struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Lukasz Lenart <lukaszlen...@apache.org>
Subject Re: [ANN] Struts 2.3.15.2 GA release available - security fix
Date Mon, 23 Sep 2013 18:12:39 GMT
Hi,

Yes, we know already :\ I'm working on a new solution, should be ready
next week.


Regards
-- 
Ɓukasz
+ 48 606 323 122 http://www.lenart.org.pl/

2013/9/23 Emi Lu <emilu@encs.concordia.ca>:
> Good morning,
>
> Upgraded from 2.3.15.1 to 15.2, but "s:submit" problem:
>
>
> (1) jsp:
> <s:form
>    name    = "loginForm"
>    namespace= "/Login"
>    action   = "ProcessLoginAction"
>    method   = "post"
>    theme="simple"
>>
>
> <s:submit value="Login"
>           theme="simple"
>           action="loginProcessLoginAction" />   --- never call
> loginProcessLoginAction
>
>
>
> (2) struts.xml
> <package name="Login" namespace="/Login" extends="tiles-default">
> <action name="*ProcessLoginAction"  method="{1}" class="ProcessLoginAction">
>   <result name="success"   type="tiles">main_menu</result>
>   <result name="ajax_check" >
>   /WEB-INF/pages/errorinfo/ajax_error_check.jsp
>   </result>
> </action>
>
>
> (3) ProcessLoginAction.java
>    public String login() throws Exception
>    {
>       try
>       {
>         ......
>       }catch(Exception e)
>       {
>          log.error("login Error: " + e.getMessage());
>          log.error(e);
>          this.addActionError("login Error: " + e.getMessage());
>       }
>       return "success";
>    }
>
>
> The problem is that "loginProcessLoginAction in jsp page" is never be
> called.
>
> Could you help?
> Thanks,
> Emi
>
>
>
> On 09/21/2013 12:06 PM, Lukasz Lenart wrote:
>>
>> The Apache Struts group is pleased to announce that Struts 2.3.15.2 is
>> available as a "General Availability" release.The GA designation is
>> our highest quality grade.
>>
>> Apache Struts 2 is an elegant, extensible framework for creating
>> enterprise-ready Java web applications. The framework is designed to
>> streamline the full development cycle, from building, to deploying, to
>> maintaining applications over time.
>>
>> This release includes important security fixes:
>> - S2-018 - Broken Access Control Vulnerability in Apache Struts2
>> - S2-019 - Dynamic Method Invocation disabled by default
>>
>> All developers are strongly advised to update existing Struts 2
>> applications to Struts 2.3.15.2
>>
>> Struts 2.3.15.2 is available in a full distribution, or as separate
>> library, source, example and documentation distributions, from the
>> releases page.
>> * http://struts.apache.org/download.cgi#struts23152
>>
>> The release is also available from the central Maven repository under
>> Group ID "org.apache.struts".
>>
>> The 2.3.x series of the Apache Struts framework has a minimum
>> requirement of the following specification versions:
>> * Java Servlet 2.4 and JavaServer Pages (JSP) 2.0
>> * Java 2 Standard Platform Edition (J2SE) 5
>>
>> The release notes are available online at:
>> * http://struts.apache.org/release/2.3.x/docs/version-notes-23152.html
>>
>> Should any issues arise with your use of any version of the Struts
>> framework, please post your comments to the user list, and, if
>> appropriate, file a tracking ticket.appropriate, file a tracking
>> ticket:
>> * https://issues.apache.org/jira/browse/WW
>>
>>
>> - The Apache Struts group.
>>
>>
>> Regards
>>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org


Mime
View raw message