今天突然看到一篇技术文章,说Struts2又出了新的安全漏洞,我赶紧查看Struts2版本,正好在漏洞范围之内,开始了升级之旅,技术文章都建议更新至 Struts 2.3.32 或者 Struts 2.5.10.1 。
我试图一步直接升级到2.5,结果需要升级的补丁太多,已经放弃。
下载Struts2.3.32 :https://dist.apache.org/repos/dist/release/struts/2.3.32/
1、替换了struts2-core-2.3.32.jar包,结果启动报错:
log4j:WARN No such property [file] in org.apache.log4j.ConsoleAppender. 08-Mar-2017 13:08:55.603 SEVERE [RMI TCP Connection(3)-127.0.0.1] org.apache.catalina.core.StandardContext.startInternal One or more Filters failed to start. Full details will be found in the appropriate container log file 08-Mar-2017 13:08:55.603 SEVERE [RMI TCP Connection(3)-127.0.0.1] org.apache.catalina.core.StandardContext.startInternal Context [] startup failed due to previous errors [2017-03-08 01:08:55,744] Artifact unnamed: Error during artifact deployment. See server log for details.
2、解决出错问题:查看完整的报错日志。
通过百度配置log4j和loggers.properties 。
由于没有找到完整的log位置,继续报错:this web application instance has been stopped already. Could not load org.apache.log4j.ConsoleAppe
3、后来发现错误日志文件被idea监管了,从这里能找到那些class缺少,从报错信息中很方便的能找到struts2.3.32依赖的包。
4、本次替换的所有包:ognl-3.0.19.jar 、 struts2-core-2.3.32.jar、xwork-core-2.3.32.jar、freemarker-2.3.22.jar
5、启动成功了。
