struts-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From lukaszlen...@apache.org
Subject svn commit: r999592 [1/2] - in /websites/production/struts/content: ./ docs/
Date Tue, 18 Oct 2016 06:08:01 GMT
Author: lukaszlenart
Date: Tue Oct 18 06:08:01 2016
New Revision: 999592

Log:
Updates production

Added:
    websites/production/struts/content/docs/s2-042.html
    websites/production/struts/content/docs/s2-043.html
    websites/production/struts/content/docs/version-notes-2331.html
    websites/production/struts/content/docs/version-notes-255.html
Modified:
    websites/production/struts/content/announce.html
    websites/production/struts/content/docs/constant-configuration.html
    websites/production/struts/content/docs/json-plugin.html
    websites/production/struts/content/docs/migration-guide.html
    websites/production/struts/content/docs/security-bulletins.html
    websites/production/struts/content/docs/tiles-plugin.html
    websites/production/struts/content/docs/version-notes-251.html
    websites/production/struts/content/docs/version-notes-252.html
    websites/production/struts/content/index.html

Modified: websites/production/struts/content/announce.html
==============================================================================
--- websites/production/struts/content/announce.html (original)
+++ websites/production/struts/content/announce.html Tue Oct 18 06:08:01 2016
@@ -124,6 +124,43 @@
   Skip to: <a href="announce-2015.html">Announcements - 2015</a>
 </p>
 
+<h4 id="a20161018">18 October 2016 - Struts 2.3.31 General Availability</h4>
+
+<p>The Apache Struts group is pleased to announce that Struts 2.3.31 is available as a “General Availability”
+release. The GA designation is our highest quality grade.</p>
+
+<p>Apache Struts 2 is an elegant, extensible framework for creating enterprise-ready Java web applications.
+The framework is designed to streamline the full development cycle, from building, to deploying,
+to maintaining applications over time.</p>
+
+<p>This release addresses two potential security vulnerabilities:</p>
+
+<ul>
+  <li>Possible path traversal in the Convention plugin <a href="/docs/s2-042.html">S2-042</a></li>
+  <li>Using the Config Browser plugin in production <a href="/docs/s2-043.html">S2-043</a></li>
+</ul>
+
+<p>Also this release contains several breaking changes and improvements just to mention few of them:</p>
+
+<ul>
+  <li>webconsole can always be accessed, see WW-4601</li>
+  <li>Space character and includeParams,see WW-4628</li>
+  <li>ParametersInterceptor excludeParams only applies to first instance of params interceptor in paramsPrepareParamsStack,see WW-4667</li>
+  <li>Select box does not pre-select chosen values,see WW-4675</li>
+  <li>StrutsPrepareAndExecuteFilter should check for response committed status,see WW-4674</li>
+  <li>Allow directly accessing I18N keys from Tiles definitions,see WW-4685</li>
+</ul>
+
+<p><strong>All developers are strongly advised to perform this action.</strong></p>
+
+<p>The 2.3.x series of the Apache Struts framework has a minimum requirement of the following specification versions:
+Servlet API 2.4, JSP API 2.0, and Java 6.</p>
+
+<p>Should any issues arise with your use of any version of the Struts framework, please post your comments
+to the user list, and, if appropriate, file a tracking ticket.</p>
+
+<p>You can download this version from our <a href="download.cgi#struts-2331">download</a> page.</p>
+
 <h4 id="a20160707">7 July 2016 - Struts 2.5.2 General Availability</h4>
 
 <p>The Apache Struts group is pleased to announce that Struts 2.5.2 is available as a “General Availability”

Modified: websites/production/struts/content/docs/constant-configuration.html
==============================================================================
--- websites/production/struts/content/docs/constant-configuration.html (original)
+++ websites/production/struts/content/docs/constant-configuration.html Tue Oct 18 06:08:01 2016
@@ -138,31 +138,24 @@ under the License.
 
     <div class="pagecontent">
         <div class="wiki-content">
-            <div id="ConfluenceContent"><p>Constants provide a simple way to customize a Struts application by defining key settings that modify framework and plugin behavior.  There are two key roles for constants.  First, they are used to override settings like the maximum file upload size or whether the Struts framework should be in "devMode" or not, and so on. Second, they specify which <a shape="rect" href="bean-configuration.html">Bean</a> implementation, among multiple implementations of a given type, should be chosen.  </p>
-
-<p>Constants can be declared in multiple files.  By default, constants are searched for in the following order, allowing for subsequent files to override previous ones:</p>
-
-<ol><li><a shape="rect" href="struts-defaultxml.html">struts-default.xml</a></li><li>struts-plugin.xml</li><li><a shape="rect" href="strutsxml.html">struts.xml</a></li><li><a shape="rect" href="strutsproperties.html">struts.properties</a></li><li><a shape="rect" href="webxml.html">web.xml</a></li></ol>
-
-
-<p><img class="emoticon emoticon-warning" src="https://cwiki.apache.org/confluence/s/en_GB/5982/f2b47fb3d636c8bc9fd0b11c0ec6d0ae18646be7.1/_/images/icons/emoticons/warning.png" data-emoticon-name="warning" alt="(warning)"> The <code>struts.properties</code> file is provided for backward-compatiblity with WebWork.</p>
-
-<h2 id="ConstantConfiguration-Constant">Constant</h2>
-
-<p>In the various XML variants, the constant element has two required attributes: <code>name</code> and <code>value</code>.  </p>
-
-<div class="table-wrap"><table class="confluenceTable"><tbody><tr><th colspan="1" rowspan="1" class="confluenceTh"><p> Attribute </p></th><th colspan="1" rowspan="1" class="confluenceTh"><p> Required </p></th><th colspan="1" rowspan="1" class="confluenceTh"><p> Description </p></th></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p> name </p></td><td colspan="1" rowspan="1" class="confluenceTd"><p> <strong>yes</strong> </p></td><td colspan="1" rowspan="1" class="confluenceTd"><p> the name of the constant </p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p> value </p></td><td colspan="1" rowspan="1" class="confluenceTd"><p> <strong>yes</strong> </p></td><td colspan="1" rowspan="1" class="confluenceTd"><p> the value of the constant </p></td></tr></tbody></table></div>
-
-
-<p>In the <a shape="rect" href="strutsproperties.html">struts.properties</a> file, each entry is treated as a constant.</p>
-
-<p>In the <a shape="rect" href="webxml.html">web.xml</a> file, any FilterDispatcher initialization parameters are loaded as constants.</p>
-
-<h3 id="ConstantConfiguration-Sampleusage">Sample usage </h3>
-
-<div class="code panel pdl" style="border-width: 1px;"><div class="codeHeader panelHeader pdl" style="border-bottom-width: 1px;"><b>Constant Example (struts.xml)</b></div><div class="codeContent panelContent pdl">
-<pre class="brush: xml; gutter: false; theme: Default" style="font-size:12px;">
-&lt;struts&gt;
+            <div id="ConfluenceContent"><p><style type="text/css">/*<![CDATA[*/
+div.rbtoc1476770250347 {padding: 0px;}
+div.rbtoc1476770250347 ul {list-style: disc;margin-left: 0px;}
+div.rbtoc1476770250347 li {margin-left: 0px;padding-left: 0px;}
+
+/*]]>*/</style></p><div class="toc-macro rbtoc1476770250347">
+<ul class="toc-indentation"><li><a shape="rect" href="#ConstantConfiguration-Constant">Constant</a>
+<ul class="toc-indentation"><li><a shape="rect" href="#ConstantConfiguration-Valuesubstitution">Value substitution</a></li><li><a shape="rect" href="#ConstantConfiguration-Sampleusage">Sample usage</a></li></ul>
+</li></ul>
+</div><p>Constants provide a simple way to customize a Struts application by defining key settings that modify framework and plugin behavior. There are two key roles for constants. First, they are used to override settings like the maximum file upload size or whether the Struts framework should be in "devMode" or not, and so on. Second, they specify which <a shape="rect" href="bean-configuration.html">Bean</a> implementation, among multiple implementations of a given type, should be chosen.</p><p>Constants can be declared in multiple files. By default, constants are searched for in the following order, allowing for subsequent files to override previous ones:</p><ol><li><a shape="rect" href="struts-defaultxml.html">struts-default.xml</a></li><li>struts-plugin.xml</li><li><a shape="rect" href="strutsxml.html">struts.xml</a></li><li><a shape="rect" href="strutsproperties.html">struts.properties</a></li><li><a shape="rect" href="webxml.html">web.xml</a></li></ol><p><img class="emoticon 
 emoticon-warning" src="https://cwiki.apache.org/confluence/s/en_GB/5982/f2b47fb3d636c8bc9fd0b11c0ec6d0ae18646be7.1/_/images/icons/emoticons/warning.png" data-emoticon-name="warning" alt="(warning)"> The <code>struts.properties</code> file is provided for backward-compatiblity with WebWork.</p><h2 id="ConstantConfiguration-Constant">Constant</h2><p>In the various XML variants, the constant element has two required attributes: <code>name</code> and <code>value</code>.</p><div class="table-wrap"><table class="confluenceTable"><tbody><tr><th colspan="1" rowspan="1" class="confluenceTh"><p>Attribute</p></th><th colspan="1" rowspan="1" class="confluenceTh"><p>Required</p></th><th colspan="1" rowspan="1" class="confluenceTh"><p>Description</p></th></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>name</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><strong>yes</strong></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>the name of the constant</p></td></tr><
 tr><td colspan="1" rowspan="1" class="confluenceTd"><p>value</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><strong>yes</strong></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>the value of the constant</p></td></tr></tbody></table></div><p>In the <a shape="rect" href="strutsproperties.html">struts.properties</a> file, each entry is treated as a constant.</p><p>In the <a shape="rect" href="webxml.html">web.xml</a> file, any FilterDispatcher initialization parameters are loaded as constants.</p><h3 id="ConstantConfiguration-Valuesubstitution">Value substitution</h3><p>Since Apache Struts 2.5.6 it is possible to use value substitution when defining <code>constant</code>s in&#160;<code>struts.xml</code> file. You can also define a default value if given System property or ENV variable is missing, see example below:</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
+<pre class="brush: xml; gutter: false; theme: Default" style="font-size:12px;">&lt;struts&gt;
+    &lt;constant name="os" value="Current OS = ${os.name}"/&gt;
+
+
+    &lt;constant name="struts.devMode" value="${ENV.STRUTS_DEV_MODE:false}"/&gt;
+&lt;/struts&gt;</pre>
+</div></div><p>Note: substitution is limited to System properties and ENV variables and works only for&#160;<code>constant</code>s (as for now).</p><h3 id="ConstantConfiguration-Sampleusage">Sample usage</h3><div class="code panel pdl" style="border-width: 1px;"><div class="codeHeader panelHeader pdl" style="border-bottom-width: 1px;"><b>Constant Example (struts.xml)</b></div><div class="codeContent panelContent pdl">
+<pre class="brush: xml; gutter: false; theme: Default" style="font-size:12px;">&lt;struts&gt;
 
   &lt;constant name="struts.devMode" value="true" /&gt;
 
@@ -170,19 +163,11 @@ under the License.
 
