Apache Struts 2

Apache Struts 2
Developer(s)	Apache Software Foundation
Initial release	October 10, 2006; 15 years ago
Stable release	2.5.26 / December 6, 2020; 15 months ago
Repository	Struts Repository
Written in	Java
Operating system	Cross-platform
Platform	Cross-platform (JVM)
Predecessor	Apache Struts 1
Type	Web framework
License	Apache License 2.0
Website	struts.apache.org

Apache Struts 2 is an open-source web application framework for developing Java EE web applications. It uses and extends the Java Servlet API to encourage developers to adopt a model–view–controller (MVC) architecture. The WebWork framework spun off from Apache Struts 1 aiming to offer enhancements and refinements while retaining the same general architecture of the original Struts framework. In December 2005, it was announced that WebWork 2.2 was adopted as Apache Struts 2, which reached its first full release in February 2007.^[2]

Struts 2 has a history of critical security bugs,^[3] many tied to its use of OGNL technology;^[4] some vulnerabilities can lead to arbitrary code execution. In October 2017, it was reported that failure by Equifax to address a Struts 2 vulnerability advised in March 2017 was later exploited in the data breach that was disclosed by Equifax in September 2017.^[5]^[6]

Features[]

Simple POJO-based actions
Simplified testability
Thread safe
AJAX support
- jQuery plugin
- Dojo Toolkit plugin (deprecated)
- Ajax client-side validation
Template support
Support for different result types
Easy to extend with plugins
- REST plugin (REST-based actions, extension-less URLs)
- Convention plugin (action configuration via Conventions and Annotations)
- Spring plugin (dependency injection)
- Hibernate plugin
- Support in design
- JFreechart plugin (charts)
- jQuery plugin (Ajax support, UI widgets, dynamic table, charts)
- Rome plugin

References[]

^ "06 December 2020 - Struts 2.5.26 General Availability". Retrieved 6 December 2020.
^ About Apache Struts 2 Archived January 14, 2014, at the Wayback Machine
^ "Apache Struts : List of security vulnerabilities". cvedetails.com. Retrieved October 2, 2017.
^ Munoz, Alvaro (January 14, 2014). "Struts 2: OGNL Expression Injections". HPE.com. Retrieved October 2, 2017.
^ Chirgwin, Richard (October 2, 2017). "Equifax couldn't find or patch vulnerable Struts implementations". The Register. Retrieved October 2, 2017.
^ Goodin, Dan (October 2, 2017). "A series of delays and major errors led to massive Equifax breach". Ars Technica. Retrieved October 2, 2017.

External links[]

Official website

[1] "06 December 2020 - Struts 2.5.26 General Availability". Retrieved 6 December 2020.

[2] About Apache Struts 2 Archived January 14, 2014, at the Wayback Machine

[3] "Apache Struts : List of security vulnerabilities". cvedetails.com. Retrieved October 2, 2017.

[4] Munoz, Alvaro (January 14, 2014). "Struts 2: OGNL Expression Injections". HPE.com. Retrieved October 2, 2017.

[5] Chirgwin, Richard (October 2, 2017). "Equifax couldn't find or patch vulnerable Struts implementations". The Register. Retrieved October 2, 2017.

[6] Goodin, Dan (October 2, 2017). "A series of delays and major errors led to massive Equifax breach". Ars Technica. Retrieved October 2, 2017.

[1]

[2]

[3]

[4]

[5]

[6]

v t Web frameworks
Comparison
.NET	ASP.NET Core AJAX Dynamic Data MVC Razor Web Forms Blazor DNN BFC MonoRail OpenRasta Umbraco WebSharper
C++	CppCMS Drogon Pistache Wt
ColdFusion	CFWheels ColdBox Platform ColdSpring Fusebox Model-Glue
Common Lisp	CL-HTTP
Haskell	Yesod Snap
Java	AppFuse Flexive Grails GWT ICEfaces ItsNat JHipster Jspx JWt Mojarra Play Remote Application Platform RIFE Seam Sling Spring Stripes Struts Tapestry Vaadin Vert.x Wicket WaveMaker ZK
JavaScript	Angular/AngularJS Backbone.js Chaplin.js Closure Dojo Toolkit Ember.js Express.js Ext JS jQuery Knockout.js Meteor MooTools Node.js OpenUI5 Prototype React Sencha Touch SproutCore Svelte Vue.js Wakanda
Perl	Catalyst Dancer Mason Maypole Mojolicious WebGUI
PHP	CakePHP CodeIgniter Drupal Fat-Free FuelPHP Flow Grav Gyroscope Horde Joomla Kohana Laminas Laravel Lithium Midgard MODX Nette Phalcon PHP-Fusion Pop PHP PRADO ProcessWire Qcodo Silex SilverStripe Symfony TYPO3 WordPress XOOPS Yii
Python	BlueBream Bottle CherryPy CubicWeb Django FastAPI Flask Grok Nevow Pyjs Pylons Pyramid Quixote TACTIC Tornado TurboGears web2py Webware Zope 2 more...
Ruby	Camping Merb Padrino Ruby on Rails Sinatra
Rust	Rocket
Scala	Lift Play Scalatra
Smalltalk	AIDA/Web Seaside
Other languages	Application Express (PL/SQL) Grails (Groovy) OpenACS (Tcl) Phoenix (Elixir) SproutCore (JavaScript-Ruby) Yaws (Erlang)

v t The Apache Software Foundation
Top-level projects	Accumulo ActiveMQ Airflow Ambari Ant Aries Arrow Apache HTTP Server APR Avro Axis Axis2 Beam Bloodhound Brooklyn Buildr Calcite Camel CarbonData Cassandra Cayenne Chemistry CloudStack Cocoon Cordova CouchDB cTAKES CXF Derby Directory Drill Druid Empire-db Felix Flex Flink Flume Geronimo Giraph Gump Hadoop HBase Helix Hive Impala Jackrabbit James Jena Jini JMeter Kafka Kudu Kylin Lucene Mahout Maven MINA mod_perl MyFaces NetBeans Nutch OFBiz Oozie OpenEJB OpenJPA OpenNLP OрenOffice ORC PDFBox Parquet Phoenix POI Pig Pinot Pivot Qpid Roller RocketMQ Samza ServiceMix Shiro SINGA Sling Solr Spark Storm SpamAssassin Struts 1 Struts 2 Subversion Superset SystemDS Tapestry Thrift Tika Tomcat Trafodion Traffic Server UIMA Velocity Wicket Xalan Xerces XMLBeans Yetus ZooKeeper
Commons	BCEL BSF Daemon Jelly Logging
Incubator	MXNet NuttX Taverna
Other projects	Batik Chainsaw FOP Ivy Log4j
Attic	Abdera Apex AxKit Beehive Bluesky iBATIS C++ Standard Library Cactus Click Continuum Deltacloud Etch Excalibur Forrest Hama Harmony HiveMind Jakarta Lenya Marmotta ODE Shale Shindig Slide Sqoop Stanbol Tuscany Wave Wink
Licenses	Apache License
Category

Apache Struts 2

Contents

Features[]

See also[]

References[]

External links[]