commons-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Lukasz Lenart (JIRA)" <>
Subject [jira] [Commented] (OGNL-237) disable construct object using new for security
Date Mon, 22 Jul 2013 06:48:48 GMT


Lukasz Lenart commented on OGNL-237:

OGNL is general purpose Expression Language, so I don't see point to disable that "feature".
If someone used hammer in improper way, you cannot blame hammer for that ;-)
> disable construct object using new for security
> -----------------------------------------------
>                 Key: OGNL-237
>                 URL:
>             Project: Commons OGNL
>          Issue Type: Improvement
>            Reporter: zhouyanming
>            Priority: Critical
> struts2 is suffering security vulnerability caused by ognl
> I don't know who would like to new objects in expression,if it must be left for compatibility,please
build a blacklist for and

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see:

View raw message