 &lt;/struts&gt;
 </pre>
-</div></div>
-
-<div class="code panel pdl" style="border-width: 1px;"><div class="codeHeader panelHeader pdl" style="border-bottom-width: 1px;"><b>Constant Example (struts.properties)</b></div><div class="codeContent panelContent pdl">
-<pre class="brush: java; gutter: false; theme: Default" style="font-size:12px;">
-struts.devMode = true
+</div></div><div class="code panel pdl" style="border-width: 1px;"><div class="codeHeader panelHeader pdl" style="border-bottom-width: 1px;"><b>Constant Example (struts.properties)</b></div><div class="codeContent panelContent pdl">
+<pre class="brush: java; gutter: false; theme: Default" style="font-size:12px;">struts.devMode = true
 </pre>
-</div></div>
-
-
-<div class="code panel pdl" style="border-width: 1px;"><div class="codeHeader panelHeader pdl" style="border-bottom-width: 1px;"><b>Constant Example (web.xml)</b></div><div class="codeContent panelContent pdl">
-<pre class="brush: xml; gutter: false; theme: Default" style="font-size:12px;">
-
-&lt;web-app id="WebApp_9" version="2.4" 
+</div></div><div class="code panel pdl" style="border-width: 1px;"><div class="codeHeader panelHeader pdl" style="border-bottom-width: 1px;"><b>Constant Example (web.xml)</b></div><div class="codeContent panelContent pdl">
+<pre class="brush: xml; gutter: false; theme: Default" style="font-size:12px;">&lt;web-app id="WebApp_9" version="2.4" 
 	xmlns="http://java.sun.com/xml/ns/j2ee" 
 	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
 	xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"&gt;

Modified: websites/production/struts/content/docs/json-plugin.html
==============================================================================
--- websites/production/struts/content/docs/json-plugin.html (original)
+++ websites/production/struts/content/docs/json-plugin.html Tue Oct 18 06:08:01 2016
@@ -138,7 +138,20 @@ under the License.
 
     <div class="pagecontent">
         <div class="wiki-content">
-            <div id="ConfluenceContent"><p>The JSON pluginprovides a "json" result type that serializes actions into JSON. The serialization process is recursive, meaning that the whole object graph, starting on the action class (base class not included) will be serialized (root object can be customized using the "root" attribute). If the interceptor is used, the action will be populated from the JSON content in the request, these are the rules of the interceptor:</p><ol><li>The "content-type" must be "application/json"</li><li>The JSON content must be well formed, see <a shape="rect" class="external-link" href="http://www.json.org" rel="nofollow">json.org</a> for grammar.</li><li>Action must have a public "setter" method for fields that must be populated.</li><li>Supported types for population are: Primitives (int,long...String), Date, List, Map, Primitive Arrays, Other class (more on this later), and Array of Other class.</li><li>Any object in JSON, that is to be populated inside 
 a list, or a map, will be of type Map (mapping from properties to values), any whole number will be of type Long, any decimal number will be of type Double, and any array of type List.</li></ol><p>Given this JSON string:</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
+            <div id="ConfluenceContent"><p><style type="text/css">/*<![CDATA[*/
+div.rbtoc1476770251369 {padding: 0px;}
+div.rbtoc1476770251369 ul {list-style: disc;margin-left: 0px;}
+div.rbtoc1476770251369 li {margin-left: 0px;padding-left: 0px;}
+
+/*]]>*/</style></p><div class="toc-macro rbtoc1476770251369">
+<ul class="toc-indentation"><li><a shape="rect" href="#JSONPlugin-Installation">Installation</a></li><li><a shape="rect" href="#JSONPlugin-CustomizingSerializationandDeserialization">Customizing Serialization and Deserialization</a>
+<ul class="toc-indentation"><li><a shape="rect" href="#JSONPlugin-Excludingproperties">Excluding properties</a></li><li><a shape="rect" href="#JSONPlugin-Includingproperties">Including properties</a></li><li><a shape="rect" href="#JSONPlugin-RootObject">Root Object</a></li><li><a shape="rect" href="#JSONPlugin-Wrapping">Wrapping</a></li><li><a shape="rect" href="#JSONPlugin-WrapwithComments">Wrap with Comments</a></li><li><a shape="rect" href="#JSONPlugin-Prefix">Prefix</a></li><li><a shape="rect" href="#JSONPlugin-BaseClasses">Base Classes</a></li><li><a shape="rect" href="#JSONPlugin-Enumerations">Enumerations</a></li><li><a shape="rect" href="#JSONPlugin-Compressingtheoutput.">Compressing the output.</a></li><li><a shape="rect" href="#JSONPlugin-Preventingthebrowserfromcachingtheresponse">Preventing the browser from caching the response</a></li><li><a shape="rect" href="#JSONPlugin-Excludingpropertieswithnullvalues">Excluding properties with null values</a></li><li><a shape="rect
 " href="#JSONPlugin-StatusandErrorcode">Status and Error code</a></li><li><a shape="rect" href="#JSONPlugin-JSONP">JSONP</a></li><li><a shape="rect" href="#JSONPlugin-ContentType">Content Type</a></li><li><a shape="rect" href="#JSONPlugin-Encoding">Encoding</a></li></ul>
+</li><li><a shape="rect" href="#JSONPlugin-Example">Example</a>
+<ul class="toc-indentation"><li><a shape="rect" href="#JSONPlugin-SetupAction">Setup Action</a></li><li><a shape="rect" href="#JSONPlugin-Writethemappingfortheaction">Write the mapping for the action</a>
+<ul class="toc-indentation"><li><a shape="rect" href="#JSONPlugin-JSONexampleoutput">JSON example output</a></li><li><a shape="rect" href="#JSONPlugin-AcceptingJSON">Accepting JSON</a></li></ul>
+</li></ul>
+</li><li><a shape="rect" href="#JSONPlugin-JSONRPC">JSON RPC</a></li><li><a shape="rect" href="#JSONPlugin-Proxiedobjects">Proxied objects</a></li></ul>
+</div><p>The JSON pluginprovides a "json" result type that serializes actions into JSON. The serialization process is recursive, meaning that the whole object graph, starting on the action class (base class not included) will be serialized (root object can be customized using the "root" attribute). If the interceptor is used, the action will be populated from the JSON content in the request, these are the rules of the interceptor:</p><ol><li>The "content-type" must be "application/json"</li><li>The JSON content must be well formed, see <a shape="rect" class="external-link" href="http://www.json.org" rel="nofollow">json.org</a> for grammar.</li><li>Action must have a public "setter" method for fields that must be populated.</li><li>Supported types for population are: Primitives (int,long...String), Date, List, Map, Primitive Arrays, Other class (more on this later), and Array of Other class.</li><li>Any object in JSON, that is to be populated inside a list, or a map, will be of type 
 Map (mapping from properties to values), any whole number will be of type Long, any decimal number will be of type Double, and any array of type List.</li></ol><p>Given this JSON string:</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
 <pre class="brush: java; gutter: false; theme: Default" style="font-size:12px;">{
    "doubleValue": 10.10,
    "nestedBean": {
@@ -406,7 +419,12 @@ public class JSONExample extends ActionS
 </pre>
 </div></div><h4 id="JSONPlugin-AcceptingJSON">Accepting JSON</h4><p>Your actions can accept incoming JSON if they are in package which uses&#160;<code>json</code> interceptor or by adding reference to it as follow:</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
 <pre class="brush: java; gutter: false; theme: Default" style="font-size:12px;">@InterceptorRef(value="json")</pre>
-</div></div><h2 id="JSONPlugin-JSONRPC">JSON RPC</h2><p>The json plugin can be used to execute action methods from javascript and return the output. This feature was developed with Dojo in mind, so it uses <a shape="rect" class="external-link" href="http://manual.dojotoolkit.org/WikiHome/DojoDotBook/Book9" rel="nofollow">Simple Method Definition</a> to advertise the remote service. Let's work it out with an example(useless as most examples).</p><p>First write the action:</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
+</div></div><p>By default <code>Content-Type</code>&#160;of value <code>application/json</code>&#160;is recognised to be used for de-serialisation and&#160;<code>application/json-rpc</code> to execute SMD processing. You can override those settings be defining&#160;<code>jsonContentType</code> and&#160;<code>jsonRpcContentType</code> params, see example:</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
+<pre class="brush: xml; gutter: false; theme: Default" style="font-size:12px;">&lt;interceptor-ref name="json"&gt;
+  &lt;param name="jsonContentType"&gt;text/json&lt;/param&gt;
+  &lt;param name="jsonRpcContentType"&gt;text/json-rpc&lt;/param&gt;
+&lt;/interceptor-ref&gt;</pre>
+</div></div><p>Please be aware that those are scoped params per stack, which means, once set it will be used by actions in scope of this stack.</p><h2 id="JSONPlugin-JSONRPC">JSON RPC</h2><p>The json plugin can be used to execute action methods from javascript and return the output. This feature was developed with Dojo in mind, so it uses <a shape="rect" class="external-link" href="http://manual.dojotoolkit.org/WikiHome/DojoDotBook/Book9" rel="nofollow">Simple Method Definition</a> to advertise the remote service. Let's work it out with an example(useless as most examples).</p><p>First write the action:</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
 <pre class="brush: java; gutter: false; theme: Default" style="font-size:12px;">package smd;
 
 import com.googlecode.jsonplugin.annotations.SMDMethod;

Modified: websites/production/struts/content/docs/migration-guide.html
==============================================================================
--- websites/production/struts/content/docs/migration-guide.html (original)
+++ websites/production/struts/content/docs/migration-guide.html Tue Oct 18 06:08:01 2016
@@ -125,7 +125,7 @@ under the License.
 
