Thanks Lukasz Confirming that this milestone includes an enhancement which allows the OGNL allowlist capability to continue functioning in the presence of Hibernate entities. Simply set `struts.disallowProxyObjectAccess=false` and the OGNL allowlist will automatically exempt Hibernate entities. As mentioned in a previous discussion, allowing OGNL expression execution against Hibernate entities is not recommended, but exempting them in this way is still much preferred to disabling the OGNL allowlist capability entirely.
On Thu, Jul 11, 2024 at 6:33 PM Lukasz Lenart <lukaszlen...@apache.org> wrote: > > Hello, > > This is another milestone of Struts 7.x series, which is based on > JakartaEE 6. Please take the time and test the bits - any help is > appreciated. Please report any problems you will spot. > > Please read the Migration guide as this version includes stronger > security options > https://cwiki.apache.org/confluence/display/WW/Struts+6.x.x+to+7.x.x+migration > > Here are the changes from the previous version: > https://github.com/apache/struts/releases/tag/STRUTS_7_0_0_M8 > > Staging Maven repo > https://repository.apache.org/content/groups/staging/ > > * please read our guideline how to setup your Maven build to include > the Staging repository > https://struts.apache.org/builds.html#test-builds > > Standalone artifacts > https://dist.apache.org/repos/dist/dev/struts/7.0.0-M8/ > > Release notes > https://cwiki.apache.org/confluence/display/WW/Version+Notes+7.0.0-M8 > > > Have fun! > Łukasz > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org > For additional commands, e-mail: dev-h...@struts.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org