What's Changed
- Moves all CI notifications to commits@ list by @lukaszlenart in #748
- WW-5341 Ensure exclusion list applies to objects from all ClassLoaders by @kusalk in #741
- WW-5342 Add option to block use of default package by @kusalk in #742
- WW-5339 Misc clean up in CompoundRootAccessor and OgnlValueStackTest by @kusalk in #745
- WW-5340 Preliminary refactor of OgnlUtil by @kusalk in #746
- [WW-5346] replace BeanManager::createInjectionTarget by @hepptho in #754
- Split SonarCloud into separate action by @kusalk in #755
- WW-5340 Introducing OGNL Guard by @kusalk in #747
- WW-5348 Allow overriding of logging behaviour in DefaultAcceptedPatternsChecker by @kusalk in #757
- [WW-5347] Upgrades to commons-digester3 ver 3.2 by @lukaszlenart in #756
- [WW-5338] Removes deprecated OgnlTool by @lukaszlenart in #758
- [WW-5344] Un-deprecates Sitemesh plugin and upgrades Sitmesh to ver 2.5.0 by @lukaszlenart in #759
- WW-5340 Mild refactor StrutsOgnlGuard for easier subclassing by @kusalk in #760
- WW-5349 Remove Struts core dependency on OGNL VarRefs by @kusalk in #763
- Add JDK 21 build by @kusalk in #764
- WW-5354 Ensure ActionSupport fields are not parameter injectable by @kusalk in #765
- WW-5355 Integrate W-TinyLfu cache and use by default by @kusalk in #766
- Improved the StrutsUrlDecoder so that charset retrieval is performed only once. by @mygreen in #773
- WW-5358 Expand exclusion lists by @kusalk in #774
- WW-5350 Refactor SecurityMemberAccess by @kusalk in #780
- [WW-5333] Refactors AttributeMap by @lukaszlenart in #779
- Uses the new notifications@ list for all the messages form Github by @lukaszlenart in #788
- Send Jenkins notifications to the notifications@ list by @lukaszlenart in #790
- WW-5363 Velocity: read chained contexts before ValueStack by @kusalk in #789
- WW-5350 Implement OGNL Allowlist capability by @kusalk in #781
- WW-5363 Remove redundant method from VelocityManager by @kusalk in #793
- WW-5343 Make SecurityMemberAccess an extensible bean by @kusalk in #791
- WW-5364 Automatically populate OGNL allowlist by @kusalk in #800
- WW-5339 Add option to block custom OGNL maps by @kusalk in #806
- [WW-5370] Makes HttpParameters case-insensitive by @lukaszlenart in #807
- [WW-5371] Modern upload by @lukaszlenart in #808
- Rebase struts-7-0-x branch by @lukaszlenart in #809
- Builds Struts 7 as part of the main pipeline by @lukaszlenart in #813
- WW-5364 Add missing system allowlist classes by @kusalk in #815
- [WW-5373] Update JavaDoc CspReportAction.java by @assachs in #814
- [WW-5328] Removes deprecated setters by @lukaszlenart in #811
- JakartaEE modules by @lukaszlenart in #810
- [WW-5362] Removes type attribute out of <s:script/> tag by @lukaszlenart in #812
- WW-5378 Add option to NOT fallback to context lookup when finding value on OgnlValueStack by @kusalk in #821
- WW-5364 Add String.class to system allowlist by @kusalk in #828
- Upgrades Mockito to ver 5.8.0 by @lukaszlenart in #827
- WW-5381 Introduce RootAccessor interface for extension point by @kusalk in #823
- WW-5379 Implement alternative mechanism for Velocity directives to obtain ValueStack by @kusalk in #822
- WW-5352 Repackage ParametersInterceptor and related classes by @kusalk in #829
- WW-5381 Introduce extension point for CompoundRootAccessor by @kusalk in #824
- [WW-5383] Updates RegEx to excludes JARs by default by @lukaszlenart in #830
- [Struts 7] Merge master to 7xx by @lukaszlenart in #833
- Stops cleaning nightlies to allow to coexist different versions by @lukaszlenart in #834
- WW-5382 Fix stale injections in Dispatcher by @kusalk in #826
- WW-5381 Introduce extension point for MethodAccessor by @kusalk in #825
- WW-5352 Refactor ParametersInterceptor by @kusalk in #831
- Reduces log level to debug to reduce noise in the logs by @lukaszlenart in #838
- [WW-5365] Reverts changes introduced in WW-5192 to allow evaluate the value attribute of Radio tag by @lukaszlenart in #835
- WW-5352 Clean up OgnlValueStackTest by @kusalk in #841
- [WW-5387] Fixes remove() signature by @lukaszlenart in #844
- [WW-5369] Re-define minimal library set by @lukaszlenart in #847
- [WW-5374] Allows to prepend reportUri with Servlet context by @lukaszlenart in #845
- Extends sleep period to avoid breaking a build by @lukaszlenart in #849
- [WW-5357] Adds support for disabled attribute to anchor tag by @lukaszlenart in #848
- [Struts-7] Merge master to 7xx 2024-01-20 by @lukaszlenart in #850
Dependencies
- Bump actions/checkout from 3 to 4 by @dependabot in #751
- Bump actions/upload-artifact from 3.1.2 to 3.1.3 by @dependabot in #752
- Bump actions/cache from 3.3.1 to 3.3.2 by @dependabot in #753
- Bump ossf/scorecard-action from 2.2.0 to 2.3.0 by @dependabot in #762
- Bump org.jfree:jfreechart from 1.5.1 to 1.5.4 by @dependabot in #740
- Fix conflicting dependencies by @kusalk in #767
- Bump org.codehaus.mojo:versions-maven-plugin from 2.7 to 2.16.1 by @dependabot in #768
- Bump org.owasp:dependency-check-maven from 7.2.0 to 8.4.2 by @dependabot in #771
- Bump ossf/scorecard-action from 2.3.0 to 2.3.1 by @dependabot in #775
- Bump junit:junit from 4.13.1 to 4.13.2 by @dependabot in #776
- Bump org.jacoco:jacoco-maven-plugin from 0.8.8 to 0.8.11 by @dependabot in #777
- Bump slf4j.version from 2.0.7 to 2.0.9 by @dependabot in #783
- Bump net.sf.jasperreports:jasperreports from 6.20.5 to 6.20.6 by @dependabot in #784
- Bump jackson.version from 2.15.3 to 2.16.0 by @dependabot in #796
- Bump actions/setup-java from 3 to 4 by @dependabot in #804
- Bump github/codeql-action from 2 to 3 by @dependabot in #817
- Bump actions/upload-artifact from 3.1.3 to 4.0.0 by @dependabot in #816
- Bump org.apache.commons:commons-compress from 1.23.0 to 1.24.0 by @dependabot in #818
- Bump org.apache.maven.plugins:maven-release-plugin from 3.0.0-M1 to 3.0.1 by @dependabot in #837
- Bump actions/upload-artifact from 4.0.0 to 4.1.0 by @dependabot in #842
- Bump org.apache.commons:commons-compress from 1.23.0 to 1.25.0 by @dependabot in #820
New Contributors
- @hepptho made their first contribution in #754
- @mygreen made their first contribution in #773
- @assachs made their first contribution in #814
Full Changelog: STRUTS_6_3_0...STRUTS_7_0_0_M1