diff --git a/.gitignore b/.gitignore
new file mode 100644
index 000000000..231e449a4
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,37 @@
+# Java
+*.class
+*.jar
+*.war
+*.ear
+
+# Eclipse
+.project
+.classpath
+.settings
+
+# Idea
+.idea
+*.iml
+*.iws
+*.ipr
+
+# OS
+Thumbs.db
+.DS_Store
+
+# Gradle
+.gradle
+!gradle-wrapper.jar
+
+# Maven
+target
+
+# Build
+out
+build
+bin
+
+# Other
+*.log
+*.swp
+*.bak
diff --git a/README b/README.md
similarity index 54%
rename from README
rename to README.md
index b82ea7f92..8b31c284c 100644
--- a/README
+++ b/README.md
@@ -1,10 +1,21 @@
-$Id: README,v 1.18 2003/12/10 01:04:10 husted Exp $
+# STRUTS
 
-STRUTS
-======
+![build status](https://circleci.com/gh/kawasima/struts1-forever.png?style=shield&circle-token=8f99c0e6c923ca570acda8c3640446fdacad2a47)
 
-Introduction
-------------
+This struts1's fork is for maintenance to fix the vulnerabilities.
+
+## Requirements
+
+Original Struts requires Java 1.4 or higher. But struts1-forever requires Java 1.5 or higher.
+Because Commons-Beanutils 1.9.2 is used for preventing a dangerous population.
+
+## Fixed vulnerabilities
+
+- CVE-2014-0114
+- CVE-2016-1181
+- CVE-2016-1182
+
+## Introduction (Original)
 
 This subproject contains the source code for the "Struts" application support
 package, consisting of the following major components:
diff --git a/project.xml b/pom.xml
similarity index 60%
rename from project.xml
rename to pom.xml
index d0b20ccc9..8c98a77ab 100644
--- a/project.xml
+++ b/pom.xml
@@ -1,75 +1,24 @@
 <?xml version="1.0"?>
-<project>
-  <pomVersion>3</pomVersion>
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+  <modelVersion>4.0.0</modelVersion>
   <name>struts</name>
   <groupId>struts</groupId>
   <artifactId>struts</artifactId>
-  <currentVersion>1.2.10-SNAPSHOT</currentVersion>
+  <version>1.2.10-SNAPSHOT</version>
   <organization>
     <name>The Apache Software Foundation</name>
     <url>http://struts.apache.org/</url>
-    <logo>http://struts.apache.org/images/jakarta-logo.gif</logo>
   </organization>
-  <!-- <logo>/images/struts-blue.gif</logo>-->
-  <logo>http://struts.apache.org/struts/images/struts.gif</logo>
   <inceptionYear>2000</inceptionYear>
-  <package>org.apache.struts</package>
-  <shortDescription>MVC Web Application Framework</shortDescription>
   <!-- Gump integration -->
-  <gumpRepositoryId>jakarta</gumpRepositoryId>
   <description>The core of the Struts framework is a flexible control layer based on standard technologies like Java Servlets, JavaBeans, ResourceBundles, and Extensible Markup Language (XML), as well as various Jakarta Commons packages. Struts encourages application architectures based on the Model 2 approach, a variation of the classic Model-View-Controller (MVC) design paradigm. Struts provides its own Controller component and integrates with other technologies to provide the Model and the View. For the Model, Struts can interact with any standard data access technology, including Enterprise Java Beans, JDBC, and Object Relational Bridge. For the View, Struts works well with JavaServer Pages, including JSTL and JSF, as well as Velocity Templates, XSLT, and other presentation systems. The Struts framework provides the invisible underpinnings every professional web application needs to survive. Struts helps you create an extensible development environment for your application, based on published standards and proven design patterns.</description>
   <url>http://struts.apache.org/</url>
-  <issueTrackingUrl>http://issues.apache.org/bugzilla/</issueTrackingUrl>
-  <siteAddress>struts.apache.org</siteAddress>
-  <siteDirectory>/www/jakarta.apache.org/struts</siteDirectory>
-  <distributionDirectory>/www/apache.mirrors.pair.com/jakarta/struts/</distributionDirectory>
-  <repository>
-    <connection>scm|svn|http|//svn.apache.org/repos/asf/struts/core/trunk</connection>
-    <developerConnection>scm|svn|https|//svn.apache.org/repos/asf/struts/core/trunk</developerConnection>
