This is great news and thanks a lot for your contribution! Also it's time to prepare a new release then :D
Cheers Lukasz pt., 9 lut 2024 o 03:31 Kusal Kithul-Godage <kkithulgod...@atlassian.com.invalid> napisaĆ(a): > > Hi all, > > Atlassian is very excited to have shipped the Struts OGNL Allowlist and > Parameter Annotation features in Confluence Data Center 8.8! We believe it > to be one of the greatest uplifts in Struts' security posture since its > inception, and one which will ensure Struts remains a viable option for web > development. > > Whilst we await Atlassian customer and plugin vendor feedback, we've > additionally commissioned an audit of the design and implementation by an > external security firm. > > However, we'd really love for all Struts developers to test and provide > feedback on these new capabilities ahead of their default enablement in > Struts 7.0. To do so, please switch to the latest test build of Struts 6.4 > or 7.0 and enable the following options: > > - struts.parameters.requireAnnotations=true > - struts.allowlist.enable=true > > Further information on configuring these capabilities can be found in > the Struts > Security doc > <https://struts.apache.org/security/#defining-and-annotating-your-action-parameters> > under the 'Defining and annotating your Action parameters' and 'Allowlist > Capability' headings. > > Best regards, > > *KUSAL KITHUL-GODAGE* > Software Engineer --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org