     <div class="pagecontent">
         <div class="wiki-content">
-            <div id="ConfluenceContent"><p>Getting here from there.</p><h3 id="MigrationGuide-VersionNotes2.5.x">Version Notes 2.5.x</h3><ul><li><a shape="rect" href="version-notes-252.html">Version Notes 2.5.2</a></li><li><a shape="rect" href="version-notes-251.html">Version Notes 2.5.1</a></li><li><a shape="rect" href="version-notes-25.html">Version Notes 2.5</a></li></ul><h3 id="MigrationGuide-VersionNotes2.3.x">Version Notes 2.3.x</h3><ul><li><a shape="rect" href="version-notes-2330.html">Version Notes 2.3.30</a></li><li><a shape="rect" href="version-notes-2329.html">Version Notes 2.3.29</a></li><li><a shape="rect" href="version-notes-23281.html">Version Notes 2.3.28.1</a></li><li><a shape="rect" href="version-notes-2328.html">Version Notes 2.3.28</a></li><li><a shape="rect" href="version-notes-23243.html">Version Notes 2.3.24.3</a></li><li><a shape="rect" href="version-notes-23241.html">Version Notes 2.3.24.1</a></li><li><a shape="rect" href="version-notes-2324.html">Version No
 tes 2.3.24</a></li><li><a shape="rect" href="version-notes-23203.html">Version Notes 2.3.20.3</a></li><li><a shape="rect" href="version-notes-23201.html">Version Notes 2.3.20.1</a></li><li><a shape="rect" href="version-notes-2320.html">Version Notes 2.3.20</a></li><li><a shape="rect" href="version-notes-23163.html">Version Notes 2.3.16.3</a></li><li><a shape="rect" href="version-notes-23162.html">Version Notes 2.3.16.2</a></li><li><a shape="rect" href="version-notes-2316.html">Version Notes 2.3.16.1</a></li><li><a shape="rect" href="version-notes-2316.html">Version Notes 2.3.16</a></li><li><a shape="rect" href="version-notes-23153.html">Version Notes 2.3.15.3</a></li><li><a shape="rect" href="version-notes-23152.html">Version Notes 2.3.15.2</a></li><li><a shape="rect" href="version-notes-23151.html">Version Notes 2.3.15.1</a></li><li><a shape="rect" href="version-notes-2315.html">Version Notes 2.3.15</a></li><li><a shape="rect" href="version-notes-23143.html">Version Notes 2.3.14.3<
 /a></li><li><a shape="rect" href="version-notes-23142.html">Version Notes 2.3.14.2</a></li><li><a shape="rect" href="version-notes-23141.html">Version Notes 2.3.14.1</a></li><li><a shape="rect" href="version-notes-2314.html">Version Notes 2.3.14</a></li><li><a shape="rect" href="version-notes-23120.html">Version Notes 2.3.12.0</a></li><li><a shape="rect" href="version-notes-238.html">Version Notes 2.3.8</a></li><li><a shape="rect" href="version-notes-237.html">Version Notes 2.3.7</a></li><li><a shape="rect" href="version-notes-2341.html">Version Notes 2.3.4.1</a></li><li><a shape="rect" href="version-notes-234.html">Version Notes 2.3.4</a></li><li><a shape="rect" href="version-notes-233.html">Version Notes 2.3.3</a></li><li><a shape="rect" href="version-notes-2312.html">Version Notes 2.3.1.2</a></li><li><a shape="rect" href="version-notes-2311.html">Version Notes 2.3.1.1</a></li><li><a shape="rect" href="version-notes-231.html">Version Notes 2.3.1</a></li></ul><h3 id="MigrationGuide
 -VersionNotes2.2.x">Version Notes 2.2.x</h3><ul><li><a shape="rect" href="version-notes-2231.html">Version Notes 2.2.3.1</a></li><li><a shape="rect" href="version-notes-223.html">Version Notes 2.2.3</a></li><li><a shape="rect" href="version-notes-2211.html">Version Notes 2.2.1.1</a></li><li><a shape="rect" href="version-notes-221.html">Version Notes 2.2.1</a></li></ul><h3 id="MigrationGuide-VersionNotes2.1.x">Version Notes 2.1.x</h3><ul><li><a shape="rect" href="version-notes-2181.html">Version Notes 2.1.8.1</a></li><li><a shape="rect" href="version-notes-218.html">Version Notes 2.1.8</a></li><li><a shape="rect" href="version-notes-216.html">Version Notes 2.1.6</a></li><li><a shape="rect" href="version-notes-215.html">Version Notes 2.1.5</a></li><li><a shape="rect" href="version-notes-214.html">Version Notes 2.1.4</a></li><li><a shape="rect" href="version-notes-213.html">Version Notes 2.1.3</a></li><li><a shape="rect" href="version-notes-212.html">Version Notes 2.1.2</a></li><li><a 
 shape="rect" href="version-notes-211.html">Version Notes 2.1.1</a></li><li><a shape="rect" href="version-notes-210.html">Version Notes 2.1.0</a></li></ul><h3 id="MigrationGuide-ReleaseNotes2.0.x">Release Notes 2.0.x</h3><ul><li><a shape="rect" href="release-notes-2014.html">Release Notes 2.0.14</a></li><li><a shape="rect" href="release-notes-2013.html">Release Notes 2.0.13</a></li><li><a shape="rect" href="release-notes-2012.html">Release Notes 2.0.12</a></li><li><a shape="rect" href="release-notes-20112.html">Release Notes 2.0.11.2</a></li><li><a shape="rect" href="release-notes-20111.html">Release Notes 2.0.11.1</a></li><li><a shape="rect" href="release-notes-2011.html">Release Notes 2.0.11</a></li><li><a shape="rect" href="release-notes-2010.html">Release Notes 2.0.10</a></li><li><a shape="rect" href="release-notes-209.html">Release Notes 2.0.9</a></li><li><a shape="rect" href="release-notes-208.html">Release Notes 2.0.8</a></li><li><a shape="rect" href="release-notes-207.html">R
 elease Notes 2.0.7</a></li><li><a shape="rect" href="release-notes-206.html">Release Notes 2.0.6</a></li><li><a shape="rect" href="release-notes-205.html">Release Notes 2.0.5</a></li><li><a shape="rect" href="release-notes-204.html">Release Notes 2.0.4</a></li><li><a shape="rect" href="release-notes-203.html">Release Notes 2.0.3</a></li><li><a shape="rect" href="release-notes-202.html">Release Notes 2.0.2</a></li><li><a shape="rect" href="release-notes-201.html">Release Notes 2.0.1</a></li><li><a shape="rect" href="release-notes-200.html">Release Notes 2.0.0</a></li></ul><h3 id="MigrationGuide-Struts2.3toStruts2.5">Struts 2.3 to Struts 2.5</h3><div class="table-wrap"><table class="confluenceTable"><tbody><tr><th colspan="1" rowspan="1" class="confluenceTh"><p><a shape="rect" href="struts-23-to-25-migration.html">Struts 2.3 to 2.5 migration</a></p></th><td colspan="1" rowspan="1" class="confluenceTd">Migration guide.</td></tr></tbody></table></div><h3 id="MigrationGuide-Struts1toStru
 ts2">Struts 1 to Struts 2</h3><div class="table-wrap"><table class="confluenceTable"><tbody><tr><th colspan="1" rowspan="1" class="confluenceTh"><p><a shape="rect" href="comparing-struts-1-and-2.html">Comparing Struts 1 and 2</a></p></th><td colspan="1" rowspan="1" class="confluenceTd"><p>How are Struts 1 and Struts 2 alike? How are they different?</p></td></tr><tr><th colspan="1" rowspan="1" class="confluenceTh"><p><a shape="rect" href="struts-1-solutions.html">Struts 1 Solutions</a></p></th><td colspan="1" rowspan="1" class="confluenceTd"><p>Various issues (and hopefully their solutions!) encountered during migrations to Struts 2.</p></td></tr><tr><th colspan="1" rowspan="1" class="confluenceTh"><p><a shape="rect" href="migration-strategies.html">Migration Strategies</a></p></th><td colspan="1" rowspan="1" class="confluenceTd"><p>Steps and overall strategies for migrating Struts 1 applications to Struts 2.</p></td></tr><tr><th colspan="1" rowspan="1" class="confluenceTh"><p><a sha
 pe="rect" href="migration-tools.html">Migration Tools</a></p></th><td colspan="1" rowspan="1" class="confluenceTd"><p>Development tools to help aid the migration process.</p></td></tr></tbody></table></div><h4 id="MigrationGuide-Tutorials">Tutorials</h4><div class="table-wrap"><table class="confluenceTable"><tbody><tr><th colspan="1" rowspan="1" class="confluenceTh"><p><a shape="rect" class="external-link" href="http://www.infoq.com/news/migrating-struts2" rel="nofollow">Migrating Applications to Struts 2 </a></p></th><td colspan="1" rowspan="1" class="confluenceTd"><p>A three-part series by Ian Roughley (Sep 2006)</p></td></tr></tbody></table></div><h4 id="MigrationGuide-Roadmap">Roadmap</h4><div class="table-wrap"><table class="confluenceTable"><tbody><tr><th colspan="1" rowspan="1" class="confluenceTh"><p><a shape="rect" class="external-link" href="http://struts.apache.org/roadmap.html#new">Roadmap FAQ</a></p></th><td colspan="1" rowspan="1" class="confluenceTd"><p>What's in stor
 e for Struts 2?</p></td></tr><tr><th colspan="1" rowspan="1" class="confluenceTh"><p><a shape="rect" class="external-link" href="http://www.oreillynet.com/onjava/blog/2006/10/my_history_of_struts_2.html" rel="nofollow">A History of Struts 2</a></p></th><td colspan="1" rowspan="1" class="confluenceTd"><p>Don Brown's summary of events</p></td></tr></tbody></table></div><h3 id="MigrationGuide-Webwork2.2toStruts2">Webwork 2.2 to Struts 2</h3><div class="table-wrap"><table class="confluenceTable"><tbody><tr><th colspan="1" rowspan="1" class="confluenceTh"><p><a shape="rect" href="key-changes-from-webwork-2.html">Key Changes From WebWork 2</a></p></th><td colspan="1" rowspan="1" class="confluenceTd"><p>What has been removed or changed from WebWork 2.2 to Struts 2</p></td></tr><tr><th colspan="1" rowspan="1" class="confluenceTh"><p><a shape="rect" href="webwork-2-migration-strategies.html">WebWork 2 Migration Strategies</a></p></th><td colspan="1" rowspan="1" class="confluenceTd"><p>Steps 
 and overall strategies for migrating WebWork 2 applications to Struts 2.</p></td></tr></tbody></table></div><h2 id="MigrationGuide-FAQs">FAQs</h2><ul><li><a shape="rect" href="where-do-we-get-the-latest-version-the-framework.html">Where do we get the latest version the framework</a>?</li><li><a shape="rect" href="what-are-some-of-the-frameworks-best-features.html">What are some of the framework's best features</a>?</li><li><a shape="rect" href="what-is-the-actioncontext.html">What is the ActionContext?</a></li></ul><h2 id="MigrationGuide-Next:">Next: <a shape="rect" href="contributors-guide.html">Contributors Guide</a></h2></div>
