.09.19 um 15:42 schrieb Yasser Zamani:
> >> -Original Message-
> >> From: i...@flyingfischer.ch
> >> Sent: Monday, September 16, 2019 4:58 PM
> >> To: dev@struts.apache.org
> >> Subject: Re: Max length for OGNL expression
> >>
> >&g
mber 16, 2019 4:58 PM
>> To: dev@struts.apache.org
>> Subject: Re: Max length for OGNL expression
>>
>> Dear Yasser
>>
>> we definitively need an option to totally disable this "feature". It really
>> depends
>> on what kind of application yo
>-Original Message-
>From: i...@flyingfischer.ch
>Sent: Monday, September 16, 2019 4:58 PM
>To: dev@struts.apache.org
>Subject: Re: Max length for OGNL expression
>
>Dear Yasser
>
>we definitively need an option to totally disable this "feature".
Dear Yasser
we definitively need an option to totally disable this "feature". It
really depends on what kind of application you deploy.
Logging a warning seems appropriate. But we should avoid logging a
warning while the "feature" is disabled.
I also fear that this will lead to vulnerable applic
Thanks Markus and Christoph! Please see inline and see if it satisfies those
challenges.
>-Original Message-
>From: christoph.nenn...@bmw.de
>Sent: Monday, September 16, 2019 11:39 AM
>To: dev@struts.apache.org
>Subject: AW: Max length for OGNL expression
>
>I agree with this. Basically
Seems to me not to be the right place to correct any possible problems,
and far off any related root of a possible issue.
The config would definitively need an option to be disabled totally. I
expect very unexpected and hard to trace side effects, depending on the
application in place.
Markus
Am
