struts-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From lukaszlen...@apache.org
Subject svn commit: r1015104 [2/3] - /websites/production/struts/content/docs/
Date Fri, 07 Jul 2017 16:46:15 GMT
Modified: websites/production/struts/content/docs/localization.html
==============================================================================
--- websites/production/struts/content/docs/localization.html (original)
+++ websites/production/struts/content/docs/localization.html Fri Jul  7 16:46:14 2017
@@ -140,14 +140,14 @@ under the License.
     <div class="pagecontent">
         <div class="wiki-content">
             <div id="ConfluenceContent"><p><style type="text/css">/*<![CDATA[*/
-div.rbtoc1492970016830 {padding: 0px;}
-div.rbtoc1492970016830 ul {list-style: disc;margin-left: 0px;}
-div.rbtoc1492970016830 li {margin-left: 0px;padding-left: 0px;}
+div.rbtoc1499445229520 {padding: 0px;}
+div.rbtoc1499445229520 ul {list-style: disc;margin-left: 0px;}
+div.rbtoc1499445229520 li {margin-left: 0px;padding-left: 0px;}
 
-/*]]>*/</style></p><div class="toc-macro rbtoc1492970016830">
+/*]]>*/</style></p><div class="toc-macro rbtoc1499445229520">
 <ul class="toc-indentation"><li><a shape="rect" href="#Localization-Overview">Overview</a></li><li><a shape="rect" href="#Localization-ResourceBundleSearchOrder">Resource Bundle Search Order</a>
 <ul class="toc-indentation"><li><a shape="rect" href="#Localization-Defaultaction'sclass">Default action's class</a></li><li><a shape="rect" href="#Localization-UsinggetTextfromaTag">Using getText from a Tag</a></li><li><a shape="rect" href="#Localization-Usingthetexttag">Using the text tag</a></li><li><a shape="rect" href="#Localization-UsingtheI18ntag">Using the I18n tag</a></li><li><a shape="rect" href="#Localization-UsingtheKeyattributeofUITags">Using the Key attribute of UI Tags</a></li></ul>
-</li><li><a shape="rect" href="#Localization-I18nInterceptor">I18n Interceptor</a></li><li><a shape="rect" href="#Localization-GlobalResources(struts.custom.i18n.resources)instruts.properties">Global Resources (struts.custom.i18n.resources) in struts.properties</a></li><li><a shape="rect" href="#Localization-FormattingDatesandNumbers">Formatting Dates and Numbers</a></li><li><a shape="rect" href="#Localization-ComparisonwithStruts1">Comparison with Struts 1</a></li><li><a shape="rect" href="#Localization-CustomTextProviderandTextProviderFactory">Custom TextProvider and TextProviderFactory</a></li><li><a shape="rect" href="#Localization-Next:">Next: Type Conversion</a></li></ul>
+</li><li><a shape="rect" href="#Localization-I18nInterceptor">I18n Interceptor</a></li><li><a shape="rect" href="#Localization-GlobalResources(struts.custom.i18n.resources)instruts.properties">Global Resources (struts.custom.i18n.resources) in struts.properties</a></li><li><a shape="rect" href="#Localization-FormattingDatesandNumbers">Formatting Dates and Numbers</a></li><li><a shape="rect" href="#Localization-ComparisonwithStruts1">Comparison with Struts 1</a></li><li><a shape="rect" href="#Localization-Usingonlyglobalbundles">Using only global bundles</a></li><li><a shape="rect" href="#Localization-CustomTextProviderandTextProviderFactory">Custom TextProvider and TextProviderFactory</a></li><li><a shape="rect" href="#Localization-Next:">Next: Type Conversion</a></li></ul>
 </div><h2 id="Localization-Overview">Overview</h2><p>The framework supports internationalization (i18n) in the following places:</p><ol><li>the <a shape="rect" href="ui-tags.html">UI Tags</a></li><li>Messages and Errors from the <a shape="rect" class="external-link" href="http://struts.apache.org/2.0.6/struts2-core/apidocs/index.html?com/opensymphony/xwork2/ValidationAware.html">ValidationAware</a> interface (implemented by <a shape="rect" class="external-link" href="http://struts.apache.org/2.0.6/struts2-core/apidocs/index.html?com/opensymphony/xwork2/ActionSupport.html">ActionSupport</a> and <a shape="rect" class="external-link" href="http://struts.apache.org/2.0.6/struts2-core/apidocs/index.html?com/opensymphony/xwork2/ValidationAwareSupport.html">ValidationAwareSupport</a>)</li><li>Within action classes that extend <a shape="rect" class="external-link" href="http://struts.apache.org/2.0.6/struts2-core/apidocs/index.html?com/opensymphony/xwork2/ActionSupport.html">ActionSupport</
 a> through the getText() method</li></ol><h2 id="Localization-ResourceBundleSearchOrder">Resource Bundle Search Order</h2><p>Resource bundles are searched in the following order:</p><ol><li><code>ActionClass</code>.properties</li><li><code>Interface</code>.properties (every interface and sub-interface)</li><li><code>BaseClass</code>.properties (all the way to Object.properties)</li><li>ModelDriven's model (if implements ModelDriven), for the model object repeat from 1</li><li>package.properties (of the directory where class is located and every parent directory all the way to the root directory)</li><li>search up the i18n message key hierarchy itself</li><li>global resource properties</li></ol><p>This is how it is implemented in a default implementation of the&#160;<code>LocalizedTextProvider</code>&#160;interface. You can provide your own implementation using <code>TextProvider</code>&#160;and <code>TextProviderFactory</code>&#160;interfaces.</p><div class="confluence-information-m
 acro confluence-information-macro-tip"><p class="title">Package hierarchy</p><span class="aui-icon aui-icon-small aui-iconfont-approve confluence-information-macro-icon"></span><div class="confluence-information-macro-body"><p>To clarify #5, while traversing the package hierarchy, Struts 2 will look for a file package.properties:</p><div class="preformatted panel" style="border-width: 1px;"><div class="preformattedContent panelContent">
 <pre>com/
     acme/
@@ -188,7 +188,9 @@ div.rbtoc1492970016830 li {margin-left:
 ]]></script>
 </div></div><div class="confluence-information-macro confluence-information-macro-tip"><span class="aui-icon aui-icon-small aui-iconfont-approve confluence-information-macro-icon"></span><div class="confluence-information-macro-body"><p>Internationalizing SiteMesh decorators is possible, but there are quirks. See <a shape="rect" href="https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=33343">SiteMesh Plugin</a> for more.</p></div></div><h3 id="Localization-UsingtheKeyattributeofUITags">Using the Key attribute of UI Tags</h3><p>The key attribute of most UI tags can be used to retrieve a message from a resource bundle:</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
 <pre class="brush: java; gutter: false; theme: Default" style="font-size:12px;">&lt;s:textfield key="some.key" name="textfieldName"/&gt;</pre>
-</div></div><h2 id="Localization-I18nInterceptor">I18n Interceptor</h2><p>Essentially, the i18n Interceptor pushes a locale into the ActionContext map upon every request. The framework components that support localization all utilize the ActionContext locale. See <a shape="rect" href="i18n-interceptor.html">I18n Interceptor</a> for details.</p><h2 id="Localization-GlobalResources(struts.custom.i18n.resources)instruts.properties">Global Resources (struts.custom.i18n.resources) in <code>struts.properties</code></h2><p>A global resource bundle could be specified programmatically, as well as the locale.</p><h2 id="Localization-FormattingDatesandNumbers">Formatting Dates and Numbers</h2><p>See <a shape="rect" href="formatting-dates-and-numbers.html">Formatting Dates and Numbers</a> for more details and examples.</p><h2 id="Localization-ComparisonwithStruts1">Comparison with Struts 1</h2><p>Struts 1 users should be familiar with the application.properties resource bundle, where you can pu
 t all the messages in the application that are going to be translated. Struts 2, though, splits the resource bundles per action or model class, and you may end up with duplicated messages in those resource bundles. A quick fix for that is to create a file called ActionSupport.properties in com/opensymphony/xwork2 and put it on your classpath. This will only work well if all your actions subclass XWork2's ActionSupport.</p><h2 id="Localization-CustomTextProviderandTextProviderFactory">Custom TextProvider and TextProviderFactory</h2><p>If you want use a different logic to search for localized messages, or you want to use a database or just want to search default bundles, you must implement both those interfaces (or subclass the existing implementations). You can check a small <a shape="rect" class="external-link" href="https://github.com/apache/struts-examples/tree/master/text-provider" rel="nofollow">example app</a> how to use both. Please remember that the&#160;<code>TextProvider</c
 ode> interface is implemented by the&#160;<code>ActioSupport</code> class, that's why an extra layer -&#160;<code>TextProviderFactory</code> - is needed.</p><h2 id="Localization-Next:">Next: <a shape="rect" href="type-conversion.html">Type Conversion</a></h2></div>
+</div></div><h2 id="Localization-I18nInterceptor">I18n Interceptor</h2><p>Essentially, the i18n Interceptor pushes a locale into the ActionContext map upon every request. The framework components that support localization all utilize the ActionContext locale. See <a shape="rect" href="i18n-interceptor.html">I18n Interceptor</a> for details.</p><h2 id="Localization-GlobalResources(struts.custom.i18n.resources)instruts.properties">Global Resources (struts.custom.i18n.resources) in <code>struts.properties</code></h2><p>A global resource bundle could be specified programmatically, as well as the locale.</p><h2 id="Localization-FormattingDatesandNumbers">Formatting Dates and Numbers</h2><p>See <a shape="rect" href="formatting-dates-and-numbers.html">Formatting Dates and Numbers</a> for more details and examples.</p><h2 id="Localization-ComparisonwithStruts1">Comparison with Struts 1</h2><p>Struts 1 users should be familiar with the application.properties resource bundle, where you can pu
 t all the messages in the application that are going to be translated. Struts 2, though, splits the resource bundles per action or model class, and you may end up with duplicated messages in those resource bundles. A quick fix for that is to create a file called ActionSupport.properties in com/opensymphony/xwork2 and put it on your classpath. This will only work well if all your actions subclass XWork2's ActionSupport.</p><h2 id="Localization-Usingonlyglobalbundles">Using only global bundles</h2><p>If you don't need to use the package-scan-functionality and only base on the global bundles (those provided by the framework and via&#160;<code>struts.custom.i18n.resources</code>) you can use existing&#160;<code>GlobalLocalizedTextProvider</code> implementation. To use this please define the following option in your&#160;<code>struts.xml</code>:</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
+<pre class="brush: xml; gutter: false; theme: Default" style="font-size:12px;">&lt;constant name="struts.localizedTextProvider" value="global-only" /&gt;</pre>
+</div></div><h2 id="Localization-CustomTextProviderandTextProviderFactory">Custom TextProvider and TextProviderFactory</h2><p>If you want use a different logic to search for localized messages, or you want to use a database or just want to search default bundles, you must implement both those interfaces (or subclass the existing implementations). You can check a small <a shape="rect" class="external-link" href="https://github.com/apache/struts-examples/tree/master/text-provider" rel="nofollow">example app</a> how to use both. Please remember that the&#160;<code>TextProvider</code> interface is implemented by the&#160;<code>ActioSupport</code> class, that's why an extra layer -&#160;<code>TextProviderFactory</code> - is needed.</p><h2 id="Localization-Next:">Next: <a shape="rect" href="type-conversion.html">Type Conversion</a></h2></div>
         </div>
 
