Struts 7.2.0
Pre-release
Pre-release
·
0 commits
to main
since this release
8e90813
This commit was signed with the committer’s verified signature.
lukaszlenart
Lukasz Lenart
What's Changed
- WW-5529 Adds autogenerated files with updated desc by @lukaszlenart in #1224
- WW-5532 Upgrade and align various dependencies by @kusalk in #1232
- WW-5376 Fix BOM leaking unrelated dependencies by @kusalk in #1234
- WW-5533 Add compilation support for Jakarta EE 11 by @kusalk in #1233
- WW-5530 make DateConverter work for LocalDate and LocalTime by @bill-humblcloud in #1223
- WW-5527 Sync tag with main ftl template. by @gregh3269 in #1212
- WW-5534 Simplify ProxyUtil, add OgnlCache#computeIfAbsent by @kusalk in #1236
- WW-5534 Allow @StrutsParameter recognition and OGNL allowlist for Spring proxies by @kusalk in #1237
- WW-5538 Add conversion handling for java.time.OffsetDateTime by @bill-humblcloud in #1241
- WW-5455 Defines a new plugin to support Jasper Reports 7 by @lukaszlenart in #1124
- WW-5534 Proper fix ModelDriven parameter injection and allowlisting by @kusalk in #1243
- WW-5544 Marks ReflectionContextFactory as deprecated and uses ActionContext instead by @lukaszlenart in #1255
- WW-5547 Bump com.github.ben-manes.caffeine:caffeine from 3.1.8 to 3.2.0 by @dependabot[bot] in #1257
- WW-5546 Fixes NPE when uploaded file is empty by @lukaszlenart in #1263
- WW-5550 Bump asm.version from 9.7.1 to 9.8 by @dependabot[bot] in #1274
- WW-5551 Bump commons-beanutils:commons-beanutils from 1.9.4 to 1.11.0 in /parent by @dependabot[bot] in #1277
- WW-5552 Bump weld.version from 5.1.2.Final to 6.0.2.Final by @dependabot[bot] in #1270
- WW-5553 Bump com.fasterxml.jackson:jackson-bom from 2.18.3 to 2.19.1 by @dependabot[bot] in #1281
- WW-5557 Bump org.apache.commons:commons-lang3 from 3.17.0 to 3.18.0 in /parent by @dependabot[bot] in #1289
- WW-5554 Bump org.apache.struts:struts-annotations from 1.0.8 to 2.0 by @dependabot[bot] in #1311
- WW-5561 Bump org.apache.commons:commons-text from 1.13.1 to 1.14.0 by @dependabot[bot] in #1312
- WW-5366 Rejects empty files during upload by @lukaszlenart in #1307
- WW-5524 Fixup StrutsConverterFactory by @MFAshby in #1309
- WW-5502 Removes deprecated sanitizeNewlines method by @lukaszlenart in #1319
- WW-5511 Adds missing JavaDocs to addCspHeaders method by @lukaszlenart in #1318
- WW-5565 Bump org.apache.commons:commons-collections4 from 4.4 to 4.5.0 by @dependabot[bot] in #1323
- WW-5566 Bump commons-validator:commons-validator from 1.9.0 to 1.10.0 by @dependabot[bot] in #1325
- WW-5567 Bump org.apache.logging.log4j:log4j-bom from 2.24.3 to 2.25.1 by @dependabot[bot] in #1336
- WW-5569 Bump org.apache.commons:commons-compress from 1.27.1 to 1.28.0 by @dependabot[bot] in #1338
- WW-5504 Allows to use request instead of session attribute to store nonce by @lukaszlenart in #1352
- Improves CLAUDE.md and defines specific subagents by @lukaszlenart in #1363
- WW-5572 Bump org.mockito:mockito-core from 5.15.2 to 5.20.0 by @dependabot[bot] in #1362
- WW-5575 Upgrades commons-io to version 2.20.0 by @lukaszlenart in #1367
- WW-5574 Upgrades commons-logging to version 1.3.5 by @lukaszlenart in #1366
- Improve Claude Code agents configuration for Apache Struts by @lukaszlenart in #1376
- WW-5573 Avoids false positive warning if file doesn't exist already by @lukaszlenart in #1365
- WW-5577 Bump org.apache.commons:commons-lang3 from 3.18.0 to 3.19.0 by @dependabot[bot] in #1373
