Repository files navigation

Is a clone ofhttps://github.com/apache/struts1.git - Branchetrunk, aiming to bring Struts 1 to a current technology:

FullCHANGELOG

For documentation seehttps://weblegacy.github.io/struts1

• 1.5.0
  • Include missing taglib docs, because the current version oftlddoc is not able to generate it (upgrade toJakarta Server Pages 3.0 is currently missing).
• 1.4.6
  • Cherry-Pick relevant changes from version1.5.0
• 1.6.0
  • Bump JDK 8 to 11
  • Upgrade to Jakarta EE 10

• #11 - XML Entities not handled correctly
• Include all open patches from apache-struts1-repo
• Fixed vulnerabilities
• Upgrade MAVEN-Plugins
• Correct example-apps
• Complete JUnit5- and integration-test (rewrite old ones)
• Logging: UseSLF4J insteadCommons-Logging
• JDK 1.4 --> JDK 8
  • Tested with JDK 8, 11, 17 and 21
• Servlet-API 2.3 --> 5.0
• JSP 2.0 --> 3.0
• JSP-EL 2.0 --> 4.0
• JSF 1.0.9 --> 3.0
• JSTL 1.0.2 --> 2.0

• CVE-2008-2025 - Apache Struts Cross-site Scripting vulnerability
• CVE-2012-1007 - Apache Struts XSS
• CVE-2014-0114 - Arbitrary code execution in Apache Commons BeanUtils
• CVE-2015-0899 - Improper Input Validation in Apache Struts
• CVE-2016-1181 - Improper Input Validation in Apache Struts
• CVE-2016-1182 - Improper Input Validation in Apache Struts
• CVE-2023-34396 - Apache Struts vulnerable to memory exhaustion
• CVE-2023-49735 - Apache Tiles: Unvalidated input may lead to path traversal and XXE

• Apache Maven 3.8.1+
• JDK 11+
• for integration-tests
  • Web-Browser:
    • Chrome
    • Firefox
    • Opera
    • Edge
    • Internet Explorer
    • Chromium
    • Safari
  • see alsoIntegration-Tests README

• dormant - Dormant sub-projects
  • Adds the dormant sub-projectsFaces andEL to the build-process
• assembly - Create assemblies for distribution
  • Adds the moduleassembly
• pre-assembly - Creates JavaDoc and Sources for eachstruts1-module
  • mvn -Ppre-assembly clean package
• apps - Includes the example-apps into build
  • Adds the moduleapps
• itest - Includes the integration-tests into build
  • Add the moduleintegration
• release - Signs all of the project's attached artifacts with GnuPG
• cargorun - Starts a web-server to manually test the example-apps
  • mvn -Pdormant,apps,itest,cargorun
  • mvn -Pdormant,apps,itest,cargorun -Dcargo.java.home=[JDK_x] to specify Java-Runtime

1. Clean full project
   mvn -Pdormant,apps,assembly,itest clean
2. Build and test project
   • with example-apps
     mvn -Pdormant,apps
   • without example-apps
     mvn -Pdormant
   • to skip tests
     add-DskipTests for examplemvn -Pdormant,apps -DskipTests
3. Integration-Tests
   • Run with default-browser (Chrome)
     mvn -Pdormant,apps,itest
   • Run with specific browser
     mvn -Pdormant,apps,itest -Dwdm.defaultBrowser=[browser]
     • Values forbrowser
       • chrome - Chrome
       • firefox - Firefox
       • opera - Opera
       • edge - Edge
       • iexplorer - Internet Explorer
       • chromium - Chromium
       • safari - Safari
4. Generate source- and javadoc-artifacts
   mvn -Pdormant,apps,pre-assembly -DskipTests package
5. Generate site-documentation
   mvn -Pdormant,apps -DskipTests site
   or
   mvn -Pdormant,apps -DskipTests clean site site:stage
6. Publish site-documentation
   1. mvn -Pdormant,apps -DskipTests clean site site:stage
   2. mvn scm-publish:publish-scm
7. Generate Assemblies
   mvn -Pdormant,apps,assembly -DskipTests package
8. Deploy all artifacts toCentral-Repo
   • mvn -Pdormant clean deploy for SNAPSHOTs
   • mvn -Pdormant,pre-assembly,release clean deploy for releases

• Run Web-Server to manually test example-apps and create test scripts:
  mvn -Pdormant,apps,itest,cargorun -DskipTests
  or
  mvn -Pdormant,apps,itest,cargorun -DskipTests -Dcargo.java.home=[JDK_x] to specify Java-Runtime
• Set version number
  mvn -Pdormant,apps,itest,assembly versions:set -DnewVersion=...
• Dependency Report
  mvn -Pdormant,apps,itest,assembly versions:display-dependency-updates versions:display-plugin-updates versions:display-property-updates