         

Modified: websites/production/struts/content/docs/plugins.html
==============================================================================
--- websites/production/struts/content/docs/plugins.html (original)
+++ websites/production/struts/content/docs/plugins.html Fri Jul  7 16:46:14 2017
@@ -210,7 +210,7 @@ under the License.
            + TilesResult.class
    + struts-plugin.xml
 </pre>
-</div></div><p>Since the Tiles Plugin does need to register configuration elements, a result class, it provides a <code>struts-plugin.xml</code> file.</p><h2 id="Plugins-PluginRegistry">Plugin Registry</h2><p><img class="emoticon emoticon-tick" src="https://cwiki.apache.org/confluence/s/en_GB/5982/f2b47fb3d636c8bc9fd0b11c0ec6d0ae18646be7.1/_/images/icons/emoticons/check.png" data-emoticon-name="tick" alt="(tick)"> For a list of bundled plugins, see the <a shape="rect" href="plugin-developers-guide.html">Plugin Reference Documentation</a>. For more about bundled and third-party plugins, visit the <a shape="rect" class="external-link" href="http://cwiki.apache.org/S2PLUGINS/home.html">Apache Struts Plugin Registry</a>.</p><h2 id="Plugins-Backto">Back to <a shape="rect" href="home.html">Home</a></h2></div>
+</div></div><p>Since the Tiles Plugin does need to register configuration elements, a result class, it provides a <code>struts-plugin.xml</code> file.</p><h2 id="Plugins-PluginRegistry">Plugin Registry</h2><p><img class="emoticon emoticon-tick" src="https://cwiki.apache.org/confluence/s/en_GB/5997/6f42626d00e36f53fe51440403446ca61552e2a2.1/_/images/icons/emoticons/check.png" data-emoticon-name="tick" alt="(tick)"> For a list of bundled plugins, see the <a shape="rect" href="plugin-developers-guide.html">Plugin Reference Documentation</a>. For more about bundled and third-party plugins, visit the <a shape="rect" class="external-link" href="http://cwiki.apache.org/S2PLUGINS/home.html">Apache Struts Plugin Registry</a>.</p><h2 id="Plugins-Backto">Back to <a shape="rect" href="home.html">Home</a></h2></div>
         </div>
 
         

Added: websites/production/struts/content/docs/s2-048.html
==============================================================================
--- websites/production/struts/content/docs/s2-048.html (added)
+++ websites/production/struts/content/docs/s2-048.html Fri Jul  7 16:46:14 2017
@@ -0,0 +1,156 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<!-- 
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied.  See the License for the
+specific language governing permissions and limitations
+under the License. 
+-->
+<html>
+<head>
+    <link type="text/css" rel="stylesheet" href="https://struts.apache.org/css/default.css">
+    <style type="text/css">
+        .dp-highlighter {
+            width:95% !important;
+        }
+    </style>
+    <style type="text/css">
+        .footer {
+            background-image:      url('https://cwiki.apache.org/confluence/images/border/border_bottom.gif');
+            background-repeat:     repeat-x;
+            background-position:   left top;
+            padding-top:           4px;
+            color:                 #666;
+        }
+    </style>
+    <link href='https://struts.apache.org/highlighter/style/shCoreStruts.css' rel='stylesheet' type='text/css' />
+    <link href='https://struts.apache.org/highlighter/style/shThemeStruts.css' rel='stylesheet' type='text/css' />
+    <script src='https://struts.apache.org/highlighter/js/shCore.js' type='text/javascript'></script>
+    <script src='https://struts.apache.org/highlighter/js/shBrushPlain.js' type='text/javascript'></script>
+    <script src='https://struts.apache.org/highlighter/js/shBrushXml.js' type='text/javascript'></script>
+    <script src='https://struts.apache.org/highlighter/js/shBrushJava.js' type='text/javascript'></script>
+    <script src='https://struts.apache.org/highlighter/js/shBrushJScript.js' type='text/javascript'></script>
+    <script src='https://struts.apache.org/highlighter/js/shBrushGroovy.js' type='text/javascript'></script>
+    <script src='https://struts.apache.org/highlighter/js/shBrushBash.js' type='text/javascript'></script>
+    <script src='https://struts.apache.org/highlighter/js/shBrushCss.js' type='text/javascript'></script>
+    <script type="text/javascript">
+        SyntaxHighlighter.defaults['toolbar'] = false;
+        SyntaxHighlighter.all();
+    </script>
+    <script type="text/javascript" language="javascript">
+        var hide = null;
+        var show = null;
+        var children = null;
+
+        function init() {
+            /* Search form initialization */
+            var form = document.forms['search'];
+            if (form != null) {
+                form.elements['domains'].value = location.hostname;
+                form.elements['sitesearch'].value = location.hostname;
+            }
+
+            /* Children initialization */
+            hide = document.getElementById('hide');
+            show = document.getElementById('show');
+            children = document.all != null ?
+                    document.all['children'] :
+                    document.getElementById('children');
+            if (children != null) {
+                children.style.display = 'none';
+                show.style.display = 'inline';
+                hide.style.display = 'none';
+            }
+        }
+
+        function showChildren() {
+            children.style.display = 'block';
+            show.style.display = 'none';
+            hide.style.display = 'inline';
+        }
+
+        function hideChildren() {
+            children.style.display = 'none';
+            show.style.display = 'inline';
+            hide.style.display = 'none';
+        }
+    </script>
+    <title>S2-048</title>
+</head>
+<body onload="init()">
+<table border="0" cellpadding="2" cellspacing="0" width="100%">
+    <tr class="topBar">
+        <td align="left" valign="middle" class="topBarDiv" align="left" nowrap>
+            &nbsp;<a href="home.html">Home</a>&nbsp;&gt;&nbsp;<a href="security-bulletins.html">Security Bulletins</a>&nbsp;&gt;&nbsp;<a href="s2-048.html">S2-048</a>
+        </td>
+        <td align="right" valign="middle" nowrap>
+            <form name="search" action="https://www.google.com/search" method="get">
+                <input type="hidden" name="ie" value="UTF-8" />
+                <input type="hidden" name="oe" value="UTF-8" />
+                <input type="hidden" name="domains" value="" />
+                <input type="hidden" name="sitesearch" value="" />
+                <input type="text" name="q" maxlength="255" value="" />
+                <input type="submit" name="btnG" value="Google Search" />
+            </form>
+        </td>
+    </tr>
+</table>
+
+<div id="PageContent">
+    <div class="pageheader" style="padding: 6px 0px 0px 0px;">
+        <!-- We'll enable this once we figure out how to access (and save) the logo resource -->
+        <!--img src="/wiki/images/confluence_logo.gif" style="float: left; margin: 4px 4px 4px 10px;" border="0"-->
+        <div style="margin: 0px 10px 0px 10px" class="smalltext">Apache Struts 2 Documentation</div>
+        <div style="margin: 0px 10px 8px 10px"  class="pagetitle">S2-048</div>
+
+        <div class="greynavbar" align="right" style="padding: 2px 10px; margin: 0px;">
+            <a href="https://cwiki.apache.org/confluence/pages/editpage.action?pageId=71013972">
+                <img src="https://cwiki.apache.org/confluence/images/icons/notep_16.gif"
+                     height="16" width="16" border="0" align="absmiddle" title="Edit Page"></a>
+            <a href="https://cwiki.apache.org/confluence/pages/editpage.action?pageId=71013972">Edit Page</a>
+            &nbsp;
+            <a href="https://cwiki.apache.org/confluence/pages/listpages.action?key=WW">
+                <img src="https://cwiki.apache.org/confluence/images/icons/browse_space.gif"
+                     height="16" width="16" border="0" align="absmiddle" title="Browse Space"></a>
+            <a href="https://cwiki.apache.org/confluence/pages/listpages.action?key=WW">Browse Space</a>
+            &nbsp;
+            <a href="https://cwiki.apache.org/confluence/pages/createpage.action?spaceKey=WW&fromPageId=71013972">
+                <img src="https://cwiki.apache.org/confluence/images/icons/add_page_16.gif"
+                     height="16" width="16" border="0" align="absmiddle" title="Add Page"></a>
+            <a href="https://cwiki.apache.org/confluence/pages/createpage.action?spaceKey=WW&fromPageId=71013972">Add Page</a>
+            &nbsp;
+            <a href="https://cwiki.apache.org/confluence/pages/createblogpost.action?spaceKey=WW&fromPageId=71013972">
+                <img src="https://cwiki.apache.org/confluence/images/icons/add_blogentry_16.gif"
+                     height="16" width="16" border="0" align="absmiddle" title="Add News"></a>
+            <a href="https://cwiki.apache.org/confluence/pages/createblogpost.action?spaceKey=WW&fromPageId=71013972">Add News</a>
+        </div>
+    </div>
+
+    <div class="pagecontent">
+        <div class="wiki-content">
+            <div id="ConfluenceContent"><h2 id="S2-048-Summary">Summary</h2>Possible RCE in the Struts Showcase app in the Struts 1 plugin example in Struts 2.3.x series<div class="table-wrap"><table class="confluenceTable"><tbody><tr><th colspan="1" rowspan="1" class="confluenceTh"><p>Who should read this</p></th><td colspan="1" rowspan="1" class="confluenceTd"><p>All Struts 2 developers and users should read this</p></td></tr><tr><th colspan="1" rowspan="1" class="confluenceTh"><p>Impact of vulnerability</p></th><td colspan="1" rowspan="1" class="confluenceTd"><p>Possible RCE when using the Struts 2 Struts 1 plugin</p></td></tr><tr><th colspan="1" rowspan="1" class="confluenceTh"><p>Maximum security rating</p></th><td colspan="1" rowspan="1" class="confluenceTd"><p>High</p></td></tr><tr><th colspan="1" rowspan="1" class="confluenceTh"><p>Recommendation</p></th><td colspan="1" rowspan="1" class="confluenceTd"><p>Please read the Solution section</p></td></tr><tr><th colspan="1" rows
 pan="1" class="confluenceTh"><p>Affected Software</p></th><td colspan="1" rowspan="1" class="confluenceTd"><p>Struts 2.3.x with Struts 1 plugin and Struts 1 action</p></td></tr><tr><th colspan="1" rowspan="1" class="confluenceTh"><p>Reporter</p></th><td colspan="1" rowspan="1" class="confluenceTd"><p>icez &lt;ic3z at qq dot com&gt; from Tophant Competence Center</p></td></tr><tr><th colspan="1" rowspan="1" class="confluenceTh"><p>CVE Identifier</p></th><td colspan="1" rowspan="1" class="confluenceTd"><p>CVE-2017-9791</p></td></tr></tbody></table></div><h2 id="S2-048-Problem">Problem</h2><p>It is possible to perform a RCE attack with a malicious field value when using the Struts 2 Struts 1 plugin and it's a Struts 1 action and the value is a part of a message presented to the user, i.e. when using untrusted input as a part of the error message in the&#160;<code>ActionMessage&#160;</code>class.</p><h2 id="S2-048-Solution">Solution</h2><p>Always use resource keys instead of passing a r
 aw message to the <code>ActionMessage&#160;</code>as shown below, never pass a raw value directly</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
+<pre class="brush: java; gutter: false; theme: Default" style="font-size:12px;">messages.add("msg", new ActionMessage("struts1.gangsterAdded", gform.getName()));</pre>
+</div></div><p>and never like this</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
+<pre class="brush: java; gutter: false; theme: Default" style="font-size:12px;">messages.add("msg", new ActionMessage("Gangster " + gform.getName() + " was added"));</pre>
+</div></div><h2 id="S2-048-Backwardcompatibility">Backward compatibility</h2><p>No backward incompatibility issues are expected.</p><p>&#160;</p></div>
+        </div>
+
+        
+    </div>
+</div>
+<div class="footer">
+    Generated by CXF SiteExporter
+</div>
+</body>
+</html>

