Bump the maven group across 1 directory with 4 updates by dependabot[bot] · Pull Request #1 · Simon-Terrien/faction

dependabot · 2025-10-23T07:34:07Z

Bumps the maven group with 4 updates in the / directory: org.apache.struts:struts2-core, org.apache.poi:poi-ooxml, org.pac4j:pac4j-oidc and org.pac4j:pac4j-core.

Updates org.apache.struts:struts2-core from 2.5.32 to 6.4.0

Release notes

Sourced from org.apache.struts:struts2-core's releases.

Struts 6.4.0

What's Changed

WW-5341 Ensure exclusion list applies to objects from all ClassLoaders by @kusalk in apache/struts#741

WW-5342 Add option to block use of default package by @kusalk in apache/struts#742

WW-5339 Misc clean up in CompoundRootAccessor and OgnlValueStackTest by @kusalk in apache/struts#745

WW-5340 Preliminary refactor of OgnlUtil by @kusalk in apache/struts#746

[WW-5346] replace BeanManager::createInjectionTarget by @hepptho in apache/struts#754

WW-5340 Introducing OGNL Guard by @kusalk in apache/struts#747

WW-5348 Allow overriding of logging behaviour in DefaultAcceptedPatternsChecker by @kusalk in apache/struts#757

[WW-5338] Removes deprecated OgnlTool by @lukaszlenart in apache/struts#758

[WW-5344] Un-deprecates Sitemesh plugin and upgrades Sitmesh to ver 2.5.0 by @lukaszlenart in apache/struts#759

WW-5340 Mild refactor StrutsOgnlGuard for easier subclassing by @kusalk in apache/struts#760

WW-5349 Remove Struts core dependency on OGNL VarRefs by @kusalk in apache/struts#763

WW-5354 Ensure ActionSupport fields are not parameter injectable by @kusalk in apache/struts#765

WW-5355 Integrate W-TinyLfu cache and use by default by @kusalk in apache/struts#766

Improved the StrutsUrlDecoder so that charset retrieval is performed only once. by @mygreen in apache/struts#773

WW-5358 Expand exclusion lists by @kusalk in apache/struts#774

WW-5350 Refactor SecurityMemberAccess by @kusalk in apache/struts#780

[WW-5333] Refactors AttributeMap by @lukaszlenart in apache/struts#779

WW-5363 Velocity: read chained contexts before ValueStack by @kusalk in apache/struts#789

WW-5350 Implement OGNL Allowlist capability by @kusalk in apache/struts#781

WW-5363 Remove redundant method from VelocityManager by @kusalk in apache/struts#793

WW-5343 Make SecurityMemberAccess an extensible bean by @kusalk in apache/struts#791

WW-5364 Automatically populate OGNL allowlist by @kusalk in apache/struts#800

WW-5339 Add option to block custom OGNL maps by @kusalk in apache/struts#806

[WW-5370] Makes HttpParameters case-insensitive by @lukaszlenart in apache/struts#807

[WW-5371] Modern upload by @lukaszlenart in apache/struts#808

WW-5364 Add missing system allowlist classes by @kusalk in apache/struts#815

[WW-5373] Update JavaDoc CspReportAction.java by @assachs in apache/struts#814

[WW-5328] Removes deprecated setters by @lukaszlenart in apache/struts#811

[WW-5362] Removes type attribute out of <s:script/> tag by @lukaszlenart in apache/struts#812

WW-5378 Add option to NOT fallback to context lookup when finding value on OgnlValueStack by @kusalk in apache/struts#821

WW-5364 Add String.class to system allowlist by @kusalk in apache/struts#828

WW-5381 Introduce RootAccessor interface for extension point by @kusalk in apache/struts#823

WW-5379 Implement alternative mechanism for Velocity directives to obtain ValueStack by @kusalk in apache/struts#822

WW-5352 Repackage ParametersInterceptor and related classes by @kusalk in apache/struts#829

WW-5381 Introduce extension point for CompoundRootAccessor by @kusalk in apache/struts#824

[WW-5383] Updates RegEx to excludes JARs by default by @lukaszlenart in apache/struts#830

WW-5382 Fix stale injections in Dispatcher by @kusalk in apache/struts#826

WW-5381 Introduce extension point for MethodAccessor by @kusalk in apache/struts#825

WW-5352 Refactor ParametersInterceptor by @kusalk in apache/struts#831

[WW-5365] Reverts changes introduced in WW-5192 to allow evaluate the value attribute of Radio tag by @lukaszlenart in apache/struts#835

