This documentation is not maintained. Please refer to doc.castsoftware.com/technologies to find the latest updates.

1.2.0-funcrel

Resolved issues

Following table lists the bugs resolved in this release of the extension.

Internal ID

Call ID

Summary

STRUTS-137-

Corrected CVE Reference for the rule:
1042010: Avoid using ParametersInterceptor with class parameter for Struts 2.3.16 (and older)

STRUTS-138-

Description/Sample/Remediation improvements for the rule: 1042050: Avoid using special top object in struts 2.0.0 - struts 2.3.24

STRUTS-139,  STRUTS-142-

Updated Description/Rationale for the rule: 1042046: Avoid Using Dynamic Method Invocation for Apache Struts 2.x

STRUTS-141    -

Updated the description of the rule 1042028: Avoid activating alwaysSelectFullNamespace when actions configured without namespace or with a wildcard namespace for Struts pre 2.3.34 and pre 2.5.1

STRUTS-143    -

Updated the description of the rule 1042040: Avoid using Struts URLValidator with version before 2.5.13

STRUTS-144    -AttributeError: 'Modifiers' object has no attribute 'get_modifiers'

1.2.0-beta1

Resolved issues

Following table lists the bugs resolved in this release of the extension.

Internal IDCall IDSummary
STRUTS-119-Detached rule 1042038 [DUPLICATE OF 1042010]
STRUTS-120-Changed violation posting object correctly
STRUTS-125-Detached rule 1042034 [Handled enhanced use-case scenario in 1042042]

1.2.0-alpha2

Updates

Following new rules have been added in this release of the extension:

1042046

Avoid Using Dynamic Method Invocation with Struts 2.3.1.0 ( and Older)

1042042Avoid using Rest Plugin with XStream handler for Struts 2.1.2 - Struts 2.3.33, Struts 2.5 - Struts 2.5.12

Resolved issues

Following table lists the bugs resolved in this release of the extension.

Internal ID

Call ID

Summary

STRUTS-113-

Incorrect metamodel modification

STRUTS-11518422Missing links from HTML5 Get and Post Request service methods to Struts Operations
STRUTS-118 -

Rule "1042038: Avoid ClassLoader manipulation in Struts 2.0.0 to 2.3.16" is deactivated, as it is same as rule "1042010: Avoid using ParametersInterceptor with class parameter for Struts 2.3.16 (and older)"

1.2.0-alpha1

Updates

Following new rules have been added in this release of the extension:

1042036

Avoid Long request parameter names in Struts 2.0.0 - Struts 2.3.4

1042038Avoid ClassLoader manipulation in Struts 2.0.0 to 2.3.16
1042040Avoid using default RegEx provided by the UrlValidator