These are the notes for the Struts 2.3.33 distribution.
For prior notes in this release series, see Version Notes 2.3.32
- If you are a Maven user, you might want to get started using the Maven Archetype.
- Another quick-start entry point is the blank application. Rename and deploy the WAR as a starting point for your own development.
- There is huge number of examples you can also use as a starting point for you application here
<dependency>
<groupId>org.apache.struts</groupId>
<artifactId>struts2-core</artifactId>
<version>2.3.33</version>
</dependency>
You can also use Struts Archetype Catalog like below
mvn archetype:generate -DarchetypeCatalog=http://struts.apache.org/
<repositories>
<repository>
<id>apache.nexus</id>
<name>ASF Nexus Staging</name>
<url>https://repository.apache.org/content/groups/staging/</url>
</repository>
</repositories>
Internal Changes
Possible RCE in the Struts Showcase app in the Struts 1 plugin example in Struts 2.3.x series, see S2-048
A DoS attack is available for Spring secured actions, see S2-049
Bug
- [WW-4735] - EmailValidator does not accept new domain suffixes
- [WW-4770] - Revision number still missing from dojo.js and dojo.js.uncompressed.js
- [WW-4802] - Strange Behavior Parsing Action Requests
Improvement
- [WW-4805] - At least a DoS attack is available for Spring secured actions
Issue Detail
Issue List
Other resources