Apache Struts 2
Apache Struts 2 is an open-source web application framework for developing Java EE web applications. It uses and extends the Java Servlet API to encourage developers to adopt a model–view–controller (MVC) architecture. The WebWork framework spun off from Apache Struts 1 aiming to offer enhancements and refinements while retaining the same general architecture of the original Struts framework. In December 2005, it was announced that WebWork 2.2 was adopted as Apache Struts 2, which reached its first full release in February 2007.[2]
 | |
| Developer(s) | Apache Software Foundation |
|---|---|
| Initial release | October 10, 2006 |
| Stable release | 2.5.22
/ November 29, 2019[1] |
| Repository | Struts Repository |
| Written in | Java |
| Operating system | Cross-platform |
| Platform | Cross-platform (JVM) |
| Type | Web framework |
| License | Apache License 2.0 |
| Website | struts |
Struts 2 has a history of critical security bugs,[3] many tied to its use of OGNL technology;[4] some vulnerabilities can lead to arbitrary code execution. In October 2017, it was reported that failure by Equifax to address a Struts 2 vulnerability advised in March 2017 was later exploited in the data breach that was disclosed by Equifax in September 2017.[5][6]
Features
- Simple POJO-based actions
- Simplified testability
- Thread safe
- AJAX support
- jQuery plugin
- Dojo Toolkit plugin (deprecated)
- Ajax client-side validation
- Template support
- Support for different result types
- Easy to extend with plugins
- REST plugin (REST-based actions, extension-less URLs)
- Convention plugin (action configuration via Conventions and Annotations)
- Spring plugin (dependency injection)
- Hibernate plugin
- Support in design
- JFreechart plugin (charts)
- jQuery plugin (Ajax support, UI widgets, dynamic table, charts)
- Rome plugin
gollark: Except they can then... see everything you're doing, which defeats the point.
gollark: I don't think that's actually true unless you can go to ridiculous lengths like "run entire universe simulation backwards", in any case.
gollark: I mean... maybe, but it's more about making it very difficult.
gollark: I mean, how do people manage to mess this stuff up? I hesitate to say that I could do better about presumably very complex things, but it seems like a lot of the time the phone network is terrible and even I could do better at designing it.
gollark: Apparently there's yet *another* issue with phone network stuff (https://www.rtl-sdr.com/eavesdropping-on-lte-calls-with-a-usrp-software-defined-radio/) because apparently the designers/implementors are... idiots, so far as I can tell?
References
- "29 November 2019 - Struts 2.5.22 General Availability". Retrieved 4 February 2020.
- About Apache Struts 2 Archived January 14, 2014, at the Wayback Machine
- "Apache Struts : List of security vulnerabilities". cvedetails.com. Retrieved October 2, 2017.
- Munoz, Alvaro (January 14, 2014). "Struts 2: OGNL Expression Injections". HPE.com. Retrieved October 2, 2017.
- Chirgwin, Richard (October 2, 2017). "Equifax couldn't find or patch vulnerable Struts implementations". The Register. Retrieved October 2, 2017.
- Goodin, Dan (October 2, 2017). "A series of delays and major errors led to massive Equifax breach". Ars Technica. Retrieved October 2, 2017.
External links
Apache Software Foundation | |
|---|---|
| Top-level projects |
|
| Commons | |
| Incubator | |
| Other projects | |
| Attic | |
| Licenses | |
| |
| Platforms | _waving.svg.png) | ||||||
|---|---|---|---|---|---|---|---|
| Oracle technologies | |||||||
| Platform technologies | |||||||
| Major third-party technologies | |||||||
| History | |||||||
| Major JVM languages | |||||||
| Community |
| ||||||
  | |||||||
This article is issued from Wikipedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.