struts-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Konstantinos (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (WW-4957) Update struts version from 2.5.10 to 2.5.17. LocalizedTextUtil class is removed and GlobalLocalizedTextProvider&StrutsLocalizedTextProvider cannot be used instead.
Date Tue, 04 Sep 2018 14:13:01 GMT

     [ https://issues.apache.org/jira/browse/WW-4957?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Konstantinos updated WW-4957:
-----------------------------
    Summary: Update struts version from 2.5.10 to 2.5.17. LocalizedTextUtil class is removed
and GlobalLocalizedTextProvider&StrutsLocalizedTextProvider cannot be used instead.  (was:
Update struts version from 2.5.10 to 2.5.17. LocalizedTextUtil class is removed and GlobalLocalizedTextProvider&StrutsLocalizedTextProvider
cannot be used intead.)

> Update struts version from 2.5.10 to 2.5.17. LocalizedTextUtil class is removed and GlobalLocalizedTextProvider&StrutsLocalizedTextProvider
cannot be used instead.
> -------------------------------------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: WW-4957
>                 URL: https://issues.apache.org/jira/browse/WW-4957
>             Project: Struts 2
>          Issue Type: Bug
>          Components: Core
>    Affects Versions: 2.5.17
>            Reporter: Konstantinos
>            Priority: Major
>             Fix For: 2.5.10.1
>
>   Original Estimate: 72h
>  Remaining Estimate: 72h
>
> I have an application that uses struts version 2.5.10.1. i want to update it to version
2.5.17 after the announcement of the Apache Software Foundation that Struts 2.5 to 2.5.16
versions are vulnerable to remote attackers. In my current version i use a struts-core library
class called LocalizedTextUtil to load messages from the global message bundle. My code below:
> {code:java}
> private void initialiseMessageBundle() throws InitializationError{
>     LOG.info("Loading global messages from " + DEFAULT_RESOURCE);
>     URL[] urls;
>     try {
>         String resourceFolder = PropertiesManager.get(Constants.PROP_RESOURCES_FOLDER);
>         File file = new File(resourceFolder);
>         if (!file.exists() || !file.isDirectory()){
>             LOG.error("file not found: path(" + Constants.PROP_RESOURCES_FOLDER + ")
= " + resourceFolder);
>             throw new InitializationError("External resource not found file not found");
>         } else {
>             LOG.debug("resources file: " + file.toURI().toURL());
>         }
>         URL url = file.toURI().toURL();
>         urls = new URL[]{url};
>         ClassLoader cl = new URLClassLoader(urls);
>         LocalizedTextUtil.setDelegatedClassLoader(cl);
>         LocalizedTextUtil.addDefaultResourceBundle(DEFAULT_RESOURCE);
>     } catch (MalformedURLException e) {
>         throw new InitializationError("MalformedURLException occured during the messageBundle
initialisation", e);
>     }
>     LOG.info("Global messages loaded.");
> }
> {code}
>  
> After updating the struts version to 2.5.17 the *LocalizedTextUtil* class is removed.
Although i create a new instance of class *GlobalLocalizedTextProvider* and *StrutsLocalizedTextProvider*
and used the same methods (*setDelegatedClassLoader*,*addDefaultResourceBundle*) my messages are
not been loaded. Also i create a bean of these classes on struts.xml and tried to inject
it but again without success. Do you have any thought how can i replace the LocalizedTextUtil
in my code above?
> Thank you.
>  



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message