Features and Enhancements in Struts 220.127.116.11
This article is discussing about the new features and enhancements in the Struts 18.104.22.168. Struts 2 framework is one of the most used frameworks for developing web applications for web and enterprise applications. Struts 2 is very popular in the development of enterprise web applications.
Struts 22.214.171.124 is the latest and most stable version of Struts in the 2.3 series. Apache Struts is a web framework used by the developers to create Java web applications. Struts 2 framework is very popular and it is used to create dynamic web applications that can use the database for managing the data and host the business logic in the Java program. Since Struts 2 is based on the MVC framework, it can be used to write applications quickly which interacts database and presents the customized view to the user.
Struts 2 tag libraries also provides the advanced features which helps to programmers to create UI for the web applications quickly. Developers can create web applications backed with the database.
Struts 126.96.36.199 is available as separate library.
Security issues that were present in the earlier version of Struts have been improved. Struts 188.8.131.52 fixes includes the short-circuit navigation parameter prefixes, execution of Remote code and open redirect became vulnerable. These are now fixed in the Struts 184.108.40.206. A vulnerability introduced by double evaluation of OGNL has also been fixed in this release of Struts 220.127.116.11.
Other issues that have been resolved with the introduction of Struts 18.104.22.168 are:
- Remote code execution has now been fixed
- Open redirect vulnerabilities have now been fixed
- Server side file path leakage have now been fixed - Before file system information where the file was saved was disclosed if the result jsp contained a <s:file> tag. It has been fixed now.
- InputPath parameter of FileDownloadAction has been improved for file upload. It does not access WEB-INF directory.
- Memory leak in the ContainerHolder has also been fixed.
- The bug in struts.convention.action.includeJars has been resolved.
- ValidationAware is a new interface added to the Struts 2 framework. This interface allows notify actions when there are action/field errors occurs while execution of the application.
Apache Struts 2 will need following platforms requirement to run:
- Servlet API 2.4
- JSP API 2.0
- Java 5
Developers are advised to upgrade their Struts 2 application to this version of Struts 2 (Struts 22.214.171.124) framework.