As of Struts 2.5.1 (specifically, commit 27ca165ddbf81c84bafbd083b99a18d89cc49ca7), URLs containing unexpected characters are rejected, instead of cleaned up. This breaks the interaction of one of our clients, who unfortunately is using braces in their URL (matched at our end by a wildcard).
We want to keep specifying a strict list of allowed characters, for cleanup purposes, but we can't do that if it will break interactions with customers.
What was the purpose of changing this behavior? I can't find anything about it in the changelog.