Guys, are you serious? are you blaming OGNL? the hammer? 100% of vulnerability related to OGNL was our - developers - fault. We did use (and still do) the hammer in inappropriate way. Changing hammer is not the solution!
Things related to ${} or %{} should be clarified - %{} is called an alternative syntax in the source ;-) It should be removed and we should stick just to ${} - maybe it can be useful in XMLs as far I know '$' isn't an allowed value - maybe something else can be used. Regards -- Ćukasz + 48 606 323 122 http://www.lenart.org.pl/ --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org