Modified: websites/production/struts/content/docs/security-bulletins.html
==============================================================================
--- websites/production/struts/content/docs/security-bulletins.html (original)
+++ websites/production/struts/content/docs/security-bulletins.html Fri Jul  7 16:46:14 2017
@@ -18,20 +18,21 @@ specific language governing permissions
 under the License. 
 -->
 <html>
+
 <head>
     <link type="text/css" rel="stylesheet" href="https://struts.apache.org/css/default.css">
     <style type="text/css">
         .dp-highlighter {
-            width:95% !important;
+            width: 95% !important;
         }
     </style>
     <style type="text/css">
         .footer {
-            background-image:      url('https://cwiki.apache.org/confluence/images/border/border_bottom.gif');
-            background-repeat:     repeat-x;
-            background-position:   left top;
-            padding-top:           4px;
-            color:                 #666;
+            background-image: url('https://cwiki.apache.org/confluence/images/border/border_bottom.gif');
+            background-repeat: repeat-x;
+            background-position: left top;
+            padding-top: 4px;
+            color: #666;
         }
     </style>
     <script type="text/javascript" language="javascript">
@@ -51,8 +52,8 @@ under the License.
             hide = document.getElementById('hide');
             show = document.getElementById('show');
             children = document.all != null ?
-                    document.all['children'] :
-                    document.getElementById('children');
+                document.all['children'] :
+                document.getElementById('children');
             if (children != null) {
                 children.style.display = 'none';
                 show.style.display = 'inline';
@@ -74,213 +75,223 @@ under the License.
     </script>
     <title>Security Bulletins</title>
 </head>
+
 <body onload="init()">
-<table border="0" cellpadding="2" cellspacing="0" width="100%">
-    <tr class="topBar">
-        <td align="left" valign="middle" class="topBarDiv" align="left" nowrap>
-            &nbsp;<a href="home.html">Home</a>&nbsp;&gt;&nbsp;<a href="security-bulletins.html">Security Bulletins</a>
-        </td>
-        <td align="right" valign="middle" nowrap>
-            <form name="search" action="https://www.google.com/search" method="get">
-                <input type="hidden" name="ie" value="UTF-8" />
-                <input type="hidden" name="oe" value="UTF-8" />
-                <input type="hidden" name="domains" value="" />
-                <input type="hidden" name="sitesearch" value="" />
-                <input type="text" name="q" maxlength="255" value="" />
-                <input type="submit" name="btnG" value="Google Search" />
-            </form>
-        </td>
-    </tr>
-</table>
-
-<div id="PageContent">
-    <div class="pageheader" style="padding: 6px 0px 0px 0px;">
-        <!-- We'll enable this once we figure out how to access (and save) the logo resource -->
-        <!--img src="/wiki/images/confluence_logo.gif" style="float: left; margin: 4px 4px 4px 10px;" border="0"-->
-        <div style="margin: 0px 10px 0px 10px" class="smalltext">Apache Struts 2 Documentation</div>
-        <div style="margin: 0px 10px 8px 10px"  class="pagetitle">Security Bulletins</div>
+    <table border="0" cellpadding="2" cellspacing="0" width="100%">
+        <tr class="topBar">
+            <td align="left" valign="middle" class="topBarDiv" align="left" nowrap>
+                &nbsp;<a href="home.html">Home</a>&nbsp;&gt;&nbsp;<a href="security-bulletins.html">Security Bulletins</a>
+            </td>
+            <td align="right" valign="middle" nowrap>
+                <form name="search" action="https://www.google.com/search" method="get">
+                    <input type="hidden" name="ie" value="UTF-8" />
+                    <input type="hidden" name="oe" value="UTF-8" />
+                    <input type="hidden" name="domains" value="" />
+                    <input type="hidden" name="sitesearch" value="" />
+                    <input type="text" name="q" maxlength="255" value="" />
+                    <input type="submit" name="btnG" value="Google Search" />
+                </form>
+            </td>
+        </tr>
+    </table>
+
+    <div id="PageContent">
+        <div class="pageheader" style="padding: 6px 0px 0px 0px;">
+            <!-- We'll enable this once we figure out how to access (and save) the logo resource -->
+            <!--img src="/wiki/images/confluence_logo.gif" style="float: left; margin: 4px 4px 4px 10px;" border="0"-->
+            <div style="margin: 0px 10px 0px 10px" class="smalltext">Apache Struts 2 Documentation</div>
+            <div style="margin: 0px 10px 8px 10px" class="pagetitle">Security Bulletins</div>
 
-        <div class="greynavbar" align="right" style="padding: 2px 10px; margin: 0px;">
-            <a href="https://cwiki.apache.org/confluence/pages/editpage.action?pageId=61758">
+            <div class="greynavbar" align="right" style="padding: 2px 10px; margin: 0px;">
+                <a href="https://cwiki.apache.org/confluence/pages/editpage.action?pageId=61758">
                 <img src="https://cwiki.apache.org/confluence/images/icons/notep_16.gif"
                      height="16" width="16" border="0" align="absmiddle" title="Edit Page"></a>
-            <a href="https://cwiki.apache.org/confluence/pages/editpage.action?pageId=61758">Edit Page</a>
-            &nbsp;
-            <a href="https://cwiki.apache.org/confluence/pages/listpages.action?key=WW">
+                <a href="https://cwiki.apache.org/confluence/pages/editpage.action?pageId=61758">Edit Page</a> &nbsp;
+                <a href="https://cwiki.apache.org/confluence/pages/listpages.action?key=WW">
                 <img src="https://cwiki.apache.org/confluence/images/icons/browse_space.gif"
                      height="16" width="16" border="0" align="absmiddle" title="Browse Space"></a>
-            <a href="https://cwiki.apache.org/confluence/pages/listpages.action?key=WW">Browse Space</a>
-            &nbsp;
-            <a href="https://cwiki.apache.org/confluence/pages/createpage.action?spaceKey=WW&fromPageId=61758">
+                <a href="https://cwiki.apache.org/confluence/pages/listpages.action?key=WW">Browse Space</a> &nbsp;
+                <a href="https://cwiki.apache.org/confluence/pages/createpage.action?spaceKey=WW&fromPageId=61758">
                 <img src="https://cwiki.apache.org/confluence/images/icons/add_page_16.gif"
                      height="16" width="16" border="0" align="absmiddle" title="Add Page"></a>
-            <a href="https://cwiki.apache.org/confluence/pages/createpage.action?spaceKey=WW&fromPageId=61758">Add Page</a>
-            &nbsp;
-            <a href="https://cwiki.apache.org/confluence/pages/createblogpost.action?spaceKey=WW&fromPageId=61758">
+                <a href="https://cwiki.apache.org/confluence/pages/createpage.action?spaceKey=WW&fromPageId=61758">Add Page</a>                &nbsp;
+                <a href="https://cwiki.apache.org/confluence/pages/createblogpost.action?spaceKey=WW&fromPageId=61758">
                 <img src="https://cwiki.apache.org/confluence/images/icons/add_blogentry_16.gif"
                      height="16" width="16" border="0" align="absmiddle" title="Add News"></a>
-            <a href="https://cwiki.apache.org/confluence/pages/createblogpost.action?spaceKey=WW&fromPageId=61758">Add News</a>
+                <a href="https://cwiki.apache.org/confluence/pages/createblogpost.action?spaceKey=WW&fromPageId=61758">Add News</a>
+            </div>
         </div>
-    </div>
 