-    <url>http://svn.apache.org/repos/asf/struts/core/trunk</url>
-  </repository>
-  <versions>
-    <version>
-      <id>1.0.2</id>
-      <name>1.0.2</name>
-      <tag>STRUTS_1_0_2</tag>
-    </version>
-    <version>
-      <id>1.1.0</id>
-      <name>1.1.0</name>
-      <tag>STRUTS_1_1</tag>
-    </version>
-    <version>
-      <id>1.2.0</id>
-      <name>1.2.0</name>
-      <tag>STRUTS_1_2_0</tag>
-    </version>
-    <version>
-      <id>1.2.1</id>
-      <name>1.2.1</name>
-      <tag>STRUTS_1_2_1</tag>
-    </version>
-    <version>
-      <id>1.2.2</id>
-      <name>1.2.2</name>
-      <tag>STRUTS_1_2_2</tag>
-    </version>
-    <version>
-      <id>1.2.3</id>
-      <name>1.2.3</name>
-      <tag>STRUTS_1_2_3</tag>
-    </version>
-    <version>
-      <id>1.2.4</id>
-      <name>1.2.4</name>
-      <tag>STRUTS_1_2_4</tag>
-    </version>
-    <version>
-      <id>1.2.5</id>
-      <name>1.2.5</name>
-      <tag>STRUTS_1_2_5</tag>
-    </version>
-  </versions>
+  <issueManagement>
+    <url>ttp://issues.apache.org/bugzilla/</url>
+  </issueManagement>
+
   <mailingLists>
     <mailingList>
       <name>Struts User List</name>
@@ -193,160 +142,183 @@
     <dependency>
       <groupId>commons-beanutils</groupId>
       <artifactId>commons-beanutils</artifactId>
-      <version>1.7.0</version>
-      <url>http://jakarta.apache.org/commons/beanutils.html</url>
-      <properties>
-        <war.bundle>true</war.bundle>
-        <cactus.bundle>true</cactus.bundle>
-      </properties>
+      <version>1.9.2</version>
     </dependency>
     <dependency>
       <groupId>commons-digester</groupId>
       <artifactId>commons-digester</artifactId>
       <version>1.6</version>
-      <url>http://jakarta.apache.org/commons/digester.html</url>
-      <properties>
-        <war.bundle>true</war.bundle>
-        <cactus.bundle>true</cactus.bundle>
-      </properties>
     </dependency>
     <dependency>
       <groupId>commons-fileupload</groupId>
       <artifactId>commons-fileupload</artifactId>
       <version>1.0</version>
-      <url>http://jakarta.apache.org/commons/fileupload/</url>
-      <properties>
-        <war.bundle>true</war.bundle>
-        <cactus.bundle>true</cactus.bundle>
-      </properties>
     </dependency>
     <dependency>
       <groupId>commons-logging</groupId>
       <artifactId>commons-logging</artifactId>
       <version>1.0.4</version>
-      <url>http://jakarta.apache.org/commons/logging.html</url>
-      <properties>
-        <war.bundle>true</war.bundle>
-        <cactus.bundle>true</cactus.bundle>
-      </properties>
     </dependency>
     <dependency>
       <groupId>commons-validator</groupId>
       <artifactId>commons-validator</artifactId>
       <version>1.1.4</version>
-      <url>http://jakarta.apache.org/commons/validator/</url>
-      <properties>
-        <war.bundle>true</war.bundle>
-        <cactus.bundle>true</cactus.bundle>
-      </properties>
     </dependency>
     <dependency>
       <groupId>oro</groupId>
       <artifactId>oro</artifactId>
       <version>2.0.7</version>
-      <url>http://jakarta.apache.org/oro/</url>
-      <properties>
-        <war.bundle>true</war.bundle>
-        <cactus.bundle>true</cactus.bundle>
-      </properties>
     </dependency>
     <dependency>
       <groupId>xml-apis</groupId>
       <artifactId>xml-apis</artifactId>
       <version>2.0.2</version>
-      <url>http://xml.apache.org/commons/</url>
-      <properties>
-        <war.bundle>true</war.bundle>
-        <scope>provided</scope>
-      </properties>
     </dependency>
     <dependency>
       <groupId>antlr</groupId>
       <artifactId>antlr</artifactId>
       <version>2.7.2</version>
-      <properties>
-        <war.bundle>true</war.bundle>
-      </properties>
     </dependency>
     <dependency>
       <groupId>javax.servlet</groupId>
       <artifactId>servlet-api</artifactId>
       <version>2.2</version>
-      <properties>
-        <scope>provided</scope>
-      </properties>
+      <scope>provided</scope>