WW-5352 Clean up OgnlValueStackTest by @kusalk in apache/struts#841

[WW-5387] Fixes remove() signature by @lukaszlenart in apache/struts#844

[WW-5369] Re-define minimal library set by @lukaszlenart in apache/struts#847

[WW-5374] Allows to prepend reportUri with Servlet context by @lukaszlenart in apache/struts#845

[WW-5357] Adds support for disabled attribute to anchor tag by @lukaszlenart in apache/struts#848

WW-5352 Introducing the StrutsParameter annotation by @kusalk in apache/struts#832

[WW-5360] Introduces additional countStr & indexStr to allow to ignore conversion by @lukaszlenart in apache/struts#852

WW-5391 Add interface for VelocityManager extension point by @kusalk in apache/struts#867

... (truncated)

Commits

See full diff in compare view

Updates org.apache.poi:poi-ooxml from 5.2.4 to 5.4.0

Updates org.pac4j:pac4j-oidc from 3.0.0 to 4.5.5

Commits

a1ae387 [maven-release-plugin] prepare release pac4j-4.5.5
09684e0 Fix CVE-2021-44878
90a6cb3 [maven-release-plugin] prepare for next development iteration
91996a7 [maven-release-plugin] prepare release pac4j-4.5.4
34e9d0f patch log4j v2
d682e7f [maven-release-plugin] prepare for next development iteration
49c546e [maven-release-plugin] prepare release pac4j-4.5.3
c1ab3e1 [pac4j-saml] Upgrade to velocity core engine 2.3 (#1992)
cbd73bc [maven-release-plugin] prepare for next development iteration
72d9f8a [maven-release-plugin] prepare release pac4j-4.5.2
Additional commits viewable in compare view

Updates org.pac4j:pac4j-core from 3.0.0 to 4.0.0

Commits

332a4f2 [maven-release-plugin] prepare release pac4j-4.0.0
7be13bd Update dependency org.springframework.security:spring-security-crypto to v5.3...
8a98fcd update doc
1ca4cbe upgrade to open-saml v4 (#1560)
f350f95 prepare the opensaml v4 upgrade
5f16705 Update dependency org.springframework.boot:spring-boot-dependencies to v2.2.6...
b6860db Update dependency com.nimbusds:nimbus-jose-jwt to v8.11 (#1557)
96f2c5e Update spring core to v5.2.5.RELEASE (#1556)
c44c569 Update dependency org.apache.shiro:shiro-core to v1.5.2 (#1555)
5fd14ed Update dependency com.nimbusds:oauth2-oidc-sdk to v7.3 (#1554)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps the maven group with 4 updates in the / directory: [org.apache.struts:struts2-core](https://github.com/apache/struts), org.apache.poi:poi-ooxml, [org.pac4j:pac4j-oidc](https://github.com/pac4j/pac4j) and [org.pac4j:pac4j-core](https://github.com/pac4j/pac4j). Updates `org.apache.struts:struts2-core` from 2.5.32 to 6.4.0 - [Release notes](https://github.com/apache/struts/releases) - [Commits](https://github.com/apache/struts/commits) Updates `org.apache.poi:poi-ooxml` from 5.2.4 to 5.4.0 Updates `org.pac4j:pac4j-oidc` from 3.0.0 to 4.5.5 - [Commits](pac4j/pac4j@pac4j-3.0.0...pac4j-4.5.5) Updates `org.pac4j:pac4j-core` from 3.0.0 to 4.0.0 - [Commits](pac4j/pac4j@pac4j-3.0.0...pac4j-4.0.0) --- updated-dependencies: - dependency-name: org.apache.struts:struts2-core dependency-version: 6.4.0 dependency-type: direct:production dependency-group: maven - dependency-name: org.apache.poi:poi-ooxml dependency-version: 5.4.0 dependency-type: direct:production dependency-group: maven - dependency-name: org.pac4j:pac4j-oidc dependency-version: 4.5.5 dependency-type: direct:production dependency-group: maven - dependency-name: org.pac4j:pac4j-core dependency-version: 4.0.0 dependency-type: direct:production dependency-group: maven ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot Bot added dependencies Pull requests that update a dependency file java Pull requests that update java code labels Oct 23, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the maven group across 1 directory with 4 updates#1

Bump the maven group across 1 directory with 4 updates#1
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/maven/maven-ccefb1530a

dependabot Bot commented on behalf of github Oct 23, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot Bot commented on behalf of github Oct 23, 2025

Struts 6.4.0

What's Changed

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants