[jira] [Resolved] (JEXL-457) Reduce default exposure for RESTRICTED JexlPermissions

Henri Biestro (Jira) Fri, 06 Mar 2026 05:55:05 -0800


     [ 
https://issues.apache.org/jira/browse/JEXL-457?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Henri Biestro resolved JEXL-457.
--------------------------------
    Resolution: Fixed


Commit 
[88c18a|https://github.com/apache/commons-jexl/commit/88c18aeafeeda0f0209ca57f995a4db9414f990e]

> Reduce default exposure for RESTRICTED JexlPermissions
> ------------------------------------------------------
>
>                 Key: JEXL-457
>                 URL: https://issues.apache.org/jira/browse/JEXL-457
>             Project: Commons JEXL
>          Issue Type: Improvement
>    Affects Versions: 3.6.2
>            Reporter: Henri Biestro
>            Assignee: Henri Biestro
>            Priority: Critical
>             Fix For: 3.6.3
>
>
> The current permissions in RESTRICTED are allowing too many packages for 
> newer jdks (java.lang.* sub packages in java 25 for instance).
> The permissions themselves should also ensure that a constructor is 
> explicitly allowed (even transitively).



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Resolved] (JEXL-457) Reduce default exposure for RESTRICTED JexlPermissions

Reply via email to