     </dependency>
     <!-- for unit tests -->
     <dependency>
       <groupId>junit</groupId>
       <artifactId>junit</artifactId>
       <version>3.8.1</version>
-      <url>http://www.junit.org</url>
-      <properties>
-        <scope>test</scope>
-      </properties>
+      <scope>test</scope>
     </dependency>
     <dependency>
       <groupId>cactus</groupId>
       <artifactId>cactus</artifactId>
-      <version>12-1.4.1</version>
-      <url>http://jakarta.apache.org/cactus</url>
-      <properties>
-        <scope>test</scope>
-      </properties>
+      <!--<version>12-1.4.1</version>-->
+      <version>13-1.7.2</version>
+      <scope>test</scope>
     </dependency>
     <dependency>
       <groupId>cactus</groupId>
       <artifactId>cactus-ant</artifactId>
       <version>1.4.1</version>
-      <url>http://jakarta.apache.org/cactus</url>
-      <properties>
-        <scope>test</scope>
-      </properties>
+      <scope>test</scope>
     </dependency>
     <!-- for tld generation -->
     <dependency>
       <groupId>xalan</groupId>
       <artifactId>xalan</artifactId>
       <version>2.5.1</version>
-      <url>http://xml.apache.org/xalan</url>
-      <properties>
-        <scope>compile</scope>
-      </properties>
+      <scope>compile</scope>
     </dependency>
   </dependencies>
+
   <build>
-    <nagEmailAddress>struts-dev@jakarta.apache.org</nagEmailAddress>
     <sourceDirectory>src/share</sourceDirectory>
     <!-- Unit test cases -->
-    <unitTestSourceDirectory>src/test</unitTestSourceDirectory>
-    <integrationUnitTestSourceDirectory />
-    <aspectSourceDirectory />
-    <unitTest>
-      <includes>
-        <include>org/apache/struts/action/TestDynaActionForm.java</include>
-        <include>org/apache/struts/action/TestDynaActionFormClass.java</include>
-        <include>org/apache/struts/config/TestModuleConfig.java</include>
-        <include>org/apache/struts/config/TestActionConfigMatcher.java</include>
-        <include>org/apache/struts/util/Test*.java</include>
-      </includes>
-      <resources>
-        <resource>
-          <directory>${basedir}/conf/share</directory>
-          <targetPath>org/apache/struts/resources</targetPath>
+    <testSourceDirectory>src/test</testSourceDirectory>
+
+    <plugins>
+      <plugin>
+        <groupId>org.apache.maven.plugins</groupId>
+        <artifactId>maven-compiler-plugin</artifactId>
+        <version>3.8.0</version>
+        <configuration>
+          <source>1.4</source>
+          <target>1.4</target>
+        </configuration>
+      </plugin>
+
+      <plugin>
+        <groupId>org.codehaus.mojo</groupId>
+        <artifactId>xml-maven-plugin</artifactId>
+        <version>1.0</version>
+        <executions>
+          <execution>
+            <id>generate-tlds</id>
+            <goals><goal>transform</goal></goals>
+            <phase>generate-resources</phase>
+            <configuration>
+              <transformationSets>
+                <transformationSet>
+                  <dir>doc/userGuide</dir>
+                  <stylesheet>doc/stylesheets/tld.xsl</stylesheet>
+                  <includes>
+                    <include>struts-bean.xml</include>
+                    <include>struts-html.xml</include>
+                    <include>struts-logic.xml</include>
+                    <include>struts-nested.xml</include>
+                    <include>struts-tiles.xml</include>
+                  </includes>
+                  <outputDir>${project.build.outputDirectory}/META-INF/tlds</outputDir>
+                  <fileMappers>
+                    <fileMapper implementation="org.codehaus.plexus.components.io.filemappers.FileExtensionMapper">
+                      <targetExtension>.tld</targetExtension>
+                    </fileMapper>
+                  </fileMappers>
+                </transformationSet>
+              </transformationSets>
+            </configuration>
+          </execution>
+        </executions>
+      </plugin>
+      <plugin>