+            <div id="ConfluenceContent"><p>Getting here from there.</p><h3 id="MigrationGuide-VersionNotes2.5.x">Version Notes 2.5.x</h3><ul><li><a shape="rect" href="version-notes-255.html">Version Notes 2.5.5</a></li><li><a shape="rect" href="version-notes-252.html">Version Notes 2.5.2</a></li><li><a shape="rect" href="version-notes-251.html">Version Notes 2.5.1</a></li><li><a shape="rect" href="version-notes-25.html">Version Notes 2.5</a></li></ul><h3 id="MigrationGuide-VersionNotes2.3.x">Version Notes 2.3.x</h3><ul><li><a shape="rect" href="version-notes-2331.html">Version Notes 2.3.31</a></li><li><a shape="rect" href="version-notes-2330.html">Version Notes 2.3.30</a></li><li><a shape="rect" href="version-notes-2329.html">Version Notes 2.3.29</a></li><li><a shape="rect" href="version-notes-23281.html">Version Notes 2.3.28.1</a></li><li><a shape="rect" href="version-notes-2328.html">Version Notes 2.3.28</a></li><li><a shape="rect" href="version-notes-23243.html">Version Notes 2.3
 .24.3</a></li><li><a shape="rect" href="version-notes-23241.html">Version Notes 2.3.24.1</a></li><li><a shape="rect" href="version-notes-2324.html">Version Notes 2.3.24</a></li><li><a shape="rect" href="version-notes-23203.html">Version Notes 2.3.20.3</a></li><li><a shape="rect" href="version-notes-23201.html">Version Notes 2.3.20.1</a></li><li><a shape="rect" href="version-notes-2320.html">Version Notes 2.3.20</a></li><li><a shape="rect" href="version-notes-23163.html">Version Notes 2.3.16.3</a></li><li><a shape="rect" href="version-notes-23162.html">Version Notes 2.3.16.2</a></li><li><a shape="rect" href="version-notes-2316.html">Version Notes 2.3.16.1</a></li><li><a shape="rect" href="version-notes-2316.html">Version Notes 2.3.16</a></li><li><a shape="rect" href="version-notes-23153.html">Version Notes 2.3.15.3</a></li><li><a shape="rect" href="version-notes-23152.html">Version Notes 2.3.15.2</a></li><li><a shape="rect" href="version-notes-23151.html">Version Notes 2.3.15.1</a></
 li><li><a shape="rect" href="version-notes-2315.html">Version Notes 2.3.15</a></li><li><a shape="rect" href="version-notes-23143.html">Version Notes 2.3.14.3</a></li><li><a shape="rect" href="version-notes-23142.html">Version Notes 2.3.14.2</a></li><li><a shape="rect" href="version-notes-23141.html">Version Notes 2.3.14.1</a></li><li><a shape="rect" href="version-notes-2314.html">Version Notes 2.3.14</a></li><li><a shape="rect" href="version-notes-23120.html">Version Notes 2.3.12.0</a></li><li><a shape="rect" href="version-notes-238.html">Version Notes 2.3.8</a></li><li><a shape="rect" href="version-notes-237.html">Version Notes 2.3.7</a></li><li><a shape="rect" href="version-notes-2341.html">Version Notes 2.3.4.1</a></li><li><a shape="rect" href="version-notes-234.html">Version Notes 2.3.4</a></li><li><a shape="rect" href="version-notes-233.html">Version Notes 2.3.3</a></li><li><a shape="rect" href="version-notes-2312.html">Version Notes 2.3.1.2</a></li><li><a shape="rect" href="ve
 rsion-notes-2311.html">Version Notes 2.3.1.1</a></li><li><a shape="rect" href="version-notes-231.html">Version Notes 2.3.1</a></li></ul><h3 id="MigrationGuide-VersionNotes2.2.x">Version Notes 2.2.x</h3><ul><li><a shape="rect" href="version-notes-2231.html">Version Notes 2.2.3.1</a></li><li><a shape="rect" href="version-notes-223.html">Version Notes 2.2.3</a></li><li><a shape="rect" href="version-notes-2211.html">Version Notes 2.2.1.1</a></li><li><a shape="rect" href="version-notes-221.html">Version Notes 2.2.1</a></li></ul><h3 id="MigrationGuide-VersionNotes2.1.x">Version Notes 2.1.x</h3><ul><li><a shape="rect" href="version-notes-2181.html">Version Notes 2.1.8.1</a></li><li><a shape="rect" href="version-notes-218.html">Version Notes 2.1.8</a></li><li><a shape="rect" href="version-notes-216.html">Version Notes 2.1.6</a></li><li><a shape="rect" href="version-notes-215.html">Version Notes 2.1.5</a></li><li><a shape="rect" href="version-notes-214.html">Version Notes 2.1.4</a></li><li><
 a shape="rect" href="version-notes-213.html">Version Notes 2.1.3</a></li><li><a shape="rect" href="version-notes-212.html">Version Notes 2.1.2</a></li><li><a shape="rect" href="version-notes-211.html">Version Notes 2.1.1</a></li><li><a shape="rect" href="version-notes-210.html">Version Notes 2.1.0</a></li></ul><h3 id="MigrationGuide-ReleaseNotes2.0.x">Release Notes 2.0.x</h3><ul><li><a shape="rect" href="release-notes-2014.html">Release Notes 2.0.14</a></li><li><a shape="rect" href="release-notes-2013.html">Release Notes 2.0.13</a></li><li><a shape="rect" href="release-notes-2012.html">Release Notes 2.0.12</a></li><li><a shape="rect" href="release-notes-20112.html">Release Notes 2.0.11.2</a></li><li><a shape="rect" href="release-notes-20111.html">Release Notes 2.0.11.1</a></li><li><a shape="rect" href="release-notes-2011.html">Release Notes 2.0.11</a></li><li><a shape="rect" href="release-notes-2010.html">Release Notes 2.0.10</a></li><li><a shape="rect" href="release-notes-209.html"
 >Release Notes 2.0.9</a></li><li><a shape="rect" href="release-notes-208.html">Release Notes 2.0.8</a></li><li><a shape="rect" href="release-notes-207.html">Release Notes 2.0.7</a></li><li><a shape="rect" href="release-notes-206.html">Release Notes 2.0.6</a></li><li><a shape="rect" href="release-notes-205.html">Release Notes 2.0.5</a></li><li><a shape="rect" href="release-notes-204.html">Release Notes 2.0.4</a></li><li><a shape="rect" href="release-notes-203.html">Release Notes 2.0.3</a></li><li><a shape="rect" href="release-notes-202.html">Release Notes 2.0.2</a></li><li><a shape="rect" href="release-notes-201.html">Release Notes 2.0.1</a></li><li><a shape="rect" href="release-notes-200.html">Release Notes 2.0.0</a></li></ul><h3 id="MigrationGuide-Struts2.3toStruts2.5">Struts 2.3 to Struts 2.5</h3><div class="table-wrap"><table class="confluenceTable"><tbody><tr><th colspan="1" rowspan="1" class="confluenceTh"><p><a shape="rect" href="struts-23-to-25-migration.html">Struts 2.3 to 2
 .5 migration</a></p></th><td colspan="1" rowspan="1" class="confluenceTd">Migration guide.</td></tr></tbody></table></div><h3 id="MigrationGuide-Struts1toStruts2">Struts 1 to Struts 2</h3><div class="table-wrap"><table class="confluenceTable"><tbody><tr><th colspan="1" rowspan="1" class="confluenceTh"><p><a shape="rect" href="comparing-struts-1-and-2.html">Comparing Struts 1 and 2</a></p></th><td colspan="1" rowspan="1" class="confluenceTd"><p>How are Struts 1 and Struts 2 alike? How are they different?</p></td></tr><tr><th colspan="1" rowspan="1" class="confluenceTh"><p><a shape="rect" href="struts-1-solutions.html">Struts 1 Solutions</a></p></th><td colspan="1" rowspan="1" class="confluenceTd"><p>Various issues (and hopefully their solutions!) encountered during migrations to Struts 2.</p></td></tr><tr><th colspan="1" rowspan="1" class="confluenceTh"><p><a shape="rect" href="migration-strategies.html">Migration Strategies</a></p></th><td colspan="1" rowspan="1" class="confluenceTd
 "><p>Steps and overall strategies for migrating Struts 1 applications to Struts 2.</p></td></tr><tr><th colspan="1" rowspan="1" class="confluenceTh"><p><a shape="rect" href="migration-tools.html">Migration Tools</a></p></th><td colspan="1" rowspan="1" class="confluenceTd"><p>Development tools to help aid the migration process.</p></td></tr></tbody></table></div><h4 id="MigrationGuide-Tutorials">Tutorials</h4><div class="table-wrap"><table class="confluenceTable"><tbody><tr><th colspan="1" rowspan="1" class="confluenceTh"><p><a shape="rect" class="external-link" href="http://www.infoq.com/news/migrating-struts2" rel="nofollow">Migrating Applications to Struts 2 </a></p></th><td colspan="1" rowspan="1" class="confluenceTd"><p>A three-part series by Ian Roughley (Sep 2006)</p></td></tr></tbody></table></div><h4 id="MigrationGuide-Roadmap">Roadmap</h4><div class="table-wrap"><table class="confluenceTable"><tbody><tr><th colspan="1" rowspan="1" class="confluenceTh"><p><a shape="rect" cla
 ss="external-link" href="http://struts.apache.org/roadmap.html#new">Roadmap FAQ</a></p></th><td colspan="1" rowspan="1" class="confluenceTd"><p>What's in store for Struts 2?</p></td></tr><tr><th colspan="1" rowspan="1" class="confluenceTh"><p><a shape="rect" class="external-link" href="http://www.oreillynet.com/onjava/blog/2006/10/my_history_of_struts_2.html" rel="nofollow">A History of Struts 2</a></p></th><td colspan="1" rowspan="1" class="confluenceTd"><p>Don Brown's summary of events</p></td></tr></tbody></table></div><h3 id="MigrationGuide-Webwork2.2toStruts2">Webwork 2.2 to Struts 2</h3><div class="table-wrap"><table class="confluenceTable"><tbody><tr><th colspan="1" rowspan="1" class="confluenceTh"><p><a shape="rect" href="key-changes-from-webwork-2.html">Key Changes From WebWork 2</a></p></th><td colspan="1" rowspan="1" class="confluenceTd"><p>What has been removed or changed from WebWork 2.2 to Struts 2</p></td></tr><tr><th colspan="1" rowspan="1" class="confluenceTh"><p><a
  shape="rect" href="webwork-2-migration-strategies.html">WebWork 2 Migration Strategies</a></p></th><td colspan="1" rowspan="1" class="confluenceTd"><p>Steps and overall strategies for migrating WebWork 2 applications to Struts 2.</p></td></tr></tbody></table></div><h2 id="MigrationGuide-FAQs">FAQs</h2><ul><li><a shape="rect" href="where-do-we-get-the-latest-version-the-framework.html">Where do we get the latest version the framework</a>?</li><li><a shape="rect" href="what-are-some-of-the-frameworks-best-features.html">What are some of the framework's best features</a>?</li><li><a shape="rect" href="what-is-the-actioncontext.html">What is the ActionContext?</a></li></ul><h2 id="MigrationGuide-Next:">Next: <a shape="rect" href="contributors-guide.html">Contributors Guide</a></h2></div>
         </div>
 
