| Home > Guides > Migration Guide > Version Notes 2.3.20 |
These are the notes for the Struts 2.3.20 distribution.
For prior notes in this release series, see Version Notes 2.3.16.3
<dependency> <groupId>org.apache.struts</groupId> <artifactId>struts2-core</artifactId> <version>2.3.20</version> </dependency>
You can also use Struts Archetype Catalog like below
mvn archetype:generate -DarchetypeCatalog=http://struts.apache.org/
<repositories>
<repository>
<id>apache.nexus</id>
<name>ASF Nexus Staging</name>
<url>https://repository.apache.org/content/groups/staging/</url>
</repository>
</repositories>
template folder under WEB-INF or on classpath, WW-4260SecurityMemberAccess, WW-4257default.properties, WW-4267scheme attribute accepts expressions in s:url tag, WW-4024FastByteArrayOutputStream, WW-4383LocalizedTextUtil supports many ClassLoaders, WW-4379debug=browser|console was migrated to jQuery, WW-4322struts_dojo.js was fixed, WW-4349org/apache/struts2/views/TagLibrary was restored and marked as @Depreacted, WW-4255<s:hidden/> tag is wrapped with <tr/> and <td/> tags to match layout of other tags in xhtml theme, WW-4297
Please read information about new internal security mechanism introduced with this version, it can have impact on your application! With version 2.3.20 new internal security mechanism was introduced, if you were setting excludeParams in your struts.xml you should remove it as this overlaps those patterns defined by the framework itself. Read more here.
This release contains fix related to S2-023 security bulletin, please read it carefully!