Created by user-1a1b1, last modified by James Hurrell on Feb 17, 2020
This documentation is not maintained. Please refer to doc.castsoftware.com/technologies to find the latest updates.

On this page:

1.1.0-funcrel

Resolved issues

Internal ID

Call ID

Summary

STRUTS-101-

Description of rule "Avoid using ActionForward" has been corrected

STRUTS-10617939Permanent Fix - Issue with Struts extension

1.1.0-beta2

Updates

Following new rules have been added in this release of the extension:

1042030

Avoid Default exclude patterns (excludeParams) in Apache Struts 2.3.20

1042032Avoid using setter on properties for the data coming from the user interface with Struts 2
1042034Avoid using Struts REST plugin with XStream createXStream to deserialise XML requests in Struts 2.1.2 - Struts 2.3.33, Struts 2.5 - Struts 2.5.12

Resolved issues

Internal ID

Call ID

Summary

STRUTS-9916363

Missing links between HTML5 Post Request Service and Struts Operations

STRUTS-8616996Perm fix: AttributeError: 'NoneType' object has no attribute 'get_modifiers'
STRUTS-67
Adding support of SelectAction
STRUTS-98
Adding support of Dynamic Method Invocation

1.1.0-beta1

Updates

Following new rules have been added in this release of the extension:

1042024

Avoid Unescaped User-controlled Input in Struts which Causes Cross-Site Scripting

1042026Avoid Action Mapping based on wildcards with Struts 2.3.14.2 and before
1042028Avoid package configuration having no or wildcard namespace with Struts2

Resolved issues

Internal ID

Call ID

Summary

STRUTS-84-Incorrect URL for struts operations on SAM

1.1.0-alpha2

Updates

Following new rules have been added in this release of the extension:

1042020

Avoid Struts Invalidated Action Form 1.x

1042022Avoid using CookieInterceptor with 2.3.16 (and Older)

Resolved issues

Internal ID

Call ID

Summary

STRUTS-78-Incorrect master file for already released rules
STRUTS-83-You changed the id of existing metamodel types; which is strictly forbidden

1.1.0-alpha1

Updates

Following new rules have been added in this release of the extension:

1042004

Avoid Duplicate Struts validation forms with the same name

1042008Avoid using  ActionForward with untrusted data source to prevent file path disclosure
1042010Avoid using ParametersInterceptor with 2.3.16 (and older)
1042012Avoid Unused Validation Form in Struts 1.x
1042016Avoid Struts action Mapping with disabled validator 
1042018Avoid Missing Form Bean in Struts 1.x