                     <div class="tabletitle">
@@ -140,6 +140,12 @@ under the License.
                     <span class="smalltext">(Apache Struts 2 Documentation)</span>
                     <br>
                                     $page.link($child)
+                    <span class="smalltext">(Apache Struts 2 Documentation)</span>
+                    <br>
+                                    $page.link($child)
+                    <span class="smalltext">(Apache Struts 2 Documentation)</span>
+                    <br>
+                                    $page.link($child)
                     <span class="smalltext">(Apache Struts 2 Documentation)</span>
                     <br>
                                     $page.link($child)

Added: websites/production/struts/content/docs/s2-042.html
==============================================================================
--- websites/production/struts/content/docs/s2-042.html (added)
+++ websites/production/struts/content/docs/s2-042.html Tue Oct 18 06:08:01 2016
@@ -0,0 +1,138 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<!-- 
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied.  See the License for the
+specific language governing permissions and limitations
+under the License. 
+-->
+<html>
+<head>
+    <link type="text/css" rel="stylesheet" href="https://struts.apache.org/css/default.css">
+    <style type="text/css">
+        .dp-highlighter {
+            width:95% !important;
+        }
+    </style>
+    <style type="text/css">
+        .footer {
+            background-image:      url('https://cwiki.apache.org/confluence/images/border/border_bottom.gif');
+            background-repeat:     repeat-x;
+            background-position:   left top;
+            padding-top:           4px;
+            color:                 #666;
+        }
+    </style>
+    <script type="text/javascript" language="javascript">
+        var hide = null;
+        var show = null;
+        var children = null;
+
+        function init() {
+            /* Search form initialization */
+            var form = document.forms['search'];
+            if (form != null) {
+                form.elements['domains'].value = location.hostname;
+                form.elements['sitesearch'].value = location.hostname;
+            }
+
+            /* Children initialization */
+            hide = document.getElementById('hide');
+            show = document.getElementById('show');
+            children = document.all != null ?
+                    document.all['children'] :
+                    document.getElementById('children');
+            if (children != null) {
+                children.style.display = 'none';
+                show.style.display = 'inline';
+                hide.style.display = 'none';
+            }
+        }
+
+        function showChildren() {
+            children.style.display = 'block';
+            show.style.display = 'none';
+            hide.style.display = 'inline';
+        }
+
+        function hideChildren() {
+            children.style.display = 'none';
+            show.style.display = 'inline';
+            hide.style.display = 'none';
+        }
+    </script>
+    <title>S2-042</title>
+</head>
+<body onload="init()">
+<table border="0" cellpadding="2" cellspacing="0" width="100%">
+    <tr class="topBar">
+        <td align="left" valign="middle" class="topBarDiv" align="left" nowrap>
+            &nbsp;<a href="home.html">Home</a>&nbsp;&gt;&nbsp;<a href="security-bulletins.html">Security Bulletins</a>&nbsp;&gt;&nbsp;<a href="s2-042.html">S2-042</a>
+        </td>
+        <td align="right" valign="middle" nowrap>
+            <form name="search" action="https://www.google.com/search" method="get">
+                <input type="hidden" name="ie" value="UTF-8" />
+                <input type="hidden" name="oe" value="UTF-8" />
+                <input type="hidden" name="domains" value="" />
+                <input type="hidden" name="sitesearch" value="" />
+                <input type="text" name="q" maxlength="255" value="" />
+                <input type="submit" name="btnG" value="Google Search" />
+            </form>
+        </td>
+    </tr>
+</table>
+
+<div id="PageContent">
+    <div class="pageheader" style="padding: 6px 0px 0px 0px;">
+        <!-- We'll enable this once we figure out how to access (and save) the logo resource -->
+        <!--img src="/wiki/images/confluence_logo.gif" style="float: left; margin: 4px 4px 4px 10px;" border="0"-->
+        <div style="margin: 0px 10px 0px 10px" class="smalltext">Apache Struts 2 Documentation</div>
+        <div style="margin: 0px 10px 8px 10px"  class="pagetitle">S2-042</div>
+
+        <div class="greynavbar" align="right" style="padding: 2px 10px; margin: 0px;">
+            <a href="https://cwiki.apache.org/confluence/pages/editpage.action?pageId=65873559">
+                <img src="https://cwiki.apache.org/confluence/images/icons/notep_16.gif"
+                     height="16" width="16" border="0" align="absmiddle" title="Edit Page"></a>
+            <a href="https://cwiki.apache.org/confluence/pages/editpage.action?pageId=65873559">Edit Page</a>
+            &nbsp;
+            <a href="https://cwiki.apache.org/confluence/pages/listpages.action?key=WW">
+                <img src="https://cwiki.apache.org/confluence/images/icons/browse_space.gif"
+                     height="16" width="16" border="0" align="absmiddle" title="Browse Space"></a>
+            <a href="https://cwiki.apache.org/confluence/pages/listpages.action?key=WW">Browse Space</a>
+            &nbsp;
+            <a href="https://cwiki.apache.org/confluence/pages/createpage.action?spaceKey=WW&fromPageId=65873559">
+                <img src="https://cwiki.apache.org/confluence/images/icons/add_page_16.gif"
+                     height="16" width="16" border="0" align="absmiddle" title="Add Page"></a>
+            <a href="https://cwiki.apache.org/confluence/pages/createpage.action?spaceKey=WW&fromPageId=65873559">Add Page</a>
+            &nbsp;
+            <a href="https://cwiki.apache.org/confluence/pages/createblogpost.action?spaceKey=WW&fromPageId=65873559">
+                <img src="https://cwiki.apache.org/confluence/images/icons/add_blogentry_16.gif"
+                     height="16" width="16" border="0" align="absmiddle" title="Add News"></a>
+            <a href="https://cwiki.apache.org/confluence/pages/createblogpost.action?spaceKey=WW&fromPageId=65873559">Add News</a>
+        </div>
+    </div>
+
+    <div class="pagecontent">
+        <div class="wiki-content">
+            <div id="ConfluenceContent"><h2 id="S2-042-Summary">Summary</h2>Possible path traversal in the Convention plugin<div class="table-wrap"><table class="confluenceTable"><tbody><tr><th colspan="1" rowspan="1" class="confluenceTh"><p>Who should read this</p></th><td colspan="1" rowspan="1" class="confluenceTd"><p>All Struts 2 developers and users</p></td></tr><tr><th colspan="1" rowspan="1" class="confluenceTh"><p>Impact of vulnerability</p></th><td colspan="1" rowspan="1" class="confluenceTd"><p>Possible path traversal in the Convention plugin in Struts 2.3.20 - 2.3.30</p></td></tr><tr><th colspan="1" rowspan="1" class="confluenceTh"><p>Maximum security rating</p></th><td colspan="1" rowspan="1" class="confluenceTd"><p>High</p></td></tr><tr><th colspan="1" rowspan="1" class="confluenceTh"><p>Recommendation</p></th><td colspan="1" rowspan="1" class="confluenceTd"><p>Upgrade to<span>&#160;</span><a shape="rect" href="version-notes-2331.html">Struts 2.3.31</a> or to any versio
 n of Struts 2.5</p></td></tr><tr><th colspan="1" rowspan="1" class="confluenceTh"><p>Affected Software</p></th><td colspan="1" rowspan="1" class="confluenceTd"><p>Struts 2.3.20 - Struts <span style="color: rgb(23,35,59);">2.3.31</span></p></td></tr><tr><th colspan="1" rowspan="1" class="confluenceTh"><p>Reporter</p></th><td colspan="1" rowspan="1" class="confluenceTd"><p>Takeshi Terada of Mitsui Bussan Secure Directions, Inc.</p></td></tr><tr><th colspan="1" rowspan="1" class="confluenceTh"><p>CVE Identifier</p></th><td colspan="1" rowspan="1" class="confluenceTd"><p>CVE-2016-6795</p></td></tr></tbody></table></div><h2 id="S2-042-Problem">Problem</h2><p>It is possible to prepare a special URL which will be used for path traversal and execution of arbitrary code on server side.</p><h2 id="S2-042-Solution">Solution</h2><p>Upgrade to Apache Struts version 2.3.31 when you are using Struts 2.3.20 - 2.3.30 with the Convention plugin.</p><h2 id="S2-042-Backwardcompatibility">Backward compa
 tibility</h2><p>No backward incompatibility issues are expected.</p><h2 id="S2-042-Workaround">Workaround</h2><p>There is no known workaround for this vulnerability, please upgrade to the mentioned Struts versions.</p><p>&#160;</p></div>
+        </div>
+
+        
+    </div>
+</div>
+<div class="footer">
+    Generated by CXF SiteExporter
+</div>
+</body>
+</html>

