[ https://issues.apache.org/jira/browse/WW-5353?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Kusal Kithul-Godage updated WW-5353: ------------------------------------ Description: {{struts.ognl.allowStaticFieldAccess=false}} {{struts.ognl.excludedNodeTypes=<TBA>}} {{struts.ognl.expressionMaxLength=150}} {{struts.disallowDefaultPackageAccess=true}} {{struts.disallowProxyMemberAccess=true}} {{struts.parameters.requireAnnotations=true}} {{struts.parameters.maxTraversalDepth=3}} {{struts.ognl.disallowCustomOgnlMap=true}} {{struts.allowlist.enable=true}} was: {{struts.ognl.allowStaticFieldAccess=false}} {{struts.ognl.excludedNodeTypes=<TBA>}} {{struts.ognl.expressionMaxLength=150}} {{struts.disallowDefaultPackageAccess=true}} {{struts.disallowProxyMemberAccess=true}} {{struts.parameters.requireAnnotations=true}} {{struts.parameters.maxTraversalDepth=3}} > Implement stronger security defaults in Struts 7.0 > -------------------------------------------------- > > Key: WW-5353 > URL: https://issues.apache.org/jira/browse/WW-5353 > Project: Struts 2 > Issue Type: Improvement > Reporter: Kusal Kithul-Godage > Priority: Major > Fix For: 7.0.0 > > > {{struts.ognl.allowStaticFieldAccess=false}} > {{struts.ognl.excludedNodeTypes=<TBA>}} > {{struts.ognl.expressionMaxLength=150}} > {{struts.disallowDefaultPackageAccess=true}} > {{struts.disallowProxyMemberAccess=true}} > {{struts.parameters.requireAnnotations=true}} > {{struts.parameters.maxTraversalDepth=3}} > {{struts.ognl.disallowCustomOgnlMap=true}} > {{struts.allowlist.enable=true}} -- This message was sent by Atlassian Jira (v8.20.10#820010)