| Home > Guides > Migration Guide > Version Notes 2.3.24 |
These are the notes for the Struts 2.3.24 distribution.
For prior notes in this release series, see Version Notes 2.3.20
<dependency> <groupId>org.apache.struts</groupId> <artifactId>struts2-core</artifactId> <version>2.3.24</version> </dependency>
You can also use Struts Archetype Catalog like below
mvn archetype:generate -DarchetypeCatalog=http://struts.apache.org/
<repositories>
<repository>
<id>apache.nexus</id>
<name>ASF Nexus Staging</name>
<url>https://repository.apache.org/content/groups/staging/</url>
</repository>
</repositories>
DefaultActionInvocation and when using the Convention Plugin, see WW-4433style attribute, see WW-4430ActionContext, see WW-4427
struts.ognl.allowStaticMethodAccess works again, see WW-4429ServletRedirectAction before checking for valid URI, see WW-4448css_xhtml hidden input adding table row markup, see WW-4454Please read information about new internal security mechanism introduced with the previous version and extended in this version!
This version moves all excluded parameters from struts-default.xml into DefaultExcludedPatternsChecker.java - if you cannot migrate to the latest version it's highly recommendated to re-define defaultStack from struts-default.xml to this one below (or any other which is used in your application and drop excludeParams parameter):
<interceptor-stack name="myDefaultStack">
<interceptor-ref name="exception"/>
<interceptor-ref name="alias"/>
<interceptor-ref name="servletConfig"/>
<interceptor-ref name="i18n"/>
<interceptor-ref name="prepare"/>
<interceptor-ref name="chain"/>
<interceptor-ref name="scopedModelDriven"/>
<interceptor-ref name="modelDriven"/>
<interceptor-ref name="fileUpload"/>
<interceptor-ref name="checkbox"/>
<interceptor-ref name="datetime"/>
<interceptor-ref name="multiselect"/>
<interceptor-ref name="staticParams"/>
<interceptor-ref name="actionMappingParams"/>
<interceptor-ref name="params"/>
<interceptor-ref name="conversionError"/>
<interceptor-ref name="validation">
<param name="excludeMethods">input,back,cancel,browse</param>
</interceptor-ref>
<interceptor-ref name="workflow">
<param name="excludeMethods">input,back,cancel,browse</param>
</interceptor-ref>
<interceptor-ref name="debugging"/>
<interceptor-ref name="deprecation"/>
</interceptor-stack>
and define the following constant in struts.xml
<constant name="struts.additional.excludedPatterns" value="^(action|method):.*"/>