What's Changed
- WW-5406 Ensure Action excluded patterns are reinjected by @kusalk in #910
- WW-5407 Extend SecurityMemberAccess proxy detection to other proxies by @jefferyxhy in #911
- WW-5408 add option to not fallback to empty namespace when unresolved by @jefferyxhy in #912
- WW-5406 Fix injection order issue for excluded patterns by @kusalk in #917
- WW-5409 introduce final attribute to package element which make them unextendable by @jefferyxhy in #914
- WW-5417 bump ognl version to fix security issue by @jefferyxhy in #915
- WW-5418 Forbid Enums and Jasper classes by @kusalk in #916
- Bump org.assertj:assertj-core from 3.25.2 to 3.25.3 by @dependabot in #909
- Forward merge master to 7.0.0 by @kusalk in #918
- Bump actions/upload-artifact from 4.3.1 to 4.3.2 by @dependabot in #923
- Bump org.codehaus.mojo:versions-maven-plugin from 2.16.1 to 2.16.2 by @dependabot in #922
- WW-5353 Stronger security defaults for 7.0 by @kusalk in #919
- Bump org.codehaus.mojo:exec-maven-plugin from 3.1.0 to 3.2.0 by @dependabot in #925
- Bump actions/upload-artifact from 4.3.2 to 4.3.3 by @dependabot in #926
- WW-5421 Bump asm.version from 9.6 to 9.7 by @dependabot in #907
- Bump org.apache.maven.plugins:maven-failsafe-plugin from 3.0.0-M6 to 3.2.5 by @dependabot in #905
- WW-5420 Upgrades commons-text to ver. 1.12.0 by @lukaszlenart in #924
- [WW-5419] Fixes support for loading Tiles definitions by @lukaszlenart in #920
- WW-5400 Extend default configuration options for the CSP interceptor. by @eschulma in #913
- Bump org.apache.maven.plugins:maven-source-plugin from 3.3.0 to 3.3.1 by @dependabot in #934
- Bump slf4j.version from 2.0.12 to 2.0.13 by @dependabot in #936
- Bump org.apache.maven.plugins:maven-project-info-reports-plugin from 3.0.0 to 3.5.0 by @dependabot in #938
- Bump ossf/scorecard-action from 2.3.1 to 2.3.3 by @dependabot in #939
- WW-5422 Fixes support for trimable locale string in request by @lukaszlenart in #931
- WW-5414 Always call afterInvocation even in case of exception by @lukaszlenart in #932
- WW-5415 Fixes accessing public constructors via expression by @lukaszlenart in #933
- INFRA-25666 Disables review by code owners by @lukaszlenart in #945
- Bump org.jacoco:jacoco-maven-plugin from 0.8.11 to 0.8.12 by @dependabot in #940
- WW-5425 Bump jackson.version from 2.16.1 to 2.17.1 by @dependabot in #944
- Bump org.apache.maven.plugins:maven-assembly-plugin from 3.6.0 to 3.7.1 by @dependabot in #950
- WW-5426 Bump org.freemarker:freemarker from 2.3.32 to 2.3.33 by @dependabot in #953
- [WW-5424] Fixes ClassCastException when using short var name in s:set tag by @lukaszlenart in #946
- Disables required reviewers option by @lukaszlenart in #947
- [WW-5412] Upgrades struts-master to ver 15 by @lukaszlenart in #948
- Bump org.apache.commons:commons-compress from 1.26.0 to 1.26.2 by @dependabot in #961
- Bump org.owasp:dependency-check-maven from 8.4.2 to 9.2.0 by @dependabot in #962
- [WW-5423] Fixes returning null instead of empty array in case of non-existing param by @lukaszlenart in #954
- WW-5400 Simplifies how CspSettings is created by @lukaszlenart in #956
- WW-5250 Addresses TODO in test and stops using Mock Objects by @lukaszlenart in #957
- Merge master 2024-06-10 by @lukaszlenart in #963
New Contributors
- @jefferyxhy made their first contribution in #911
- @eschulma made their first contribution in #913
Full Changelog: STRUTS_7_0_0_M6...STRUTS_7_0_0_M7