Java Web开发框架,Struts 2.3.20 发布
jopen 10年前
Apache Struts2是一个用于创建企业级Java Web应用程序优雅的,可扩展的框架。该框架旨在简化整个开发周期,从构建,部署,维护应用程序。
一个中等的安全问题解决了此版本:
- S2-023 令牌生成的值是可预测的
除此之外,该版本包含了一些修复和改进,只提其中的几个:
- merged security fixes from version 2.3.16.1, 2.3.16.2, 2.3.16.3
- extended existing security mechanism to block access to given Java packages and Classes
- collection Parameters for
RedirectResult
- make
ParametersInterceptor
supports chinese in hash key by default themes.properties
can be loaded usingServletContext
allows to put template folder under WEB-INF or on classpath- new tag
datetextfield
- only valid Ognl expressions are cached
- custom
TextProvider
can be used for validation errors of model driven actions datetimepicker
's label fixedPropertiesJudge
removed and properties are checked inSecurityMemberAccess
- resource reloading works in IBM JVM
- default reloading settings were removed from default.properties
commons-fileupload
library upgraded to version 1.3.1 to fix potential security vulnerability- the scheme attribute accepts expressions in
s:url
tag - solves problem with infinite loop in
FastByteArrayOutputStream
LocalizedTextUtil
supports many ClassLoaders- Bill of Materials pom was introduced
debug=browser|console
was migrated to jQuerystruts_dojo.js
was fixed- interface
org/apache/struts2/views/TagLibrary
was restored and marked as@Depreacted
许多其他小的改进,请仔细阅读版本说明: version notes.
All developers are strongly advised to perform this action.
在2.3.x系列Apache Struts框架具有以下规范版本的最低要求:Servlet API的2.4,JSP API 2.0和Java5。
Should any issues arise with your use of any version of the Struts framework, please post your comments to the user list, and, if appropriate, file a tracking ticket.