Added: websites/production/struts/content/docs/s2-043.html
==============================================================================
--- websites/production/struts/content/docs/s2-043.html (added)
+++ websites/production/struts/content/docs/s2-043.html Tue Oct 18 06:08:01 2016
@@ -0,0 +1,138 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<!-- 
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied.  See the License for the
+specific language governing permissions and limitations
+under the License. 
+-->
+<html>
+<head>
+    <link type="text/css" rel="stylesheet" href="https://struts.apache.org/css/default.css">
+    <style type="text/css">
+        .dp-highlighter {
+            width:95% !important;
+        }
+    </style>
+    <style type="text/css">
+        .footer {
+            background-image:      url('https://cwiki.apache.org/confluence/images/border/border_bottom.gif');
+            background-repeat:     repeat-x;
+            background-position:   left top;
+            padding-top:           4px;
+            color:                 #666;
+        }
+    </style>
+    <script type="text/javascript" language="javascript">
+        var hide = null;
+        var show = null;
+        var children = null;
+
+        function init() {
+            /* Search form initialization */
+            var form = document.forms['search'];
+            if (form != null) {
+                form.elements['domains'].value = location.hostname;
+                form.elements['sitesearch'].value = location.hostname;
+            }
+
+            /* Children initialization */
+            hide = document.getElementById('hide');
+            show = document.getElementById('show');
+            children = document.all != null ?
+                    document.all['children'] :
+                    document.getElementById('children');
+            if (children != null) {
+                children.style.display = 'none';
+                show.style.display = 'inline';
+                hide.style.display = 'none';
+            }
+        }
+
+        function showChildren() {
+            children.style.display = 'block';
+            show.style.display = 'none';
+            hide.style.display = 'inline';
+        }
+
+        function hideChildren() {
+            children.style.display = 'none';
+            show.style.display = 'inline';
+            hide.style.display = 'none';
+        }
+    </script>
+    <title>S2-043</title>
+</head>
+<body onload="init()">
+<table border="0" cellpadding="2" cellspacing="0" width="100%">
+    <tr class="topBar">
+        <td align="left" valign="middle" class="topBarDiv" align="left" nowrap>
+            &nbsp;<a href="home.html">Home</a>&nbsp;&gt;&nbsp;<a href="security-bulletins.html">Security Bulletins</a>&nbsp;&gt;&nbsp;<a href="s2-043.html">S2-043</a>
+        </td>
+        <td align="right" valign="middle" nowrap>
+            <form name="search" action="https://www.google.com/search" method="get">
+                <input type="hidden" name="ie" value="UTF-8" />
+                <input type="hidden" name="oe" value="UTF-8" />
+                <input type="hidden" name="domains" value="" />
+                <input type="hidden" name="sitesearch" value="" />
+                <input type="text" name="q" maxlength="255" value="" />
+                <input type="submit" name="btnG" value="Google Search" />
+            </form>
+        </td>
+    </tr>
+</table>
+
+<div id="PageContent">
+    <div class="pageheader" style="padding: 6px 0px 0px 0px;">
+        <!-- We'll enable this once we figure out how to access (and save) the logo resource -->
+        <!--img src="/wiki/images/confluence_logo.gif" style="float: left; margin: 4px 4px 4px 10px;" border="0"-->
+        <div style="margin: 0px 10px 0px 10px" class="smalltext">Apache Struts 2 Documentation</div>
+        <div style="margin: 0px 10px 8px 10px"  class="pagetitle">S2-043</div>
+
+        <div class="greynavbar" align="right" style="padding: 2px 10px; margin: 0px;">
+            <a href="https://cwiki.apache.org/confluence/pages/editpage.action?pageId=65873562">
+                <img src="https://cwiki.apache.org/confluence/images/icons/notep_16.gif"
+                     height="16" width="16" border="0" align="absmiddle" title="Edit Page"></a>
+            <a href="https://cwiki.apache.org/confluence/pages/editpage.action?pageId=65873562">Edit Page</a>
+            &nbsp;
+            <a href="https://cwiki.apache.org/confluence/pages/listpages.action?key=WW">
+                <img src="https://cwiki.apache.org/confluence/images/icons/browse_space.gif"
+                     height="16" width="16" border="0" align="absmiddle" title="Browse Space"></a>
+            <a href="https://cwiki.apache.org/confluence/pages/listpages.action?key=WW">Browse Space</a>
+            &nbsp;
+            <a href="https://cwiki.apache.org/confluence/pages/createpage.action?spaceKey=WW&fromPageId=65873562">
+                <img src="https://cwiki.apache.org/confluence/images/icons/add_page_16.gif"
+                     height="16" width="16" border="0" align="absmiddle" title="Add Page"></a>
+            <a href="https://cwiki.apache.org/confluence/pages/createpage.action?spaceKey=WW&fromPageId=65873562">Add Page</a>
+            &nbsp;
+            <a href="https://cwiki.apache.org/confluence/pages/createblogpost.action?spaceKey=WW&fromPageId=65873562">
+                <img src="https://cwiki.apache.org/confluence/images/icons/add_blogentry_16.gif"
+                     height="16" width="16" border="0" align="absmiddle" title="Add News"></a>
+            <a href="https://cwiki.apache.org/confluence/pages/createblogpost.action?spaceKey=WW&fromPageId=65873562">Add News</a>
+        </div>
+    </div>
+
+    <div class="pagecontent">
+        <div class="wiki-content">
+            <div id="ConfluenceContent"><h2 id="S2-043-Summary">Summary</h2>Using the Config Browser plugin in production<div class="table-wrap"><table class="confluenceTable"><tbody><tr><th colspan="1" rowspan="1" class="confluenceTh"><p>Who should read this</p></th><td colspan="1" rowspan="1" class="confluenceTd"><p>All Struts 2 developers and users</p></td></tr><tr><th colspan="1" rowspan="1" class="confluenceTh"><p>Impact of vulnerability</p></th><td colspan="1" rowspan="1" class="confluenceTd"><p>Usage of the Config Browser plugin in a production evnironment</p></td></tr><tr><th colspan="1" rowspan="1" class="confluenceTh"><p>Maximum security rating</p></th><td colspan="1" rowspan="1" class="confluenceTd"><p>Low</p></td></tr><tr><th colspan="1" rowspan="1" class="confluenceTh"><p>Recommendation</p></th><td colspan="1" rowspan="1" class="confluenceTd"><p>Please read the <a shape="rect" href="https://cwiki.apache.org/confluence/display/WW/Security#Security-RestrictaccesstotheConf
 igBrowser">Security guideline</a></p></td></tr><tr><th colspan="1" rowspan="1" class="confluenceTh"><p>Affected Software</p></th><td colspan="1" rowspan="1" class="confluenceTd"><p>Any Struts 2 version</p></td></tr><tr><th colspan="1" rowspan="1" class="confluenceTh"><p>Reporter</p></th><td colspan="1" rowspan="1" class="confluenceTd"><p>Yelin from Venustech Inc.</p></td></tr><tr><th colspan="1" rowspan="1" class="confluenceTh"><p>CVE Identifier</p></th><td colspan="1" rowspan="1" class="confluenceTd"><p>&#160;</p></td></tr></tbody></table></div><h2 id="S2-043-Problem">Problem</h2><p>Usage of the Config Browser in a production environment can lead to exposing vunerable information of the application</p><h2 id="S2-043-Solution">Solution</h2><p>Please read out&#160;<a shape="rect" href="security.html">Security</a> guideline and restrict access to the Config Browwser or do not use in a production environment!</p><h2 id="S2-043-Backwardcompatibility">Backward compatibility</h2><p>No bac
 kward incompatibility issues are expected.</p></div>
+        </div>
+
+        
+    </div>
+</div>
+<div class="footer">
+    Generated by CXF SiteExporter
+</div>
+</body>
+</html>

