recently ran into an issue with the TokenSessionStoreInterceptor due to it's synchronized block holding until the action invocation returns. If a different action requires to check something related with...
Fixes [WW-5233](https://issues.apache.org/jira/browse/WW-5233)
Fixes [WW-3691](https://issues.apache.org/jira/browse/WW-3691)
SNAPSHOT build is available in ASF [Snapshot repository](https://struts.apache.org/builds.html#maven-snapshots) or you can download Nightlies build from [here](https://nightlies.apache.org/struts/snapshot/)
Closes [WW-5401](https://issues.apache.org/jira/browse/WW-5401)