- Fix Claude Code settings by @lukaszlenart in #1388
- Add tests for conversion error repopulation with indexed properties by @lukaszlenart in #1391
- WW-5579 Add missing DoubleRangeFieldValidator and ShortRangeFieldValidator to @validations container by @lukaszlenart in #1390
- Reverse merge changes related to releasing Struts 7.1.1 by @lukaszlenart in #1378
- WW-5578 Don't catch and swallow ConfigurationException in InterceptorBuilder. by @MFAshby in #1377
- WW-5576 Java 25 build by @lukaszlenart in #1415
- WW-5586 fix(core): enable WithLazyParams interceptor configuration in stacks by @lukaszlenart in #1414
- WW-5587 fix(core): preserve parameters in InterceptorMapping for WithLazyParams interceptors by @lukaszlenart in #1416
- WW-5588 Allow Preparable interface to work with only per-method prepare*() implementations by @lukaszlenart in #1417
- WW-5585: Implement dynamic parameter evaluation for file upload validation by @lukaszlenart in #1413
- Fixes site and JavaDocs generation by @lukaszlenart in #1419
- WW-5582 Bump asm.version from 9.8 to 9.9 by @dependabot[bot] in #1381
- Clean up obsolete Claude Code configurations by @lukaszlenart in #1433
- WW-5256 Add configurable FreeMarker whitespace stripping and compress tag by @lukaszlenart in #1418
- WW-5256 Move compress constants to struts.tag.compress namespace by @lukaszlenart in #1446
- WW-5595 Bump org.apache.commons:commons-text from 1.14.0 to 1.15.0 by @dependabot[bot] in #1448
- WW-5596 Bump byte-buddy.version from 1.17.7 to 1.18.2 by @dependabot[bot] in #1450
- WW-5598 Bump com.fasterxml.jackson:jackson-bom from 2.19.1 to 2.20.1 by @dependabot[bot] in #1456
- feat(release): uses release/struts-6-8-x as based branch for next Struts 6.x release by @lukaszlenart in #1457
- WW-5444 Add HTML5 theme with comprehensive unit tests by @lukaszlenart in #1422
- WW-5594 Fix convention plugin wildcard exclusion pattern for root packages by @lukaszlenart in #1468
- WW-5593 Handle NoClassDefFoundError in convention plugin action class scanning by @lukaszlenart in #1469
- Fix Textfield tag not allowing white space. WW-5592. by @gregh3269 in #1489
- WW-5601 build(deps): bump commons-io:commons-io from 2.20.0 to 2.21.0 by @dependabot[bot] in #1474
- WW-5602 Fix StreamResult contentCharSet handling and refactor for extensibility by @lukaszlenart in #1510
- WW-5603 Move xwork-default.xml to test resources by @lukaszlenart in #1513
- chore(deps): excludes org.apache.tomcat:tomcat-api for Struts 6.x by @lukaszlenart in #1548
- WW-5607 build(deps): bump com.fasterxml.jackson:jackson-bom from 2.20.1 to 2.21.0 by @dependabot[bot] in #1545
- WW-5536 Bump ognl:ognl from 3.3.5 to 3.4.8 by @dependabot[bot] in #1405
- chore: updates SNAPSHOT version to reflect current scope of changes by @lukaszlenart in #1563
- docs: streamline CLAUDE.md for clarity and conciseness by @lukaszlenart in #1568
- WW-4291 Allow Spring bean names for type converters by @lukaszlenart in #1562
- WW-3647 Change autowire alwaysRespect default to true by @lukaszlenart in #1571
- WW-5614 Remove cache for ProxyUtil#ultimateTargetClass by @kusalk in #1578
- WW-5294 Add warning when JSP tags accessed directly by @lukaszlenart in #1569
- WW-3429 Add configurable checkbox hidden field prefix by @lukaszlenart in #1570
- ci: use wildcard to exclude all Spring dependencies from 6.x updates by @lukaszlenart in #1587
- WW-4421 Fix duplicate @action annotation check being skipped by @lukaszlenart in #1579
