Kusal Kithul-Godage created WW-5353: ---------------------------------------
Summary: Implement stronger security defaults in Struts 7.0 Key: WW-5353 URL: https://issues.apache.org/jira/browse/WW-5353 Project: Struts 2 Issue Type: Improvement Reporter: Kusal Kithul-Godage Fix For: 7.0.0 {{struts.ognl.allowStaticFieldAccess=false}} {{{}struts.ognl.excludedNodeTypes=<TBA>{}}}{{{}{}}} {{struts.ognl.expressionMaxLength=150}} {{struts.disallowDefaultPackageAccess=true}} {{struts.disallowProxyMemberAccess=true}} {{struts.parameters.requireAnnotations=true}} {{struts.parameters.maxTraversalDepth=3}} These aren't security but should improve performance: {{struts.ognl.expressionCacheLRUMode=true}} {{struts.ognl.expressionCacheMaxSize=10000}} {{{{ }}}} -- This message was sent by Atlassian Jira (v8.20.10#820010)