struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From abhishek verma <abhishe...@yahoo.com.INVALID>
Subject Upgrading Struts from 2.3.16 to 2.3.31
Date Thu, 17 Nov 2016 19:25:11 GMT
Hello,

Due to the recent security vulnerability identified in Struts, we are upgrading application
from struts version 2.3.16 to 2.3.31.One of the major issues being the naming convention of
getter and setter in Action classes.Example: For instance variable of String aType, given
below are the setters and getters used earlier which had no issues with Struts 2.3.16.public
class ErrorMessageAction extends ActionSupport{

    private String aType;

    public String getAType() {
        return aType;
    }

    public void setAType(String type) {
        this.aType = type;
    }
}But with Struts 2.3.31, expectation of setter and getter for same instance should be in below
format.public class ErrorMessageAction extends ActionSupport{

    private String aType;

    public String getaType() {
        return aType;
    }

    public void setaType(String aType) {
        this.aType = aType;
    }
}I have many number of such action classes where these kind of issues (setter/getter naming
convention) are found after applying 2.3.31 jars listed below.commons-lang3-3.2.jar, commons-fileupload-1.3.2.jar,commons-io-2.2.jar
freemarker-2.3.22.jar, ognl-3.0.19.jar, struts2-core-2.3.31.jar
xwork-core-2.3.31.jar, commons-logging-1.1.3.jar, javassist-3.11.0.GA.jarCan someone please
suggest a solution at configuration level that does not require setter/getter changes in each
and every Action classes ?
ThanksAbhishek
Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message