[ https://issues.apache.org/jira/browse/WW-5268?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17694389#comment-17694389 ]
Lukasz Lenart commented on WW-5268: ----------------------------------- Here is a section [https://struts.apache.org/security/#internal-security-mechanism] And source is in GH, just another PR ;) [https://github.com/apache/struts-site/blob/master/source/security/index.md] > Add configuration option to exempt classes from OGNL package exclusions > ----------------------------------------------------------------------- > > Key: WW-5268 > URL: https://issues.apache.org/jira/browse/WW-5268 > Project: Struts 2 > Issue Type: Improvement > Components: Core > Reporter: Kusal Kithul-Godage > Priority: Minor > Fix For: 6.2.0 > > Time Spent: 0.5h > Remaining Estimate: 0h > > It is currently possible to exclude packages from OGNL evaluation using > `struts.excludedPackageNamePatterns` and `struts.excludedPackageNames`. > There may exist a scenario where you wish to have certain packages > excluded/blocklisted by default, but exempt specific classes from these > packages that have been assessed to be safe. -- This message was sent by Atlassian Jira (v8.20.10#820010)