Modified: websites/production/struts/content/docs/security-bulletins.html
==============================================================================
--- websites/production/struts/content/docs/security-bulletins.html (original)
+++ websites/production/struts/content/docs/security-bulletins.html Tue Oct 18 06:08:01 2016
@@ -126,7 +126,7 @@ under the License.
     <div class="pagecontent">
         <div class="wiki-content">
             <div id="ConfluenceContent"><p>The following security bulletins are available:</p>
-<ul class="childpages-macro"><li><a shape="rect" href="s2-001.html">S2-001</a> &#8212; <span class="smalltext">Remote code exploit on form validation error</span></li><li><a shape="rect" href="s2-002.html">S2-002</a> &#8212; <span class="smalltext">Cross site scripting (XSS) vulnerability on &lt;s:url&gt; and &lt;s:a&gt; tags</span></li><li><a shape="rect" href="s2-003.html">S2-003</a> &#8212; <span class="smalltext">XWork ParameterInterceptors bypass allows OGNL statement execution</span></li><li><a shape="rect" href="s2-004.html">S2-004</a> &#8212; <span class="smalltext">Directory traversal vulnerability while serving static content</span></li><li><a shape="rect" href="s2-005.html">S2-005</a> &#8212; <span class="smalltext">XWork ParameterInterceptors bypass allows remote command execution</span></li><li><a shape="rect" href="s2-006.html">S2-006</a> &#8212; <span class="smalltext">Multiple Cross-Site Scripting (XSS) in XWork generated error pages</span></li><li><a shape="rect" hr
 ef="s2-007.html">S2-007</a> &#8212; <span class="smalltext">User input is evaluated as an OGNL expression when there's a conversion error</span></li><li><a shape="rect" href="s2-008.html">S2-008</a> &#8212; <span class="smalltext">Multiple critical vulnerabilities in Struts2</span></li><li><a shape="rect" href="s2-009.html">S2-009</a> &#8212; <span class="smalltext">ParameterInterceptor vulnerability allows remote command execution</span></li><li><a shape="rect" href="s2-010.html">S2-010</a> &#8212; <span class="smalltext">When using Struts 2 token mechanism for CSRF protection, token check may be bypassed by misusing known session attributes</span></li><li><a shape="rect" href="s2-011.html">S2-011</a> &#8212; <span class="smalltext">Long request parameter names might significantly promote the effectiveness of DOS attacks</span></li><li><a shape="rect" href="s2-012.html">S2-012</a> &#8212; <span class="smalltext">Showcase app vulnerability allows remote command execution</span></li>
 <li><a shape="rect" href="s2-013.html">S2-013</a> &#8212; <span class="smalltext">A vulnerability, present in the includeParams attribute of the URL and Anchor Tag, allows remote command execution</span></li><li><a shape="rect" href="s2-014.html">S2-014</a> &#8212; <span class="smalltext">A vulnerability introduced by forcing parameter inclusion in the URL and Anchor Tag allows remote command execution, session access and manipulation and XSS attacks</span></li><li><a shape="rect" href="s2-015.html">S2-015</a> &#8212; <span class="smalltext">A vulnerability introduced by wildcard matching mechanism or double evaluation of OGNL Expression allows remote command execution.</span></li><li><a shape="rect" href="s2-016.html">S2-016</a> &#8212; <span class="smalltext">A vulnerability introduced by manipulating parameters prefixed with "action:"/"redirect:"/"redirectAction:" allows remote command execution</span></li><li><a shape="rect" href="s2-017.html">S2-017</a> &#8212; <span class="sma
 lltext">A vulnerability introduced by manipulating parameters prefixed with "redirect:"/"redirectAction:" allows for open redirects</span></li><li><a shape="rect" href="s2-018.html">S2-018</a> &#8212; <span class="smalltext">Broken Access Control Vulnerability in Apache Struts2</span></li><li><a shape="rect" href="s2-019.html">S2-019</a> &#8212; <span class="smalltext">Dynamic Method Invocation disabled by default</span></li><li><a shape="rect" href="s2-020.html">S2-020</a> &#8212; <span class="smalltext">Upgrade Commons FileUpload to version 1.3.1 (avoids DoS attacks) and adds 'class' to exclude params in ParametersInterceptor (avoid ClassLoader manipulation)</span></li><li><a shape="rect" href="s2-021.html">S2-021</a> &#8212; <span class="smalltext">Improves excluded params in ParametersInterceptor and CookieInterceptor to avoid ClassLoader manipulation</span></li><li><a shape="rect" href="s2-022.html">S2-022</a> &#8212; <span class="smalltext">Extends excluded params in CookieInt
 erceptor to avoid manipulation of Struts' internals</span></li><li><a shape="rect" href="s2-023.html">S2-023</a> &#8212; <span class="smalltext">Generated value of token can be predictable</span></li><li><a shape="rect" href="s2-024.html">S2-024</a> &#8212; <span class="smalltext">Wrong excludeParams overrides those defined in DefaultExcludedPatternsChecker</span></li><li><a shape="rect" href="s2-025.html">S2-025</a> &#8212; <span class="smalltext">Cross-Site Scripting Vulnerability in Debug Mode and in exposed JSP files</span></li><li><a shape="rect" href="s2-026.html">S2-026</a> &#8212; <span class="smalltext">Special top object can be used to access Struts' internals</span></li><li><a shape="rect" href="s2-027.html">S2-027</a> &#8212; <span class="smalltext">TextParseUtil.translateVariables does not filter malicious OGNL expressions</span></li><li><a shape="rect" href="s2-028.html">S2-028</a> &#8212; <span class="smalltext">Use of a JRE with broken URLDecoder implementation may l
 ead to XSS vulnerability in Struts 2 based web applications.</span></li><li><a shape="rect" href="s2-029.html">S2-029</a> &#8212; <span class="smalltext">Forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution.</span></li><li><a shape="rect" href="s2-030.html">S2-030</a> &#8212; <span class="smalltext">Possible XSS vulnerability in I18NInterceptor</span></li><li><a shape="rect" href="s2-031.html">S2-031</a> &#8212; <span class="smalltext">XSLTResult can be used to parse arbitrary stylesheet</span></li><li><a shape="rect" href="s2-032.html">S2-032</a> &#8212; <span class="smalltext">Remote Code Execution can be performed via method: prefix when Dynamic Method Invocation is enabled.</span></li><li><a shape="rect" href="s2-033.html">S2-033</a> &#8212; <span class="smalltext">Remote Code Execution can be performed when using REST Plugin with ! operator when Dynamic Method Invocation is enabled.</span></li><li><a shape="rect" h
 ref="s2-034.html">S2-034</a> &#8212; <span class="smalltext">OGNL cache poisoning can lead to DoS vulnerability</span></li><li><a shape="rect" href="s2-035.html">S2-035</a> &#8212; <span class="smalltext">Action name clean up is error prone</span></li><li><a shape="rect" href="s2-036.html">S2-036</a> &#8212; <span class="smalltext">Forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution (similar to S2-029)</span></li><li><a shape="rect" href="s2-037.html">S2-037</a> &#8212; <span class="smalltext">Remote Code Execution can be performed when using REST Plugin.</span></li><li><a shape="rect" href="s2-038.html">S2-038</a> &#8212; <span class="smalltext">It is possible to bypass token validation and perform a CSRF attack</span></li><li><a shape="rect" href="s2-039.html">S2-039</a> &#8212; <span class="smalltext">Getter as action method leads to security bypass</span></li><li><a shape="rect" href="s2-040.html">S2-040</a> &#8212
 ; <span class="smalltext">Input validation bypass using existing default action method.</span></li><li><a shape="rect" href="s2-041.html">S2-041</a> &#8212; <span class="smalltext">Possible DoS attack when using URLValidator</span></li></ul></div>
+<ul class="childpages-macro"><li><a shape="rect" href="s2-001.html">S2-001</a> &#8212; <span class="smalltext">Remote code exploit on form validation error</span></li><li><a shape="rect" href="s2-002.html">S2-002</a> &#8212; <span class="smalltext">Cross site scripting (XSS) vulnerability on &lt;s:url&gt; and &lt;s:a&gt; tags</span></li><li><a shape="rect" href="s2-003.html">S2-003</a> &#8212; <span class="smalltext">XWork ParameterInterceptors bypass allows OGNL statement execution</span></li><li><a shape="rect" href="s2-004.html">S2-004</a> &#8212; <span class="smalltext">Directory traversal vulnerability while serving static content</span></li><li><a shape="rect" href="s2-005.html">S2-005</a> &#8212; <span class="smalltext">XWork ParameterInterceptors bypass allows remote command execution</span></li><li><a shape="rect" href="s2-006.html">S2-006</a> &#8212; <span class="smalltext">Multiple Cross-Site Scripting (XSS) in XWork generated error pages</span></li><li><a shape="rect" hr
 ef="s2-007.html">S2-007</a> &#8212; <span class="smalltext">User input is evaluated as an OGNL expression when there's a conversion error</span></li><li><a shape="rect" href="s2-008.html">S2-008</a> &#8212; <span class="smalltext">Multiple critical vulnerabilities in Struts2</span></li><li><a shape="rect" href="s2-009.html">S2-009</a> &#8212; <span class="smalltext">ParameterInterceptor vulnerability allows remote command execution</span></li><li><a shape="rect" href="s2-010.html">S2-010</a> &#8212; <span class="smalltext">When using Struts 2 token mechanism for CSRF protection, token check may be bypassed by misusing known session attributes</span></li><li><a shape="rect" href="s2-011.html">S2-011</a> &#8212; <span class="smalltext">Long request parameter names might significantly promote the effectiveness of DOS attacks</span></li><li><a shape="rect" href="s2-012.html">S2-012</a> &#8212; <span class="smalltext">Showcase app vulnerability allows remote command execution</span></li>
 <li><a shape="rect" href="s2-013.html">S2-013</a> &#8212; <span class="smalltext">A vulnerability, present in the includeParams attribute of the URL and Anchor Tag, allows remote command execution</span></li><li><a shape="rect" href="s2-014.html">S2-014</a> &#8212; <span class="smalltext">A vulnerability introduced by forcing parameter inclusion in the URL and Anchor Tag allows remote command execution, session access and manipulation and XSS attacks</span></li><li><a shape="rect" href="s2-015.html">S2-015</a> &#8212; <span class="smalltext">A vulnerability introduced by wildcard matching mechanism or double evaluation of OGNL Expression allows remote command execution.</span></li><li><a shape="rect" href="s2-016.html">S2-016</a> &#8212; <span class="smalltext">A vulnerability introduced by manipulating parameters prefixed with "action:"/"redirect:"/"redirectAction:" allows remote command execution</span></li><li><a shape="rect" href="s2-017.html">S2-017</a> &#8212; <span class="sma
 lltext">A vulnerability introduced by manipulating parameters prefixed with "redirect:"/"redirectAction:" allows for open redirects</span></li><li><a shape="rect" href="s2-018.html">S2-018</a> &#8212; <span class="smalltext">Broken Access Control Vulnerability in Apache Struts2</span></li><li><a shape="rect" href="s2-019.html">S2-019</a> &#8212; <span class="smalltext">Dynamic Method Invocation disabled by default</span></li><li><a shape="rect" href="s2-020.html">S2-020</a> &#8212; <span class="smalltext">Upgrade Commons FileUpload to version 1.3.1 (avoids DoS attacks) and adds 'class' to exclude params in ParametersInterceptor (avoid ClassLoader manipulation)</span></li><li><a shape="rect" href="s2-021.html">S2-021</a> &#8212; <span class="smalltext">Improves excluded params in ParametersInterceptor and CookieInterceptor to avoid ClassLoader manipulation</span></li><li><a shape="rect" href="s2-022.html">S2-022</a> &#8212; <span class="smalltext">Extends excluded params in CookieInt
 erceptor to avoid manipulation of Struts' internals</span></li><li><a shape="rect" href="s2-023.html">S2-023</a> &#8212; <span class="smalltext">Generated value of token can be predictable</span></li><li><a shape="rect" href="s2-024.html">S2-024</a> &#8212; <span class="smalltext">Wrong excludeParams overrides those defined in DefaultExcludedPatternsChecker</span></li><li><a shape="rect" href="s2-025.html">S2-025</a> &#8212; <span class="smalltext">Cross-Site Scripting Vulnerability in Debug Mode and in exposed JSP files</span></li><li><a shape="rect" href="s2-026.html">S2-026</a> &#8212; <span class="smalltext">Special top object can be used to access Struts' internals</span></li><li><a shape="rect" href="s2-027.html">S2-027</a> &#8212; <span class="smalltext">TextParseUtil.translateVariables does not filter malicious OGNL expressions</span></li><li><a shape="rect" href="s2-028.html">S2-028</a> &#8212; <span class="smalltext">Use of a JRE with broken URLDecoder implementation may l
 ead to XSS vulnerability in Struts 2 based web applications.</span></li><li><a shape="rect" href="s2-029.html">S2-029</a> &#8212; <span class="smalltext">Forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution.</span></li><li><a shape="rect" href="s2-030.html">S2-030</a> &#8212; <span class="smalltext">Possible XSS vulnerability in I18NInterceptor</span></li><li><a shape="rect" href="s2-031.html">S2-031</a> &#8212; <span class="smalltext">XSLTResult can be used to parse arbitrary stylesheet</span></li><li><a shape="rect" href="s2-032.html">S2-032</a> &#8212; <span class="smalltext">Remote Code Execution can be performed via method: prefix when Dynamic Method Invocation is enabled.</span></li><li><a shape="rect" href="s2-033.html">S2-033</a> &#8212; <span class="smalltext">Remote Code Execution can be performed when using REST Plugin with ! operator when Dynamic Method Invocation is enabled.</span></li><li><a shape="rect" h
 ref="s2-034.html">S2-034</a> &#8212; <span class="smalltext">OGNL cache poisoning can lead to DoS vulnerability</span></li><li><a shape="rect" href="s2-035.html">S2-035</a> &#8212; <span class="smalltext">Action name clean up is error prone</span></li><li><a shape="rect" href="s2-036.html">S2-036</a> &#8212; <span class="smalltext">Forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution (similar to S2-029)</span></li><li><a shape="rect" href="s2-037.html">S2-037</a> &#8212; <span class="smalltext">Remote Code Execution can be performed when using REST Plugin.</span></li><li><a shape="rect" href="s2-038.html">S2-038</a> &#8212; <span class="smalltext">It is possible to bypass token validation and perform a CSRF attack</span></li><li><a shape="rect" href="s2-039.html">S2-039</a> &#8212; <span class="smalltext">Getter as action method leads to security bypass</span></li><li><a shape="rect" href="s2-040.html">S2-040</a> &#8212
 ; <span class="smalltext">Input validation bypass using existing default action method.</span></li><li><a shape="rect" href="s2-041.html">S2-041</a> &#8212; <span class="smalltext">Possible DoS attack when using URLValidator</span></li><li><a shape="rect" href="s2-042.html">S2-042</a> &#8212; <span class="smalltext">Possible path traversal in the Convention plugin</span></li><li><a shape="rect" href="s2-043.html">S2-043</a> &#8212; <span class="smalltext">Using the Config Browser plugin in production</span></li></ul></div>
         </div>
 
