top button
Flag Notify
    Connect to us
      Site Registration

Site Registration

About includeParams in S2-014

0 votes
279 views

Struts 2 security report S2-014 strongly recommends upgrading Struts to 2.3.14.2, but in our project current Struts 2.3.4.1 is difficult to upgrade
Our project member verified the problem of S2-014 and found -- when the includeParams="all" or "get" were not specified in s:url and s:a tag, no malfunctioning behavior were seen.
I'd like to ask a question. As in our JSP application url/a tag neither includeParams="all" nor includeParams="get" is specified, we'd like to avoid upgrading Struts this time. Does this decision have a problem?

posted Jun 4, 2013 by anonymous

Share this question
Facebook Share Button Twitter Share Button LinkedIn Share Button

1 Answer

0 votes

Even if probably it's not the best way to go, If you are not using includeParams all or get, you would not have to concern about S2-013 and S2-014. Please, check your app against S2-015 [1].

[1] https://cwiki.apache.org/confluence/display/WW/S2-015

answer Jun 4, 2013 by anonymous
Similar Questions
+1 vote

Will it restrict the information being stored at the browser cache.

+2 votes

Anyone have tried struts2 on springboot? can we run it on spring boot? or anyone tested it?

+1 vote

We are in the beginning of the migration to struts2 and it seems like there will be some period when both frameworks will be active at the same time..the only problem now is accessing the session beans managed by struts2 in struts1 and vice-versa form beans from strut1 mapped in struts2 . Half of the jsp would use struts1 tags and other half struts2 tags. So there should be beans instantiated in both frameworks.

Probably struts2 bean can be injected to struts1 action with struts1 form still accessible as execute() argument, but what about other way? accessing struts1 form bean (not just data, but managed bean) in struts2 execute() ?

+1 vote

I'm using Netbeans and Tomcat. Trying to run, browser displays:

Unable to instantiate Action, ${package}.IndexAction, defined for 'index' in namespace '/'${package}.IndexAction

Root cause:

java.lang.ClassNotFoundException: ${package}.IndexAction
in struts.xml:
/jsp/index.jsp
+1 vote

I am using s:select to create a dropdown and then checked the html. I wanted to add bgcolor as yellow. I referred to the following link

http://struts.apache.org/release/2.2.x/docs/struts-2-themes.html

but still not sure how to put the background clour as yellow. Can anyone provide any pointers? Also, is it OK to use JSTL tags in JSPs in a Struts 2 application ?

...