+        <groupId>org.apache.maven.plugins</groupId>
+        <artifactId>maven-resources-plugin</artifactId>
+        <version>2.7</version>
+        <executions>
+          <execution>
+            <id>copy-resources</id>
+            <goals><goal>copy-resources</goal></goals>
+            <phase>compile</phase>
+            <configuration>
+              <outputDirectory>${project.build.outputDirectory}/org/apache/struts/resources</outputDirectory>
+              <resources>
+                <resource>
+                  <directory>conf/share</directory>
+                  <includes>
+                    <include>**/*.xml</include>
+                    <include>**/*.dtd</include>
+                  </includes>
+                </resource>
+              </resources>
+            </configuration>
+          </execution>
+          <execution>
+            <id>copy-test-resources</id>
+            <goals><goal>copy-resources</goal></goals>
+            <phase>test-compile</phase>
+            <configuration>
+              <outputDirectory>${project.build.testOutputDirectory}</outputDirectory>
+              <resources>
+                <resource>
+                  <directory>src/test</directory>
+                  <includes>
+                    <include>**/*.xml</include>
+                  </includes>
+                </resource>
+              </resources>
+            </configuration>
+          </execution>
+        </executions>
+      </plugin>
+      <plugin>
+        <groupId>org.apache.maven.plugins</groupId>
+        <artifactId>maven-surefire-plugin</artifactId>
+        <version>2.18.1</version>
+        <configuration>
           <includes>
-            <include>**/*.xml</include>
-            <include>**/*.dtd</include>
+            <include>org/apache/struts/action/TestDynaActionForm.java</include>
+            <include>org/apache/struts/action/TestDynaActionFormClass.java</include>
+            <include>org/apache/struts/config/TestModuleConfig.java</include>
+            <include>org/apache/struts/config/TestActionConfigMatcher.java</include>
+            <include>org/apache/struts/util/Test*.java</include>
           </includes>
-        </resource>
-        <resource>
-          <directory>${basedir}/src/test</directory>
-          <includes>
-            <include>**/*.xml</include>
-          </includes>
-        </resource>
-      </resources>
-    </unitTest>
+        </configuration>
+      </plugin>
+    </plugins>
+
     <!-- J A R  R E S O U R C E S -->
     <!-- Resources that are packaged up inside the JAR file -->
     <resources>
@@ -383,4 +355,40 @@
     <report>maven-simian-plugin</report>
     <!-- <report>maven-faq-plugin</report> -->
   </reports>
+  <profiles>
+    <profile>
+      <id>JDK9</id>
+      <activation>
+        <jdk>[9</jdk>
+      </activation>
+      <build>
+        <plugins>
+          <plugin>
+            <groupId>org.apache.maven.plugins</groupId>
+            <artifactId>maven-compiler-plugin</artifactId>
+            <configuration>
+              <release>6</release>
+            </configuration>
+          </plugin>
+        </plugins>
+      </build>
+    </profile>
+    <profile>
+      <id>JDK11</id>
+      <activation>
+        <jdk>[11</jdk>
+      </activation>
+      <build>
+        <plugins>
+          <plugin>
+            <groupId>org.apache.maven.plugins</groupId>
+            <artifactId>maven-compiler-plugin</artifactId>
+            <configuration>
+              <release>8</release>
+            </configuration>
+          </plugin>
+        </plugins>
+      </build>
+    </profile>
+  </profiles>
 </project>
diff --git a/src/share/org/apache/struts/action/ActionServlet.java b/src/share/org/apache/struts/action/ActionServlet.java
index 4920fe512..925af5b63 100755
--- a/src/share/org/apache/struts/action/ActionServlet.java
+++ b/src/share/org/apache/struts/action/ActionServlet.java
@@ -1,14 +1,14 @@
 /*
- * $Id$ 
+ * $Id$
  *
  * Copyright 2000-2005 The Apache Software Foundation.
