This is an automated email from the ASF dual-hosted git repository.
shuber pushed a change to branch improve-scripting-security
in repository https://gitbox.apache.org/repos/asf/unomi.git.
from 28895c5 Improve scripting security: - OGNL is now disabled by default
as it wasn't really used much (possible to reactive through a system setting) -
A new condition sanitizer has been added in the ContextServlet to filter out
any MVEL scripts (again not used much and can be reactivate using a system
property) - A new ExpressionFilter has been added that will use configurable
(system property) regular expressions to filter out possible malicious
expressions - OGNL sandboxing has [...]
add 904c284 Fix bug in sanitizing code
No new revisions were added by this update.
Summary of changes:
wab/src/main/java/org/apache/unomi/web/ContextServlet.java | 11 +++--------
1 file changed, 3 insertions(+), 8 deletions(-)
