commons-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Lukasz Lenart (JIRA)" <j...@apache.org>
Subject [jira] [Closed] (OGNL-237) disable construct object using new for security
Date Mon, 22 Jul 2013 06:48:51 GMT

     [ https://issues.apache.org/jira/browse/OGNL-237?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Lukasz Lenart closed OGNL-237.
------------------------------

    Resolution: Won't Fix
      Assignee: Lukasz Lenart
    
> disable construct object using new for security
> -----------------------------------------------
>
>                 Key: OGNL-237
>                 URL: https://issues.apache.org/jira/browse/OGNL-237
>             Project: Commons OGNL
>          Issue Type: Improvement
>            Reporter: zhouyanming
>            Assignee: Lukasz Lenart
>            Priority: Critical
>
> struts2 is suffering security vulnerability caused by ognl
> I don't know who would like to new objects in expression,if it must be left for compatibility,please
build a blacklist for java.xxx and javax.xxx

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message