[jira] [Commented] (JEXL-457) Reduce default exposure for RESTRICTED JexlPermissions

Gary D. Gregory (Jira) Fri, 06 Mar 2026 05:58:08 -0800


    [ 
https://issues.apache.org/jira/browse/JEXL-457?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18063549#comment-18063549
 ]


Gary D. Gregory commented on JEXL-457:
--------------------------------------

Should this warrant a feature version bump (3.7.0)?

> Reduce default exposure for RESTRICTED JexlPermissions
> ------------------------------------------------------
>
>                 Key: JEXL-457
>                 URL: https://issues.apache.org/jira/browse/JEXL-457
>             Project: Commons JEXL
>          Issue Type: Improvement
>    Affects Versions: 3.6.2
>            Reporter: Henri Biestro
>            Assignee: Henri Biestro
>            Priority: Critical
>             Fix For: 3.6.3
>
>
> The current permissions in RESTRICTED are allowing too many packages for 
> newer jdks (java.lang.* sub packages in java 25 for instance).
> The permissions themselves should also ensure that a constructor is 
> explicitly allowed (even transitively).



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (JEXL-457) Reduce default exposure for RESTRICTED JexlPermissions

Reply via email to