- WW-5514 Add StrutsProxyService for proxy detection and resolution by @lukaszlenart in #1586
- WW-5535 Fix HttpMethodInterceptor with wildcard action names by @lukaszlenart in #1592
- docs: streamline CLAUDE.md based on benchmark findings by @lukaszlenart in #1604
- WW-5549 Fix I18nInterceptor supportedLocale breaking request_locale by @lukaszlenart in #1594
- chore: remove project-specific test-runner agent by @lukaszlenart in #1613
- WW-4428 Add java.time support to JSON plugin by @lukaszlenart in #1603
- WW-2963 default-action-ref fails to find wildcard named actions by @lukaszlenart in #1614
- WW-5617 Replace printStackTrace() with System.err in CompileReport by @Senrian in #1606
- Harden showcase apps and convert READMEs to Markdown by @lukaszlenart in #1624
- WW-5618 Add configurable limits to JSON plugin by @lukaszlenart in #1625
- WW-5537 Resolve classloader/memory leaks during Tomcat hot deployment by @lukaszlenart in #1632
- WW-5621 Harden XML parsers against Entity Expansion (Billion Laughs) attacks by @lukaszlenart in #1642
- WW-5622 Optimize Hibernate proxy detection when Hibernate is absent by @lukaszlenart in #1649
- fix(core): WW-5623 HTML-encode form action in PostbackResult to prevent XSS by @tranquac in #1653
- WW-5624: Enforce @StrutsParameter on JSON/REST body deserialization by @tranquac in #1657
- WW-5626 cleanup follow-ups for @StrutsParameter JSON/REST enforcement by @lukaszlenart in #1673
- WW-5626 per-property authorization for Jackson REST handlers by @lukaszlenart in #1674
- chore(agents): defines a new AGENTS.md focused on reporting vulnerabilities by @lukaszlenart in #1680
- WW-5627 Gate CookieInterceptor through ParameterAuthorizer by @lukaszlenart in #1681
- chore(rat): excludes Markdown files in docs/ folder by @lukaszlenart in #1691
- fix(core): enforce class-level HTTP method annotations for wildcard-resolved unannotated methods by @g0w6y in #1690
- WW-5535 test(core): cover wildcard-resolved unannotated methods via real proxy by @lukaszlenart in #1692
- WW-5631 Add opt-in @StrutsParameter enforcement to ChainingInterceptor by @lukaszlenart in #1719
- WW-5630 - Performance Issue SecurityMemberAccess by @brianandle in #1721
- WW-5632 Harden commons-fileupload2 dependency against milestone binary-incompatibility by @lukaszlenart in #1735
- WW-5630 Streamline ConfigParseUtilTest and convert to JUnit 4 by @lukaszlenart in #1740
- WW-5636 Harden redirect URL escaping in non-302 response body by @arunmanni-ai in #1737
- WW-5635 Avoid logging sensitive token values in TokenHelper by @arunmanni-ai in #1738
- WW-5548 Defines proper request attributes when forwarding or including final path by @lukaszlenart in #1265
Dependencies
- Bump actions/upload-artifact from 4.6.0 to 4.6.1 by @dependabot[bot] in #1227
- Bump github/codeql-action from 3.28.9 to 3.28.10 by @dependabot[bot] in #1228
- Bump ossf/scorecard-action from 2.4.0 to 2.4.1 by @dependabot[bot] in #1229
- Bump com.fasterxml.jackson:jackson-bom from 2.18.2 to 2.18.3 by @dependabot[bot] in #1238
- Bump org.eclipse.transformer:transformer-maven-plugin from 0.5.0 to 1.0.0 by @dependabot[bot] in #1216
- Bump github/codeql-action from 3.28.10 to 3.28.15 by @dependabot[bot] in #1253
- Bump actions/upload-artifact from 4.6.1 to 4.6.2 by @dependabot[bot] in #1247
- Bump org.apache.maven.doxia:doxia-module-markdown from 1.12.0 to 2.0.0 by @dependabot[bot] in #1245
