6.1 Release Notes - Version 1.5.0 Release Candidate 2
Introduction
This section contains release notes for changes that have taken place to Struts, since the Version 1.5.0 Release Candidate 1 distribution. To keep up-to-date on all changes to the framework, subscribe to the (commits at struts.apache.org) list. To preview our plans for upcoming changes, please visit the Roadmap page.
- Notes on upgrading are maintained in the Wiki Upgrade pages. The wiki is a community maintained resource - please feel free to add your input so that everyone can benefit from the collective experience.
For the version requirements of each library, see the Installation chapter.
Breaking changes
- Changes to FileUpload handling:
- Method FormFile.destroy: throws an IOException.
- Method MultipartRequestHandler.elementsFile: returns HashMap<String, FormFile[];> instead Hashtable<String, List<FormFile>>
- Method MockMultipartRequestHandler.elementsFile: returns HashMap<String, FormFile[];> instead Hashtable<String, List<FormFile>>
Issue Tracking
Bug
- Correct file-upload-example
- Add missing "maven-release-plugin" 3.0.1
- Add missing "maven-antrun-plugin" 3.1.0
- Exclude "doc-files" from export-packages in "MANIFEST.MF"
- Add "CVE-2008-2025" info to "README"
- JS validate email remove useless regular-expression character escape
- Correct OSGi/JPMS name from integration-test-apps
Improvement
- Add "versions-maven-plugin" 2.16.2 for updates reports
- Security - Digester: Resolving XML external entity in user-controlled data
- Fix for "CVE-2023-49735" Apache Tiles: Unvalidated input may lead to path traversal and XXE
- Fix for "CVE-2023-34396" Apache Struts vulnerable to memory exhaustion
- Add filtering for Option "text" when "filter" is set to "true"
- Ensure Input-/OutputStream is closed and use try-with-resources
- Fix for Apache Struts "CVE-2012-1007" Multiple Cross Site Scripting Vulnerabilities (Sample apps)
- Change cryptographic algorithm from "MD5" to "SHA-256" for token generation
- Improvements in FileUpload handling
- Add property "multiple" to "html:file", "html-el:file" and "nested:file"
Task
- Bump "webdrivermanager" from 5.6.2 to 5.7.0
- Bump "htmlunit" from 3.9.0 to 3.11.0
- Bump "cargo-maven3-plugin" from 1.10.11 to 1.10.12
- Bump "maven-jxr-plugin" from 3.3.1 to 3.3.2
- Bump "checkstyle" from 10.12.6 to 10.14.0
- Bump "junit-jupiter-api" from 5.10.1 to 5.10.2
- Bump "slf4j-api", "slf4j-simple" and "jcl-over-slf4j" from 2.0.9 to 2.0.12
- Bump "selenium-api" and "selenium-java" from 4.16.1 to 4.18.1
- Bump "groovy" from 4.0.17 to 4.0.18
- Bump "maven-failsafe/surefire-[report]-plugin" from 3.2.3 to 3.2.5
- Add example for multiple-file-upload
- Update "README.md" to version 1.5.0-RC2
- Set Version to 1.5.0-RC2
Next: Installation