Kusal Kithul-Godage created WW-5353:
---------------------------------------
Summary: Implement stronger security defaults in Struts 7.0
Key: WW-5353
URL: https://issues.apache.org/jira/browse/WW-5353
Project: Struts 2
Issue Type: Improvement
Reporter: Kusal Kithul-Godage
Fix For: 7.0.0
{{struts.ognl.allowStaticFieldAccess=false}}
{{{}struts.ognl.excludedNodeTypes=<TBA>{}}}{{{}{}}}
{{struts.ognl.expressionMaxLength=150}}
{{struts.disallowDefaultPackageAccess=true}}
{{struts.disallowProxyMemberAccess=true}}
{{struts.parameters.requireAnnotations=true}}
{{struts.parameters.maxTraversalDepth=3}}
These aren't security but should improve performance:
{{struts.ognl.expressionCacheLRUMode=true}}
{{struts.ognl.expressionCacheMaxSize=10000}}
{{{{ }}}}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