- Bump byte-buddy.version from 1.17.1 to 1.17.2 by @dependabot[bot] in #1244
- Bump org.apache.maven.plugins:maven-site-plugin from 3.20.0 to 3.21.0 by @dependabot[bot] in #1256
- Bump org.owasp:dependency-check-maven from 10.0.4 to 12.1.1 by @dependabot[bot] in #1259
- Bump github/codeql-action from 3.28.15 to 3.28.17 by @dependabot[bot] in #1261
- Bump org.htmlunit:htmlunit from 4.9.0 to 4.11.1 by @dependabot[bot] in #1258
- Bump org.apache.felix:maven-bundle-plugin from 5.1.9 to 6.0.0 by @dependabot[bot] in #1271
- Bump org.apache.maven.plugins:maven-project-info-reports-plugin from 3.8.0 to 3.9.0 by @dependabot[bot] in #1269
- Bump byte-buddy.version from 1.17.2 to 1.17.5 by @dependabot[bot] in #1268
- Bump org.awaitility:awaitility from 4.2.2 to 4.3.0 by @dependabot[bot] in #1276
- Bump github/codeql-action from 3.28.17 to 3.29.0 by @dependabot[bot] in #1280
- Bump jasperreports7.version from 7.0.1 to 7.0.3 by @dependabot[bot] in #1275
- Bump ossf/scorecard-action from 2.4.1 to 2.4.2 by @dependabot[bot] in #1278
- Bump com.github.ben-manes.caffeine:caffeine from 3.2.0 to 3.2.1 by @dependabot[bot] in #1282
- Bump github/codeql-action from 3.29.0 to 3.29.2 by @dependabot[bot] in #1288
- Bump weld.version from 6.0.2.Final to 6.0.3.Final by @dependabot[bot] in #1284
- Bump org.easymock:easymock from 5.4.0 to 5.6.0 by @dependabot[bot] in #1287
- Bump org.owasp:dependency-check-maven from 12.1.1 to 12.1.3 by @dependabot[bot] in #1290
- Bump maven-surefire-plugin.version from 3.5.2 to 3.5.3 by @dependabot[bot] in #1291
- Bump org.apache.maven.plugins:maven-failsafe-plugin from 3.5.2 to 3.5.3 by @dependabot[bot] in #1292
- Bump org.apache.commons:commons-text from 1.13.0 to 1.13.1 by @dependabot[bot] in #1293
- Bump org.apache.maven.plugins:maven-enforcer-plugin from 3.5.0 to 3.6.1 by @dependabot[bot] in #1296
- Bump com.github.ben-manes.caffeine:caffeine from 3.2.1 to 3.2.2 by @dependabot[bot] in #1297
- Bump org.htmlunit:htmlunit from 4.11.1 to 4.13.0 by @dependabot[bot] in #1298
- Bump org.jfree:jfreechart from 1.5.5 to 1.5.6 by @dependabot[bot] in #1299
- Bump org.codehaus.mojo:exec-maven-plugin from 3.5.0 to 3.5.1 by @dependabot[bot] in #1301
- Bump org.springframework:spring-framework-bom from 6.2.3 to 6.2.9 by @dependabot[bot] in #1304
- Bump github/codeql-action from 3.29.2 to 3.29.5 by @dependabot[bot] in #1305
- Bump org.apache.commons:commons-fileupload2-jakarta-servlet6 from 2.0.0-M2 to 2.0.0-M4 by @dependabot[bot] in #1283
- Bump slf4j.version from 2.0.16 to 2.0.17 by @dependabot[bot] in #1313
- Bump github/codeql-action from 3.29.5 to 3.29.9 by @dependabot[bot] in #1314
- Bump actions/checkout from 4 to 5 by @dependabot[bot] in #1315
- Bump byte-buddy.version from 1.17.5 to 1.17.6 by @dependabot[bot] in #1302
- Bump github/codeql-action from 3.29.9 to 3.29.11 by @dependabot[bot] in #1320
- Bump actions/setup-java from 4 to 5 by @dependabot[bot] in #1321
- Bump github/codeql-action from 3.29.11 to 3.30.1 by @dependabot[bot] in #1326
- Bump byte-buddy.version from 1.17.6 to 1.17.7 by @dependabot[bot] in #1331
- Bump org.htmlunit:htmlunit from 4.13.0 to 4.16.0 by @dependabot[bot] in #1332
- Bump github/codeql-action from 3.30.1 to 3.30.2 by @dependabot[bot] in #1333
- Bump org.apache.rat:apache-rat-plugin from 0.15 to 0.16.1 by @dependabot[bot] in #1339
- Bump github/codeql-action from 3.30.2 to 3.30.3 by @dependabot[bot] in #1341
- Bump org.eclipse.jetty:jetty-maven-plugin from 11.0.18 to 11.0.26 by @dependabot[bot] in #1347
