[
https://issues.apache.org/jira/browse/WW-5268?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17694373#comment-17694373
]
Lukasz Lenart commented on WW-5268:
-----------------------------------
I wonder if such mechanism shouldn't be moved into OGNL directly with option to
configure/extend it by Struts when needed. Right now we are ending up with a
bunch of similar options which are applied in normal mode or in devMode. I need
to finish refactoring OGNL and make this option available there.
> Add configuration option to exempt classes from OGNL package exclusions
> -----------------------------------------------------------------------
>
> Key: WW-5268
> URL: https://issues.apache.org/jira/browse/WW-5268
> Project: Struts 2
> Issue Type: Improvement
> Components: Core
> Reporter: Kusal Kithul-Godage
> Priority: Minor
> Fix For: 6.2.0
>
> Time Spent: 10m
> Remaining Estimate: 0h
>
> It is currently possible to exclude packages from OGNL evaluation using
> `struts.excludedPackageNamePatterns` and `struts.excludedPackageNames`.
> There may exist a scenario where you wish to have certain packages
> excluded/blocklisted by default, but exempt specific classes from these
> packages that have been assessed to be safe.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
