[
https://issues.apache.org/jira/browse/JEXL-462?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Henri Biestro resolved JEXL-462.
--------------------------------
Resolution: Fixed
Commit
[fe73af4d6|https://github.com/apache/commons-jexl/commit/fe73af4d65c9b4c1bbe90b4951d6d10b75eb8053]
> JexlPermissions.RESTRICTED must ensure a better level of isolation
> ------------------------------------------------------------------
>
> Key: JEXL-462
> URL: https://issues.apache.org/jira/browse/JEXL-462
> Project: Commons JEXL
> Issue Type: Bug
> Affects Versions: 3.6.3
> Reporter: Henri Biestro
> Assignee: Henri Biestro
> Priority: Critical
> Fix For: 3.6.4
>
>
> The JexlPermissions.RESTRICTED constant is supposed to offer a decent level
> of isolation between the script and its host.
> It is still susceptible to allowing more than is intended, in part because
> its use of the wildcard-package specification that gives 'silent' access to
> classes that should definitely be explicit.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)