Java Web开发框架,Struts 2.3.20 发布

jopen 10年前

Apache Struts2是一个用于创建企业级Java Web应用程序优雅的,可扩展的框架。该框架旨在简化整个开发周期,从构建,部署,维护应用程序。

一个中等的安全问题解决了此版本:

  • S2-023 令牌生成的值是可预测的

除此之外,该版本包含了一些修复和改进,只提其中的几个:

  • merged security fixes from version 2.3.16.1, 2.3.16.2, 2.3.16.3
  • extended existing security mechanism to block access to given Java packages and Classes
  • collection Parameters for RedirectResult
  • make ParametersInterceptor supports chinese in hash key by default
  • themes.properties can be loaded using ServletContext allows to put template folder under WEB-INF or on classpath
  • new tag datetextfield
  • only valid Ognl expressions are cached
  • custom TextProvider can be used for validation errors of model driven actions
  • datetimepicker's label fixed
  • PropertiesJudge removed and properties are checked in SecurityMemberAccess
  • resource reloading works in IBM JVM
  • default reloading settings were removed from default.properties
  • commons-fileupload library upgraded to version 1.3.1 to fix potential security vulnerability
  • the scheme attribute accepts expressions in s:url tag
  • solves problem with infinite loop in FastByteArrayOutputStream
  • LocalizedTextUtil supports many ClassLoaders
  • Bill of Materials pom was introduced
  • debug=browser|console was migrated to jQuery
  • struts_dojo.js was fixed
  • interface org/apache/struts2/views/TagLibrary was restored and marked as @Depreacted

许多其他小的改进,请仔细阅读版本说明: version notes.

All developers are strongly advised to perform this action.

在2.3.x系列Apache Struts框架具有以下规范版本的最低要求:Servlet API的2.4,JSP API 2.0和Java5。

Should any issues arise with your use of any version of the Struts framework, please post your comments to the user list, and, if appropriate, file a tracking ticket.