-    <div class="pagecontent">
-        <div class="wiki-content">
-            <div id="ConfluenceContent"><p>The following security bulletins are available:</p>
-<ul class="childpages-macro"><li><a shape="rect" href="s2-001.html">S2-001</a> &#8212; <span class="smalltext">Remote code exploit on form validation error</span></li><li><a shape="rect" href="s2-002.html">S2-002</a> &#8212; <span class="smalltext">Cross site scripting (XSS) vulnerability on &lt;s:url&gt; and &lt;s:a&gt; tags</span></li><li><a shape="rect" href="s2-003.html">S2-003</a> &#8212; <span class="smalltext">XWork ParameterInterceptors bypass allows OGNL statement execution</span></li><li><a shape="rect" href="s2-004.html">S2-004</a> &#8212; <span class="smalltext">Directory traversal vulnerability while serving static content</span></li><li><a shape="rect" href="s2-005.html">S2-005</a> &#8212; <span class="smalltext">XWork ParameterInterceptors bypass allows remote command execution</span></li><li><a shape="rect" href="s2-006.html">S2-006</a> &#8212; <span class="smalltext">Multiple Cross-Site Scripting (XSS) in XWork generated error pages</span></li><li><a shape="rect" hr
 ef="s2-007.html">S2-007</a> &#8212; <span class="smalltext">User input is evaluated as an OGNL expression when there's a conversion error</span></li><li><a shape="rect" href="s2-008.html">S2-008</a> &#8212; <span class="smalltext">Multiple critical vulnerabilities in Struts2</span></li><li><a shape="rect" href="s2-009.html">S2-009</a> &#8212; <span class="smalltext">ParameterInterceptor vulnerability allows remote command execution</span></li><li><a shape="rect" href="s2-010.html">S2-010</a> &#8212; <span class="smalltext">When using Struts 2 token mechanism for CSRF protection, token check may be bypassed by misusing known session attributes</span></li><li><a shape="rect" href="s2-011.html">S2-011</a> &#8212; <span class="smalltext">Long request parameter names might significantly promote the effectiveness of DOS attacks</span></li><li><a shape="rect" href="s2-012.html">S2-012</a> &#8212; <span class="smalltext">Showcase app vulnerability allows remote command execution</span></li>
 <li><a shape="rect" href="s2-013.html">S2-013</a> &#8212; <span class="smalltext">A vulnerability, present in the includeParams attribute of the URL and Anchor Tag, allows remote command execution</span></li><li><a shape="rect" href="s2-014.html">S2-014</a> &#8212; <span class="smalltext">A vulnerability introduced by forcing parameter inclusion in the URL and Anchor Tag allows remote command execution, session access and manipulation and XSS attacks</span></li><li><a shape="rect" href="s2-015.html">S2-015</a> &#8212; <span class="smalltext">A vulnerability introduced by wildcard matching mechanism or double evaluation of OGNL Expression allows remote command execution.</span></li><li><a shape="rect" href="s2-016.html">S2-016</a> &#8212; <span class="smalltext">A vulnerability introduced by manipulating parameters prefixed with "action:"/"redirect:"/"redirectAction:" allows remote command execution</span></li><li><a shape="rect" href="s2-017.html">S2-017</a> &#8212; <span class="sma
 lltext">A vulnerability introduced by manipulating parameters prefixed with "redirect:"/"redirectAction:" allows for open redirects</span></li><li><a shape="rect" href="s2-018.html">S2-018</a> &#8212; <span class="smalltext">Broken Access Control Vulnerability in Apache Struts2</span></li><li><a shape="rect" href="s2-019.html">S2-019</a> &#8212; <span class="smalltext">Dynamic Method Invocation disabled by default</span></li><li><a shape="rect" href="s2-020.html">S2-020</a> &#8212; <span class="smalltext">Upgrade Commons FileUpload to version 1.3.1 (avoids DoS attacks) and adds 'class' to exclude params in ParametersInterceptor (avoid ClassLoader manipulation)</span></li><li><a shape="rect" href="s2-021.html">S2-021</a> &#8212; <span class="smalltext">Improves excluded params in ParametersInterceptor and CookieInterceptor to avoid ClassLoader manipulation</span></li><li><a shape="rect" href="s2-022.html">S2-022</a> &#8212; <span class="smalltext">Extends excluded params in CookieInt
 erceptor to avoid manipulation of Struts' internals</span></li><li><a shape="rect" href="s2-023.html">S2-023</a> &#8212; <span class="smalltext">Generated value of token can be predictable</span></li><li><a shape="rect" href="s2-024.html">S2-024</a> &#8212; <span class="smalltext">Wrong excludeParams overrides those defined in DefaultExcludedPatternsChecker</span></li><li><a shape="rect" href="s2-025.html">S2-025</a> &#8212; <span class="smalltext">Cross-Site Scripting Vulnerability in Debug Mode and in exposed JSP files</span></li><li><a shape="rect" href="s2-026.html">S2-026</a> &#8212; <span class="smalltext">Special top object can be used to access Struts' internals</span></li><li><a shape="rect" href="s2-027.html">S2-027</a> &#8212; <span class="smalltext">TextParseUtil.translateVariables does not filter malicious OGNL expressions</span></li><li><a shape="rect" href="s2-028.html">S2-028</a> &#8212; <span class="smalltext">Use of a JRE with broken URLDecoder implementation may l
 ead to XSS vulnerability in Struts 2 based web applications.</span></li><li><a shape="rect" href="s2-029.html">S2-029</a> &#8212; <span class="smalltext">Forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution.</span></li><li><a shape="rect" href="s2-030.html">S2-030</a> &#8212; <span class="smalltext">Possible XSS vulnerability in I18NInterceptor</span></li><li><a shape="rect" href="s2-031.html">S2-031</a> &#8212; <span class="smalltext">XSLTResult can be used to parse arbitrary stylesheet</span></li><li><a shape="rect" href="s2-032.html">S2-032</a> &#8212; <span class="smalltext">Remote Code Execution can be performed via method: prefix when Dynamic Method Invocation is enabled.</span></li><li><a shape="rect" href="s2-033.html">S2-033</a> &#8212; <span class="smalltext">Remote Code Execution can be performed when using REST Plugin with ! operator when Dynamic Method Invocation is enabled.</span></li><li><a shape="rect" h
 ref="s2-034.html">S2-034</a> &#8212; <span class="smalltext">OGNL cache poisoning can lead to DoS vulnerability</span></li><li><a shape="rect" href="s2-035.html">S2-035</a> &#8212; <span class="smalltext">Action name clean up is error prone</span></li><li><a shape="rect" href="s2-036.html">S2-036</a> &#8212; <span class="smalltext">Forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution (similar to S2-029)</span></li><li><a shape="rect" href="s2-037.html">S2-037</a> &#8212; <span class="smalltext">Remote Code Execution can be performed when using REST Plugin.</span></li><li><a shape="rect" href="s2-038.html">S2-038</a> &#8212; <span class="smalltext">It is possible to bypass token validation and perform a CSRF attack</span></li><li><a shape="rect" href="s2-039.html">S2-039</a> &#8212; <span class="smalltext">Getter as action method leads to security bypass</span></li><li><a shape="rect" href="s2-040.html">S2-040</a> &#8212
 ; <span class="smalltext">Input validation bypass using existing default action method.</span></li><li><a shape="rect" href="s2-041.html">S2-041</a> &#8212; <span class="smalltext">Possible DoS attack when using URLValidator</span></li><li><a shape="rect" href="s2-042.html">S2-042</a> &#8212; <span class="smalltext">Possible path traversal in the Convention plugin</span></li><li><a shape="rect" href="s2-043.html">S2-043</a> &#8212; <span class="smalltext">Using the Config Browser plugin in production</span></li><li><a shape="rect" href="s2-044.html">S2-044</a> &#8212; <span class="smalltext">Possible DoS attack when using URLValidator</span></li><li><a shape="rect" href="s2-045.html">S2-045</a> &#8212; <span class="smalltext">Possible Remote Code Execution when performing file upload based on Jakarta Multipart parser.</span></li><li><a shape="rect" href="s2-046.html">S2-046</a> &#8212; <span class="smalltext">Possible RCE when performing file upload based on Jakarta Multipart parser
  (similar to S2-045)</span></li></ul></div>
-        </div>
+        <div class="pagecontent">
+            <div class="wiki-content">
+                <div id="ConfluenceContent">
+                    <p>The following security bulletins are available:</p>
+                    <ul class="childpages-macro">
+                        <li><a shape="rect" href="s2-001.html">S2-001</a> &#8212; <span class="smalltext">Remote code exploit on form validation error</span></li>
+                        <li><a shape="rect" href="s2-002.html">S2-002</a> &#8212; <span class="smalltext">Cross site scripting (XSS) vulnerability on &lt;s:url&gt; and &lt;s:a&gt; tags</span></li>
+                        <li><a shape="rect" href="s2-003.html">S2-003</a> &#8212; <span class="smalltext">XWork ParameterInterceptors bypass allows OGNL statement execution</span></li>