- Bump org.springframework:spring-framework-bom from 6.2.9 to 6.2.11 by @dependabot[bot] in #1348
- Bump org.apache.maven.plugins:maven-javadoc-plugin from 3.11.2 to 3.11.3 by @dependabot[bot] in #1349
- Bump org.assertj:assertj-core from 3.27.3 to 3.27.4 by @dependabot[bot] in #1350
- Bump org.apache.maven.plugins:maven-failsafe-plugin from 3.5.3 to 3.5.4 by @dependabot[bot] in #1358
- Bump org.codehaus.mojo:versions-maven-plugin from 2.18.0 to 2.19.0 by @dependabot[bot] in #1360
- Bump github/codeql-action from 3.30.3 to 3.30.5 by @dependabot[bot] in #1368
- Bump org.jacoco:jacoco-maven-plugin from 0.8.12 to 0.8.13 by @dependabot[bot] in #1372
- Bump org.apache.logging.log4j:log4j-bom from 2.25.1 to 2.25.2 by @dependabot[bot] in #1374
- Bump org.assertj:assertj-core from 3.27.4 to 3.27.6 by @dependabot[bot] in #1375
- build(deps): bump github/codeql-action from 4.32.1 to 4.32.2 by @dependabot[bot] in #1574
- build(deps): bump org.apache.maven.plugins:maven-dependency-plugin from 3.9.0 to 3.10.0 by @dependabot[bot] in #1575
- build(deps): WW-5613 bump ognl:ognl from 3.4.8 to 3.4.10 by @dependabot[bot] in #1567
- build(deps-dev): bump byte-buddy.version from 1.18.4 to 1.18.5 by @dependabot[bot] in #1583
- build(deps): bump github/codeql-action from 4.32.2 to 4.32.3 by @dependabot[bot] in #1580
- build(deps): WW-5615 bump org.apache.commons:commons-fileupload2-jakarta-servlet6 from 2.0.0-M4 to 2.0.0-M5 by @dependabot[bot] in #1584
- conf(git): Ignores Cursor related paths by @lukaszlenart in #1585
- build(deps): bump org.springframework:spring-framework-bom from 6.2.12 to 7.0.4 by @dependabot[bot] in #1581
- build(deps): bump github/codeql-action from 4.32.3 to 4.32.4 by @dependabot[bot] in #1589
- build(deps): bump org.springframework:spring-framework-bom from 6.2.12 to 7.0.5 by @dependabot[bot] in #1588
- build(deps-dev): bump org.apache.maven.plugins:maven-failsafe-plugin from 3.5.4 to 3.5.5 by @dependabot[bot] in #1595
- build(deps): bump maven-surefire-plugin.version from 3.5.4 to 3.5.5 by @dependabot[bot] in #1596
- build(deps): bump com.fasterxml.jackson:jackson-bom from 2.21.0 to 2.21.1 by @dependabot[bot] in #1597
- build(deps-dev): bump byte-buddy.version from 1.18.5 to 1.18.7 by @dependabot[bot] in #1607
- build(deps): bump org.mockito:mockito-core from 5.21.0 to 5.22.0 by @dependabot[bot] in #1609
- build(deps): bump actions/upload-artifact from 6.0.0 to 7.0.0 by @dependabot[bot] in #1612
- build(deps): bump github/codeql-action from 4.32.4 to 4.32.5 by @dependabot[bot] in #1611
- build(deps): bump org.apache.felix:maven-bundle-plugin from 6.0.0 to 6.0.2 by @dependabot[bot] in #1610
- Bump ossf/scorecard-action from 2.4.2 to 2.4.3 by @dependabot[bot] in #1379
- Bump org.apache.maven.plugins:maven-wrapper-plugin from 3.3.2 to 3.3.4 by @dependabot[bot] in #1382
- Bump org.apache.maven.plugins:maven-enforcer-plugin from 3.6.1 to 3.6.2 by @dependabot[bot] in #1383
- Bump maven-surefire-plugin.version from 3.5.3 to 3.5.4 by @dependabot[bot] in #1384
- Bump github/codeql-action from 3.30.5 to 4.30.8 by @dependabot[bot] in #1389
- Bump org.htmlunit:htmlunit from 4.16.0 to 4.17.0 by @dependabot[bot] in #1396
- Bump org.codehaus.groovy:groovy-jsr223 from 3.0.22 to 3.0.25 by @dependabot[bot] in #1398
- Bump org.owasp:dependency-check-maven from 12.1.3 to 12.1.8 by @dependabot[bot] in #1399
- Bump actions/upload-artifact from 4.6.2 to 5.0.0 by @dependabot[bot] in #1400
