Open-source web application framework
Apache Struts 2 is anopen-source web application framework for developingJava EE web applications . It uses and extends theJava Servlet API to encourage developers to adopt amodel–view–controller (MVC) architecture. TheWebWork framework spun off fromApache Struts 1 aiming to offer enhancements and refinements while retaining the same general architecture of the original Struts framework. In December 2005, it was announced that WebWork 2.2 was adopted as Apache Struts 2, which reached its first full release in February 2007.[ 2]
Struts 2 has a history of critical security bugs,[ 3] OGNL technology;[ 4] arbitrary code execution . In October 2017, it was reported that failure byEquifax to address a Struts 2 vulnerability advised in March 2017 was later exploited in thedata breach that wasdisclosed by Equifax in September 2017 .[ 5] [ 6]
SimplePOJO -based actions[ 7] Simplified testability Thread safe AJAX supportTemplate support[ 9] Support for different result types[ 10] Easy to extend with pluginsREST plugin[ 11] Convention plugin (action configuration via Conventions and Annotations) Spring plugin[ 12] dependency injection ) Hibernate pluginSupport in design JFreechart plugin (charts) jQuery plugin (Ajax support, UI widgets, dynamic table, charts)Rome plugin ^ "Struts 7.0.3" .GitHub . Retrieved16 March 2025 .^ About Apache Struts 2 Archived January 14, 2014, at theWayback Machine ^ "Apache Struts : List of security vulnerabilities" .cvedetails.com . RetrievedOctober 2, 2017 .^ Munoz, Alvaro (January 14, 2014)."Struts 2: OGNL Expression Injections" .HPE.com . Archived fromthe original on October 3, 2017. RetrievedOctober 2, 2017 . ^ Chirgwin, Richard (October 2, 2017)."Equifax couldn't find or patch vulnerable Struts implementations" .The Register . RetrievedOctober 2, 2017 . ^ Goodin, Dan (October 2, 2017)."A series of delays and major errors led to massive Equifax breach" .Ars Technica . RetrievedOctober 2, 2017 . ^ Newton 2009 , p. 9, §1 Struts and Agile Development - Actions.^ Newton 2009 , p. 258, §13 Rich Internet Applications - Dojo tags.^ Newton 2009 , p. 294, §12 Comprehensive Testing - Detour: Struts and Spring in a nutshell.^ Newton 2009 , pp. 57–81, §4 Results and Result Types - Dojo tags.^ Newton 2009 , pp. 249–255, §12 Themes and Templates - The REST plug-in.^ Newton 2009 , p. 294, §13 Comprehensive Testing - Detour: Struts and Spring in a nutshell.Newton, Dave (2009).Apache Struts 2 Web Application Development . Packt Publishing.ISBN 978-1-84719-339-1
Top-level Commons Incubator Other projects Attic Licenses
Platforms Technologies
Oracle Platform Major
History JVM Community
Conferences Organizations People
_waving.svg)