+                        <li><a shape="rect" href="s2-004.html">S2-004</a> &#8212; <span class="smalltext">Directory traversal vulnerability while serving static content</span></li>
+                        <li><a shape="rect" href="s2-005.html">S2-005</a> &#8212; <span class="smalltext">XWork ParameterInterceptors bypass allows remote command execution</span></li>
+                        <li><a shape="rect" href="s2-006.html">S2-006</a> &#8212; <span class="smalltext">Multiple Cross-Site Scripting (XSS) in XWork generated error pages</span></li>
+                        <li><a shape="rect" href="s2-007.html">S2-007</a> &#8212; <span class="smalltext">User input is evaluated as an OGNL expression when there's a conversion error</span></li>
+                        <li><a shape="rect" href="s2-008.html">S2-008</a> &#8212; <span class="smalltext">Multiple critical vulnerabilities in Struts2</span></li>
+                        <li><a shape="rect" href="s2-009.html">S2-009</a> &#8212; <span class="smalltext">ParameterInterceptor vulnerability allows remote command execution</span></li>
+                        <li><a shape="rect" href="s2-010.html">S2-010</a> &#8212; <span class="smalltext">When using Struts 2 token mechanism for CSRF protection, token check may be bypassed by misusing known session attributes</span></li>
+                        <li><a shape="rect" href="s2-011.html">S2-011</a> &#8212; <span class="smalltext">Long request parameter names might significantly promote the effectiveness of DOS attacks</span></li>
+                        <li><a shape="rect" href="s2-012.html">S2-012</a> &#8212; <span class="smalltext">Showcase app vulnerability allows remote command execution</span></li>
+                        <li><a shape="rect" href="s2-013.html">S2-013</a> &#8212; <span class="smalltext">A vulnerability, present in the includeParams attribute of the URL and Anchor Tag, allows remote command execution</span></li>
+                        <li><a shape="rect" href="s2-014.html">S2-014</a> &#8212; <span class="smalltext">A vulnerability introduced by forcing parameter inclusion in the URL and Anchor Tag allows remote command execution, session access and manipulation and XSS attacks</span></li>
+                        <li><a shape="rect" href="s2-015.html">S2-015</a> &#8212; <span class="smalltext">A vulnerability introduced by wildcard matching mechanism or double evaluation of OGNL Expression allows remote command execution.</span></li>
+                        <li><a shape="rect" href="s2-016.html">S2-016</a> &#8212; <span class="smalltext">A vulnerability introduced by manipulating parameters prefixed with "action:"/"redirect:"/"redirectAction:" allows remote command execution</span></li>
+                        <li><a shape="rect" href="s2-017.html">S2-017</a> &#8212; <span class="smalltext">A vulnerability introduced by manipulating parameters prefixed with "redirect:"/"redirectAction:" allows for open redirects</span></li>
+                        <li><a shape="rect" href="s2-018.html">S2-018</a> &#8212; <span class="smalltext">Broken Access Control Vulnerability in Apache Struts2</span></li>
+                        <li><a shape="rect" href="s2-019.html">S2-019</a> &#8212; <span class="smalltext">Dynamic Method Invocation disabled by default</span></li>
+                        <li><a shape="rect" href="s2-020.html">S2-020</a> &#8212; <span class="smalltext">Upgrade Commons FileUpload to version 1.3.1 (avoids DoS attacks) and adds 'class' to exclude params in ParametersInterceptor (avoid ClassLoader manipulation)</span></li>
+                        <li><a shape="rect" href="s2-021.html">S2-021</a> &#8212; <span class="smalltext">Improves excluded params in ParametersInterceptor and CookieInterceptor to avoid ClassLoader manipulation</span></li>
+                        <li><a shape="rect" href="s2-022.html">S2-022</a> &#8212; <span class="smalltext">Extends excluded params in CookieInterceptor to avoid manipulation of Struts' internals</span></li>
+                        <li><a shape="rect" href="s2-023.html">S2-023</a> &#8212; <span class="smalltext">Generated value of token can be predictable</span></li>
+                        <li><a shape="rect" href="s2-024.html">S2-024</a> &#8212; <span class="smalltext">Wrong excludeParams overrides those defined in DefaultExcludedPatternsChecker</span></li>
+                        <li><a shape="rect" href="s2-025.html">S2-025</a> &#8212; <span class="smalltext">Cross-Site Scripting Vulnerability in Debug Mode and in exposed JSP files</span></li>
+                        <li><a shape="rect" href="s2-026.html">S2-026</a> &#8212; <span class="smalltext">Special top object can be used to access Struts' internals</span></li>
+                        <li><a shape="rect" href="s2-027.html">S2-027</a> &#8212; <span class="smalltext">TextParseUtil.translateVariables does not filter malicious OGNL expressions</span></li>
+                        <li><a shape="rect" href="s2-028.html">S2-028</a> &#8212; <span class="smalltext">Use of a JRE with broken URLDecoder implementation may lead to XSS vulnerability in Struts 2 based web applications.</span></li>
+                        <li><a shape="rect" href="s2-029.html">S2-029</a> &#8212; <span class="smalltext">Forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution.</span></li>
+                        <li><a shape="rect" href="s2-030.html">S2-030</a> &#8212; <span class="smalltext">Possible XSS vulnerability in I18NInterceptor</span></li>
+                        <li><a shape="rect" href="s2-031.html">S2-031</a> &#8212; <span class="smalltext">XSLTResult can be used to parse arbitrary stylesheet</span></li>
+                        <li><a shape="rect" href="s2-032.html">S2-032</a> &#8212; <span class="smalltext">Remote Code Execution can be performed via method: prefix when Dynamic Method Invocation is enabled.</span></li>
+                        <li><a shape="rect" href="s2-033.html">S2-033</a> &#8212; <span class="smalltext">Remote Code Execution can be performed when using REST Plugin with ! operator when Dynamic Method Invocation is enabled.</span></li>
+                        <li><a shape="rect" href="s2-034.html">S2-034</a> &#8212; <span class="smalltext">OGNL cache poisoning can lead to DoS vulnerability</span></li>
+                        <li><a shape="rect" href="s2-035.html">S2-035</a> &#8212; <span class="smalltext">Action name clean up is error prone</span></li>
+                        <li><a shape="rect" href="s2-036.html">S2-036</a> &#8212; <span class="smalltext">Forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution (similar to S2-029)</span></li>
+                        <li><a shape="rect" href="s2-037.html">S2-037</a> &#8212; <span class="smalltext">Remote Code Execution can be performed when using REST Plugin.</span></li>
+                        <li><a shape="rect" href="s2-038.html">S2-038</a> &#8212; <span class="smalltext">It is possible to bypass token validation and perform a CSRF attack</span></li>
+                        <li><a shape="rect" href="s2-039.html">S2-039</a> &#8212; <span class="smalltext">Getter as action method leads to security bypass</span></li>
+                        <li><a shape="rect" href="s2-040.html">S2-040</a> &#8212; <span class="smalltext">Input validation bypass using existing default action method.</span></li>
+                        <li><a shape="rect" href="s2-041.html">S2-041</a> &#8212; <span class="smalltext">Possible DoS attack when using URLValidator</span></li>
+                        <li><a shape="rect" href="s2-042.html">S2-042</a> &#8212; <span class="smalltext">Possible path traversal in the Convention plugin</span></li>
+                        <li><a shape="rect" href="s2-043.html">S2-043</a> &#8212; <span class="smalltext">Using the Config Browser plugin in production</span></li>
+                        <li><a shape="rect" href="s2-044.html">S2-044</a> &#8212; <span class="smalltext">Possible DoS attack when using URLValidator</span></li>
+                        <li><a shape="rect" href="s2-045.html">S2-045</a> &#8212; <span class="smalltext">Possible Remote Code Execution when performing file upload based on Jakarta Multipart parser.</span></li>
+                        <li><a shape="rect" href="s2-046.html">S2-046</a> &#8212; <span class="smalltext">Possible RCE when performing file upload based on Jakarta Multipart parser (similar to S2-045)</span></li>                        
+                        <li><a shape="rect" href="s2-048.html">S2-048</a> &#8212; <span class="smalltext">Possible RCE in the Struts Showcase app in the Struts 1 plugin example in Struts 2.3.x series</span></li>
+                    </ul>
+                </div>
+            </div>
 
