we are using struts 2.0.5, and migrating to 18.104.22.168 to get the security patches.
During that time we noticed, the default token attribute name is changed from 'struts.token' to 'token'. Also this information is not published in change logs.
This change impacts the application uses the custom token interceptor, where application get the token value from request using request.getParameter("struts.token");
I request to provide a constant value to keep the default token name to maintain struts.xml file.
This provides the generic approach to define the token attribute name during the implementation level.
otherwise this is painful to change the token name at each jsp pages.
currently we are using <s:token/> the generated token name is struts.token
The same code generates the token name as 'token' in struts 22.214.171.124
there are two options left to us.
1. change the <s:token/> to <s:token name="struts.token"/>
2. keep the old version of token.class in 126.96.36.199
The better approach is
create a constant to maintain the token name at struts.xml.