[jira] [Commented] (WW-5268) Add configuration option to exempt classes from OGNL package exclusions

ASF subversion and git services (Jira) Tue, 28 Feb 2023 05:25:09 -0800


    [ 
https://issues.apache.org/jira/browse/WW-5268?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17694538#comment-17694538
 ]


ASF subversion and git services commented on WW-5268:
-----------------------------------------------------

Commit 5827a23368079cb747d9938bcace642a5b2eecc8 in struts-site's branch 
refs/heads/master from Lukasz Lenart
[ https://gitbox.apache.org/repos/asf?p=struts-site.git;h=5827a2336 ]

Merge pull request #184 from atlassian-forks/WW-5268-excluded-package-exemptions

WW-5268 Update documentation with struts.excludedPackageExemptClasses…

> Add configuration option to exempt classes from OGNL package exclusions
> -----------------------------------------------------------------------
>
>                 Key: WW-5268
>                 URL: https://issues.apache.org/jira/browse/WW-5268
>             Project: Struts 2
>          Issue Type: Improvement
>          Components: Core
>            Reporter: Kusal Kithul-Godage
>            Priority: Minor
>             Fix For: 6.2.0
>
>          Time Spent: 0.5h
>  Remaining Estimate: 0h
>
> It is currently possible to exclude packages from OGNL evaluation using 
> `struts.excludedPackageNamePatterns` and `struts.excludedPackageNames`.
> There may exist a scenario where you wish to have certain packages 
> excluded/blocklisted by default, but exempt specific classes from these 
> packages that have been assessed to be safe.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (WW-5268) Add configuration option to exempt classes from OGNL package exclusions

Reply via email to