AOWeb Struts Changelog

aoweb-struts-3.0.0-SNAPSHOT

Snapshot Notes

  • Merged submodules directly into this module. This streamlines development by allowing automatic redeploys. Furthermore, this project is now used via Maven overlay instead of jar dependencies.
  • Minimum Java version changed from 1.7 to 17.
  • Now supports Java 9+ modules. Due to still having filename-based automatic module dependencies, *-SNAPSHOT versions include module-info.class while releases include the Automatic-Module-Name manifest entry. To minimize the difference between these modes, module-info.java does not perform any transitive requires.
  • Reduced use of property substitutions in pom.xml. This is to help 3rd-party parsers that fail to perform full Maven-compatible substitutions.
  • Now outputting HTML or XHTML based on the current response content type. This should eliminate validator warnings when used as HTML.
  • Now supports skin attributes for serialization (default "auto") and doctype (default "HTML5"). Defaulting to doctype "STRICT" until converted to HTML 5.
  • Skins are now responsible for writing the DOCTYPE and html tag, too.
  • Skins now use the new Html instead of JspWriter.
  • HTML email generators use the new AO Fluent HTML project.
  • Removed setContentType tag.
  • Removed Skin.getCharacterSet(Locale), since the default encoding is always UTF-8.
  • SkinTag now sets Struts Globals.XHTML_KEY based on serialization. No need to use the <html:xhtml /> tag anymore.
  • Added <link rel="author" href="…" /> support.
  • <skin:contentTitle /> is now scriptless.
  • Optimized ServletContext attribute initialization and concurrency.
  • TicketLoggingHandler automatically loaded on start-up via @WebListener. No more LogFactory. Now just use Logger.getLogger(…) like normal.
  • Integrated with AO Web Resources.
  • Added support for WebP images.
  • Removed support for IE 6, 7, 8, and 9 since all are end-of-life.
  • Added support for Web development file types *.less, *.sass, *.scss, *.css.map, and *.js.map.
  • Cleaned-up use of JspTagException versus JspException. Generally, methods declare throws JspException while actually throwing instances of JspTagException. The exception to this is private implementation methods that both declare and throw JspTagException.
  • Split development-only classes into a new sub-project in devel/. This sub-project is used only for development and is never deployed to artifact repositories.
  • No longer trimming passwords.
  • VNC keystore moved from web resource /WEB-INF/keystore to filesystem resource conf/keystore. This assumes that Tomcat is running with a working directory containing the conf/ folder, which is true on the AOServ Platform. This has two advantages:
    1. The webapp may be deployed as an unexploded WAR file.
    2. The keystore may be updated separately from the application. This is used, for example, by Let's Encrypt renewal hooks.
  • Updated to Java™ EE 7 Web Profile (Servlet 3.1, JSP 2.3, EL 3.0, and JSTL 1.2).
  • Replaced VNC Java Applet+SSL with JavaScript+WebSocket.

  • Search engines are spiraling off target due to the "authenticationTarget" being rewritten into the URL for clients with cookies disabled. A servlet filter now sets a header X-Robots-Tag: noindex, nofollow for any request that contains any "authenticationTarget" parameter.

    Furthermore, "authenticationTarget" is no longer written into URL parameters, and the parameter is no longer used after login. "authenticationTarget" is only taken from session, which also has security benefits (bad form to allow user-supplied redirects).

    Finally, authentication redirect targets are no longer used directly from HTTP parameters. Instead, a session mapping of generated random IDs is maintained. The client is given the random ID, and redirects are performed from the URLs stored in session. Thus, cross-site redirects are protected by both temporary random ID and session.

  • Implemented automatic newline and tab indentation.
  • URLs provided in tag bodies now support both RFC 3986 URI and RFC 3987 IRI:
  • <skin:link> now supports nested <ao:param> and <ao:params>.
  • <skin:link> and <skin:path> now support param.* dynamic attributes.
  • Added 401, 403, 503, and catch-all error handlers.
  • Require secure session cookies in production.
  • Now properly restoring Thread interrupted state on InterruptedException.
  • Removed package category and related signup forms for backup and colocation.
  • Performed Checkstyle clean-up.
  • Improved support for taglib serialization: marked attribute fields transient and calling init() from readObject(…).
  • TODO: On next release, also publish relocations for old aoweb-struts-core, aoweb-struts-resources, and aoweb-struts-webapp.

aoweb-struts-2.0.0

Release Notes

aoweb-struts-1.2.0

Release Notes

  • Updated version of AO OSS Parent.
  • Minimum Java version changed from 1.6 to 1.7.
  • Using managed dependencies:
    1. This project uses managed dependencies.
    2. This project's managed dependencies may also be imported by other projects.

aoweb-struts-1.1.2

Release Notes

  • New releases of modules.
  • Updated dependencies.

aoweb-struts-1.1.1

Release Notes

  • Adjusted old Ant build.xml for new Maven structure.
  • New AO OSS Parent POM to simplify pom.xml files.
  • Project documentation moved to per-project book in SemanticCMS format.
  • Added changelog as top-level project link.

aoweb-struts-1.1.0

Release Notes

  • Using standard filter set provided by SemanticCMS.
  • Improved Javadoc formatting.
  • Improved README formatting.
  • Working on SemanticCMS integration.
  • shortTitle may now be specified on a per-parent basis, for when the shortTitle only makes sense within the context of that specific parent. This is useful for navigation items such as breadcrumbs or trees.
  • No more page stack, just show title for current page only.
  • Canonical URLs configured per-book.

aoweb-struts-1.0.0

Release Notes

  • Project moved to GitHub and Maven.
  • Web resources moved to separate jar file to share between projects without having to copy into the web root. Thank you servlets 3.0 for allowing us to no longer copy JSP files between projects with tedious build systems.
  • Moved Java implementation to aoweb-struts-core package.
  • Packaged for compatibility with old Ant build system.