-                    <div class="tabletitle">
+            <div class="tabletitle">
                 Children
-            <span class="smalltext" id="show" style="display: inline;">
+                <span class="smalltext" id="show" style="display: inline;">
               <a href="javascript:showChildren()">Show Children</a></span>
-            <span class="smalltext" id="hide" style="display: none;">
+                <span class="smalltext" id="hide" style="display: none;">
               <a href="javascript:hideChildren()">Hide Children</a></span>
             </div>
             <div class="greybox" id="children" style="display: none;">
-                                                    $page.link($child)
-                    <span class="smalltext">(Apache Struts 2 Documentation)</span>
-                    <br>
-                                    $page.link($child)
-                    <span class="smalltext">(Apache Struts 2 Documentation)</span>
-                    <br>
-                                    $page.link($child)
-                    <span class="smalltext">(Apache Struts 2 Documentation)</span>
-                    <br>
-                                    $page.link($child)
-                    <span class="smalltext">(Apache Struts 2 Documentation)</span>
-                    <br>
-                                    $page.link($child)
-                    <span class="smalltext">(Apache Struts 2 Documentation)</span>
-                    <br>
-                                    $page.link($child)
-                    <span class="smalltext">(Apache Struts 2 Documentation)</span>
-                    <br>
-                                    $page.link($child)
-                    <span class="smalltext">(Apache Struts 2 Documentation)</span>
-                    <br>
-                                    $page.link($child)
-                    <span class="smalltext">(Apache Struts 2 Documentation)</span>
-                    <br>
-                                    $page.link($child)
-                    <span class="smalltext">(Apache Struts 2 Documentation)</span>
-                    <br>
-                                    $page.link($child)
-                    <span class="smalltext">(Apache Struts 2 Documentation)</span>
-                    <br>
-                                    $page.link($child)
-                    <span class="smalltext">(Apache Struts 2 Documentation)</span>
-                    <br>
-                                    $page.link($child)
-                    <span class="smalltext">(Apache Struts 2 Documentation)</span>
-                    <br>
-                                    $page.link($child)
-                    <span class="smalltext">(Apache Struts 2 Documentation)</span>
-                    <br>
-                                    $page.link($child)
-                    <span class="smalltext">(Apache Struts 2 Documentation)</span>
-                    <br>
-                                    $page.link($child)
-                    <span class="smalltext">(Apache Struts 2 Documentation)</span>
-                    <br>
-                                    $page.link($child)
-                    <span class="smalltext">(Apache Struts 2 Documentation)</span>
-                    <br>
-                                    $page.link($child)
-                    <span class="smalltext">(Apache Struts 2 Documentation)</span>
-                    <br>
-                                    $page.link($child)
-                    <span class="smalltext">(Apache Struts 2 Documentation)</span>
-                    <br>
-                                    $page.link($child)
-                    <span class="smalltext">(Apache Struts 2 Documentation)</span>
-                    <br>
-                                    $page.link($child)
-                    <span class="smalltext">(Apache Struts 2 Documentation)</span>
-                    <br>
-                                    $page.link($child)
-                    <span class="smalltext">(Apache Struts 2 Documentation)</span>
-                    <br>
-                                    $page.link($child)
-                    <span class="smalltext">(Apache Struts 2 Documentation)</span>
-                    <br>
-                                    $page.link($child)
-                    <span class="smalltext">(Apache Struts 2 Documentation)</span>
-                    <br>
-                                    $page.link($child)
-                    <span class="smalltext">(Apache Struts 2 Documentation)</span>
-                    <br>
-                                    $page.link($child)
-                    <span class="smalltext">(Apache Struts 2 Documentation)</span>
-                    <br>
-                                    $page.link($child)
-                    <span class="smalltext">(Apache Struts 2 Documentation)</span>
-                    <br>
-                                    $page.link($child)
-                    <span class="smalltext">(Apache Struts 2 Documentation)</span>
-                    <br>
-                                    $page.link($child)
-                    <span class="smalltext">(Apache Struts 2 Documentation)</span>
-                    <br>
-                                    $page.link($child)
-                    <span class="smalltext">(Apache Struts 2 Documentation)</span>
-                    <br>
-                                    $page.link($child)
-                    <span class="smalltext">(Apache Struts 2 Documentation)</span>
-                    <br>
-                                    $page.link($child)
-                    <span class="smalltext">(Apache Struts 2 Documentation)</span>
-                    <br>
-                                    $page.link($child)
-                    <span class="smalltext">(Apache Struts 2 Documentation)</span>
-                    <br>
-                                    $page.link($child)
-                    <span class="smalltext">(Apache Struts 2 Documentation)</span>
-                    <br>
-                                    $page.link($child)
-                    <span class="smalltext">(Apache Struts 2 Documentation)</span>
-                    <br>
-                                    $page.link($child)
-                    <span class="smalltext">(Apache Struts 2 Documentation)</span>
-                    <br>
-                                    $page.link($child)
-                    <span class="smalltext">(Apache Struts 2 Documentation)</span>
-                    <br>
-                                    $page.link($child)
-                    <span class="smalltext">(Apache Struts 2 Documentation)</span>
-                    <br>
-                                    $page.link($child)
-                    <span class="smalltext">(Apache Struts 2 Documentation)</span>
-                    <br>
-                                    $page.link($child)
-                    <span class="smalltext">(Apache Struts 2 Documentation)</span>
-                    <br>
-                                    $page.link($child)
-                    <span class="smalltext">(Apache Struts 2 Documentation)</span>
-                    <br>
-                                    $page.link($child)
-                    <span class="smalltext">(Apache Struts 2 Documentation)</span>
-                    <br>
-                                    $page.link($child)
-                    <span class="smalltext">(Apache Struts 2 Documentation)</span>
-                    <br>
-                                    $page.link($child)
-                    <span class="smalltext">(Apache Struts 2 Documentation)</span>
-                    <br>
-                                    $page.link($child)
-                    <span class="smalltext">(Apache Struts 2 Documentation)</span>
-                    <br>
-                                    $page.link($child)
-                    <span class="smalltext">(Apache Struts 2 Documentation)</span>
-                    <br>
-                                    $page.link($child)
-                    <span class="smalltext">(Apache Struts 2 Documentation)</span>
-                    <br>
-                            </div>
-        
+                $page.link($child)
+                <span class="smalltext">(Apache Struts 2 Documentation)</span>
+                <br> $page.link($child)
+                <span class="smalltext">(Apache Struts 2 Documentation)</span>
+                <br> $page.link($child)
+                <span class="smalltext">(Apache Struts 2 Documentation)</span>
+                <br> $page.link($child)
+                <span class="smalltext">(Apache Struts 2 Documentation)</span>
+                <br> $page.link($child)
+                <span class="smalltext">(Apache Struts 2 Documentation)</span>
+                <br> $page.link($child)
+                <span class="smalltext">(Apache Struts 2 Documentation)</span>
+                <br> $page.link($child)
+                <span class="smalltext">(Apache Struts 2 Documentation)</span>
+                <br> $page.link($child)
+                <span class="smalltext">(Apache Struts 2 Documentation)</span>
+                <br> $page.link($child)
+                <span class="smalltext">(Apache Struts 2 Documentation)</span>
+                <br> $page.link($child)
+                <span class="smalltext">(Apache Struts 2 Documentation)</span>
+                <br> $page.link($child)
+                <span class="smalltext">(Apache Struts 2 Documentation)</span>
+                <br> $page.link($child)
+                <span class="smalltext">(Apache Struts 2 Documentation)</span>
+                <br> $page.link($child)
+                <span class="smalltext">(Apache Struts 2 Documentation)</span>
+                <br> $page.link($child)
+                <span class="smalltext">(Apache Struts 2 Documentation)</span>
+                <br> $page.link($child)
+                <span class="smalltext">(Apache Struts 2 Documentation)</span>
+                <br> $page.link($child)
+                <span class="smalltext">(Apache Struts 2 Documentation)</span>
+                <br> $page.link($child)
+                <span class="smalltext">(Apache Struts 2 Documentation)</span>
+                <br> $page.link($child)
+                <span class="smalltext">(Apache Struts 2 Documentation)</span>
+                <br> $page.link($child)
+                <span class="smalltext">(Apache Struts 2 Documentation)</span>
+                <br> $page.link($child)
+                <span class="smalltext">(Apache Struts 2 Documentation)</span>
+                <br> $page.link($child)
+                <span class="smalltext">(Apache Struts 2 Documentation)</span>
+                <br> $page.link($child)
+                <span class="smalltext">(Apache Struts 2 Documentation)</span>
+                <br> $page.link($child)
+                <span class="smalltext">(Apache Struts 2 Documentation)</span>
+                <br> $page.link($child)
+                <span class="smalltext">(Apache Struts 2 Documentation)</span>
+                <br> $page.link($child)
+                <span class="smalltext">(Apache Struts 2 Documentation)</span>
+                <br> $page.link($child)
+                <span class="smalltext">(Apache Struts 2 Documentation)</span>
+                <br> $page.link($child)
+                <span class="smalltext">(Apache Struts 2 Documentation)</span>
+                <br> $page.link($child)
+                <span class="smalltext">(Apache Struts 2 Documentation)</span>
+                <br> $page.link($child)
+                <span class="smalltext">(Apache Struts 2 Documentation)</span>
+                <br> $page.link($child)
+                <span class="smalltext">(Apache Struts 2 Documentation)</span>
+                <br> $page.link($child)
+                <span class="smalltext">(Apache Struts 2 Documentation)</span>
+                <br> $page.link($child)
+                <span class="smalltext">(Apache Struts 2 Documentation)</span>
+                <br> $page.link($child)
+                <span class="smalltext">(Apache Struts 2 Documentation)</span>
+                <br> $page.link($child)
+                <span class="smalltext">(Apache Struts 2 Documentation)</span>
+                <br> $page.link($child)
+                <span class="smalltext">(Apache Struts 2 Documentation)</span>
+                <br> $page.link($child)
+                <span class="smalltext">(Apache Struts 2 Documentation)</span>
+                <br> $page.link($child)
+                <span class="smalltext">(Apache Struts 2 Documentation)</span>
+                <br> $page.link($child)
+                <span class="smalltext">(Apache Struts 2 Documentation)</span>
+                <br> $page.link($child)
+                <span class="smalltext">(Apache Struts 2 Documentation)</span>
+                <br> $page.link($child)
+                <span class="smalltext">(Apache Struts 2 Documentation)</span>
+                <br> $page.link($child)
+                <span class="smalltext">(Apache Struts 2 Documentation)</span>
+                <br> $page.link($child)
+                <span class="smalltext">(Apache Struts 2 Documentation)</span>
+                <br> $page.link($child)
+                <span class="smalltext">(Apache Struts 2 Documentation)</span>
+                <br> $page.link($child)
+                <span class="smalltext">(Apache Struts 2 Documentation)</span>
+                <br> $page.link($child)
+                <span class="smalltext">(Apache Struts 2 Documentation)</span>
+                <br> $page.link($child)
+                <span class="smalltext">(Apache Struts 2 Documentation)</span>
+                <br> $page.link($child)
+                <span class="smalltext">(Apache Struts 2 Documentation)</span>
+                <br> $page.link($child)
+                <span class="smalltext">(Apache Struts 2 Documentation)</span>
+                <br> $page.link($child)
+                <span class="smalltext">(Apache Struts 2 Documentation)</span>
+                <br>
+            </div>
+
+        </div>
+    </div>
+    <div class="footer">
+        Generated by CXF SiteExporter
     </div>
-</div>
-<div class="footer">
-    Generated by CXF SiteExporter
-</div>
 </body>
-</html>
+
+</html>
\ No newline at end of file

