Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id 5BFC5200BCE for ; Fri, 18 Nov 2016 06:22:11 +0100 (CET) Received: by cust-asf.ponee.io (Postfix) id 5AB97160B0F; Fri, 18 Nov 2016 05:22:11 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id A3791160B0B for ; Fri, 18 Nov 2016 06:22:10 +0100 (CET) Received: (qmail 24458 invoked by uid 500); 18 Nov 2016 05:22:09 -0000 Mailing-List: contact user-help@struts.apache.org; run by ezmlm Precedence: bulk List-Unsubscribe: List-Help: List-Post: List-Id: "Struts Users Mailing List" Reply-To: "Struts Users Mailing List" Delivered-To: mailing list user@struts.apache.org Received: (qmail 24445 invoked by uid 99); 18 Nov 2016 05:22:09 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd2-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 18 Nov 2016 05:22:09 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd2-us-west.apache.org (ASF Mail Server at spamd2-us-west.apache.org) with ESMTP id AAE0F1A0201 for ; Fri, 18 Nov 2016 05:22:08 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd2-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: -1.8 X-Spam-Level: X-Spam-Status: No, score=-1.8 tagged_above=-999 required=6.31 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=2, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-2.999, SPF_PASS=-0.001] autolearn=disabled Authentication-Results: spamd2-us-west.apache.org (amavisd-new); dkim=pass (2048-bit key) header.d=yahoo.com Received: from mx1-lw-us.apache.org ([10.40.0.8]) by localhost (spamd2-us-west.apache.org [10.40.0.9]) (amavisd-new, port 10024) with ESMTP id HFihVM49-UM8 for ; Fri, 18 Nov 2016 05:22:06 +0000 (UTC) Received: from nm8-vm4.bullet.mail.sg3.yahoo.com (nm8-vm4.bullet.mail.sg3.yahoo.com [106.10.148.195]) by mx1-lw-us.apache.org (ASF Mail Server at mx1-lw-us.apache.org) with ESMTPS id 095A25F295 for ; Fri, 18 Nov 2016 05:22:05 +0000 (UTC) Received: from [106.10.166.119] by nm8.bullet.mail.sg3.yahoo.com with NNFMP; 18 Nov 2016 05:21:58 -0000 Received: from [106.10.151.239] by tm8.bullet.mail.sg3.yahoo.com with NNFMP; 18 Nov 2016 05:21:58 -0000 Received: from [127.0.0.1] by omp1023.mail.sg3.yahoo.com with NNFMP; 18 Nov 2016 05:21:58 -0000 X-Yahoo-Newman-Property: ymail-3 X-Yahoo-Newman-Id: 294487.97079.bm@omp1023.mail.sg3.yahoo.com X-YMail-OSG: d7yfCp0VM1l27mHxojKg89yY3J6p51HbG.8y2IrlQwTWnrKCIt8IeoWJ3xvTHNH Eqz_3JmPKE5bvoFS_XDvSwNy69F10f6wGCsZznKIwIbnwkrHqTx_O9QVu.Jz8VAIFUGBOdE6hgR1 H8JIjxKyo56U95RO57WeHYblI5esKYFHsakEpEzQhnmgIa4XIdO.oxXo43K0k8Qq7s6_YMCFg6ep 9kQaD.d5NUUyoumu3wnmqLyDy3BmUuG8nkiBO5WZ4swh4AHX3MaWl9RoGGYlyAYlcjD0GVZGvHC_ 1S7jnpEnLRFEf9WHsgDirJaRzahaK3YtKP78cLKFYgYpb_xbFTSHSbn1iy.r0hKi42r9fumNl8zH pBR.5wqzXYWi9rMLzJZR4diRDh8tgW0uzUmKggxfGtuniVNHVUo49.Irr5Rd_QqtCTZxeLURN4Ye FvhlNzL7hsiSc50iJ9F9azwUKL.eVsnIUFv0IA70f99kQ7ALUrHFCQLXEdSy9TUsJrTRt6NVw1.l GD9rCP5KGYgWdoVpUZ4Q- Received: from jws600012.mail.sg3.yahoo.com by sendmailws108.mail.sg3.yahoo.com; Fri, 18 Nov 2016 05:21:57 +0000; 1479446517.936 Date: Fri, 18 Nov 2016 05:21:46 +0000 (UTC) From: abhishek verma Reply-To: abhishek verma To: Struts Users Mailing List , abhishek verma Message-ID: <881181390.2349806.1479446506784@mail.yahoo.com> In-Reply-To: <583715424.2126651.1479410711094@mail.yahoo.com> References: <583715424.2126651.1479410711094.ref@mail.yahoo.com> <583715424.2126651.1479410711094@mail.yahoo.com> Subject: Re: Upgrading Struts from 2.3.16 to 2.3.31 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_Part_2349805_1290326866.1479446506782" archived-at: Fri, 18 Nov 2016 05:22:11 -0000 ------=_Part_2349805_1290326866.1479446506782 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Hello, I went on to debug OgnlRuntime class and found that method public static Li= st getDeclaredMethods(Class targetClass, String propertyName, boolean findS= ets) has new code to handle java bean. Version 2.3.16 :=C2=A0String baseName =3D Character.toUpperCase(propertyNam= e.charAt(0)) + propertyName.substring(1); Version 2.3.31 :=C2=A0String baseName =3D capitalizeBeanPropertyName(proper= tyName); ThanksAbhishek=20 On Friday, 18 November 2016 2:18 AM, abhishek verma wrote: =20 Hello, Due to the recent security vulnerability identified in Struts, we are upgra= ding application from struts version 2.3.16 to 2.3.31.One of the major issu= es being the naming convention of getter and setter in Action classes.Examp= le: For instance variable of String=C2=A0aType, given below are the setters= and getters used earlier which had no issues with Struts 2.3.16.public cla= ss ErrorMessageAction extends ActionSupport{ =C2=A0 =C2=A0 private String aType; =C2=A0 =C2=A0 public String getAType() { =C2=A0 =C2=A0 =C2=A0 =C2=A0 return aType; =C2=A0 =C2=A0 } =C2=A0 =C2=A0 public void setAType(String type) { =C2=A0 =C2=A0 =C2=A0 =C2=A0 this.aType =3D type; =C2=A0 =C2=A0 } }But with Struts 2.3.31, expectation of setter and getter for same instance= should be in below format.public class ErrorMessageAction extends ActionSu= pport{ =C2=A0 =C2=A0 private String aType; =C2=A0 =C2=A0 public String getaType() { =C2=A0 =C2=A0 =C2=A0 =C2=A0 return aType; =C2=A0 =C2=A0 } =C2=A0 =C2=A0 public void setaType(String aType) { =C2=A0 =C2=A0 =C2=A0 =C2=A0 this.aType =3D aType; =C2=A0 =C2=A0 } }I have many number of such action classes where these kind of issues (sett= er/getter naming convention) are found after applying 2.3.31 jars listed be= low.commons-lang3-3.2.jar, commons-fileupload-1.3.2.jar,commons-io-2.2.jar freemarker-2.3.22.jar, ognl-3.0.19.jar, struts2-core-2.3.31.jar xwork-core-2.3.31.jar, commons-logging-1.1.3.jar, javassist-3.11.0.GA.jarCa= n someone please suggest a solution at configuration level that does not re= quire setter/getter changes in each and every Action classes ? ThanksAbhishek =20 ------=_Part_2349805_1290326866.1479446506782--