struts-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Yasser Zamani <yasser.zam...@live.com>
Subject Re: Struts 2.3.31 is excluding generic object.
Date Sun, 12 Mar 2017 17:48:26 GMT


On 3/12/2017 8:21 PM, Lukasz Lenart wrote:
> 2017-03-12 15:57 GMT+01:00 Yasser Zamani <yasser.zamani@live.com>:
>> Hi Anurag,
>>
>> I hope it's not too late but I have some comments.
>>
>> Today we updated to Struts2.3.32 to fix security issue S2-045.
>>
>> After that, similar to your problem, we lost following OGNL evaluation
>> to null in our JSPs :(
>>
>> "%{#context['com.opensymphony.xwork2.dispatcher.HttpServletRequest'].requestURI}"
>
> This is strange, this can only happen if you used OGNL 3.1.14 or
> 3.0.20 [1] but this wasn't part of Struts 2.3.32
Don't worry Lukasz , it was not about #context accessibility; OGNL 
successfully compiles and goes forward until 
`javax.servlet.http.HttpServletRequest.getRequestURI()` but does not 
continue any more and returns null since `javax` is in his excluded 
packages due to security :)
>
> https://github.com/jkuhnert/ognl#release-notes---version-3114-3020
>
>
> Regards
>
Mime
View raw message