Modified: websites/production/struts/content/docs/security.html
==============================================================================
--- websites/production/struts/content/docs/security.html (original)
+++ websites/production/struts/content/docs/security.html Fri Jul  7 16:46:14 2017
@@ -139,12 +139,12 @@ under the License.
 
     <div class="pagecontent">
         <div class="wiki-content">
-            <div id="ConfluenceContent"><p><style type="text/css">/*<![CDATA[*/
-div.rbtoc1490788003243 {padding: 0px;}
-div.rbtoc1490788003243 ul {list-style: disc;margin-left: 0px;}
-div.rbtoc1490788003243 li {margin-left: 0px;padding-left: 0px;}
+            <div id="ConfluenceContent"><div class="confluence-information-macro confluence-information-macro-warning"><span class="aui-icon aui-icon-small aui-iconfont-error confluence-information-macro-icon"></span><div class="confluence-information-macro-body"><p>THIS PAGE IS DEPRECATED, PLEASE FOLLOW THE LINK TO THE NEW SECURITY GUIDE!</p><p><a shape="rect" class="external-link" href="http://struts.apache.org/security/">http://struts.apache.org/security/</a></p></div></div><p><style type="text/css">/*<![CDATA[*/
+div.rbtoc1499445551353 {padding: 0px;}
+div.rbtoc1499445551353 ul {list-style: disc;margin-left: 0px;}
+div.rbtoc1499445551353 li {margin-left: 0px;padding-left: 0px;}
 
-/*]]>*/</style></p><div class="toc-macro rbtoc1490788003243">
+/*]]>*/</style></p><div class="toc-macro rbtoc1499445551353">
 <ul class="toc-indentation"><li><a shape="rect" href="#Security-Securitytips">Security tips</a>
 <ul class="toc-indentation"><li><a shape="rect" href="#Security-RestrictaccesstotheConfigBrowser">Restrict access to the Config Browser</a></li><li><a shape="rect" href="#Security-Don'tmixdifferentaccesslevelsinthesamenamespace">Don't mix different access levels in the same namespace</a></li><li><a shape="rect" href="#Security-NeverexposeJSPfilesdirectly">Never expose JSP files directly</a></li><li><a shape="rect" href="#Security-DisabledevMode">Disable devMode</a></li><li><a shape="rect" href="#Security-Reducelogginglevel">Reduce logging level</a></li><li><a shape="rect" href="#Security-UseUTF-8encoding">Use UTF-8 encoding</a></li><li><a shape="rect" href="#Security-Donotdefinesetterswhennotneeded">Do not define setters when not needed</a></li><li><a shape="rect" href="#Security-Donotuseincomingvaluesasaninputforlocalisationlogic">Do not use incoming values as an input for localisation logic</a></li></ul>
 </li><li><a shape="rect" href="#Security-Internalsecuritymechanism">Internal security mechanism</a>

Modified: websites/production/struts/content/docs/spring-plugin.html
==============================================================================
--- websites/production/struts/content/docs/spring-plugin.html (original)
+++ websites/production/struts/content/docs/spring-plugin.html Fri Jul  7 16:46:14 2017
@@ -140,11 +140,11 @@ under the License.
     <div class="pagecontent">
         <div class="wiki-content">
             <div id="ConfluenceContent"><p><style type="text/css">/*<![CDATA[*/
-div.rbtoc1494398046744 {padding: 0px;}
-div.rbtoc1494398046744 ul {list-style: disc;margin-left: 0px;}
-div.rbtoc1494398046744 li {margin-left: 0px;padding-left: 0px;}
+div.rbtoc1499445435631 {padding: 0px;}
+div.rbtoc1499445435631 ul {list-style: disc;margin-left: 0px;}
+div.rbtoc1499445435631 li {margin-left: 0px;padding-left: 0px;}
 
-/*]]>*/</style></p><div class="toc-macro rbtoc1494398046744">
+/*]]>*/</style></p><div class="toc-macro rbtoc1499445435631">
 <ul class="toc-indentation"><li><a shape="rect" href="#SpringPlugin-Description">Description</a>
 <ul class="toc-indentation"><li><a shape="rect" href="#SpringPlugin-Features">Features</a></li></ul>
 </li><li><a shape="rect" href="#SpringPlugin-Usage">Usage</a>
@@ -224,7 +224,7 @@ div.rbtoc1494398046744 li {margin-left:
 </div></div></li></ol><p>Letting the reloading class loader handle all the classes can lead to ClassCastException(s) because instances of the same classes loaded by different class loaders can not be assigned to each other. To prevent this problem we suggest that <code>struts.class.reloading.acceptClasses</code> is used to limit the classes loaded by the reloading class loader, so only actions are handled by it. This constant supports a comma separated list of regular expressions:</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
 <pre class="brush: java; gutter: false; theme: Default" style="font-size:12px;">&lt;constant name="struts.class.reloading.acceptClasses" value="com\.myproject\.example\.actions\..*" /&gt;
 </pre>
-</div></div><div class="confluence-information-macro confluence-information-macro-warning"><span class="aui-icon aui-icon-small aui-iconfont-error confluence-information-macro-icon"></span><div class="confluence-information-macro-body"><p>This feature is experimental, and <strong>should never</strong> be used in production systems.</p></div></div><h4 id="SpringPlugin-Settings">Settings</h4><p>The following settings can be customized. See the <a shape="rect" class="external-link" href="http://cwiki.apache.org/confluence/display/WW/Configuration+Files">developer guide</a>.</p><div class="table-wrap"><table class="confluenceTable"><tbody><tr><th colspan="1" rowspan="1" class="confluenceTh"><p>Setting</p></th><th colspan="1" rowspan="1" class="confluenceTh"><p>Description</p></th><th colspan="1" rowspan="1" class="confluenceTh"><p>Default</p></th><th colspan="1" rowspan="1" class="confluenceTh"><p>Possible Values</p></th></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p><code
 >struts.objectFactory.spring.autoWire</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>The autowire strategy</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><code>name</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><code>name</code>,<code>type</code>,<code>auto</code>, or <code>constructor</code></p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p><code>struts.objectFactory.spring.autoWire.alwaysRespect</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>Whether the autowire strategy should always be used, or if the framework should try to guess the best strategy based on the situation</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><code>false</code> for backwards-compatibility</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><code>true</code> or <code>false</code></p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p><code>struts.objectFactory.spring.useClassCach
 e</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>Whether to have Spring use its class cache or not</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><code>true</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><code>true</code> or <code>false</code></p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p><code>struts.class.reloading.watchList</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>List of jar files or directories to watch for changes</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><code>null</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>Comma separated list of absolute or relative paths to jars or directories</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p><code>struts.class.reloading.acceptClasses</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>List of regular expressions of accepted class names</p></td><td colspan="1" rows
 pan="1" class="confluenceTd"><p><code>null</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>Comma separated list of regular expressions of classes that will be loaded by the reloading class loader(we suggest to add regular expressions so only action classes are handled by the reloading class loader)</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p><code>struts.class.reloading.reloadConfig</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>Reload the runtime configuration (action mappings, results etc) when a change is detected in one of the watched directories</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><code>false</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><code>true</code> or <code>false</code></p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p><code>struts.objectFactory.spring.enableAopSupport</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>Uses diffe
 rent logic to construct beans to allow support AOP, it uses an old approach to create a bean, switch this flag if you have problems with Spring beans and AOP</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><code>false</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><code>true</code> or <code>false</code></p></td></tr></tbody></table></div><h4 id="SpringPlugin-Installation">Installation</h4><p>This plugin can be installed by copying the plugin jar into your application's <code>/WEB-INF/lib</code> directory. No other files need to be copied or created.</p></div>
+</div></div><div class="confluence-information-macro confluence-information-macro-warning"><span class="aui-icon aui-icon-small aui-iconfont-error confluence-information-macro-icon"></span><div class="confluence-information-macro-body"><p>This feature is experimental, and <strong>should never</strong> be used in production systems.</p></div></div><h4 id="SpringPlugin-Settings">Settings</h4><p>The following settings can be customized. See the <a shape="rect" class="external-link" href="http://cwiki.apache.org/confluence/display/WW/Configuration+Files">developer guide</a>.</p><div class="table-wrap"><table class="confluenceTable"><tbody><tr><th colspan="1" rowspan="1" class="confluenceTh"><p>Setting</p></th><th colspan="1" rowspan="1" class="confluenceTh"><p>Description</p></th><th colspan="1" rowspan="1" class="confluenceTh"><p>Default</p></th><th colspan="1" rowspan="1" class="confluenceTh"><p>Possible Values</p></th></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p><code
 >struts.objectFactory.spring.autoWire</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>The autowire strategy</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><code>name</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><code>name</code>,<code>type</code>,<code>auto</code>, or <code>constructor</code></p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p><code>struts.objectFactory.spring.autoWire.alwaysRespect</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>Whether the autowire strategy should always be used, or if the framework should try to guess the best strategy based on the situation</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><code>false</code> for backwards-compatibility</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><code>true</code> or <code>false</code></p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p><code>struts.objectFactory.spring.useClassCach
 e</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>Whether to have Spring use its class cache or not</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><code>true</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><code>true</code> or <code>false</code></p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p><code>struts.class.reloading.watchList</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>List of jar files or directories to watch for changes</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><code>null</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>Comma separated list of absolute or relative paths to jars or directories</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p><code>struts.class.reloading.acceptClasses</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>List of regular expressions of accepted class names</p></td><td colspan="1" rows
 pan="1" class="confluenceTd"><p><code>null</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>Comma separated list of regular expressions of classes that will be loaded by the reloading class loader(we suggest to add regular expressions so only action classes are handled by the reloading class loader)</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p><code>struts.class.reloading.reloadConfig</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>Reload the runtime configuration (action mappings, results etc) when a change is detected in one of the watched directories</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><code>false</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><code>true</code> or <code>false</code></p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>DEPRECATED: struts.objectFactory.spring.enableAopSupport</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>Uses differ
 ent logic to construct beans to allow support AOP, it uses an old approach to create a bean, switch this flag if you have problems with Spring beans and AOP</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><code>false</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><code>true</code> or <code>false</code></p></td></tr></tbody></table></div><h4 id="SpringPlugin-Installation">Installation</h4><p>This plugin can be installed by copying the plugin jar into your application's <code>/WEB-INF/lib</code> directory. No other files need to be copied or created.</p></div>
         </div>
 