                     <div class="tabletitle">
@@ -141,6 +141,12 @@ under the License.
                     <span class="smalltext">(Apache Struts 2 Documentation)</span>
                     <br>
                                     $page.link($child)
+                    <span class="smalltext">(Apache Struts 2 Documentation)</span>
+                    <br>
+                                    $page.link($child)
+                    <span class="smalltext">(Apache Struts 2 Documentation)</span>
+                    <br>
+                                    $page.link($child)
                     <span class="smalltext">(Apache Struts 2 Documentation)</span>
                     <br>
                                     $page.link($child)

Modified: websites/production/struts/content/docs/tiles-plugin.html
==============================================================================
--- websites/production/struts/content/docs/tiles-plugin.html (original)
+++ websites/production/struts/content/docs/tiles-plugin.html Tue Oct 18 06:08:01 2016
@@ -138,7 +138,16 @@ under the License.
 
     <div class="pagecontent">
         <div class="wiki-content">
-            <div id="ConfluenceContent"><div class="confluence-information-macro confluence-information-macro-information"><span class="aui-icon aui-icon-small aui-iconfont-info confluence-information-macro-icon"></span><div class="confluence-information-macro-body"><p>Tiles is a templating framework designed to easily allow the creation of web application pages with a consistent look and feel. It can be used for both page decorating and componentization.</p></div></div><p>The Tiles pluginallows actions to return Tiles pages</p><h2 id="TilesPlugin-Features">Features</h2><ul><li>Supports Tiles in Freemarker, JSP, and Velocity</li><li>Provides annotations to keep tiles.xml short and put definitons into actions</li></ul><h2 id="TilesPlugin-Usage">Usage</h2><p>The following steps must be taken in order to enable tiles support within your Struts2 application:</p><ol><li><p>Include the struts-tiles-plugin as a dependency in your web application. If you are using maven2, the dependency con
 figuration will be similar to:</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
+            <div id="ConfluenceContent"><p><style type="text/css">/*<![CDATA[*/
+div.rbtoc1476770248680 {padding: 0px;}
+div.rbtoc1476770248680 ul {list-style: disc;margin-left: 0px;}
+div.rbtoc1476770248680 li {margin-left: 0px;padding-left: 0px;}
+
+/*]]>*/</style></p><div class="toc-macro rbtoc1476770248680">
+<ul class="toc-indentation"><li><a shape="rect" href="#TilesPlugin-Features">Features</a></li><li><a shape="rect" href="#TilesPlugin-Usage">Usage</a>
+<ul class="toc-indentation"><li><a shape="rect" href="#TilesPlugin-AccessingStrutsattributes">Accessing Struts attributes</a></li><li><a shape="rect" href="#TilesPlugin-I18N">I18N</a></li></ul>
+</li><li><a shape="rect" href="#TilesPlugin-Example">Example</a></li><li><a shape="rect" href="#TilesPlugin-Settings">Settings</a></li><li><a shape="rect" href="#TilesPlugin-Installation">Installation</a></li></ul>
+</div><div class="confluence-information-macro confluence-information-macro-information"><span class="aui-icon aui-icon-small aui-iconfont-info confluence-information-macro-icon"></span><div class="confluence-information-macro-body"><p>Tiles is a templating framework designed to easily allow the creation of web application pages with a consistent look and feel. It can be used for both page decorating and componentization.</p></div></div><p>The Tiles pluginallows actions to return Tiles pages</p><h2 id="TilesPlugin-Features">Features</h2><ul><li>Supports Tiles in Freemarker, JSP, and Velocity</li><li>Provides annotations to keep tiles.xml short and put definitons into actions</li></ul><h2 id="TilesPlugin-Usage">Usage</h2><p>The following steps must be taken in order to enable tiles support within your Struts2 application:</p><ol><li><p>Include the struts-tiles-plugin as a dependency in your web application. If you are using maven2, the dependency configuration will be similar to:</p>
 <div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
 <pre class="brush: xml; gutter: false; theme: Default" style="font-size:12px;">&lt;dependency&gt;
   &lt;groupId&gt;org.apache.struts&lt;/groupId&gt;
   &lt;artifactId&gt;struts2-tiles-plugin&lt;/artifactId&gt;
@@ -186,7 +195,17 @@ public class FooAction extends ActionSup
     &lt;/definition&gt;
 
 &lt;/tiles-definitions&gt;</pre>
-</div></div></li></ol><div class="confluence-information-macro confluence-information-macro-information"><span class="aui-icon aui-icon-small aui-iconfont-info confluence-information-macro-icon"></span><div class="confluence-information-macro-body"><p>As from Struts 2.3.28, the plugin automatically loads all Tiles definitions matching the following pattern <code>tiles*.xml</code> - you don't have to specify them via <code>org.apache.tiles.definition.DefinitionsFactory.DEFINITIONS_CONFIG</code> in <code>web.xml</code>, but you can use this option if your application is going to work in restricted servlet environment e.g. Google AppEngine. In such case, defintions will be read from provided init-param.</p></div></div><h2 id="TilesPlugin-Example">Example</h2><p>This example shows a Tiles layout page using Struts tags:</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
+</div></div></li></ol><p>&#160;</p><div class="confluence-information-macro confluence-information-macro-information"><span class="aui-icon aui-icon-small aui-iconfont-info confluence-information-macro-icon"></span><div class="confluence-information-macro-body"><p>As from Struts 2.3.28, the plugin automatically loads all Tiles definitions matching the following pattern <code>tiles*.xml</code> - you don't have to specify them via <code>org.apache.tiles.definition.DefinitionsFactory.DEFINITIONS_CONFIG</code> in <code>web.xml</code>, but you can use this option if your application is going to work in restricted servlet environment e.g. Google AppEngine. In such case, definitions will be read from provided <code>init-param</code>.</p></div></div><h3 id="TilesPlugin-AccessingStrutsattributes">Accessing Struts attributes</h3><p>As from Struts version 2.5.3 it's possible accessing defined values on a&#160;<code>ValueStack</code> using&#160;<code>S2</code> prefix when defining an expression
  in tiles definition, e.g.:</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
+<pre class="brush: xml; gutter: false; theme: Default" style="font-size:12px;">&lt;definition name="home" extends="logged-in"&gt;
+  &lt;put-attribute name="title" expression="S2:actionProperty"/&gt;
+  &lt;put-attribute name="body" value="/WEB-INF/tiles/home.jsp"/&gt;
+&lt;/definition&gt;</pre>
+</div></div><p>In such case Tiles will delegate evaluation of the expression to Struts and&#160;<code>ValueStack</code> will be examined to evaluate the expression.</p><h3 id="TilesPlugin-I18N">I18N</h3><p>Instead of defining new tiles definitions per supported language (i.e.:&#160;<code>tiles.xml</code>,&#160;<code>tiles_de.xml</code>,&#160;<code>tiles_pl.xml</code>) you can use&#160;<code>I18N</code> prefix to evaluate provided expression as a key in Struts resource bundles.&#160;</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
+<pre class="brush: xml; gutter: false; theme: Default" style="font-size:12px;">&lt;definition name="home" extends="logged-in"&gt;
+  &lt;put-attribute name="title" expression="I18N:home.title"/&gt;
+  &lt;put-attribute name="body" value="/WEB-INF/tiles/home.jsp"/&gt;
+&lt;/definition&gt;</pre>
+</div></div><h2 id="TilesPlugin-Example">Example</h2><p>This example shows a Tiles layout page using Struts tags:</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
 <script class="brush: xml; gutter: false; theme: Default" type="syntaxhighlighter"><![CDATA[
 &lt;%@ taglib uri=&quot;http://tiles.apache.org/tags-tiles&quot; prefix=&quot;tiles&quot; %&gt;
 &lt;%@ taglib prefix=&quot;s&quot; uri=&quot;/struts-tags&quot; %&gt;



Mime
View raw message