Apache Struts latest 188.8.131.52 on security updates lures Java developers
The latest development of Apache Struts 184.108.40.206 GA has received a lot of appreciation from the Java developers around the world. With the expanding technology the much needed improvement on security grounds and innovative changes are being implemented and exploited to suffice the various requirements of the business applications and processes. Such advancements are changing the outlook of the IT sectors in totality.
The much hyped Apache Struts
Apache Struts has taken the world of Java into a new dimension with variegated features and mechanisms. This in a way has earned a reputation in the global arena as a technology to be highly reckoned. Struts are a well liked enterprise-ready, web based open source framework which facilitates the streaming of the entire Java process. This is exploited by the offshore Java development teams and the skilled Java developers to create responsive and dynamic web applications. The diverse subject assists the teams to know more about the various aspects of open source tools which can further be useful in other developments. This framework is referred to as struts simply due to its structure which is designed in a way to offer the unseen support that necessitates the various prospects of Java application development.
- Written in Java
- Managed by Apache Software foundation
- Originally Released in 2001
- Leverages Java Servlet API and XMLs
- Facilitates the web applications by splitting it into three different parts namely
Model: Relates to data manipulation and logical business
Controller: Relates to data validation and request processing
View: Relates to response generation
The latest release of Apache Struts 220.127.116.11 GA
The most significant aspect of the release of this new version of Apache Struts has been able to identify the bugs and fix them accordingly. The key highlights include:
- Improved design with specialized clean codes for the framework
- Flexibility to utilize the standard struts tags
- Enhanced input sanitizing in relation to file upload
- Leakage concerned with the server side file path has been fixed
- Remote code execution along with open redirect vulnerabilities has been fixed
- Dynamic Method Invocation (DMI) has been disabled by default to avoid the security vulnerabilities
Impact of the new development
- The DMI feature was introduced in the previous version of Struts whereby an option to keep the state of the feature to OFF was enabled. This could be simply achieved by changing the status to FALSE in struts.xml for the setting struts enable DynamicMethodInvocation.
- Java developers utilizing such applications based on DMI are required to make the necessary changes during the upgrade of the software version to 18.104.22.168. Security bypass is not a possibility with the new version in place.
- Such developments have now taken care of the various vulnerabilities associated with the security concerns and issues in connection with the use of prefix action:. The latest framework has added codes to sanitize the prefix and in turn removed the prop up for prefixes like the redirect Action: and redirect: . This in a way also hints at developers to not use the prefix action: in cases where multiple submit buttons is not a requirement
Areas of expertise
Apache Struts is a flexible technology which has found its importance in diverse application areas which include:
- Web services
- Database development
- Web Application development
- Java Application Development
- Offshore Java development
- Application servers
- Emerging frameworks and technologies
- IT management
The release of the new version of Apache Struts has offered a dynamic and externalized flow control in a secured environment. The use of high level syntax and comprehensions has enhanced the scope for Java in a more precise and simple ways.
About the Author
With the help of this content Reeyankee Das Choudhury has thrown light on how the contribution of Java developers in the form of the latest version of Apache Struts has taken the world of Offshore Java Development Services by storm.
Originally posted 2015-10-01 16:12:56.