- Bump github/codeql-action from 4.30.8 to 4.31.0 by @dependabot[bot] in #1401
- Bump github/codeql-action from 4.31.0 to 4.31.2 by @dependabot[bot] in #1402
- Bump com.github.ben-manes.caffeine:caffeine from 3.2.2 to 3.2.3 by @dependabot[bot] in #1403
- Bump org.springframework:spring-framework-bom from 6.2.11 to 6.2.12 by @dependabot[bot] in #1404
- Bump actions/checkout from 5 to 6 by @dependabot[bot] in #1423
- Bump github/codeql-action from 4.31.2 to 4.31.4 by @dependabot[bot] in #1424
- Bump org.owasp:dependency-check-maven from 12.1.8 to 12.1.9 by @dependabot[bot] in #1430
- Bump org.glassfish.jaxb:jaxb-bom from 4.0.5 to 4.0.6 by @dependabot[bot] in #1432
- Bump org.apache.rat:apache-rat-plugin from 0.16.1 to 0.17 by @dependabot[bot] in #1406
- Bump github/codeql-action from 4.31.4 to 4.31.5 by @dependabot[bot] in #1435
- Bump org.codehaus.mojo:exec-maven-plugin from 3.5.1 to 3.6.2 by @dependabot[bot] in #1441
- Bump org.apache.maven.plugins:maven-release-plugin from 3.1.1 to 3.2.0 by @dependabot[bot] in #1442
- Bump org.apache.maven.plugins:maven-dependency-plugin from 3.8.1 to 3.9.0 by @dependabot[bot] in #1443
- Bump org.apache.maven.plugins:maven-assembly-plugin from 3.7.1 to 3.8.0 by @dependabot[bot] in #1444
- Bump github/codeql-action from 4.31.5 to 4.31.7 by @dependabot[bot] in #1447
- Bump org.apache.maven.plugins:maven-war-plugin from 3.4.0 to 3.5.1 by @dependabot[bot] in #1449
- Bump org.jacoco:jacoco-maven-plugin from 0.8.13 to 0.8.14 by @dependabot[bot] in #1459
- Bump org.codehaus.mojo:versions-maven-plugin from 2.19.0 to 2.20.1 by @dependabot[bot] in #1463
- Bump org.apache.maven.plugins:maven-release-plugin from 3.2.0 to 3.3.0 by @dependabot[bot] in #1460
- Bump org.springframework:spring-framework-bom from 6.2.12 to 7.0.1 by @dependabot[bot] in #1467
- build(deps): bump actions/upload-artifact from 5.0.0 to 6.0.0 by @dependabot[bot] in #1470
- build(deps): bump github/codeql-action from 4.31.7 to 4.31.8 by @dependabot[bot] in #1471
- build(deps): bump org.mockito:mockito-core from 5.20.0 to 5.21.0 by @dependabot[bot] in #1472
- build(deps): bump org.apache.maven.plugins:maven-release-plugin from 3.3.0 to 3.3.1 by @dependabot[bot] in #1473
- build(deps): bump github/codeql-action from 4.31.8 to 4.31.9 by @dependabot[bot] in #1481
- build(deps): bump org.apache.logging.log4j:log4j-bom from 2.25.2 to 2.25.3 by @dependabot[bot] in #1482
- build(deps): bump asm.version from 9.9 to 9.9.1 by @dependabot[bot] in #1483
- build(deps-dev): bump commons-validator:commons-validator from 1.10.0 to 1.10.1 by @dependabot[bot] in #1490
- build(deps-dev): bump byte-buddy.version from 1.18.2 to 1.18.3 by @dependabot[bot] in #1491
- chore(deps): ignore incompatible updates for release/struts-6-8-x by @lukaszlenart in #1497
- build(deps): bump org.springframework:spring-framework-bom from 6.2.12 to 7.0.2 by @dependabot[bot] in #1475
- build(deps): bump org.apache.maven.plugins:maven-source-plugin from 3.3.1 to 3.4.0 by @dependabot[bot] in #1502
- build(deps): bump org.codehaus.mojo:exec-maven-plugin from 3.6.2 to 3.6.3 by @dependabot[bot] in #1503
- build(deps): bump org.htmlunit:htmlunit from 4.17.0 to 4.21.0 by @dependabot[bot] in #1504
- Excludes some deps in 6.x by @lukaszlenart in #1514
- build(deps): bump org.owasp:dependency-check-maven from 12.1.9 to 12.2.0 by @dependabot[bot] in #1518
- build(deps): bump github/codeql-action from 4.31.9 to 4.31.10 by @dependabot[bot] in #1521
