[ https://issues.apache.org/jira/browse/WW-5353?focusedWorklogId=916166&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-916166 ]
ASF GitHub Bot logged work on WW-5353: -------------------------------------- Author: ASF GitHub Bot Created on: 24/Apr/24 12:30 Start Date: 24/Apr/24 12:30 Worklog Time Spent: 10m Work Description: kusalk commented on PR #919: URL: https://github.com/apache/struts/pull/919#issuecomment-2074837079 Feedback on the next milestone will be interesting, let's see how we go! Issue Time Tracking ------------------- Worklog Id: (was: 916166) Time Spent: 40m (was: 0.5h) > Implement stronger security defaults in Struts 7.0 > -------------------------------------------------- > > Key: WW-5353 > URL: https://issues.apache.org/jira/browse/WW-5353 > Project: Struts 2 > Issue Type: Improvement > Reporter: Kusal Kithul-Godage > Priority: Major > Fix For: 7.0.0 > > Time Spent: 40m > Remaining Estimate: 0h > > {{struts.ognl.allowStaticFieldAccess=false}} > {{struts.ognl.excludedNodeTypes=<TBA>}} > {{struts.ognl.expressionMaxLength=150}} > {{struts.disallowDefaultPackageAccess=true}} > {{struts.disallowProxyMemberAccess=true}} > {{struts.parameters.requireAnnotations=true}} > {{struts.ognl.disallowCustomOgnlMap=true}} > {{struts.allowlist.enable=true}} -- This message was sent by Atlassian Jira (v8.20.10#820010)