                     <div class="tabletitle">

Modified: websites/production/struts/content/docs/struts-defaultxml.html
==============================================================================
--- websites/production/struts/content/docs/struts-defaultxml.html (original)
+++ websites/production/struts/content/docs/struts-defaultxml.html Fri Jul  7 16:46:14 2017
@@ -273,8 +273,10 @@ under the License.
     &lt;bean type=&quot;com.opensymphony.xwork2.conversion.impl.NumberConverter&quot; name=&quot;struts&quot; class=&quot;com.opensymphony.xwork2.conversion.impl.NumberConverter&quot; scope=&quot;singleton&quot;/&gt;
     &lt;bean type=&quot;com.opensymphony.xwork2.conversion.impl.StringConverter&quot; name=&quot;struts&quot; class=&quot;com.opensymphony.xwork2.conversion.impl.StringConverter&quot; scope=&quot;singleton&quot;/&gt;
 
+    &lt;bean type=&quot;com.opensymphony.xwork2.LocalizedTextProvider&quot; name=&quot;global-only&quot; class=&quot;com.opensymphony.xwork2.util.GlobalLocalizedTextProvider&quot; scope=&quot;singleton&quot; /&gt;
+    &lt;bean type=&quot;com.opensymphony.xwork2.LocalizedTextProvider&quot; name=&quot;struts&quot; class=&quot;com.opensymphony.xwork2.util.StrutsLocalizedTextProvider&quot; scope=&quot;singleton&quot; /&gt;
+
     &lt;bean type=&quot;com.opensymphony.xwork2.TextProvider&quot; name=&quot;system&quot; class=&quot;com.opensymphony.xwork2.DefaultTextProvider&quot; scope=&quot;singleton&quot; /&gt;
-    &lt;bean type=&quot;com.opensymphony.xwork2.LocalizedTextProvider&quot; name=&quot;struts&quot; class=&quot;com.opensymphony.xwork2.util.DefaultLocalizedTextProvider&quot; scope=&quot;singleton&quot; /&gt;
     &lt;bean type=&quot;com.opensymphony.xwork2.TextProviderFactory&quot; name=&quot;struts&quot; class=&quot;com.opensymphony.xwork2.StrutsTextProviderFactory&quot; scope=&quot;singleton&quot; /&gt;
     &lt;bean type=&quot;com.opensymphony.xwork2.LocaleProviderFactory&quot; name=&quot;struts&quot; class=&quot;com.opensymphony.xwork2.DefaultLocaleProviderFactory&quot; scope=&quot;singleton&quot; /&gt;
 
@@ -381,6 +383,12 @@ under the License.
             &lt;interceptor name=&quot;roles&quot; class=&quot;org.apache.struts2.interceptor.RolesInterceptor&quot; /&gt;
             &lt;interceptor name=&quot;annotationWorkflow&quot; class=&quot;com.opensymphony.xwork2.interceptor.annotations.AnnotationWorkflowInterceptor&quot; /&gt;
             &lt;interceptor name=&quot;multiselect&quot; class=&quot;org.apache.struts2.interceptor.MultiselectInterceptor&quot; /&gt;
+            &lt;interceptor name=&quot;noop&quot; class=&quot;org.apache.struts2.interceptor.NoOpInterceptor&quot; /&gt;
+
+            &lt;!-- Empty stack - performs no operations --&gt;
+            &lt;interceptor-stack name=&quot;emptyStack&quot;&gt;
+                &lt;interceptor-ref name=&quot;noop&quot;/&gt;
+            &lt;/interceptor-stack&gt;
 
             &lt;!-- Basic stack --&gt;
             &lt;interceptor-stack name=&quot;basicStack&quot;&gt;

Modified: websites/production/struts/content/docs/strutsproperties.html
==============================================================================
--- websites/production/struts/content/docs/strutsproperties.html (original)
+++ websites/production/struts/content/docs/strutsproperties.html Fri Jul  7 16:46:14 2017
@@ -139,7 +139,7 @@ under the License.
 
     <div class="pagecontent">
         <div class="wiki-content">
-            <div id="ConfluenceContent"><p><img class="emoticon emoticon-tick" src="https://cwiki.apache.org/confluence/s/en_GB/5982/f2b47fb3d636c8bc9fd0b11c0ec6d0ae18646be7.1/_/images/icons/emoticons/check.png" data-emoticon-name="tick" alt="(tick)"> All properties can also be set using <a shape="rect" href="constant-configuration.html">Constant Configuration</a> in an XML configuration file.</p>
+            <div id="ConfluenceContent"><p><img class="emoticon emoticon-tick" src="https://cwiki.apache.org/confluence/s/en_GB/5997/6f42626d00e36f53fe51440403446ca61552e2a2.1/_/images/icons/emoticons/check.png" data-emoticon-name="tick" alt="(tick)"> All properties can also be set using <a shape="rect" href="constant-configuration.html">Constant Configuration</a> in an XML configuration file.</p>
 
 <p>The framework uses a number of properties that can be changed to fit your needs. To change any of these properties, specify the property key and value in an <code>struts.properties</code> file. The properties file can be locate anywhere on the classpath, but it is typically found under <code>/WEB-INF/classes</code></p>
 

Modified: websites/production/struts/content/docs/strutsxml-examples.html
==============================================================================
--- websites/production/struts/content/docs/strutsxml-examples.html (original)
+++ websites/production/struts/content/docs/strutsxml-examples.html Fri Jul  7 16:46:14 2017
@@ -152,7 +152,7 @@ under the License.
 ]]></script>
 </div></div>
 </div></div>
-<p><img class="emoticon emoticon-light-on" src="https://cwiki.apache.org/confluence/s/en_GB/5982/f2b47fb3d636c8bc9fd0b11c0ec6d0ae18646be7.1/_/images/icons/emoticons/lightbulb_on.png" data-emoticon-name="light-on" alt="(lightbulb)"> For more about configuration details, see <a shape="rect" href="configuration-elements.html">Configuration Elements</a></p>
+<p><img class="emoticon emoticon-light-on" src="https://cwiki.apache.org/confluence/s/en_GB/5997/6f42626d00e36f53fe51440403446ca61552e2a2.1/_/images/icons/emoticons/lightbulb_on.png" data-emoticon-name="light-on" alt="(lightbulb)"> For more about configuration details, see <a shape="rect" href="configuration-elements.html">Configuration Elements</a></p>
 
 <h2 id="struts.xmlExamples-TheStruts2DocumentTypeDefinition(DTD)">The Struts 2 Document Type Definition (DTD)</h2>
 

Modified: websites/production/struts/content/docs/tiles-plugin.html
==============================================================================
--- websites/production/struts/content/docs/tiles-plugin.html (original)
+++ websites/production/struts/content/docs/tiles-plugin.html Fri Jul  7 16:46:14 2017
@@ -140,11 +140,11 @@ under the License.
     <div class="pagecontent">
         <div class="wiki-content">
             <div id="ConfluenceContent"><p><style type="text/css">/*<![CDATA[*/
-div.rbtoc1492970273720 {padding: 0px;}
-div.rbtoc1492970273720 ul {list-style: disc;margin-left: 0px;}
-div.rbtoc1492970273720 li {margin-left: 0px;padding-left: 0px;}
+div.rbtoc1499445486915 {padding: 0px;}
+div.rbtoc1499445486915 ul {list-style: disc;margin-left: 0px;}
+div.rbtoc1499445486915 li {margin-left: 0px;padding-left: 0px;}
 
-/*]]>*/</style></p><div class="toc-macro rbtoc1492970273720">
+/*]]>*/</style></p><div class="toc-macro rbtoc1499445486915">
 <ul class="toc-indentation"><li><a shape="rect" href="#TilesPlugin-Features">Features</a></li><li><a shape="rect" href="#TilesPlugin-Usage">Usage</a>
 <ul class="toc-indentation"><li><a shape="rect" href="#TilesPlugin-AccessingStrutsattributes">Accessing Struts attributes</a></li><li><a shape="rect" href="#TilesPlugin-I18N">I18N</a></li></ul>
 </li><li><a shape="rect" href="#TilesPlugin-Example">Example</a></li><li><a shape="rect" href="#TilesPlugin-Settings">Settings</a></li><li><a shape="rect" href="#TilesPlugin-Installation">Installation</a></li></ul>



Mime
View raw message