- Merged security fixes from version 2.3.16.1, 2.3.16.2, 2.3.16.3
- Extended existing security mechanism to block access to given Java packages and Classes, see #11 or read Internal security mechanism
- Collection Parameters for RedirectResults, WW-4224
- Make ParametersInterceptor supports chinese in hash key by default, WW-4250
- themes.properties can be loaded using ServletContext allows to put
template
folder under WEB-INF or on classpath, WW-4260 - New tag datetextfield, WW-3493
- Only valid Ognl expressions are cached, WW-4146
- CustomTextProvider can be used for validation errors of model driven actions, WW-4202
- datetimepicker's label fixed, WW-4254
- PropertiesJudge removed and properties are checked in
SecurityMemberAccess
, WW-4257 - resource reloading works in IBM JVM, WW-4266
- default reloading settings were removed from
default.properties
, WW-4267 - commons-fileupload library upgraded to version 1.3.1 to fix potential security vulnerability, WW-4286
- The
scheme
attribute accepts expressions ins:url
tag, WW-4024 - Solves problem with infinite loop in
FastByteArrayOutputStream
, WW-4383 LocalizedTextUtil
supports manyClassLoaders
, WW-4379- Bill of Materials pom was introduced, WW-4326
debug=browser|console
was migrated to jQuery, WW-4322struts_dojo.js
was fixed, WW-4349- interface
org/apache/struts2/views/TagLibrary
was restored and marked as@Depreacted
, WW-4255 <s:hidden/>
tag is wrapped with<tr/>
and<td/>
tags to match layout of other tags inxhtml
theme, WW-4297- and many other small improvements, please see the release notes
摘自http://struts.apache.org/docs/version-notes-2320.html