On a related note, I'd like to know if Struts allows OGNL interpretation through request parameters? I hope the answer is no. OGNL should be server-side scripting only.
On Mon, Aug 5, 2013 at 1:37 PM, Dave Newton <davelnew...@gmail.com> wrote: > I expect most of you already saw (or assumed) this, but just in case: > > > https://confluence.atlassian.com/display/DOC/Confluence+Security+Advisory+2013-08-05 > > Oh OGNL. > > Dave > -- Cheers, Paul
