All of the mentioned options should log issues at warn level or greater, except for 'struts.parameters.requireAnnotations' which will log at debug level.
Using the following PR as a reference, you can revert settings to their previous value one by one, to isolate which option may be causing your application issues. https://github.com/apache/struts/pull/919/files Once you have isolated and corrected any issues, please re-enable the options as they offer significant protection against vulnerabilities. On Sun, Jun 16, 2024 at 6:39 PM Greg Huber <gregh3...@gmail.com> wrote: > > I tried this and there is alot of text missing on my jsp pages > > it mentions these: > > |struts.ognl.allowStaticFieldAccess=||false| > |struts.ognl.expressionMaxLength=||150| > |struts.disallowDefaultPackageAccess=||true| > |struts.disallowProxyMemberAccess=||true| > |struts.parameters.requireAnnotations=||true| > |struts.ognl.disallowCustomOgnlMap=||true| > |struts.allowlist.enable=||true| > | > | > |I tried > | > | > | > |struts.ognl.allowStaticFieldAccess=true > | > | > | > |but it made no difference.| > | > | > |There are no warning in the logs. > | > > On 12/06/2024 07:12, Lukasz Lenart wrote: > > Hello, > > > > This is another milestone of Struts 7.x series, which is based on > > JakartaEE 6. Please take the time and test the bits - any help is > > appreciated. Please report any problems you will spot. > > > > Please read the Migration guide as this version includes stronger > > security options > > https://cwiki.apache.org/confluence/display/WW/Struts+6.x.x+to+7.x.x+migration > > > > Here are the changes from the previous version: > > https://github.com/apache/struts/releases/tag/STRUTS_7_0_0_M7 > > > > Staging Maven repo > > https://repository.apache.org/content/groups/staging/ > > > > * please read our guideline how to setup your Maven build to include > > the Staging repository > > https://struts.apache.org/builds.html#test-builds > > > > Standalone artifacts > > https://dist.apache.org/repos/dist/dev/struts/7.0.0-M7/ > > > > Release notes > > https://cwiki.apache.org/confluence/display/WW/Version+Notes+7.0.0-M7 > > > > > > Have fun! > > Łukasz > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail:dev-unsubscr...@struts.apache.org > > For additional commands, e-mail:dev-h...@struts.apache.org > > --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