- * 
+ *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
- * 
+ *
  *      http://www.apache.org/licenses/LICENSE-2.0
- * 
+ *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -24,10 +24,7 @@
 import java.math.BigInteger;
 import java.net.MalformedURLException;
 import java.net.URL;
-import java.util.ArrayList;
-import java.util.Enumeration;
-import java.util.Iterator;
-import java.util.MissingResourceException;
+import java.util.*;
 
 import javax.servlet.ServletContext;
 import javax.servlet.ServletException;
@@ -40,6 +37,7 @@
 import org.apache.commons.beanutils.BeanUtils;
 import org.apache.commons.beanutils.ConvertUtils;
 import org.apache.commons.beanutils.PropertyUtils;
+import org.apache.commons.beanutils.SuppressPropertiesBeanIntrospector;
 import org.apache.commons.beanutils.converters.BigDecimalConverter;
 import org.apache.commons.beanutils.converters.BigIntegerConverter;
 import org.apache.commons.beanutils.converters.BooleanConverter;
@@ -326,7 +324,7 @@ public void init() throws ServletException {
             initInternal();
             initOther();
             initServlet();
-    
+
             getServletContext().setAttribute(Globals.ACTION_SERVLET_KEY, this);
             initModuleConfigFactory();
             // Initialize modules as needed
@@ -335,7 +333,7 @@ public void init() throws ServletException {
             initModuleDataSources(moduleConfig);
             initModulePlugIns(moduleConfig);
             moduleConfig.freeze();
-    
+
             Enumeration names = getServletConfig().getInitParameterNames();
             while (names.hasMoreElements()) {
                 String name = (String) names.nextElement();
@@ -350,23 +348,23 @@ public void init() throws ServletException {
                 initModulePlugIns(moduleConfig);
                 moduleConfig.freeze();
             }
-    
+
             this.initModulePrefixes(this.getServletContext());
-    
+
             this.destroyConfigDigester();
         } catch (UnavailableException ex) {
             throw ex;
         } catch (Throwable t) {
 
             // The follow error message is not retrieved from internal message
-            // resources as they may not have been able to have been 
+            // resources as they may not have been able to have been
             // initialized
             log.error("Unable to initialize Struts ActionServlet due to an "
                 + "unexpected exception or error thrown, so marking the "
                 + "servlet as unavailable.  Most likely, this is due to an "
                 + "incorrect or missing library dependency.", t);
             throw new UnavailableException(t.getMessage());
-        }    
+        }
     }
 
     /**
@@ -725,13 +723,13 @@ protected void parseModuleConfigFile(Digester digester, String path)
             if (url == null) {
                 url = getClass().getResource(path);
             }
-            
+
             if (url == null) {
                 String msg = internal.getMessage("configMissing", path);
                 log.error(msg);
                 throw new UnavailableException(msg);
             }
-	    
+
             InputSource is = new InputSource(url.toExternalForm());
             input = url.openStream();
             is.setByteStream(input);
@@ -1059,6 +1057,14 @@ protected void initInternal() throws ServletException {
      * @exception ServletException if we cannot initialize these resources
      */
     protected void initOther() throws ServletException {
+        HashSet suppressProperties = new HashSet();
+        suppressProperties.add("class");
+        suppressProperties.add("multipartRequestHandler");
+        suppressProperties.add("resultValueMap");
+
+        PropertyUtils.addBeanIntrospector(
+                new SuppressPropertiesBeanIntrospector(suppressProperties));
+        PropertyUtils.clearDescriptors();
 
         String value = null;
         value = getServletConfig().getInitParameter("config");
diff --git a/src/test/org/apache/struts/mock/MockMultipartRequestHandler.java b/src/test/org/apache/struts/mock/MockMultipartRequestHandler.java
index feb2c65ef..0603f8e27 100644
--- a/src/test/org/apache/struts/mock/MockMultipartRequestHandler.java
+++ b/src/test/org/apache/struts/mock/MockMultipartRequestHandler.java
@@ -88,9 +88,9 @@ public ActionMapping getMapping() {
       */
     public void handleRequest(HttpServletRequest request) throws ServletException {
         elements = new Hashtable();
-        Enumeration enum = request.getParameterNames();
-        while (enum.hasMoreElements()) {
-            String key = enum.nextElement().toString();
+        Enumeration e = request.getParameterNames();
+        while (e.hasMoreElements()) {
+            String key = e.nextElement().toString();
             elements.put(key, request.getParameter(key));
         }
     }