struts-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Greg Huber <gregh3...@gmail.com>
Subject Re: Struts 2.3.25
Date Mon, 14 Mar 2016 09:22:09 GMT
great!

any ideas on this, which also seems odd:

I checked on my dev server, on 2.5, and it does not seem to call the
SecurityMemberAccess isAccessible method at all.

On 14 March 2016 at 09:16, Lukasz Lenart <lukaszlenart@apache.org> wrote:

> 2016-03-14 10:04 GMT+01:00 Lukasz Lenart <lukaszlenart@apache.org>:
> > 2016-03-14 9:30 GMT+01:00 Greg Huber <gregh3269@gmail.com>:
> >> Its checking
> >>
> >> bean.address.longitude.doubleValue() >>> class java.lang.Double
> >
> > I see the problem, member and declaring classes are java.lang.Double
> > but when used directly - FooBar#doubleValue - then member and
> > declaring classes are equal to FooBar
> > And previously "excludedPackageNamePatterns" was defined wrong:
> >
> >
> struts.excludedPackageNamePatterns="^java\.lang\..*,^ognl.*,^(?!javax\.servlet\..+)(javax\..+)"
> >
> > excluded were only java.lang.[something]
>
> I have a fix in place, need to test it a bit but should be ready soon
> and I will push 2.3.26 - thanks Greg!
>
>
> Regards
> --
> Ɓukasz
> + 48 606 323 122 http://www.lenart.org.pl/
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
> For additional commands, e-mail: dev-help@struts.apache.org
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message