struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From abhishek verma <>
Subject Re: Upgrading Struts from 2.3.16 to 2.3.31
Date Fri, 18 Nov 2016 05:21:46 GMT
I went on to debug OgnlRuntime class and found that method public static List getDeclaredMethods(Class
targetClass, String propertyName, boolean findSets) has new code to handle java bean.
Version 2.3.16 : String baseName = Character.toUpperCase(propertyName.charAt(0)) + propertyName.substring(1);

Version 2.3.31 : String baseName = capitalizeBeanPropertyName(propertyName);

    On Friday, 18 November 2016 2:18 AM, abhishek verma <>


Due to the recent security vulnerability identified in Struts, we are upgrading application
from struts version 2.3.16 to 2.3.31.One of the major issues being the naming convention of
getter and setter in Action classes.Example: For instance variable of String aType, given
below are the setters and getters used earlier which had no issues with Struts 2.3.16.public
class ErrorMessageAction extends ActionSupport{

    private String aType;

    public String getAType() {
        return aType;

    public void setAType(String type) {
        this.aType = type;
}But with Struts 2.3.31, expectation of setter and getter for same instance should be in below
format.public class ErrorMessageAction extends ActionSupport{

    private String aType;

    public String getaType() {
        return aType;

    public void setaType(String aType) {
        this.aType = aType;
}I have many number of such action classes where these kind of issues (setter/getter naming
convention) are found after applying 2.3.31 jars listed below.commons-lang3-3.2.jar, commons-fileupload-1.3.2.jar,commons-io-2.2.jar
freemarker-2.3.22.jar, ognl-3.0.19.jar, struts2-core-2.3.31.jar
xwork-core-2.3.31.jar, commons-logging-1.1.3.jar, javassist-3.11.0.GA.jarCan someone please
suggest a solution at configuration level that does not require setter/getter changes in each
and every Action classes ?

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message