- Ignores incompatible dependencies with Struts 6.x by @lukaszlenart in #1526
- build(deps-dev): bump weld.version from 6.0.3.Final to 6.0.4.Final by @dependabot[bot] in #1530
- Ignores some dependencies for update in 6.x by @lukaszlenart in #1533
- build(deps): WW-5605 bump org.apache.juneau:juneau-marshall from 8.1.3 to 9.2.0 by @dependabot[bot] in #1512
- build(deps-dev): bump byte-buddy.version from 1.18.3 to 1.18.4 by @dependabot[bot] in #1537
- build(deps-dev): bump org.codehaus.mojo:versions-maven-plugin from 2.20.1 to 2.21.0 by @dependabot[bot] in #1538
- build(deps): bump org.springframework:spring-framework-bom from 6.2.12 to 7.0.3 by @dependabot[bot] in #1540
- Excludes some dependencies from upgrade in 6.x by @lukaszlenart in #1541
- build(deps): bump org.assertj:assertj-core from 3.27.6 to 3.27.7 by @dependabot[bot] in #1552
- build(deps): bump org.testng:testng from 7.11.0 to 7.12.0 by @dependabot[bot] in #1553
- build(deps): bump github/codeql-action from 4.31.10 to 4.31.11 by @dependabot[bot] in #1551
- fix(conf): drops deprecated del_branch_on_merge by @lukaszlenart in #1555
- build(deps): bump github/codeql-action from 4.31.11 to 4.32.0 by @dependabot[bot] in #1556
- build(deps): excludes upgrading Tomcat 11 libraries by @lukaszlenart in #1559
- build(deps): bump github/codeql-action from 4.32.0 to 4.32.1 by @dependabot[bot] in #1566
- build(deps): bump github/codeql-action from 4.32.5 to 4.32.6 by @dependabot[bot] in #1619
- build(deps-dev): bump commons-logging:commons-logging from 1.3.5 to 1.3.6 by @dependabot[bot] in #1620
- build(deps): bump net.sf.jasperreports:jasperreports from 7.0.3 to 7.0.4 in /plugins/jasperreports7 by @dependabot[bot] in #1618
- build(deps): bump github/codeql-action from 4.32.6 to 4.33.0 by @dependabot[bot] in #1627
- build(deps): bump org.glassfish.jaxb:jaxb-bom from 4.0.6 to 4.0.7 by @dependabot[bot] in #1628
- build(deps): bump org.mockito:mockito-core from 5.22.0 to 5.23.0 by @dependabot[bot] in #1629
- build(deps): bump github/codeql-action from 4.33.0 to 4.34.1 by @dependabot[bot] in #1633
- deps(rat): excludes updatding the RAT plugin as it requires Java 17 by @lukaszlenart in #1641
- build(deps): bump com.fasterxml.jackson:jackson-bom from 2.21.1 to 2.21.2 by @dependabot[bot] in #1634
- build(deps): bump org.apache.rat:apache-rat-plugin from 0.17 to 0.18 by @dependabot[bot] in #1639
- build(deps): bump org.apache.maven.doxia:doxia-core from 2.0.0 to 2.1.0 by @dependabot[bot] in #1640
- build(deps): bump github/codeql-action from 4.34.1 to 4.35.1 by @dependabot[bot] in #1645
- build(deps-dev): bump byte-buddy.version from 1.18.7 to 1.18.8 by @dependabot[bot] in #1646
- build(deps): bump org.apache.logging.log4j:log4j-bom from 2.25.3 to 2.25.4 by @dependabot[bot] in #1648
- ci(dependabot): add cooldown by @lukaszlenart in #1656
- build(deps): bump ognl:ognl from 3.4.10 to 3.4.11 by @dependabot[bot] in #1655
- ci(struts6): adjusts workflows to use the new branch by @lukaszlenart in #1659
- cd(checks): uses proper context names for checks by @lukaszlenart in #1660
- build(deps): bump actions/upload-artifact from 7.0.0 to 7.0.1 by @dependabot[bot] in #1663
- build(deps): bump org.owasp:dependency-check-maven from 12.2.0 to 12.2.1 by @dependabot[bot] in #1664
- introduce private method to remove clones by @aaaZayne in #1666
- build(deps): bump github/codeql-action from 4.35.1 to 4.35.2 by @dependabot[bot] in #1668
