BugTraq
[ANN] Struts 2.3.15.2 GA release available - security fix Sep 21 2013 04:06PM
Lukasz Lenart (lukaszlenart apache org) (1 replies)
Re: [ANN] Struts 2.3.15.2 GA release available - security fix Sep 23 2013 02:23PM
Emi Lu (emilu encs concordia ca)
Good morning,

Upgraded from 2.3.15.1 to 15.2, but "s:submit" problem:

(1) jsp:
<s:form
name = "loginForm"
namespace= "/Login"
action = "ProcessLoginAction"
method = "post"
theme="simple"
>

<s:submit value="Login"
theme="simple"
action="loginProcessLoginAction" /> --- never call
loginProcessLoginAction

(2) struts.xml
<package name="Login" namespace="/Login" extends="tiles-default">
<action name="*ProcessLoginAction" method="{1}" class="ProcessLoginAction">
<result name="success" type="tiles">main_menu</result>
<result name="ajax_check" >
/WEB-INF/pages/errorinfo/ajax_error_check.jsp
</result>
</action>

(3) ProcessLoginAction.java
public String login() throws Exception
{
try
{
......
}catch(Exception e)
{
log.error("login Error: " + e.getMessage());
log.error(e);
this.addActionError("login Error: " + e.getMessage());
}
return "success";
}

The problem is that "loginProcessLoginAction in jsp page" is never be
called.

Could you help?
Thanks,
Emi

On 09/21/2013 12:06 PM, Lukasz Lenart wrote:
> The Apache Struts group is pleased to announce that Struts 2.3.15.2 is
> available as a "General Availability" release.The GA designation is
> our highest quality grade.
>
> Apache Struts 2 is an elegant, extensible framework for creating
> enterprise-ready Java web applications. The framework is designed to
> streamline the full development cycle, from building, to deploying, to
> maintaining applications over time.
>
> This release includes important security fixes:
> - S2-018 - Broken Access Control Vulnerability in Apache Struts2
> - S2-019 - Dynamic Method Invocation disabled by default
>
> All developers are strongly advised to update existing Struts 2
> applications to Struts 2.3.15.2
>
> Struts 2.3.15.2 is available in a full distribution, or as separate
> library, source, example and documentation distributions, from the
> releases page.
> * http://struts.apache.org/download.cgi#struts23152
>
> The release is also available from the central Maven repository under
> Group ID "org.apache.struts".
>
> The 2.3.x series of the Apache Struts framework has a minimum
> requirement of the following specification versions:
> * Java Servlet 2.4 and JavaServer Pages (JSP) 2.0
> * Java 2 Standard Platform Edition (J2SE) 5
>
> The release notes are available online at:
> * http://struts.apache.org/release/2.3.x/docs/version-notes-23152.html
>
> Should any issues arise with your use of any version of the Struts
> framework, please post your comments to the user list, and, if
> appropriate, file a tracking ticket.appropriate, file a tracking
> ticket:
> * https://issues.apache.org/jira/browse/WW
>
>
> - The Apache Struts group.
>
>
> Regards
>

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus