[
https://issues.apache.org/jira/browse/WW-5350?focusedWorklogId=888842&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-888842
]
ASF GitHub Bot logged work on WW-5350:
--------------------------------------
Author: ASF GitHub Bot
Created on: 05/Nov/23 12:40
Start Date: 05/Nov/23 12:40
Worklog Time Spent: 10m
Work Description: kusalk opened a new pull request, #781:
URL: https://github.com/apache/struts/pull/781
WW-5350
--
Implementation for strict OGNL allowlist feature. It is up to the
application to determine which classes/packages need to be allowlisted. The
exclusion list will still take precedence (classes on the exclusion list cannot
be allowlisted).
I hope to clean this implementation up and both `OgnlUtil` and
`SecurityMemberAccess` up as part of WW-5343.
Issue Time Tracking
-------------------
Worklog Id: (was: 888842)
Time Spent: 1h 40m (was: 1.5h)
> Implement optional strict class/package allowlist for OGNL
> ----------------------------------------------------------
>
> Key: WW-5350
> URL: https://issues.apache.org/jira/browse/WW-5350
> Project: Struts 2
> Issue Type: Improvement
> Components: Core
> Reporter: Kusal Kithul-Godage
> Priority: Minor
> Fix For: 6.4.0
>
> Time Spent: 1h 40m
> Remaining Estimate: 0h
>
> I think this will be more useful than WW-5345
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
