apache/struts STRUTS_6_5_0

Struts 6.5.0

on GitHub

What's Changed

• WW-5406 Ensure Action excluded patterns are reinjected by @kusalk in #910
• WW-5407 Extend SecurityMemberAccess proxy detection to other proxies by @jefferyxhy in #911
• WW-5408 add option to not fallback to empty namespace when unresolved by @jefferyxhy in #912
• WW-5406 Fix injection order issue for excluded patterns by @kusalk in #917
• WW-5409 introduce final attribute to package element which make them unextendable by @jefferyxhy in #914
• WW-5417 bump ognl version to fix security issue by @jefferyxhy in #915
• WW-5418 Forbid Enums and Jasper classes by @kusalk in #916
• WW-5421 Bump asm.version from 9.6 to 9.7 by @dependabot in #907
• WW-5420 Upgrades commons-text to ver. 1.12.0 by @lukaszlenart in #924
• WW-5419 Fixes support for loading Tiles definitions by @lukaszlenart in #920
• WW-5400 Extend default configuration options for the CSP interceptor. by @eschulma in #913
• WW-5422 Fixes support for trimable locale string in request by @lukaszlenart in #931
• WW-5414 Always call afterInvocation even in case of exception by @lukaszlenart in #932
• WW-5415 Fixes accessing public constructors via expression by @lukaszlenart in #933
• INFRA-25666 Disables review by code owners by @lukaszlenart in #945
• WW-5425 Bump jackson.version from 2.16.1 to 2.17.1 by @dependabot in #944
• WW-5426 Bump org.freemarker:freemarker from 2.3.32 to 2.3.33 by @dependabot in #953
• WW-5424 Fixes ClassCastException when using short var name in s:set tag by @lukaszlenart in #946
• Disables required reviewers option by @lukaszlenart in #947
• WW-5412 Upgrades struts-master to ver 15 by @lukaszlenart in #948
• WW-5400 Simplifies how CspSettings is created by @lukaszlenart in #956
• WW-5250 Addresses TODO in test and stops using Mock Objects by @lukaszlenart in #957
• WW-5310 Fixes broken support for Fragments in <s:url/> tag by @lukaszlenart in #968
• WW-5429 Log parameter annotation issues at ERROR level when in DevMode by @kusalk in #969
• WW-5431 Marks unused constants as deprecated by @lukaszlenart in #971
• WW-5437 Swap order of sysStrSubstitutor and envStrSubstitutor in substitute method by @stefansielaff in #977
• WW-5428 Allowlist capability should resolve Hibernate proxies when disableProxyObjects is not set by @kusalk in #967
• WW-5439 Move DevMode security configuration to SecurityMemberAccess by @kusalk in #979
• WW-5428 Stop excessive logging in DevMode by @kusalk in #982

Dependencies

• Bump org.assertj:assertj-core from 3.25.2 to 3.25.3 by @dependabot in #909
• Bump actions/upload-artifact from 4.3.1 to 4.3.2 by @dependabot in #923
• Bump org.codehaus.mojo:versions-maven-plugin from 2.16.1 to 2.16.2 by @dependabot in #922
• Bump org.codehaus.mojo:exec-maven-plugin from 3.1.0 to 3.2.0 by @dependabot in #925
• Bump actions/upload-artifact from 4.3.2 to 4.3.3 by @dependabot in #926
• Bump org.apache.maven.plugins:maven-failsafe-plugin from 3.0.0-M6 to 3.2.5 by @dependabot in #905
• Bump org.apache.maven.plugins:maven-source-plugin from 3.3.0 to 3.3.1 by @dependabot in #934
• Bump slf4j.version from 2.0.12 to 2.0.13 by @dependabot in #936
• Bump org.apache.maven.plugins:maven-project-info-reports-plugin from 3.0.0 to 3.5.0 by @dependabot in #938
• Bump ossf/scorecard-action from 2.3.1 to 2.3.3 by @dependabot in #939
• Bump org.jacoco:jacoco-maven-plugin from 0.8.11 to 0.8.12 by @dependabot in #940
• Bump org.apache.maven.plugins:maven-assembly-plugin from 3.6.0 to 3.7.1 by @dependabot in #950
• Bump org.apache.commons:commons-compress from 1.26.0 to 1.26.2 by @dependabot in #961
• Bump org.owasp:dependency-check-maven from 8.4.2 to 9.2.0 by @dependabot in #962
• Bump commons-validator:commons-validator from 1.8.0 to 1.9.0 by @dependabot in #958
• Bump org.apache.felix:org.apache.felix.main from 6.0.3 to 7.0.5 by @dependabot in #960
• Bump org.apache.maven.plugins:maven-enforcer-plugin from 3.4.1 to 3.5.0 by @dependabot in #965
• Bump org.codehaus.mojo:exec-maven-plugin from 3.2.0 to 3.3.0 by @dependabot in #966
• Bump org.apache.maven.plugins:maven-failsafe-plugin from 3.2.5 to 3.3.0 by @dependabot in #976
• Bump actions/upload-artifact from 4.3.3 to 4.3.4 by @dependabot in #978

New Contributors

• @jefferyxhy made their first contribution in #911
• @eschulma made their first contribution in #913
• @stefansielaff made their first contribution in #977

Full Changelog: STRUTS_6_4_0...STRUTS_6_5_0