[
https://issues.apache.org/jira/browse/WW-5353?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Kusal Kithul-Godage updated WW-5353:
------------------------------------
Description:
{{struts.ognl.allowStaticFieldAccess=false}}
{{struts.ognl.excludedNodeTypes=<TBA>}}
{{struts.ognl.expressionMaxLength=150}}
{{struts.disallowDefaultPackageAccess=true}}
{{struts.disallowProxyMemberAccess=true}}
{{struts.parameters.requireAnnotations=true}}
{{struts.ognl.disallowCustomOgnlMap=true}}
{{struts.allowlist.enable=true}}
was:
{{struts.ognl.allowStaticFieldAccess=false}}
{{struts.ognl.excludedNodeTypes=<TBA>}}
{{struts.ognl.expressionMaxLength=150}}
{{struts.disallowDefaultPackageAccess=true}}
{{struts.disallowProxyMemberAccess=true}}
{{struts.parameters.requireAnnotations=true}}
{{struts.parameters.maxTraversalDepth=3}}
{{struts.ognl.disallowCustomOgnlMap=true}}
{{struts.allowlist.enable=true}}
> Implement stronger security defaults in Struts 7.0
> --------------------------------------------------
>
> Key: WW-5353
> URL: https://issues.apache.org/jira/browse/WW-5353
> Project: Struts 2
> Issue Type: Improvement
> Reporter: Kusal Kithul-Godage
> Priority: Major
> Fix For: 7.0.0
>
>
> {{struts.ognl.allowStaticFieldAccess=false}}
> {{struts.ognl.excludedNodeTypes=<TBA>}}
> {{struts.ognl.expressionMaxLength=150}}
> {{struts.disallowDefaultPackageAccess=true}}
> {{struts.disallowProxyMemberAccess=true}}
> {{struts.parameters.requireAnnotations=true}}
> {{struts.ognl.disallowCustomOgnlMap=true}}
> {{struts.allowlist.enable=true}}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
