Struts 1.2.9 Release

Info

  1. Struts Release Guidelines

  2. Signing Releases

  3. Apache Mirroring Guidelines

Release Manager

The release manager is Niall Pemberton

Special Issues

This is primarily a maintenance release to fix the following security issues:

38374

Validation always skipped with Globals.CANCEL_KEY

38534

DOS attack, application hack

38749

XSS vulnerability in LookupDispatchAction

Outstanding Bug Review

ID

Summary

Component

Status

31230

Multiple classes using deprecated DefinitionsUtil class

tiles

Remove deprecations in 1.3.x

36806

Unexpected Tiles recursion on JSP errors?

tiles

Needs more investigation -Plan to proceed without this

37653

Struts-beans and tiles handle request.getLocale different

tiles

document? - Target 1.3.x

35703

TilesUtilImpl doInclude() should call TilesRequestProcessor doInclude()... but it doesn't

tiles

WONTFIX

37817

TagUtils doesn't create XHTML compliant URLs when called from LinkTag when using forwards defined with redirect="true"

taglib

fixed

37995

Hanging Fileupload in Large Input JSP

fileupload

Can't determine cause - proceed without

38007

duplicate processing instructions when using jspx

tiles

Needs more investigation. Plan to proceed without this

38191

Fix Min/Max Length Validator for different line endings

validator

Needs Valdiator 1.2.1 release. Target 1.3.x

38460

forwardPattern implementation missing

action

Plan to release without this - IMO should be enhancement

38956

Postback form (optional 'action' attribute for html-el:form) is not working

EL

Only affects 1.3.x

38964

Postback Forms - Caching and Modules

taglib

Only affects 1.3.x

Preparation Checklist

#

Description

Status

1.

Announce plan to dev@ list; link from roadmap page

(./)

2.

Review/Resolve Outstanding Bugs

(./)

3.

Update Release Notes

(./)

4.

Check Dependencies

(./)

5.

Update to version 1.2.9 build.xml, project.xml

(./)

The Commons Preparation Guide is a helpful preparation backgrounder, but Commons uses the "beta/release-candidate/final" process.

Likewise, the HTTPD Release Guidelines is a helpful "overall process" backgrounder, but HTTPD does not use a test-build stage.

Dependency versions for this release:

Dependency

Version

Status

Used In

Antlr

2.7.2

Released

Struts Validator

Commons BeanUtils

1.7.0

Released

core (ActionServlet, configuration, DynaActionForm)

Commons Digester

1.6

Released

core (ActionServlet, configuration)

Commons FileUpload

1.0

Released

Struts Upload

Commons Logging

1.0.4

Released

core (logging all over)

Commons Validator

1.1.4

Released

Struts Validator

Jakarta Oro

2.0.7

Released

Commons Validator

Testing Checklist

Testing Summary

#

Description

Completed

1.

Run Unit Test targets

(./)

2.

Run Cactus Tests (see below)

(./)

3.

Play test bundled applications (TC 5.0.x)

(./)

TODO: A Canoo WebTest for the applications would be great!

Cactus Tests

#

J2SE Version

Tomcat Version

Status

1.

J2SE 1.3.1_04

Tomcat 4.1.30

(./)

2.

J2SE 1.4.2_07

Tomcat 4.1.30

(./)

3.

J2SE 1.3.1_04

Tomcat 5.0.28

(./)

4.

J2SE 1.4.2_07

Tomcat 5.0.28

(./)

Test Build Checklist (A)

See also Commons Step-by-Step Guide

#

Description

Completed

A1.

Tag release in svn: STRUTS_1_2_9 (remember to update svn:externals)

(./)

A2.

Check out a clean copy using the tag created in A1 and and run Distribution Target

(./)

A3.

Upload Distribution to cvs.apache.org:/www/cvs.apache.org/dist/struts/v1.2.9

(./)

A4.

Post release-quality vote on dev@ and user@ lists

(./)

Vote (A)

PMC Member

Quality

Don Brown

GA

Niall Pemberton

GA

Martin Cooper

GA

If release vote fails, including for a lack of quorum, remove from dist folder.

Point Release Checklist (B)

#

Description

Completed

B1.

Create Sums and Sign Distributions [2]

(./)

B2.

Request new Bugzilla version level (1.2.9)

(./)

B3.

Update "Acquiring" page on website and Test Downloads

n/a

Vote (B)

PMC Member

Quality

N.B. Voted GA Quality in first vote (see Vote A above)

Voting continues until a GA or "withdraw" vote passes, or there is a subsequent release.

General Availability Checklist (C)

#

Description

Completed

C1.

Copy Distribution to Mirrored Directories [3]

(./)

C2.

Deploy JAR to Apache Java-Repository

(./)

C3.

After 24 hours, update "Acquiring" page on website

(./)

C4.

Post an announcement to lists and website

(./)


StrutsRelease129 (last edited 2009-09-20 23:12:25 by localhost)