- build(deps): bump com.fasterxml.jackson:jackson-bom from 2.21.2 to 2.21.3 by @dependabot[bot] in #1669
- build(deps): WW-5625 bump commons-io:commons-io from 2.21.0 to 2.22.0 by @dependabot[bot] in #1672
- Uses proper config to avoid failing a build when generating JavaDocs by @lukaszlenart in #1240
- Uses new url for Maven Badges app by @lukaszlenart in #1252
- Adjusts required checks to the new structure by @lukaszlenart in #1264
- Uses proper name of check to pass by @lukaszlenart in #1266
- Fixes build check for Struts 6.x by @lukaszlenart in #1308
- Defines basic set of files to work with Claude Code by @lukaszlenart in #1295
- Enables Dependabot to support all the main branches by @lukaszlenart in #1327
- Reverse merge changes from release/7.1.0 by @lukaszlenart in #1364
- build(deps): bump github/codeql-action from 4.35.2 to 4.35.3 by @dependabot[bot] in #1675
- build(deps): bump org.glassfish.jaxb:jaxb-bom from 4.0.7 to 4.0.8 by @dependabot[bot] in #1676
- build(deps): bump org.owasp:dependency-check-maven from 12.2.1 to 12.2.2 by @dependabot[bot] in #1677
- build(deps): bump com.github.ben-manes.caffeine:caffeine from 3.2.3 to 3.2.4 by @dependabot[bot] in #1679
- build(deps): bump github/codeql-action from 4.35.3 to 4.35.4 by @dependabot[bot] in #1682
- build(deps): bump slf4j.version from 2.0.17 to 2.0.18 by @dependabot[bot] in #1683
- build(deps): bump github/codeql-action from 4.35.4 to 4.35.5 by @dependabot[bot] in #1694
- build(deps-dev): bump org.apache.maven.plugins:maven-enforcer-plugin from 3.6.2 to 3.6.3 by @dependabot[bot] in #1698
- ci(dependabot): fix cooldown property name by @lukaszlenart in #1702
- build(deps): WW-5628 bump asm.version from 9.9.1 to 9.10 by @dependabot[bot] in #1695
- build(deps): WW-5629 bump org.apache.logging.log4j:log4j-bom from 2.25.4 to 2.26.0 by @dependabot[bot] in #1685
- security(versions): updates list of supported versions by @lukaszlenart in #1708
- build(deps): bump github/codeql-action from 4.35.5 to 4.36.0 by @dependabot[bot] in #1710
- build(deps): bump org.apache.maven.plugins:maven-site-plugin from 3.21.0 to 3.22.0 by @dependabot[bot] in #1711
- build(deps): bump asm.version from 9.10 to 9.10.1 by @dependabot[bot] in #1713
- docs(skills): add triaging-security-reports skill by @lukaszlenart in #1722
- build(deps): bump maven-surefire-plugin.version from 3.5.5 to 3.5.6 by @dependabot[bot] in #1731
- build(deps): bump org.apache.maven.plugins:maven-dependency-plugin from 3.10.0 to 3.11.0 by @dependabot[bot] in #1730
- build(deps): bump github/codeql-action from 4.36.0 to 4.36.2 by @dependabot[bot] in #1734
- build(deps-dev): bump org.apache.maven.plugins:maven-failsafe-plugin from 3.5.5 to 3.5.6 by @dependabot[bot] in #1732
- build(deps): WW-5633 bump com.fasterxml.jackson:jackson-bom from 2.21.3 to 2.22.0 by @dependabot[bot] in #1729
- build(deps): WW-5634 bump org.htmlunit:htmlunit from 4.21.0 to 5.1.0 by @dependabot[bot] in #1733
New Contributors
- @bill-humblcloud made their first contribution in #1223
- @MFAshby made their first contribution in #1309
- @Senrian made their first contribution in #1606
- @aaaZayne made their first contribution in #1666
- @tranquac made their first contribution in #1653
- @g0w6y made their first contribution in #1690
- @arunmanni-ai made their first contribution in #1737
Full Changelog: STRUTS_7_0_3...STRUTS_7_2_0
Contributors
lukaszlenart, MFAshby, and 12 other contributors