Java Web開發框架，Struts 2.3.20 發布

Apache Struts2是一個用于創建企業級Java Web應用程序優雅的，可擴展的框架。該框架旨在簡化整個開發周期，從構建，部署，維護應用程序。

一個中等的安全問題解決了此版本：

• S2-023 令牌生成的值是可預測的

除此之外，該版本包含了一些修復和改進，只提其中的幾個：

• merged security fixes from version 2.3.16.1, 2.3.16.2, 2.3.16.3
• extended existing security mechanism to block access to given Java packages and Classes
• collection Parameters for RedirectResult
• make ParametersInterceptor supports chinese in hash key by default
• themes.properties can be loaded using ServletContext allows to put template folder under WEB-INF or on classpath
• new tag datetextfield
• only valid Ognl expressions are cached
• custom TextProvider can be used for validation errors of model driven actions
• datetimepicker's label fixed
• PropertiesJudge removed and properties are checked in SecurityMemberAccess
• resource reloading works in IBM JVM
• default reloading settings were removed from default.properties
• commons-fileupload library upgraded to version 1.3.1 to fix potential security vulnerability
• the scheme attribute accepts expressions in s:url tag
• solves problem with infinite loop in FastByteArrayOutputStream
• LocalizedTextUtil supports many ClassLoaders
• Bill of Materials pom was introduced
• debug=browser|console was migrated to jQuery
• struts_dojo.js was fixed
• interface org/apache/struts2/views/TagLibrary was restored and marked as @Depreacted

許多其他小的改進，請仔細閱讀版本說明： version notes.

All developers are strongly advised to perform this action.

在2.3.x系列Apache Struts框架具有以下規范版本的最低要求：Servlet API的2.4，JSP API 2.0和Java5。

Should any issues arise with your use of any version of the Struts framework, please post your comments to the user list, and, if appropriate, file a tracking ticket.