This is an automated email from the ASF dual-hosted git repository. git-site-role pushed a commit to branch asf-staging in repository https://gitbox.apache.org/repos/asf/struts-site.git
The following commit(s) were added to refs/heads/asf-staging by this push: new 2c4e163 Updates stage by Jenkins 2c4e163 is described below commit 2c4e163720bf94e07772ba9ad7c4a19e59194c01 Author: jenkins <bui...@apache.org> AuthorDate: Tue Nov 12 12:30:34 2019 +0000 Updates stage by Jenkins --- content/security/index.html | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/content/security/index.html b/content/security/index.html index 2345ee2..9935f79 100644 --- a/content/security/index.html +++ b/content/security/index.html @@ -319,8 +319,10 @@ Multiple Struts 2 versions have been vulnerable to OGNL security flaws. Conseque framework with following proactive optional possibilities since OGNL 3.1.24 and Struts 2.5.22. They’re disabled by default but via enabling them, you can proactively protect from potential still unknown OGNL Expression Injections flaws:</p> -<p>NOTE: These might break your current app functionality. Before using in production environment, you’re recommended to +<blockquote> + <p><strong>NOTE</strong>: These might break your current app functionality. Before using in production environment, you’re recommended to comprehensively test your app UI and functionalities with these enabled.</p> +</blockquote> <h4 id="run-ognl-expressions-inside-sandbox">Run OGNL expressions inside sandbox</h4>