为什么要修复请看新闻:http://www.iteye.com/news/28053
简单测试你的action地址:http://www.yourdomian.com/test.action?redirect:http://www.baidu.com 是否跳转到百度
修复struts严重漏洞:升级struts2.2到 struts2.3.1
需要升级以下包:
struts2-core-2.3.15.1.jar
struts2-spring-plugin-2.3.15.1.jar
xwork-core-2.3.15.1.jar
commons-lang3-3.1.jar
ognl-3.0.6.jar
==================================升级错误记录=====================================
启动报以下错误:
2013-7-19 12:15:26 org.apache.catalina.core.StandardContext startInternal
严重: Error filterStart
2013-7-19 12:15:26 org.apache.catalina.core.StandardContext startInternal
严重: Context [] startup failed due to previous errors
2013-7-19 12:15:26 org.apache.catalina.loader.WebappClassLoader clearReferencesJdbc
严重: The web application [] registered the JDBC driver [com.mysql.jdbc.Driver] but failed to unregister it when the web application was stopped. To prevent
a memory leak, the JDBC Driver has been forcibly unregistered.
2013-7-19 12:15:26 org.apache.catalina.loader.WebappClassLoader clearReferencesThreads
严重: The web application [] appears to have started a thread named [Xmemcached-Reactor-0] but has failed to stop it. This is very likely to create a memory
leak.
2013-7-19 12:15:26 org.apache.catalina.loader.WebappClassLoader clearReferencesThreads
严重: The web application [] appears to have started a thread named [Xmemcached-Reactor-1] but has failed to stop it. This is very likely to create a memory
leak.
2013-7-19 12:15:26 org.apache.catalina.loader.WebappClassLoader clearReferencesThreads
严重: The web application [] appears to have started a thread named [Xmemcached-Reactor-2] but has failed to stop it. This is very likely to create a memory
leak.
2013-7-19 12:15:26 org.apache.catalina.loader.WebappClassLoader clearReferencesThreads
严重: The web application [] appears to have started a thread named [Xmemcached-Reactor-3] but has failed to stop it. This is very likely to create a memory
leak.
2013-7-19 12:15:26 org.apache.catalina.loader.WebappClassLoader clearReferencesThreads
严重: The web application [] appears to have started a thread named [Heal-Session-Thread] but has failed to stop it. This is very likely to create a memory
leak.
2013-7-19 12:15:26 org.apache.catalina.loader.WebappClassLoader clearReferencesThreads
严重: The web application [] appears to have started a thread named [MySQL Statement Cancellation Timer] but has failed to stop it. This is very likely to
create a memory leak.
2013-7-19 12:15:26 org.apache.catalina.loader.WebappClassLoader clearReferencesThreads
严重: The web application [] appears to have started a thread named [startQuartz_Worker-1] but has failed to stop it. This is very likely to create a memory
leak.
....
实际的错误在:tomcat/logs/localhost.2013-07-19.log 文件中去查看
严重: Exception starting filter struts2
java.lang.NoClassDefFoundError: org/apache/commons/lang3/StringUtils
at com.opensymphony.xwork2.config.providers.XmlConfigurationProvider.register(XmlConfigurationProvider.java:211)
at org.apache.struts2.config.StrutsXmlConfigurationProvider.register(StrutsXmlConfigurationProvider.java:102)
at com.opensymphony.xwork2.config.impl.DefaultConfiguration.reloadContainer(DefaultConfiguration.java:226)
at com.opensymphony.xwork2.config.ConfigurationManager.getConfiguration(ConfigurationManager.java:67)
at org.apache.struts2.dispatcher.Dispatcher.init_PreloadConfiguration(Dispatcher.java:446)
解决:更新comons-lang 到 commons-lang3-3.1版本
严重: Exception starting filter struts2
java.lang.NoSuchMethodError: ognl.SimpleNode.isEvalChain(Lognl/OgnlContext;)Z
at com.opensymphony.xwork2.ognl.OgnlUtil.isEvalExpression(OgnlUtil.java:245)
at com.opensymphony.xwork2.ognl.OgnlUtil.compile(OgnlUtil.java:275)
at com.opensymphony.xwork2.ognl.OgnlUtil.setValue(OgnlUtil.java:230)
at com.opensymphony.xwork2.ognl.OgnlUtil.setValue(OgnlUtil.java:226)
at com.opensymphony.xwork2.ognl.OgnlUtil.internalSetProperty(OgnlUtil.java:459)
at com.opensymphony.xwork2.ognl.OgnlUtil.setProperties(OgnlUtil.java:118)
at com.opensymphony.xwork2.ognl.OgnlUtil.setProperties(OgnlUtil.java:145)
at com.opensymphony.xwork2.ognl.OgnlUtil.setProperties(OgnlUtil.java:132)
at com.opensymphony.xwork2.ognl.OgnlReflectionProvider.setProperties(OgnlReflectionProvider.java:58)
解决:更新ognl 到 ognl-3.0.6版本
升级以后:再次请求你的测试地址:http://www.yourdomian.com/test.action?redirect:http://www.baidu.com
tomcat服务器端打印:
升级过滤器: http://struts.apache.org/development/2.x/docs/webxml.html
相关推荐
struts2 2.3.1查阅。。。。。。。。。。。。。。。。。。
struts2.3.1的lib里的各个jar包
Struts 2是Struts的下一代产品,是在 struts 和WebWork的技术基础上进行了合并的全新的Struts 2框架。其全新的Struts 2的体系结构与Struts 1的体系结构的差别巨大。现提供英文版API
Struts2.3.1.chm
struts2.3.1的一些必要jar包
我看到很多人在寻找struts帮助文档,鄙人为此请教了高手专门制作。
struts2.3.1源代码 直接可以关联到eclipse
最新struts2工具包,struts2.3.1基础开发包
呵呵, 刚刚学会的方法,在myeclipse里面自己生成的struts2.3.1帮助文档,chm格式
struts-2.3.1.zip.003 struts2.3.1全包
struts-2.3.1.zip.001struts2.3.1全包
这是最新版的struts2.3.1(2011年12月12日发布)的chm文档,这个版本也是最佳可用版本,这个chm花了本人好长时间才才弄出来,欢迎大家下载
struts2.3.1帮助文档chm格式
struts2.3.1官方jar包
Struts2.3.1-标签大全英文版
struts-2.3.1.zip.005 struts2.3.1全包
struts-2.3.1.zip.002 struts2.3.1全包
struts-2.3.1.zip.004 struts2.3.1全包
Struts2.3.1与EasyUI1.2.5的整合
Struts2.3.1与Spring3.1整合时需要的jar包:亲身实践过,实践例子分开上传了