Guys,
are you serious? are you blaming OGNL? the hammer? 100% of
vulnerability related to OGNL was our - developers - fault. We did use
(and still do) the hammer in inappropriate way. Changing hammer is not
the solution!
Things related to ${} or %{} should be clarified - %{} is called an
alternative syntax in the source ;-) It should be removed and we
should stick just to ${} - maybe it can be useful in XMLs as far I
know '$' isn't an allowed value - maybe something else can be used.
Regards
--
Ćukasz
+ 48 606 323 122 http://www.lenart.org.pl/
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org
